mirror of https://github.com/ansible/ansible.git
Fortinet's FortiOS system admin (#52345)
parent
48aa9e87a4
commit
74f2c61c35
@ -0,0 +1,920 @@
|
|||||||
|
#!/usr/bin/python
|
||||||
|
from __future__ import (absolute_import, division, print_function)
|
||||||
|
# Copyright 2019 Fortinet, Inc.
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
# the lib use python logging can get it if the following is set in your
|
||||||
|
# Ansible config.
|
||||||
|
|
||||||
|
__metaclass__ = type
|
||||||
|
|
||||||
|
ANSIBLE_METADATA = {'status': ['preview'],
|
||||||
|
'supported_by': 'community',
|
||||||
|
'metadata_version': '1.1'}
|
||||||
|
|
||||||
|
DOCUMENTATION = '''
|
||||||
|
---
|
||||||
|
module: fortios_system_admin
|
||||||
|
short_description: Configure admin users in Fortinet's FortiOS and FortiGate.
|
||||||
|
description:
|
||||||
|
- This module is able to configure a FortiGate or FortiOS by allowing the
|
||||||
|
user to set and modify system feature and admin category.
|
||||||
|
Examples include all parameters and values need to be adjusted to datasources before usage.
|
||||||
|
Tested with FOS v6.0.2
|
||||||
|
version_added: "2.8"
|
||||||
|
author:
|
||||||
|
- Miguel Angel Munoz (@mamunozgonzalez)
|
||||||
|
- Nicolas Thomas (@thomnico)
|
||||||
|
notes:
|
||||||
|
- Requires fortiosapi library developed by Fortinet
|
||||||
|
- Run as a local_action in your playbook
|
||||||
|
requirements:
|
||||||
|
- fortiosapi>=0.9.8
|
||||||
|
options:
|
||||||
|
host:
|
||||||
|
description:
|
||||||
|
- FortiOS or FortiGate ip address.
|
||||||
|
required: true
|
||||||
|
username:
|
||||||
|
description:
|
||||||
|
- FortiOS or FortiGate username.
|
||||||
|
required: true
|
||||||
|
password:
|
||||||
|
description:
|
||||||
|
- FortiOS or FortiGate password.
|
||||||
|
default: ""
|
||||||
|
vdom:
|
||||||
|
description:
|
||||||
|
- Virtual domain, among those defined previously. A vdom is a
|
||||||
|
virtual instance of the FortiGate that can be configured and
|
||||||
|
used as a different unit.
|
||||||
|
default: root
|
||||||
|
https:
|
||||||
|
description:
|
||||||
|
- Indicates if the requests towards FortiGate must use HTTPS
|
||||||
|
protocol
|
||||||
|
type: bool
|
||||||
|
default: true
|
||||||
|
system_admin:
|
||||||
|
description:
|
||||||
|
- Configure admin users.
|
||||||
|
default: null
|
||||||
|
suboptions:
|
||||||
|
state:
|
||||||
|
description:
|
||||||
|
- Indicates whether to create or remove the object
|
||||||
|
choices:
|
||||||
|
- present
|
||||||
|
- absent
|
||||||
|
accprofile:
|
||||||
|
description:
|
||||||
|
- Access profile for this administrator. Access profiles control administrator access to FortiGate features. Source system.accprofile.name.
|
||||||
|
accprofile-override:
|
||||||
|
description:
|
||||||
|
- Enable to use the name of an access profile provided by the remote authentication server to control the FortiGate features that this
|
||||||
|
administrator can access.
|
||||||
|
choices:
|
||||||
|
- enable
|
||||||
|
- disable
|
||||||
|
allow-remove-admin-session:
|
||||||
|
description:
|
||||||
|
- Enable/disable allow admin session to be removed by privileged admin users.
|
||||||
|
choices:
|
||||||
|
- enable
|
||||||
|
- disable
|
||||||
|
comments:
|
||||||
|
description:
|
||||||
|
- Comment.
|
||||||
|
email-to:
|
||||||
|
description:
|
||||||
|
- This administrator's email address.
|
||||||
|
force-password-change:
|
||||||
|
description:
|
||||||
|
- Enable/disable force password change on next login.
|
||||||
|
choices:
|
||||||
|
- enable
|
||||||
|
- disable
|
||||||
|
fortitoken:
|
||||||
|
description:
|
||||||
|
- This administrator's FortiToken serial number.
|
||||||
|
guest-auth:
|
||||||
|
description:
|
||||||
|
- Enable/disable guest authentication.
|
||||||
|
choices:
|
||||||
|
- disable
|
||||||
|
- enable
|
||||||
|
guest-lang:
|
||||||
|
description:
|
||||||
|
- Guest management portal language. Source system.custom-language.name.
|
||||||
|
guest-usergroups:
|
||||||
|
description:
|
||||||
|
- Select guest user groups.
|
||||||
|
suboptions:
|
||||||
|
name:
|
||||||
|
description:
|
||||||
|
- Select guest user groups.
