archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

FortiOS modules for 2.9 - 6 (#61170)

Browse Source 
* FortiOS modules for 2.9 - 5

* Update fortios_firewall_vip.py

* Update fortios_firewall_vip6.py
pull/61217/head
Miguel Angel Muñoz González 5 years ago committed by Nilashish Chakraborty
parent 2ce3ce8477
commit a6837609e2
41 changed files with 8039 additions and 1505 deletions
Show Stats Download Patch File Download Diff File

370
lib/ansible/modules/network/fortios/fortios_ips_sensor.py
Unescape Escape View File

@ -1,6 +1,6 @@
#!/usr/bin/python
from __future__ import (absolute_import, division, print_function)
# Copyright 2018 Fortinet, Inc.
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -27,12 +24,12 @@ ANSIBLE_METADATA = {'status': ['preview'],
DOCUMENTATION = '''
---
module: fortios_ips_sensor
short_description: Configure IPS sensor.
short_description: Configure IPS sensor in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by
allowing the user to configure ips feature and sensor category.
Examples includes all options and need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify ips feature and sensor category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,56 +41,73 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: false
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
state:
description:
- Indicates whether to create or remove the object.
type: str
required: true
choices:
- present
- absent
version_added: 2.9
ips_sensor:
description:
- Configure IPS sensor.
default: null
type: dict
suboptions:
state:
description:
- Indicates whether to create or remove the object
choices:
- present
- absent
block-malicious-url:
block_malicious_url:
description:
- Enable/disable malicious URL blocking.
type: str
choices:
- disable
- enable
comment:
description:
- Comment.
type: str
entries:
description:
- IPS sensor filter.
type: list
suboptions:
action:
description:
- Action taken with traffic in which signatures are detected.
type: str
choices:
- pass
- block
@ -103,83 +117,102 @@ options:
description:
- Applications to be protected. set application ? lists available applications. all includes all applications. other includes all
unlisted applications.
exempt-ip:
type: str
exempt_ip:
description:
- Traffic from selected source or destination IP addresses is exempt from this signature.
type: list
suboptions:
dst-ip:
dst_ip:
description:
- Destination IP address and netmask.
type: str
id:
description:
- Exempt IP ID.
required: true
src-ip:
type: int
src_ip:
description:
- Source IP address and netmask.
type: str
id:
description:
- Rule ID in IPS database (0 - 4294967295).
required: true
type: int
location:
description:
- Protect client or server traffic.
type: str
log:
description:
- Enable/disable logging of signatures included in filter.
type: str
choices:
- disable
- enable
log-attack-context:
log_attack_context:
description:
- "Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer."
type: str
choices:
- disable
- enable
log-packet:
log_packet:
description:
- Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format
for diagnostic use.
type: str
choices:
- disable
- enable
os:
description:
- Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems.
type: str
protocol:
description:
- Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted
protocols.
type: str
quarantine:
description:
- Quarantine method.
type: str
choices:
- none
- attacker
quarantine-expiry:
quarantine_expiry:
description:
- Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to attacker.
quarantine-log:
- Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker.
type: str
quarantine_log:
description:
- Enable/disable quarantine logging.
type: str
choices:
- disable
- enable
rate-count:
rate_count:
description:
- Count of the rate.
rate-duration:
type: int
rate_duration:
description:
- Duration (sec) of the rate.
rate-mode:
type: int
rate_mode:
description:
- Rate limit mode.
type: str
choices:
- periodical
- continuous
rate-track:
rate_track:
description:
- Track the packet protocol field.
type: str
choices:
- none
- src-ip
@ -189,35 +222,42 @@ options:
rule:
description:
- Identifies the predefined or custom IPS signatures to add to the sensor.
type: list
suboptions:
id:
description:
- Rule IPS.
required: true
type: int
severity:
description:
- Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity.
type: str
status:
description:
- Status of the signatures included in filter. default enables the filter and only use filters with default status of enable.
Filters with default status of disable will not be used.
type: str
choices:
- disable
- enable
- default
extended-log:
extended_log:
description:
- Enable/disable extended logging.
type: str
choices:
- enable
- disable
filter:
description:
- IPS sensor filter.
type: list
suboptions:
action:
description:
- Action of selected rules.
type: str
choices:
- pass
- block
@ -226,18 +266,22 @@ options:
application:
description:
- Vulnerable application filter.
type: str
location:
description:
- Vulnerability location filter.
type: str
log:
description:
- Enable/disable logging of selected rules.
type: str
choices:
- disable
- enable
log-packet:
log_packet:
description:
- Enable/disable packet logging of selected rules.
type: str
choices:
- disable
- enable
@ -245,33 +289,41 @@ options:
description:
- Filter name.
required: true
type: str
os:
description:
- Vulnerable OS filter.
type: str
protocol:
description:
- Vulnerable protocol filter.
type: str
quarantine:
description:
- Quarantine IP or interface.
type: str
choices:
- none
- attacker
quarantine-expiry:
quarantine_expiry:
description:
- Duration of quarantine in minute.
quarantine-log:
type: int
quarantine_log:
description:
- Enable/disable logging of selected quarantine.
type: str
choices:
- disable
- enable
severity:
description:
- Vulnerability severity filter.
type: str
status:
description:
- Selected rules status.
type: str
choices:
- disable
- enable
@ -280,71 +332,85 @@ options:
description:
- Sensor name.
required: true
type: str
override:
description:
- IPS override rule.
type: list
suboptions:
action:
description:
- Action of override rule.
