Improve Fortios IPv4 policy with logging capabilities and use the backup_filename param (#23544)

* Improve Fortios IPv4 policy with logging capabilities. While there, fix typos in examples. forti_config: use the backup_filename param and dont enforce the the filename value. * forti-typos * Add version_added for new options in the documentation
8 years ago · 811eb66703
parent 92a425a532
commit 811eb66703
2 changed files with 37 additions and 5 deletions
--- a/lib/ansible/module_utils/fortios.py
+++ b/lib/ansible/module_utils/fortios.py
@ -65,13 +65,17 @@ fortios_error_codes = {

 def backup(module,running_config):
    backup_path = module.params['backup_path']
+    backup_filename = module.params['backup_filename']
    if not os.path.exists(backup_path):
        try:
            os.mkdir(backup_path)
        except:
            module.fail_json(msg="Can't create directory {0} Permission denied ?".format(backup_path))
    tstamp = time.strftime("%Y-%m-%d@%H:%M:%S", time.localtime(time.time()))
-    filename = '%s/%s_config.%s' % (backup_path, module.params['host'], tstamp)
+    if 0 < len(backup_filename):
+        filename = '%s/%s' % (backup_path, backup_filename)
+    else:
+        filename = '%s/%s_config.%s' % (backup_path, module.params['host'], tstamp)
    try:
        open(filename, 'w').write(running_config)
    except:
--- a/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py
+++ b/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py
@ -117,6 +117,18 @@ options:
  application_list:
    description:
      - Specifies Application Control name.
+  logtraffic:
+    version_added: "2.4"
+    description:
+      - Logs sessions that matched policy.
+    default: utm
+    choices: ['disable', 'utm', 'all']
+  logtraffic_start:
+    version_added: "2.4"
+    description:
+      - Logs begining of session as well.
+    default: false
+    choices: ["true", "false"]
  comment:
    description:
      - free text to describe policy.
@ -131,12 +143,13 @@ EXAMPLES = """
    username: admin
    password: password
    id: 42
-    srcaddr: internal_network
-    dstaddr: all
+    src_addr: internal_network
+    dst_addr: all
    service: dns
    nat: True
    state: present
    policy_action: accept
+    logtraffic: disable

 - name: Public Web
  fortios_ipv4_policy:
@ -144,8 +157,8 @@ EXAMPLES = """
    username: admin
    password: password
    id: 42
-    srcaddr: all
-    dstaddr: webservers
+    src_addr: all
+    dst_addr: webservers
    services:
      - http
      - https
@ -197,6 +210,8 @@ def main():
        webfilter_profile         = dict(type='str'),
        ips_sensor                = dict(type='str'),
        application_list          = dict(type='str'),
+        logtraffic                = dict(choices=['disable','all','utm'], default='utm'),
+        logtraffic_start          = dict(type='bool', default=False),
    )

    #merge global required_if & argument_spec from module_utils/fortios.py
@ -226,6 +241,11 @@ def main():
        if module.params['fixedport']:
            module.fail_json(msg='Fixedport param requires NAT to be true.')

+    #log options
+    if module.params['logtraffic_start']:
+        if not module.params['logtraffic'] == 'all':
+            module.fail_json(msg='Logtraffic_start param requires logtraffic to be set to "all".')
+
    #id must be str(int) for pyFG to work
    policy_id = str(module.params['id'])

@ -260,6 +280,14 @@ def main():
        # action
        new_policy.set_param('action', '%s' % (module.params['policy_action']))

+        #logging
+        new_policy.set_param('logtraffic', '%s' % (module.params['logtraffic']))
+        if module.params['logtraffic'] == 'all':
+            if module.params['logtraffic_start']:
+                new_policy.set_param('logtraffic-start', 'enable')
+            else:
+                new_policy.set_param('logtraffic-start', 'disable')
+
        # Schedule
        new_policy.set_param('schedule', '%s' % (module.params['schedule']))