|
||||||
|
required: true
|
||||||
|
gui-dashboard:
|
||||||
|
description:
|
||||||
|
- GUI dashboards.
|
||||||
|
suboptions:
|
||||||
|
columns:
|
||||||
|
description:
|
||||||
|
- Number of columns.
|
||||||
|
id:
|
||||||
|
description:
|
||||||
|
- Dashboard ID.
|
||||||
|
required: true
|
||||||
|
layout-type:
|
||||||
|
description:
|
||||||
|
- Layout type.
|
||||||
|
choices:
|
||||||
|
- responsive
|
||||||
|
- fixed
|
||||||
|
name:
|
||||||
|
description:
|
||||||
|
- Dashboard name.
|
||||||
|
scope:
|
||||||
|
description:
|
||||||
|
- Dashboard scope.
|
||||||
|
choices:
|
||||||
|
- global
|
||||||
|
- vdom
|
||||||
|
widget:
|
||||||
|
description:
|
||||||
|
- Dashboard widgets.
|
||||||
|
suboptions:
|
||||||
|
fabric-device:
|
||||||
|
description:
|
||||||
|
- Fabric device to monitor.
|
||||||
|
filters:
|
||||||
|
description:
|
||||||
|
- FortiView filters.
|
||||||
|
suboptions:
|
||||||
|
id:
|
||||||
|
description:
|
||||||
|
- FortiView Filter ID.
|
||||||
|
required: true
|
||||||
|
key:
|
||||||
|
description:
|
||||||
|
- Filter key.
|
||||||
|
value:
|
||||||
|
description:
|
||||||
|
- Filter value.
|
||||||
|
height:
|
||||||
|
description:
|
||||||
|
- Height.
|
||||||
|
id:
|
||||||
|
description:
|
||||||
|
- Widget ID.
|
||||||
|
required: true
|
||||||
|
industry:
|
||||||
|
description:
|
||||||
|
- Security Audit Rating industry.
|
||||||
|
choices:
|
||||||
|
- default
|
||||||
|
- custom
|
||||||
|
interface:
|
||||||
|
description:
|
||||||
|
- Interface to monitor. Source system.interface.name.
|
||||||
|
region:
|
||||||
|
description:
|
||||||
|
- Security Audit Rating region.
|
||||||
|
choices:
|
||||||
|
- default
|
||||||
|
- custom
|
||||||
|
report-by:
|
||||||
|
description:
|
||||||
|
- Field to aggregate the data by.
|
||||||
|
choices:
|
||||||
|
- source
|
||||||
|
- destination
|
||||||
|
- country
|
||||||
|
- intfpair
|
||||||
|
- srcintf
|
||||||
|
- dstintf
|
||||||
|
- policy
|
||||||
|
- wificlient
|
||||||
|
- shaper
|
||||||
|
- endpoint-vulnerability
|
||||||
|
- endpoint-device
|
||||||
|
- application
|
||||||
|
- cloud-app
|
||||||
|
- cloud-user
|
||||||
|
- web-domain
|
||||||
|
- web-category
|
||||||
|
- web-search-phrase
|
||||||
|
- threat
|
||||||
|
- system
|
||||||
|
- unauth
|
||||||
|
- admin
|
||||||
|
- vpn
|
||||||
|
sort-by:
|
||||||
|
description:
|
||||||
|
- Field to sort the data by.
|
||||||
|
timeframe:
|
||||||
|
description:
|
||||||
|
- Timeframe period of reported data.
|
||||||
|
choices:
|
||||||
|
- realtime
|
||||||
|
- 5min
|
||||||
|
- hour
|
||||||
|
- day
|
||||||
|
- week
|
||||||
|
title:
|
||||||
|
description:
|
||||||
|
- Widget title.
|
||||||
|
type:
|
||||||
|
description:
|
||||||
|
- Widget type.
|
||||||
|
choices:
|
||||||
|
- sysinfo
|
||||||
|
- licinfo
|
||||||
|
- vminfo
|
||||||
|
- forticloud
|
||||||
|
- cpu-usage
|
||||||
|
- memory-usage
|
||||||
|
- disk-usage
|
||||||
|
- log-rate
|
||||||
|
- sessions
|
||||||
|
- session-rate
|
||||||
|
- tr-history
|
||||||
|
- analytics
|
||||||
|
- usb-modem
|
||||||
|
- admins
|
||||||
|
- security-fabric
|
||||||
|
- security-fabric-ranking
|
||||||
|
- ha-status
|
||||||
|
- vulnerability-summary
|
||||||
|
- host-scan-summary
|
||||||
|
- fortiview
|
||||||
|
- botnet-activity
|
||||||
|
- fortimail
|
||||||
|
visualization:
|
||||||
|
description:
|
||||||
|
- Visualization to use.
|
||||||
|
choices:
|
||||||
|
- table
|
||||||
|
- bubble
|
||||||
|
- country
|
||||||
|
- chord
|
||||||
|
width:
|
||||||
|
description:
|
||||||
|
- Width.
|
||||||
|
x-pos:
|
||||||
|
description:
|
||||||
|
- X position.