type: str
choices:
- pass
- block
- reset
exempt-ip:
exempt_ip:
description:
- Exempted IP.
type: list
suboptions:
dst-ip:
dst_ip:
description:
- Destination IP address and netmask.
type: str
id:
description:
- Exempt IP ID.
required: true
src-ip:
type: int
src_ip:
description:
- Source IP address and netmask.
type: str
log:
description:
- Enable/disable logging.
type: str
choices:
- disable
- enable
log-packet:
log_packet:
description:
- Enable/disable packet logging.
type: str
choices:
- disable
- enable
quarantine:
description:
- Quarantine IP or interface.
type: str
choices:
- none
- attacker
quarantine-expiry:
quarantine_expiry:
description:
- Duration of quarantine in minute.
quarantine-log:
type: int
quarantine_log:
description:
- Enable/disable logging of selected quarantine.
type: str
choices:
- disable
- enable
rule-id:
rule_id:
description:
- Override rule ID.
required: true
type: int
status:
description:
- Enable/disable status of override rule.
type: str
choices:
- disable
- enable
replacemsg-group:
replacemsg_group:
description:
- Replacement message group. Source system.replacemsg-group.name.
type: str
'''
EXAMPLES = '''
@ -354,78 +420,80 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure IPS sensor.
fortios_ips_sensor:
host: "{{ host }}"
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
vdom: "{{ vdom }}"
https: "False"
state: "present"
ips_sensor:
state: "present"
block-malicious-url: "disable"
block_malicious_url: "disable"
comment: "Comment."
entries:
-
action: "pass"
application: "<your_own_value>"
exempt-ip:
exempt_ip:
-
dst-ip: "<your_own_value>"
dst_ip: "<your_own_value>"
id: "10"
src-ip: "<your_own_value>"
src_ip: "<your_own_value>"
id: "12"
location: "<your_own_value>"
log: "disable"
log-attack-context: "disable"
log-packet: "disable"
log_attack_context: "disable"
log_packet: "disable"
os: "<your_own_value>"
protocol: "<your_own_value>"
quarantine: "none"
quarantine-expiry: "<your_own_value>"
quarantine-log: "disable"
rate-count: "22"
rate-duration: "23"
rate-mode: "periodical"
rate-track: "none"
quarantine_expiry: "<your_own_value>"
quarantine_log: "disable"
rate_count: "22"
rate_duration: "23"
rate_mode: "periodical"
rate_track: "none"
rule:
-
id: "27"
severity: "<your_own_value>"
status: "disable"
extended-log: "enable"
extended_log: "enable"
filter:
-
action: "pass"
application: "<your_own_value>"
location: "<your_own_value>"
log: "disable"
log-packet: "disable"
log_packet: "disable"
name: "default_name_37"
os: "<your_own_value>"
protocol: "<your_own_value>"
quarantine: "none"
quarantine-expiry: "41"
quarantine-log: "disable"
quarantine_expiry: "41"
quarantine_log: "disable"
severity: "<your_own_value>"
status: "disable"
name: "default_name_45"
override:
-
action: "pass"
exempt-ip:
exempt_ip:
-
dst-ip: "<your_own_value>"
dst_ip: "<your_own_value>"
id: "50"
src-ip: "<your_own_value>"
src_ip: "<your_own_value>"
log: "disable"
log-packet: "disable"
log_packet: "disable"
quarantine: "none"
quarantine-expiry: "55"
quarantine-log: "disable"
rule-id: "57"
quarantine_expiry: "55"
quarantine_log: "disable"
rule_id: "57"
status: "disable"
replacemsg-group: "<your_own_value> (source system.replacemsg-group.name)"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
'''
RETURN = '''
@ -448,7 +516,7 @@ mkey:
description: Master key (id) used in the last call to FortiGate
returned: success
type: str
sample: "key1"
sample: "id"
name:
description: Name of the table used to fulfill the request
returned: always
@ -488,14 +556,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -503,65 +573,83 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_ips_sensor_data(json):
option_list = ['block-malicious-url', 'comment', 'entries',
'extended-log', 'filter', 'name',
'override', 'replacemsg-group']
option_list = ['block_malicious_url', 'comment', 'entries',
'extended_log', 'filter', 'name',
'override', 'replacemsg_group']
dictionary = {}
for attribute in option_list:
if attribute in json:
if attribute in json and json[attribute] is not None:
dictionary[attribute] = json[attribute]
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def ips_sensor(data, fos):
vdom = data['vdom']
state = data['state']
ips_sensor_data = data['ips_sensor']
filtered_data = filter_ips_sensor_data(ips_sensor_data)
if ips_sensor_data['state'] == "present":
filtered_data = underscore_to_hyphen(filter_ips_sensor_data(ips_sensor_data))
if state == "present":
return fos.set('ips',
'sensor',
data=filtered_data,
vdom=vdom)
elif ips_sensor_data['state'] == "absent":
elif state == "absent":
return fos.delete('ips',
'sensor',
mkey=filtered_data['name'],
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_ips(data, fos):
login(data)
methodlist = ['ips_sensor']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['ips_sensor']:
resp = ips_sensor(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": "False"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"ips_sensor": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"block-malicious-url": {"required": False, "type": "str",
"block_malicious_url": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"comment": {"required": False, "type": "str"},
"entries": {"required": False, "type": "list",
@ -570,32 +658,32 @@ def main():
"choices": ["pass", "block", "reset",
"default"]},
"application": {"required": False, "type": "str"},
"exempt-ip": {"required": False, "type": "list",
"exempt_ip": {"required": False, "type": "list",
"options": {
"dst-ip": {"required": False, "type": "str"},