|
||||||
|
y-pos:
|
||||||
|
description:
|
||||||
|
- Y position.
|
||||||
|
gui-global-menu-favorites:
|
||||||
|
description:
|
||||||
|
- Favorite GUI menu IDs for the global VDOM.
|
||||||
|
suboptions:
|
||||||
|
id:
|
||||||
|
description:
|
||||||
|
- Select menu ID.
|
||||||
|
required: true
|
||||||
|
gui-vdom-menu-favorites:
|
||||||
|
description:
|
||||||
|
- Favorite GUI menu IDs for VDOMs.
|
||||||
|
suboptions:
|
||||||
|
id:
|
||||||
|
description:
|
||||||
|
- Select menu ID.
|
||||||
|
required: true
|
||||||
|
hidden:
|
||||||
|
description:
|
||||||
|
- Admin user hidden attribute.
|
||||||
|
history0:
|
||||||
|
description:
|
||||||
|
- history0
|
||||||
|
history1:
|
||||||
|
description:
|
||||||
|
- history1
|
||||||
|
ip6-trusthost1:
|
||||||
|
description:
|
||||||
|
- Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
||||||
|
ip6-trusthost10:
|
||||||
|
description:
|
||||||
|
- Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
||||||
|
ip6-trusthost2:
|
||||||
|
description:
|
||||||
|
- Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
||||||
|
ip6-trusthost3:
|
||||||
|
description:
|
||||||
|
- Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
||||||
|
ip6-trusthost4:
|
||||||
|
description:
|
||||||
|
- Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
||||||
|
ip6-trusthost5:
|
||||||
|
description:
|
||||||
|
- Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
||||||
|
ip6-trusthost6:
|
||||||
|
description:
|
||||||
|
- Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
||||||
|
ip6-trusthost7:
|
||||||
|
description:
|
||||||
|
- Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
||||||
|
ip6-trusthost8:
|
||||||
|
description:
|
||||||
|
- Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
||||||
|
ip6-trusthost9:
|
||||||
|
description:
|
||||||
|
- Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address.
|
||||||
|
login-time:
|
||||||
|
description:
|
||||||
|
- Record user login time.
|
||||||
|
suboptions:
|
||||||
|
last-failed-login:
|
||||||
|
description:
|
||||||
|
- Last failed login time.
|
||||||
|
last-login:
|
||||||
|
description:
|
||||||
|
- Last successful login time.
|
||||||
|
usr-name:
|
||||||
|
description:
|
||||||
|
- User name.
|
||||||
|
required: true
|
||||||
|
name:
|
||||||
|
description:
|
||||||
|
- User name.
|
||||||
|
required: true
|
||||||
|
password:
|
||||||
|
description:
|
||||||
|
- Admin user password.
|
||||||
|
password-expire:
|
||||||
|
description:
|
||||||
|
- Password expire time.
|
||||||
|
peer-auth:
|
||||||
|
description:
|
||||||
|
- Set to enable peer certificate authentication (for HTTPS admin access).
|
||||||
|
choices:
|
||||||
|
- enable
|
||||||
|
- disable
|
||||||
|
peer-group:
|
||||||
|
description:
|
||||||
|
- Name of peer group defined under config user group which has PKI members. Used for peer certificate authentication (for HTTPS admin
|
||||||
|
access).
|
||||||
|
radius-vdom-override:
|
||||||
|
description:
|
||||||
|
- Enable to use the names of VDOMs provided by the remote authentication server to control the VDOMs that this administrator can access.
|
||||||
|
choices:
|
||||||
|
- enable
|
||||||
|
- disable
|
||||||
|
remote-auth:
|
||||||
|
description:
|
||||||
|
- Enable/disable authentication using a remote RADIUS, LDAP, or TACACS+ server.
|
||||||
|
choices:
|
||||||
|
- enable
|
||||||
|
- disable
|
||||||
|
remote-group:
|
||||||
|
description:
|
||||||
|
- User group name used for remote auth.
|
||||||
|
schedule:
|
||||||
|
description:
|
||||||
|
- Firewall schedule used to restrict when the administrator can log in. No schedule means no restrictions.
|
||||||
|
sms-custom-server:
|
||||||
|
description:
|
||||||
|
- Custom SMS server to send SMS messages to. Source system.sms-server.name.
|
||||||
|
sms-phone:
|
||||||
|
description:
|
||||||
|
- Phone number on which the administrator receives SMS messages.
|
||||||
|
sms-server:
|
||||||
|
description:
|
||||||
|
- Send SMS messages using the FortiGuard SMS server or a custom server.
|
||||||
|
choices:
|
||||||
|
- fortiguard
|
||||||
|
- custom
|
||||||
|
ssh-certificate:
|
||||||
|
description:
|
||||||
|
- Select the certificate to be used by the FortiGate for authentication with an SSH client. Source certificate.local.name.
|
||||||
|
ssh-public-key1:
|
||||||
|
description:
|
||||||
|
- Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the
|
||||||
|
SSH client application.
|
||||||
|
ssh-public-key2:
|
||||||
|
description:
|
||||||
|
- Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the
|
||||||
|
SSH client application.
|
||||||
|
ssh-public-key3:
|
||||||
|
description:
|
||||||
|
- Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the
|
||||||
|
SSH client application.
|
||||||
|
trusthost1:
|
||||||
|
description:
|
||||||
|
- Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access
|
||||||
|
from any IPv4 address.
|
||||||
|
trusthost10:
|
||||||
|
description:
|
||||||
|
- Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access
|
||||||
|
from any IPv4 address.
|
||||||
|
trusthost2:
|
||||||
|
description:
|
||||||
|
- Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access
|
||||||
|
from any IPv4 address.
|
||||||
|
trusthost3:
|
||||||
|
description:
|
||||||
|
- Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access
|
||||||
|
from any IPv4 address.
|
||||||
|
trusthost4:
|
||||||
|
description:
|
||||||
|
- Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access
|
||||||
|
from any IPv4 address.
|
||||||
|
trusthost5:
|
||||||
|
description:
|
||||||
|
- Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access
|
||||||
|
from any IPv4 address.
|
||||||
|
trusthost6:
|
||||||
|
description:
|
||||||
|
- Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access
|
||||||
|
from any IPv4 address.
|
||||||
|
trusthost7:
|
||||||
|
description:
|
||||||
|
- Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access
|
||||||
|
from any IPv4 address.
|
||||||
|
trusthost8:
|
||||||
|
description:
|
||||||
|
- Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access
|
||||||
|
from any IPv4 address.
|
||||||
|
trusthost9:
|
||||||
|
description:
|
||||||
|
- Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access
|
||||||
|
from any IPv4 address.
|
||||||
|
two-factor:
|
||||||
|
description:
|
||||||
|
- Enable/disable two-factor authentication.
|
||||||
|
choices:
|
||||||
|
- disable
|
||||||
|
- fortitoken
|
||||||
|
- email
|
||||||
|
- sms
|
||||||
|
vdom:
|
||||||
|
description:
|
||||||
|
- Virtual domain(s) that the administrator can access.
|
||||||
|
suboptions:
|
||||||
|
name:
|
||||||
|
description:
|
||||||
|
- Virtual domain name. Source system.vdom.name.
|
||||||
|
required: true
|
||||||
|
wildcard:
|
||||||
|
description:
|
||||||
|
- Enable/disable wildcard RADIUS authentication.
|
||||||
|
choices:
|
||||||
|
- enable
|
||||||
|
- disable
|
||||||
|
'''
|
||||||
|
|
||||||
|
EXAMPLES = '''
|
||||||
|
- hosts: localhost
|
||||||
|
vars:
|
||||||
|
host: "192.168.122.40"
|
||||||
|
username: "admin"
|
||||||
|
password: ""
|
||||||
|
vdom: "root"
|
||||||
|
tasks:
|
||||||
|
- name: Configure admin users.
|
||||||
|
fortios_system_admin:
|
||||||
|
host: "{{ host }}"
|
||||||
|
username: "{{ username }}"
|
||||||
|
password: "{{ password }}"
|
||||||
|
vdom: "{{ vdom }}"
|
||||||
|
https: "False"
|
||||||
|
system_admin:
|
||||||
|
state: "present"
|
||||||
|
accprofile: "<your_own_value> (source system.accprofile.name)"
|
||||||
|
accprofile-override: "enable"
|
||||||
|
allow-remove-admin-session: "enable"
|
||||||
|
comments: "<your_own_value>"
|
||||||
|
email-to: "<your_own_value>"
|
||||||
|
force-password-change: "enable"
|
||||||
|
fortitoken: "<your_own_value>"
|
||||||
|
guest-auth: "disable"
|
||||||
|
guest-lang: "<your_own_value> (source system.custom-language.name)"
|
||||||
|
guest-usergroups:
|
||||||
|
-
|
||||||
|
name: "default_name_13"
|
||||||
|
gui-dashboard:
|
||||||
|
-
|
||||||
|
columns: "15"
|
||||||
|
id: "16"
|
||||||
|
layout-type: "responsive"
|
||||||
|
name: "default_name_18"
|
||||||
|
scope: "global"
|
||||||
|
widget:
|
||||||
|
-
|
||||||
|
fabric-device: "<your_own_value>"
|
||||||
|
filters:
|
||||||
|
-
|
||||||
|
id: "23"
|
||||||
|
key: "<your_own_value>"
|
||||||
|
value: "<your_own_value>"
|
||||||
|
height: "26"
|
||||||
|
id: "27"
|
||||||
|
industry: "default"
|
||||||
|
interface: "<your_own_value> (source system.interface.name)"
|
||||||
|
region: "default"
|
||||||
|
report-by: "source"
|
||||||
|
sort-by: "<your_own_value>"
|
||||||
|
timeframe: "realtime"
|
||||||
|