"dst_ip": {"required": False, "type": "str"},
"id": {"required": True, "type": "int"},
"src-ip": {"required": False, "type": "str"}
"src_ip": {"required": False, "type": "str"}
}},
"id": {"required": True, "type": "int"},
"location": {"required": False, "type": "str"},
"log": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"log-attack-context": {"required": False, "type": "str",
"log_attack_context": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"log-packet": {"required": False, "type": "str",
"log_packet": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"os": {"required": False, "type": "str"},
"protocol": {"required": False, "type": "str"},
"quarantine": {"required": False, "type": "str",
"choices": ["none", "attacker"]},
"quarantine-expiry": {"required": False, "type": "str"},
"quarantine-log": {"required": False, "type": "str",
"quarantine_expiry": {"required": False, "type": "str"},
"quarantine_log": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"rate-count": {"required": False, "type": "int"},
"rate-duration": {"required": False, "type": "int"},
"rate-mode": {"required": False, "type": "str",
"rate_count": {"required": False, "type": "int"},
"rate_duration": {"required": False, "type": "int"},
"rate_mode": {"required": False, "type": "str",
"choices": ["periodical", "continuous"]},
"rate-track": {"required": False, "type": "str",
"rate_track": {"required": False, "type": "str",
"choices": ["none", "src-ip", "dest-ip",
"dhcp-client-mac", "dns-domain"]},
"rule": {"required": False, "type": "list",
@ -606,7 +694,7 @@ def main():
"status": {"required": False, "type": "str",
"choices": ["disable", "enable", "default"]}
}},
"extended-log": {"required": False, "type": "str",
"extended_log": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "list",
"options": {
@ -617,15 +705,15 @@ def main():
"location": {"required": False, "type": "str"},
"log": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"log-packet": {"required": False, "type": "str",
"log_packet": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"name": {"required": True, "type": "str"},
"os": {"required": False, "type": "str"},
"protocol": {"required": False, "type": "str"},
"quarantine": {"required": False, "type": "str",
"choices": ["none", "attacker"]},
"quarantine-expiry": {"required": False, "type": "int"},
"quarantine-log": {"required": False, "type": "str",
"quarantine_expiry": {"required": False, "type": "int"},
"quarantine_log": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"severity": {"required": False, "type": "str"},
"status": {"required": False, "type": "str",
@ -636,26 +724,26 @@ def main():
"options": {
"action": {"required": False, "type": "str",
"choices": ["pass", "block", "reset"]},
"exempt-ip": {"required": False, "type": "list",
"exempt_ip": {"required": False, "type": "list",
"options": {
"dst-ip": {"required": False, "type": "str"},
"dst_ip": {"required": False, "type": "str"},
"id": {"required": True, "type": "int"},
"src-ip": {"required": False, "type": "str"}
"src_ip": {"required": False, "type": "str"}
}},
"log": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"log-packet": {"required": False, "type": "str",
"log_packet": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"quarantine": {"required": False, "type": "str",
"choices": ["none", "attacker"]},
"quarantine-expiry": {"required": False, "type": "int"},
"quarantine-log": {"required": False, "type": "str",
"quarantine_expiry": {"required": False, "type": "int"},
"quarantine_log": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"rule-id": {"required": True, "type": "int"},
"rule_id": {"required": False, "type": "int"},
"status": {"required": False, "type": "str",
"choices": ["disable", "enable"]}
}},
"replacemsg-group": {"required": False, "type": "str"}
"replacemsg_group": {"required": False, "type": "str"}
}
}
@ -663,15 +751,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_ips(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_ips(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_ips(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

149
lib/ansible/modules/network/fortios/fortios_ips_settings.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_ips_settings
short_description: Configure IPS VDOM parameter in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by
allowing the user to configure ips feature and settings category.
Examples includes all options and need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify ips feature and settings category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,46 +41,60 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip adress.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
ips_settings:
description:
- Configure IPS VDOM parameter.
default: null
type: dict
suboptions:
ips-packet-quota:
ips_packet_quota:
description:
- Maximum amount of disk space in MB for logged packets when logging to disk. Range depends on disk size.
packet-log-history:
type: int
packet_log_history:
description:
- Number of packets to capture before and including the one in which the IPS signature is detected (1 - 255).
packet-log-memory:
type: int
packet_log_memory:
description:
- Maximum memory can be used by packet log (64 - 8192 kB).
packet-log-post-attack:
type: int
packet_log_post_attack:
description:
- Number of packets to log after the IPS signature is detected (0 - 255).
type: int
'''
EXAMPLES = '''
@ -93,6 +104,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure IPS VDOM parameter.