title: "<your_own_value>"
|
||||||
|
type: "sysinfo"
|
||||||
|
visualization: "table"
|
||||||
|
width: "37"
|
||||||
|
x-pos: "38"
|
||||||
|
y-pos: "39"
|
||||||
|
gui-global-menu-favorites:
|
||||||
|
-
|
||||||
|
id: "41"
|
||||||
|
gui-vdom-menu-favorites:
|
||||||
|
-
|
||||||
|
id: "43"
|
||||||
|
hidden: "44"
|
||||||
|
history0: "<your_own_value>"
|
||||||
|
history1: "<your_own_value>"
|
||||||
|
ip6-trusthost1: "<your_own_value>"
|
||||||
|
ip6-trusthost10: "<your_own_value>"
|
||||||
|
ip6-trusthost2: "<your_own_value>"
|
||||||
|
ip6-trusthost3: "<your_own_value>"
|
||||||
|
ip6-trusthost4: "<your_own_value>"
|
||||||
|
ip6-trusthost5: "<your_own_value>"
|
||||||
|
ip6-trusthost6: "<your_own_value>"
|
||||||
|
ip6-trusthost7: "<your_own_value>"
|
||||||
|
ip6-trusthost8: "<your_own_value>"
|
||||||
|
ip6-trusthost9: "<your_own_value>"
|
||||||
|
login-time:
|
||||||
|
-
|
||||||
|
last-failed-login: "<your_own_value>"
|
||||||
|
last-login: "<your_own_value>"
|
||||||
|
usr-name: "<your_own_value>"
|
||||||
|
name: "default_name_61"
|
||||||
|
password: "<your_own_value>"
|
||||||
|
password-expire: "<your_own_value>"
|
||||||
|
peer-auth: "enable"
|
||||||
|
peer-group: "<your_own_value>"
|
||||||
|
radius-vdom-override: "enable"
|
||||||
|
remote-auth: "enable"
|
||||||
|
remote-group: "<your_own_value>"
|
||||||
|
schedule: "<your_own_value>"
|
||||||
|
sms-custom-server: "<your_own_value> (source system.sms-server.name)"
|
||||||
|
sms-phone: "<your_own_value>"
|
||||||
|
sms-server: "fortiguard"
|
||||||
|
ssh-certificate: "<your_own_value> (source certificate.local.name)"
|
||||||
|
ssh-public-key1: "<your_own_value>"
|
||||||
|
ssh-public-key2: "<your_own_value>"
|
||||||
|
ssh-public-key3: "<your_own_value>"
|
||||||
|
trusthost1: "<your_own_value>"
|
||||||
|
trusthost10: "<your_own_value>"
|
||||||
|
trusthost2: "<your_own_value>"
|
||||||
|
trusthost3: "<your_own_value>"
|
||||||
|
trusthost4: "<your_own_value>"
|
||||||
|
trusthost5: "<your_own_value>"
|
||||||
|
trusthost6: "<your_own_value>"
|
||||||
|
trusthost7: "<your_own_value>"
|
||||||
|
trusthost8: "<your_own_value>"
|
||||||
|
trusthost9: "<your_own_value>"
|
||||||
|
two-factor: "disable"
|
||||||
|
vdom:
|
||||||
|
-
|
||||||
|
name: "default_name_89 (source system.vdom.name)"
|
||||||
|
wildcard: "enable"
|
||||||
|
'''
|
||||||
|
|
||||||
|
RETURN = '''
|
||||||
|
build:
|
||||||
|
description: Build number of the fortigate image
|
||||||
|
returned: always
|
||||||
|
type: str
|
||||||
|
sample: '1547'
|
||||||
|
http_method:
|
||||||
|
description: Last method used to provision the content into FortiGate
|
||||||
|
returned: always
|
||||||
|
type: str
|
||||||
|
sample: 'PUT'
|
||||||
|
http_status:
|
||||||
|
description: Last result given by FortiGate on last operation applied
|
||||||
|
returned: always
|
||||||
|
type: str
|
||||||
|
sample: "200"
|
||||||
|
mkey:
|
||||||
|
description: Master key (id) used in the last call to FortiGate
|
||||||
|
returned: success
|
||||||
|
type: str
|
||||||
|
sample: "id"
|
||||||
|
name:
|
||||||
|
description: Name of the table used to fulfill the request
|
||||||
|
returned: always
|
||||||
|
type: str
|
||||||
|
sample: "urlfilter"
|
||||||
|
path:
|
||||||
|
description: Path of the table used to fulfill the request
|
||||||
|
returned: always
|
||||||
|
type: str
|
||||||
|
sample: "webfilter"
|
||||||
|
revision:
|
||||||
|
description: Internal revision number
|
||||||
|
returned: always
|
||||||
|
type: str
|
||||||
|
sample: "17.0.2.10658"
|
||||||
|
serial:
|
||||||
|
description: Serial number of the unit
|
||||||
|
returned: always
|
||||||
|
type: str
|
||||||
|
sample: "FGVMEVYYQT3AB5352"
|
||||||
|
status:
|
||||||
|
description: Indication of the operation's result
|
||||||
|
returned: always
|
||||||
|
type: str
|
||||||
|
sample: "success"
|
||||||
|
vdom:
|
||||||
|
description: Virtual domain used
|
||||||
|
returned: always
|
||||||
|
type: str
|
||||||
|
sample: "root"
|
||||||
|
version:
|
||||||
|
description: Version of the FortiGate
|
||||||
|
returned: always
|
||||||
|
type: str
|
||||||
|
sample: "v5.6.3"
|
||||||
|
|
||||||
|
'''
|
||||||
|
|
||||||
|
from ansible.module_utils.basic import AnsibleModule
|
||||||
|
|
||||||
|
fos = None
|
||||||
|
|
||||||
|
|
||||||
|
def login(data):
|
||||||
|
host = data['host']
|
||||||
|
username = data['username']
|
||||||
|
password = data['password']
|
||||||
|
|
||||||
|
fos.debug('on')
|
||||||
|
if 'https' in data and not data['https']:
|
||||||
|
fos.https('off')
|
||||||
|
else:
|
||||||
|
fos.https('on')
|
||||||
|
|
||||||
|
fos.login(host, username, password)
|
||||||
|
|
||||||
|
|
||||||
|
def filter_system_admin_data(json):
|
||||||
|
option_list = ['accprofile', 'accprofile-override', 'allow-remove-admin-session',
|
||||||
|
'comments', 'email-to', 'force-password-change',
|
||||||
|
'fortitoken', 'guest-auth', 'guest-lang',
|
||||||
|
'guest-usergroups', 'gui-dashboard', 'gui-global-menu-favorites',
|
||||||
|
'gui-vdom-menu-favorites', 'hidden', 'history0',
|
||||||
|
'history1', 'ip6-trusthost1', 'ip6-trusthost10',
|
||||||
|
'ip6-trusthost2', 'ip6-trusthost3', 'ip6-trusthost4',
|
||||||
|
'ip6-trusthost5', 'ip6-trusthost6', 'ip6-trusthost7',
|
||||||
|
'ip6-trusthost8', 'ip6-trusthost9', 'login-time',
|
||||||
|
'name', 'password', 'password-expire',
|
||||||
|
'peer-auth', 'peer-group', 'radius-vdom-override',
|
||||||
|
'remote-auth', 'remote-group', 'schedule',
|
||||||
|
'sms-custom-server', 'sms-phone', 'sms-server',
|
||||||
|
'ssh-certificate', 'ssh-public-key1', 'ssh-public-key2',
|
||||||
|
'ssh-public-key3', 'trusthost1', 'trusthost10',
|
||||||
|
'trusthost2', 'trusthost3', 'trusthost4',
|
||||||
|
'trusthost5', 'trusthost6', 'trusthost7',
|
||||||
|
'trusthost8', 'trusthost9', 'two-factor',
|
||||||
|
'vdom', 'wildcard']
|
||||||
|
dictionary = {}
|
||||||
|
|
||||||
|
for attribute in option_list:
|
||||||
|
if attribute in json and json[attribute] is not None:
|
||||||
|
dictionary[attribute] = json[attribute]
|
||||||
|
|
||||||
|
return dictionary
|
||||||
|
|
||||||
|
|
||||||
|
def flatten_multilists_attributes(data):
|
||||||
|
multilist_attrs = []
|
||||||
|
|
||||||
|
for attr in multilist_attrs:
|
||||||
|
try:
|
||||||
|
path = "data['" + "']['".join(elem for elem in attr) + "']"
|
||||||
|
current_val = eval(path)
|
||||||
|
flattened_val = ' '.join(elem for elem in current_val)
|
||||||
|
exec(path + '= flattened_val')
|
||||||
|
except BaseException:
|
||||||
|
pass
|
||||||
|
|
||||||
|
return data
|
||||||
|
|
||||||
|
|
||||||
|
def system_admin(data, fos):
|
||||||
|
vdom = data['vdom']
|
||||||
|
system_admin_data = data['system_admin']
|
||||||
|
flattened_data = flatten_multilists_attributes(system_admin_data)
|
||||||
|
filtered_data = filter_system_admin_data(flattened_data)
|
||||||
|
if system_admin_data['state'] == "present":
|
||||||
|
return fos.set('system',
|
||||||
|
'admin',
|
||||||
|
data=filtered_data,
|
||||||
|
vdom=vdom)
|
||||||
|
|
||||||
|
elif system_admin_data['state'] == "absent":
|
||||||
|
return fos.delete('system',
|
||||||
|
'admin',
|
||||||
|
mkey=filtered_data['name'],
|
||||||
|
vdom=vdom)
|
||||||
|
|
||||||
|
|
||||||
|
def fortios_system(data, fos):
|
||||||
|
login(data)
|
||||||
|
|
||||||
|
if data['system_admin']:
|
||||||
|
resp = system_admin(data, fos)
|
||||||
|
|
||||||
|
fos.logout()
|
||||||
|
return not resp['status'] == "success", resp['status'] == "success", resp
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
fields = {
|
||||||
|
"host": {"required": True, "type": "str"},
|
||||||
|
"username": {"required": True, "type": "str"},
|
||||||
|
"password": {"required": False, "type": "str", "no_log": True},
|
||||||
|
"vdom": {"required": False, "type": "str", "default": "root"},
|
||||||
|
"https": {"required": False, "type": "bool", "default": True},
|
||||||
|
"system_admin": {
|
||||||
|
"required": False, "type": "dict",
|
||||||
|
"options": {
|
||||||
|
"state": {"required": True, "type": "str",
|
||||||