fortios_ips_settings:
@ -102,10 +114,10 @@ EXAMPLES = '''
vdom: "{{ vdom }}"
https: "False"
ips_settings:
ips-packet-quota: "3"
packet-log-history: "4"
packet-log-memory: "5"
packet-log-post-attack: "6"
ips_packet_quota: "3"
packet_log_history: "4"
packet_log_memory: "5"
packet_log_post_attack: "6"
'''
RETURN = '''
@ -168,14 +180,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -183,12 +197,12 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_ips_settings_data(json):
option_list = ['ips-packet-quota', 'packet-log-history', 'packet-log-memory',
'packet-log-post-attack']
option_list = ['ips_packet_quota', 'packet_log_history', 'packet_log_memory',
'packet_log_post_attack']
dictionary = {}
for attribute in option_list:
@ -198,43 +212,60 @@ def filter_ips_settings_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def ips_settings(data, fos):
vdom = data['vdom']
ips_settings_data = data['ips_settings']
filtered_data = filter_ips_settings_data(ips_settings_data)
filtered_data = underscore_to_hyphen(filter_ips_settings_data(ips_settings_data))
return fos.set('ips',
'settings',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_ips(data, fos):
login(data)
methodlist = ['ips_settings']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['ips_settings']:
resp = ips_settings(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"ips_settings": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"ips-packet-quota": {"required": False, "type": "int"},
"packet-log-history": {"required": False, "type": "int"},
"packet-log-memory": {"required": False, "type": "int"},
"packet-log-post-attack": {"required": False, "type": "int"}
"ips_packet_quota": {"required": False, "type": "int"},
"packet_log_history": {"required": False, "type": "int"},
"packet_log_memory": {"required": False, "type": "int"},
"packet_log_post_attack": {"required": False, "type": "int"}
}
}
@ -242,15 +273,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_ips(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_ips(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_ips(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

142
lib/ansible/modules/network/fortios/fortios_log_custom_field.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_custom_field
short_description: Configure custom log fields in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log feature and custom_field category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,50 +41,66 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
state:
description:
- Indicates whether to create or remove the object.
type: str
required: true
choices:
- present
- absent
version_added: 2.9
log_custom_field:
description:
- Configure custom log fields.
default: null
type: dict
suboptions:
state:
description:
- Indicates whether to create or remove the object
choices:
- present
- absent
id:
description:
- field ID <string>.
required: true
type: str
name:
description:
- "Field name (max: 15 characters)."
type: str
value:
description:
- "Field value (max: 15 characters)."
type: str
'''
EXAMPLES = '''
@ -97,6 +110,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure custom log fields.
fortios_log_custom_field:
@ -105,8 +119,8 @@ EXAMPLES = '''
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
state: "present"
log_custom_field:
state: "present"
id: "3"
name: "default_name_4"
value: "<your_own_value>"
@ -172,14 +186,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -187,7 +203,7 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_custom_field_data(json):
@ -201,48 +217,66 @@ def filter_log_custom_field_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_custom_field(data, fos):
vdom = data['vdom']
state = data['state']
log_custom_field_data = data['log_custom_field']
filtered_data = filter_log_custom_field_data(log_custom_field_data)
if log_custom_field_data['state'] == "present":
filtered_data = underscore_to_hyphen(filter_log_custom_field_data(log_custom_field_data))
if state == "present":
return fos.set('log',
'custom-field',
data=filtered_data,
vdom=vdom)
elif log_custom_field_data['state'] == "absent":
elif state == "absent":
return fos.delete('log',
'custom-field',
mkey=filtered_data['id'],
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log(data, fos):
login(data)
methodlist = ['log_custom_field']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_custom_field']:
resp = log_custom_field(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"log_custom_field": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"id": {"required": True, "type": "str"},
"name": {"required": False, "type": "str"},
"value": {"required": False, "type": "str"}
@ -253,15 +287,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

260
lib/ansible/modules/network/fortios/fortios_log_disk_filter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -30,10 +27,10 @@ module: fortios_log_disk_filter
short_description: Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type in
Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_disk feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -45,160 +42,193 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_disk_filter:
description:
- Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type.
default: null
type: dict
suboptions:
admin:
description:
- Enable/disable admin login/logout logging.
type: str
choices:
- enable
- disable
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
auth:
description:
- Enable/disable firewall authentication logging.
type: str
choices:
- enable
- disable
cpu-memory-usage:
cpu_memory_usage:
description:
- Enable/disable CPU & memory usage logging every 5 minutes.
type: str
choices:
- enable
- disable
dhcp:
description:
- Enable/disable DHCP service messages logging.
type: str
choices:
- enable
- disable
dlp-archive:
dlp_archive:
description:
- Enable/disable DLP archive logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
event:
description:
- Enable/disable event logging.
type: str
choices:
- enable
- disable
filter:
description:
- Disk log filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
ha:
description:
- Enable/disable HA logging.
type: str
choices:
- enable
- disable
ipsec:
description:
- Enable/disable IPsec negotiation messages logging.
type: str
choices:
- enable
- disable
ldb-monitor:
ldb_monitor:
description:
- Enable/disable VIP real server health monitoring logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
pattern:
description:
- Enable/disable pattern update logging.
type: str
choices:
- enable
- disable
ppp:
description:
- Enable/disable L2TP/PPTP/PPPoE logging.
type: str
choices:
- enable
- disable
radius:
description:
- Enable/disable RADIUS messages logging.
type: str
choices:
- enable
- disable
severity:
description:
- Log to disk every message above and including this severity level.
type: str
choices:
- emergency
- alert
@ -208,63 +238,73 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
sslvpn-log-adm:
sslvpn_log_adm:
description:
- Enable/disable SSL administrator login logging.
type: str
choices:
- enable
- disable
sslvpn-log-auth:
sslvpn_log_auth:
description:
- Enable/disable SSL user authentication logging.
type: str
choices:
- enable
- disable
sslvpn-log-session:
sslvpn_log_session:
description:
- Enable/disable SSL session logging.
type: str
choices:
- enable
- disable
system:
description:
- Enable/disable system activity logging.