|
"choices": ["present", "absent"]},
|
||||||
|
"accprofile": {"required": False, "type": "str"},
|
||||||
|
"accprofile-override": {"required": False, "type": "str",
|
||||||
|
"choices": ["enable", "disable"]},
|
||||||
|
"allow-remove-admin-session": {"required": False, "type": "str",
|
||||||
|
"choices": ["enable", "disable"]},
|
||||||
|
"comments": {"required": False, "type": "str"},
|
||||||
|
"email-to": {"required": False, "type": "str"},
|
||||||
|
"force-password-change": {"required": False, "type": "str",
|
||||||
|
"choices": ["enable", "disable"]},
|
||||||
|
"fortitoken": {"required": False, "type": "str"},
|
||||||
|
"guest-auth": {"required": False, "type": "str",
|
||||||
|
"choices": ["disable", "enable"]},
|
||||||
|
"guest-lang": {"required": False, "type": "str"},
|
||||||
|
"guest-usergroups": {"required": False, "type": "list",
|
||||||
|
"options": {
|
||||||
|
"name": {"required": True, "type": "str"}
|
||||||
|
}},
|
||||||
|
"gui-dashboard": {"required": False, "type": "list",
|
||||||
|
"options": {
|
||||||
|
"columns": {"required": False, "type": "int"},
|
||||||
|
"id": {"required": True, "type": "int"},
|
||||||
|
"layout-type": {"required": False, "type": "str",
|
||||||
|
"choices": ["responsive", "fixed"]},
|
||||||
|
"name": {"required": False, "type": "str"},
|
||||||
|
"scope": {"required": False, "type": "str",
|
||||||
|
"choices": ["global", "vdom"]},
|
||||||
|
"widget": {"required": False, "type": "list",
|
||||||
|
"options": {
|
||||||
|
"fabric-device": {"required": False, "type": "str"},
|
||||||
|
"filters": {"required": False, "type": "list",
|
||||||
|
"options": {
|
||||||
|
"id": {"required": True, "type": "int"},
|
||||||
|
"key": {"required": False, "type": "str"},
|
||||||
|
"value": {"required": False, "type": "str"}
|
||||||
|
}},
|
||||||
|
"height": {"required": False, "type": "int"},
|
||||||
|
"id": {"required": True, "type": "int"},
|
||||||
|
"industry": {"required": False, "type": "str",
|
||||||
|
"choices": ["default", "custom"]},
|
||||||
|
"interface": {"required": False, "type": "str"},
|
||||||
|
"region": {"required": False, "type": "str",
|
||||||
|
"choices": ["default", "custom"]},
|
||||||
|
"report-by": {"required": False, "type": "str",
|
||||||
|
"choices": ["source", "destination", "country",
|
||||||
|
"intfpair", "srcintf", "dstintf",
|
||||||
|
"policy", "wificlient", "shaper",
|
||||||
|
"endpoint-vulnerability", "endpoint-device", "application",
|
||||||
|
"cloud-app", "cloud-user", "web-domain",
|
||||||
|
"web-category", "web-search-phrase", "threat",
|
||||||
|
"system", "unauth", "admin",
|
||||||
|
"vpn"]},
|
||||||
|
"sort-by": {"required": False, "type": "str"},
|
||||||
|
"timeframe": {"required": False, "type": "str",
|
||||||
|
"choices": ["realtime", "5min", "hour",
|
||||||
|
"day", "week"]},
|
||||||
|
"title": {"required": False, "type": "str"},
|
||||||
|
"type": {"required": False, "type": "str",
|
||||||
|
"choices": ["sysinfo", "licinfo", "vminfo",
|
||||||
|
"forticloud", "cpu-usage", "memory-usage",
|
||||||
|
"disk-usage", "log-rate", "sessions",
|
||||||
|
"session-rate", "tr-history", "analytics",
|
||||||
|
"usb-modem", "admins", "security-fabric",
|
||||||
|
"security-fabric-ranking", "ha-status", "vulnerability-summary",
|
||||||
|
"host-scan-summary", "fortiview", "botnet-activity",
|
||||||
|
"fortimail"]},
|
||||||
|
"visualization": {"required": False, "type": "str",
|
||||||
|
"choices": ["table", "bubble", "country",
|
||||||
|
"chord"]},
|
||||||
|
"width": {"required": False, "type": "int"},
|
||||||
|
"x-pos": {"required": False, "type": "int"},
|
||||||
|
"y-pos": {"required": False, "type": "int"}
|
||||||
|
}}
|
||||||
|
}},
|
||||||
|
"gui-global-menu-favorites": {"required": False, "type": "list",
|
||||||
|
"options": {
|
||||||
|
"id": {"required": True, "type": "str"}
|
||||||
|
}},
|
||||||
|
"gui-vdom-menu-favorites": {"required": False, "type": "list",
|
||||||
|
"options": {
|
||||||
|
"id": {"required": True, "type": "str"}
|
||||||
|
}},
|
||||||
|
"hidden": {"required": False, "type": "int"},
|
||||||
|
"history0": {"required": False, "type": "str"},
|
||||||
|
"history1": {"required": False, "type": "str"},
|
||||||
|
"ip6-trusthost1": {"required": False, "type": "str"},
|
||||||
|
"ip6-trusthost10": {"required": False, "type": "str"},
|
||||||
|
"ip6-trusthost2": {"required": False, "type": "str"},
|
||||||
|
"ip6-trusthost3": {"required": False, "type": "str"},
|
||||||
|
"ip6-trusthost4": {"required": False, "type": "str"},
|
||||||
|
"ip6-trusthost5": {"required": False, "type": "str"},
|
||||||
|
"ip6-trusthost6": {"required": False, "type": "str"},
|
||||||
|
"ip6-trusthost7": {"required": False, "type": "str"},
|
||||||
|
"ip6-trusthost8": {"required": False, "type": "str"},
|
||||||
|
"ip6-trusthost9": {"required": False, "type": "str"},
|
||||||
|
"login-time": {"required": False, "type": "list",
|
||||||
|
"options": {
|
||||||
|
"last-failed-login": {"required": False, "type": "str"},
|
||||||
|
"last-login": {"required": False, "type": "str"},
|
||||||
|
"usr-name": {"required": True, "type": "str"}
|
||||||
|
}},
|
||||||
|
"name": {"required": True, "type": "str"},
|
||||||
|
"password": {"required": False, "type": "str"},
|
||||||
|
"password-expire": {"required": False, "type": "str"},
|
||||||
|
"peer-auth": {"required": False, "type": "str",
|
||||||
|
"choices": ["enable", "disable"]},
|
||||||
|
"peer-group": {"required": False, "type": "str"},
|
||||||
|
"radius-vdom-override": {"required": False, "type": "str",
|
||||||
|
"choices": ["enable", "disable"]},
|
||||||
|
"remote-auth": {"required": False, "type": "str",
|
||||||
|
"choices": ["enable", "disable"]},
|
||||||
|
"remote-group": {"required": False, "type": "str"},
|
||||||
|
"schedule": {"required": False, "type": "str"},
|
||||||
|
"sms-custom-server": {"required": False, "type": "str"},
|
||||||
|
"sms-phone": {"required": False, "type": "str"},
|
||||||
|
"sms-server": {"required": False, "type": "str",
|
||||||
|
"choices": ["fortiguard", "custom"]},
|
||||||
|
"ssh-certificate": {"required": False, "type": "str"},
|
||||||
|
"ssh-public-key1": {"required": False, "type": "str"},
|
||||||
|
"ssh-public-key2": {"required": False, "type": "str"},
|
||||||
|
"ssh-public-key3": {"required": False, "type": "str"},
|
||||||
|
"trusthost1": {"required": False, "type": "str"},
|
||||||
|
"trusthost10": {"required": False, "type": "str"},
|
||||||
|
"trusthost2": {"required": False, "type": "str"},
|
||||||
|
"trusthost3": {"required": False, "type": "str"},
|
||||||
|
"trusthost4": {"required": False, "type": "str"},
|
||||||
|
"trusthost5": {"required": False, "type": "str"},
|
||||||
|
"trusthost6": {"required": False, "type": "str"},
|
||||||
|
"trusthost7": {"required": False, "type": "str"},
|
||||||
|
"trusthost8": {"required": False, "type": "str"},
|
||||||
|
"trusthost9": {"required": False, "type": "str"},
|
||||||
|
"two-factor": {"required": False, "type": "str",
|
||||||
|
"choices": ["disable", "fortitoken", "email",
|
||||||
|
"sms"]},
|
||||||
|
"vdom": {"required": False, "type": "list",
|
||||||
|
"options": {
|
||||||
|
"name": {"required": True, "type": "str"}
|
||||||
|
}},
|
||||||
|
"wildcard": {"required": False, "type": "str",
|
||||||
|
"choices": ["enable", "disable"]}
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
module = AnsibleModule(argument_spec=fields,
|
||||||
|
supports_check_mode=False)
|
||||||
|
try:
|
||||||
|
from fortiosapi import FortiOSAPI
|
||||||
|
except ImportError:
|
||||||
|
module.fail_json(msg="fortiosapi module is required")
|
||||||
|
|
||||||
|
global fos
|
||||||
|
fos = FortiOSAPI()
|
||||||
|
|
||||||
|
is_error, has_changed, result = fortios_system(module.params, fos)
|
||||||
|
|
||||||
|
if not is_error:
|
||||||
|
module.exit_json(changed=has_changed, meta=result)
|
||||||
|
else:
|
||||||
|
module.fail_json(msg="Error in repo", meta=result)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
Loading…
Reference in New Issue