type: str
choices:
- enable
- disable
vip-ssl:
vip_ssl:
description:
- Enable/disable VIP SSL logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
wan-opt:
wan_opt:
description:
- Enable/disable WAN optimization event logging.
type: str
choices:
- enable
- disable
wireless-activity:
wireless_activity:
description:
- Enable/disable wireless activity event logging.
type: str
choices:
- enable
- disable
@ -277,6 +317,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type.
fortios_log_disk_filter:
@ -289,36 +330,36 @@ EXAMPLES = '''
admin: "enable"
anomaly: "enable"
auth: "enable"
cpu-memory-usage: "enable"
cpu_memory_usage: "enable"
dhcp: "enable"
dlp-archive: "enable"
dlp_archive: "enable"
dns: "enable"
event: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
ha: "enable"
ipsec: "enable"
ldb-monitor: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
ldb_monitor: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
pattern: "enable"
ppp: "enable"
radius: "enable"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
sslvpn-log-adm: "enable"
sslvpn-log-auth: "enable"
sslvpn-log-session: "enable"
sslvpn_log_adm: "enable"
sslvpn_log_auth: "enable"
sslvpn_log_session: "enable"
system: "enable"
vip-ssl: "enable"
vip_ssl: "enable"
voip: "enable"
wan-opt: "enable"
wireless-activity: "enable"
wan_opt: "enable"
wireless_activity: "enable"
'''
RETURN = '''
@ -381,14 +422,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -396,21 +439,21 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_disk_filter_data(json):
option_list = ['admin', 'anomaly', 'auth',
'cpu-memory-usage', 'dhcp', 'dlp-archive',
'cpu_memory_usage', 'dhcp', 'dlp_archive',
'dns', 'event', 'filter',
'filter-type', 'forward-traffic', 'gtp',
'ha', 'ipsec', 'ldb-monitor',
'local-traffic', 'multicast-traffic', 'netscan-discovery',
'netscan-vulnerability', 'pattern', 'ppp',
'radius', 'severity', 'sniffer-traffic',
'ssh', 'sslvpn-log-adm', 'sslvpn-log-auth',
'sslvpn-log-session', 'system', 'vip-ssl',
'voip', 'wan-opt', 'wireless-activity']
'filter_type', 'forward_traffic', 'gtp',
'ha', 'ipsec', 'ldb_monitor',
'local_traffic', 'multicast_traffic', 'netscan_discovery',
'netscan_vulnerability', 'pattern', 'ppp',
'radius', 'severity', 'sniffer_traffic',
'ssh', 'sslvpn_log_adm', 'sslvpn_log_auth',
'sslvpn_log_session', 'system', 'vip_ssl',
'voip', 'wan_opt', 'wireless_activity']
dictionary = {}
for attribute in option_list:
@ -420,38 +463,55 @@ def filter_log_disk_filter_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_disk_filter(data, fos):
vdom = data['vdom']
log_disk_filter_data = data['log_disk_filter']
filtered_data = filter_log_disk_filter_data(log_disk_filter_data)
filtered_data = underscore_to_hyphen(filter_log_disk_filter_data(log_disk_filter_data))
return fos.set('log.disk',
'filter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_disk(data, fos):
login(data)
methodlist = ['log_disk_filter']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_disk_filter']:
resp = log_disk_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_disk_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"admin": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -459,20 +519,20 @@ def main():
"choices": ["enable", "disable"]},
"auth": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"cpu-memory-usage": {"required": False, "type": "str",
"cpu_memory_usage": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dhcp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dlp-archive": {"required": False, "type": "str",
"dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"event": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -480,14 +540,14 @@ def main():
"choices": ["enable", "disable"]},
"ipsec": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ldb-monitor": {"required": False, "type": "str",
"ldb_monitor": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"pattern": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ppp": {"required": False, "type": "str",
@ -498,25 +558,25 @@ def main():
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"sslvpn-log-adm": {"required": False, "type": "str",
"sslvpn_log_adm": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"sslvpn-log-auth": {"required": False, "type": "str",
"sslvpn_log_auth": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"sslvpn-log-session": {"required": False, "type": "str",
"sslvpn_log_session": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"system": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"vip-ssl": {"required": False, "type": "str",
"vip_ssl": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"voip": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"wan-opt": {"required": False, "type": "str",
"wan_opt": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"wireless-activity": {"required": False, "type": "str",
"wireless_activity": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
@ -525,15 +585,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_disk(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_disk(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_disk(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

272
lib/ansible/modules/network/fortios/fortios_log_disk_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_disk_setting
short_description: Settings for local disk logging in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_disk feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,77 +41,98 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_disk_setting:
description:
- Settings for local disk logging.
default: null
type: dict
suboptions:
diskfull:
description:
- Action to take when disk is full. The system can overwrite the oldest log messages or stop logging when the disk is full (default =
overwrite).
- Action to take when disk is full. The system can overwrite the oldest log messages or stop logging when the disk is full .
type: str
choices:
- overwrite
- nolog
dlp-archive-quota:
dlp_archive_quota:
description:
- DLP archive quota (MB).
full-final-warning-threshold:
type: int
full_final_warning_threshold:
description:
- Log full final warning threshold as a percent (3 - 100, default = 95).
full-first-warning-threshold:
- Log full final warning threshold as a percent (3 - 100).
type: int
full_first_warning_threshold:
description:
- Log full first warning threshold as a percent (1 - 98, default = 75).
full-second-warning-threshold:
- Log full first warning threshold as a percent (1 - 98).
type: int
full_second_warning_threshold:
description:
- Log full second warning threshold as a percent (2 - 99, default = 90).
ips-archive:
- Log full second warning threshold as a percent (2 - 99).
type: int
ips_archive:
description:
- Enable/disable IPS packet archiving to the local disk.
type: str
choices:
- enable
- disable
log-quota:
log_quota:
description:
- Disk log quota (MB).
max-log-file-size:
type: int
max_log_file_size:
description:
- Maximum log file size before rolling (1 - 100 Mbytes).
max-policy-packet-capture-size:
type: int
max_policy_packet_capture_size:
description:
- Maximum size of policy sniffer in MB (0 means unlimited).
maximum-log-age:
type: int
maximum_log_age:
description:
- Delete log files older than (days).
report-quota:
type: int
report_quota:
description:
- Report quota (MB).
roll-day:
type: int
roll_day:
description:
- Day of week on which to roll log file.
type: str
choices:
- sunday
- monday
@ -123,44 +141,52 @@ options:
- thursday
- friday
- saturday
roll-schedule:
roll_schedule:
description:
- Frequency to check log file for rolling.
type: str
choices:
- daily
- weekly
roll-time:
roll_time:
description:
- "Time of day to roll the log file (hh:mm)."
source-ip:
type: str
source_ip:
description:
- Source IP address to use for uploading disk log files.
type: str
status:
description:
- Enable/disable local disk logging.
type: str
choices:
- enable
- disable
upload:
description:
- Enable/disable uploading log files when they are rolled.
type: str
choices:
- enable
- disable
upload-delete-files:
upload_delete_files:
description:
- Delete log files after uploading (default = enable).
- Delete log files after uploading .
type: str
choices:
- enable
- disable
upload-destination:
upload_destination:
description:
- The type of server to upload log files to. Only FTP is currently supported.
type: str
choices:
- ftp-server
upload-ssl-conn:
upload_ssl_conn:
description:
- Enable/disable encrypted FTPS communication to upload log files.
type: str
choices:
- default
- high
@ -169,27 +195,34 @@ options:
uploaddir:
description:
- The remote directory on the FTP server to upload log files to.
type: str
uploadip:
description:
- IP address of the FTP server to upload log files to.
type: str
uploadpass:
description:
- Password required to log into the FTP server to upload disk log files.
type: str
uploadport:
description:
- TCP port to use for communicating with the FTP server (default = 21).
- TCP port to use for communicating with the FTP server .
type: int
uploadsched:
description:
- Set the schedule for uploading log files to the FTP server (default = disable = upload when rolling).
- Set the schedule for uploading log files to the FTP server .
type: str
choices:
- disable
- enable
uploadtime:
description:
- "Time of day at which log files are uploaded if uploadsched is enabled (hh:mm or hh)."
type: str
uploadtype:
description:
- Types of log files to upload. Separate multiple entries with a space.
type: str
choices:
- traffic
- event
@ -209,6 +242,7 @@ options:
uploaduser:
description:
- Username required to log into the FTP server to upload disk log files.
type: str
'''
EXAMPLES = '''
@ -218,6 +252,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Settings for local disk logging.
fortios_log_disk_setting:
@ -228,25 +263,25 @@ EXAMPLES = '''
https: "False"
log_disk_setting:
diskfull: "overwrite"
dlp-archive-quota: "4"
full-final-warning-threshold: "5"
full-first-warning-threshold: "6"
full-second-warning-threshold: "7"
ips-archive: "enable"
log-quota: "9"
max-log-file-size: "10"
max-policy-packet-capture-size: "11"
maximum-log-age: "12"
report-quota: "13"
roll-day: "sunday"
roll-schedule: "daily"
roll-time: "<your_own_value>"
source-ip: "84.230.14.43"
dlp_archive_quota: "4"
full_final_warning_threshold: "5"
full_first_warning_threshold: "6"
full_second_warning_threshold: "7"
ips_archive: "enable"
log_quota: "9"
max_log_file_size: "10"
max_policy_packet_capture_size: "11"
maximum_log_age: "12"
report_quota: "13"
roll_day: "sunday"
roll_schedule: "daily"
roll_time: "<your_own_value>"
source_ip: "84.230.14.43"
status: "enable"
upload: "enable"
upload-delete-files: "enable"
upload-destination: "ftp-server"
upload-ssl-conn: "default"
upload_delete_files: "enable"
upload_destination: "ftp-server"
upload_ssl_conn: "default"
uploaddir: "<your_own_value>"
uploadip: "<your_own_value>"
uploadpass: "<your_own_value>"
@ -317,14 +352,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -332,17 +369,17 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_disk_setting_data(json):
option_list = ['diskfull', 'dlp-archive-quota', 'full-final-warning-threshold',
'full-first-warning-threshold', 'full-second-warning-threshold', 'ips-archive',
'log-quota', 'max-log-file-size', 'max-policy-packet-capture-size',
'maximum-log-age', 'report-quota', 'roll-day',
'roll-schedule', 'roll-time', 'source-ip',
'status', 'upload', 'upload-delete-files',
'upload-destination', 'upload-ssl-conn', 'uploaddir',
option_list = ['diskfull', 'dlp_archive_quota', 'full_final_warning_threshold',
'full_first_warning_threshold', 'full_second_warning_threshold', 'ips_archive',
'log_quota', 'max_log_file_size', 'max_policy_packet_capture_size',
'maximum_log_age', 'report_quota', 'roll_day',
'roll_schedule', 'roll_time', 'source_ip',
'status', 'upload', 'upload_delete_files',
'upload_destination', 'upload_ssl_conn', 'uploaddir',
'uploadip', 'uploadpass', 'uploadport',
'uploadsched', 'uploadtime', 'uploadtype',
'uploaduser']
@ -355,69 +392,86 @@ def filter_log_disk_setting_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_disk_setting(data, fos):
vdom = data['vdom']
log_disk_setting_data = data['log_disk_setting']
filtered_data = filter_log_disk_setting_data(log_disk_setting_data)
filtered_data = underscore_to_hyphen(filter_log_disk_setting_data(log_disk_setting_data))
return fos.set('log.disk',
'setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_disk(data, fos):
login(data)
methodlist = ['log_disk_setting']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_disk_setting']:
resp = log_disk_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_disk_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"diskfull": {"required": False, "type": "str",
"choices": ["overwrite", "nolog"]},
"dlp-archive-quota": {"required": False, "type": "int"},
"full-final-warning-threshold": {"required": False, "type": "int"},
"full-first-warning-threshold": {"required": False, "type": "int"},
"full-second-warning-threshold": {"required": False, "type": "int"},
"ips-archive": {"required": False, "type": "str",
"dlp_archive_quota": {"required": False, "type": "int"},
"full_final_warning_threshold": {"required": False, "type": "int"},
"full_first_warning_threshold": {"required": False, "type": "int"},
"full_second_warning_threshold": {"required": False, "type": "int"},
"ips_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"log-quota": {"required": False, "type": "int"},
"max-log-file-size": {"required": False, "type": "int"},
"max-policy-packet-capture-size": {"required": False, "type": "int"},
"maximum-log-age": {"required": False, "type": "int"},
"report-quota": {"required": False, "type": "int"},
"roll-day": {"required": False, "type": "str",
"log_quota": {"required": False, "type": "int"},
"max_log_file_size": {"required": False, "type": "int"},
"max_policy_packet_capture_size": {"required": False, "type": "int"},
"maximum_log_age": {"required": False, "type": "int"},
"report_quota": {"required": False, "type": "int"},
"roll_day": {"required": False, "type": "str",
"choices": ["sunday", "monday", "tuesday",
"wednesday", "thursday", "friday",
"saturday"]},
"roll-schedule": {"required": False, "type": "str",
"roll_schedule": {"required": False, "type": "str",
"choices": ["daily", "weekly"]},
"roll-time": {"required": False, "type": "str"},
"source-ip": {"required": False, "type": "str"},
"roll_time": {"required": False, "type": "str"},
"source_ip": {"required": False, "type": "str"},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"upload": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"upload-delete-files": {"required": False, "type": "str",
"upload_delete_files": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"upload-destination": {"required": False, "type": "str",
"upload_destination": {"required": False, "type": "str",
"choices": ["ftp-server"]},
"upload-ssl-conn": {"required": False, "type": "str",
"upload_ssl_conn": {"required": False, "type": "str",
"choices": ["default", "high", "low",
"disable"]},
"uploaddir": {"required": False, "type": "str"},
@ -441,15 +495,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_disk(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_disk(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_disk(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

154
lib/ansible/modules/network/fortios/fortios_log_eventfilter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_eventfilter
short_description: Configure log event filters in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log feature and eventfilter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,97 +41,118 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_eventfilter:
description:
- Configure log event filters.
default: null
type: dict
suboptions:
compliance-check:
compliance_check:
description:
- Enable/disable PCI DSS compliance check logging.
type: str
choices:
- enable
- disable
endpoint:
description:
- Enable/disable endpoint event logging.
type: str
choices:
- enable
- disable
event:
description:
- Enable/disable event logging.
type: str
choices:
- enable
- disable
ha:
description:
- Enable/disable ha event logging.
type: str
choices:
- enable
- disable
router:
description:
- Enable/disable router event logging.
type: str
choices:
- enable
- disable
security-rating:
security_rating:
description:
- Enable/disable Security Rating result logging.
type: str
choices:
- enable
- disable
system:
description:
- Enable/disable system event logging.
type: str
choices:
- enable
- disable
user:
description:
- Enable/disable user authentication event logging.
type: str
choices:
- enable
- disable
vpn:
description:
- Enable/disable VPN event logging.
type: str
choices:
- enable
- disable
wan-opt:
wan_opt:
description:
- Enable/disable WAN optimization event logging.
type: str
choices:
- enable
- disable
wireless-activity:
wireless_activity:
description:
- Enable/disable wireless event logging.
type: str
choices:
- enable
- disable
@ -147,6 +165,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure log event filters.
fortios_log_eventfilter:
@ -156,17 +175,17 @@ EXAMPLES = '''
vdom: "{{ vdom }}"
https: "False"
log_eventfilter:
compliance-check: "enable"
compliance_check: "enable"
endpoint: "enable"
event: "enable"
ha: "enable"
router: "enable"
security-rating: "enable"
security_rating: "enable"
system: "enable"
user: "enable"
vpn: "enable"
wan-opt: "enable"
wireless-activity: "enable"
wan_opt: "enable"
wireless_activity: "enable"
'''
RETURN = '''
@ -229,14 +248,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -244,14 +265,14 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_eventfilter_data(json):
option_list = ['compliance-check', 'endpoint', 'event',
'ha', 'router', 'security-rating',
option_list = ['compliance_check', 'endpoint', 'event',
'ha', 'router', 'security_rating',
'system', 'user', 'vpn',
'wan-opt', 'wireless-activity']
'wan_opt', 'wireless_activity']
dictionary = {}
for attribute in option_list:
@ -261,40 +282,57 @@ def filter_log_eventfilter_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_eventfilter(data, fos):
vdom = data['vdom']
log_eventfilter_data = data['log_eventfilter']
filtered_data = filter_log_eventfilter_data(log_eventfilter_data)
filtered_data = underscore_to_hyphen(filter_log_eventfilter_data(log_eventfilter_data))
return fos.set('log',
'eventfilter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log(data, fos):
login(data)
methodlist = ['log_eventfilter']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_eventfilter']:
resp = log_eventfilter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_eventfilter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"compliance-check": {"required": False, "type": "str",
"compliance_check": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"endpoint": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -304,7 +342,7 @@ def main():
"choices": ["enable", "disable"]},
"router": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"security-rating": {"required": False, "type": "str",
"security_rating": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"system": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -312,9 +350,9 @@ def main():
"choices": ["enable", "disable"]},
"vpn": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"wan-opt": {"required": False, "type": "str",
"wan_opt": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"wireless-activity": {"required": False, "type": "str",
"wireless_activity": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
@ -323,15 +361,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

186
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_filter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer2_filter
short_description: Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer2 feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,94 +41,116 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_fortianalyzer2_filter:
description:
- Filters for FortiAnalyzer.
default: null
type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
dlp-archive:
dlp_archive:
description:
- Enable/disable DLP archive logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
filter:
description:
- FortiAnalyzer 2 log filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
severity:
description:
- Log every message above and including this severity level.
type: str
choices:
- emergency
- alert
@ -141,21 +160,24 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
@ -168,6 +190,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Filters for FortiAnalyzer.
fortios_log_fortianalyzer2_filter:
@ -178,18 +201,18 @@ EXAMPLES = '''
https: "False"
log_fortianalyzer2_filter:
anomaly: "enable"
dlp-archive: "enable"
dlp_archive: "enable"
dns: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@ -254,14 +277,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -269,15 +294,15 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer2_filter_data(json):
option_list = ['anomaly', 'dlp-archive', 'dns',
'filter', 'filter-type', 'forward-traffic',
'gtp', 'local-traffic', 'multicast-traffic',
'netscan-discovery', 'netscan-vulnerability', 'severity',
'sniffer-traffic', 'ssh', 'voip']
option_list = ['anomaly', 'dlp_archive', 'dns',
'filter', 'filter_type', 'forward_traffic',
'gtp', 'local_traffic', 'multicast_traffic',
'netscan_discovery', 'netscan_vulnerability', 'severity',
'sniffer_traffic', 'ssh', 'voip']
dictionary = {}
for attribute in option_list:
@ -287,63 +312,80 @@ def filter_log_fortianalyzer2_filter_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_fortianalyzer2_filter(data, fos):
vdom = data['vdom']
log_fortianalyzer2_filter_data = data['log_fortianalyzer2_filter']
filtered_data = filter_log_fortianalyzer2_filter_data(log_fortianalyzer2_filter_data)
filtered_data = underscore_to_hyphen(filter_log_fortianalyzer2_filter_data(log_fortianalyzer2_filter_data))
return fos.set('log.fortianalyzer2',
'filter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_fortianalyzer2(data, fos):
login(data)
methodlist = ['log_fortianalyzer2_filter']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_fortianalyzer2_filter']:
resp = log_fortianalyzer2_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer2_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dlp-archive": {"required": False, "type": "str",
"dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -356,15 +398,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

236
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer2_setting
short_description: Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer2 feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,90 +41,113 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_fortianalyzer2_setting:
description:
- Global FortiAnalyzer settings.
default: null
type: dict
suboptions:
__change_ip:
description:
- Hidden attribute.
type: int
certificate:
description:
- Certificate used to communicate with FortiAnalyzer. Source certificate.local.name.
conn-timeout:
type: str
conn_timeout:
description:
- FortiAnalyzer connection time-out in seconds (for status and log buffer).
enc-algorithm:
type: int
enc_algorithm:
description:
- Enable/disable sending FortiAnalyzer log data with SSL encryption.
type: str
choices:
- high-medium
- high
- low
- disable
faz-type:
faz_type:
description:
- Hidden setting index of FortiAnalyzer.
hmac-algorithm:
type: int
hmac_algorithm:
description:
- FortiAnalyzer IPsec tunnel HMAC algorithm.
type: str
choices:
- sha256
- sha1
ips-archive:
ips_archive:
description:
- Enable/disable IPS packet archive logging.
type: str
choices:
- enable
- disable
mgmt-name:
mgmt_name:
description:
- Hidden management name of FortiAnalyzer.
monitor-failure-retry-period:
type: str
monitor_failure_retry_period:
description:
- Time between FortiAnalyzer connection retries in seconds (for status and log buffer).
monitor-keepalive-period:
type: int
monitor_keepalive_period:
description:
- Time between OFTP keepalives in seconds (for status and log buffer).
type: int
reliable:
description:
- Enable/disable reliable logging to FortiAnalyzer.
type: str
choices:
- enable
- disable
server:
description:
- The remote FortiAnalyzer.
source-ip:
type: str
source_ip:
description:
- Source IPv4 or IPv6 address used to communicate with FortiAnalyzer.
ssl-min-proto-version:
type: str
ssl_min_proto_version:
description:
- Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Minimum supported protocol version for SSL/TLS connections .
type: str
choices:
- default
- SSLv3
@ -137,30 +157,35 @@ options:
status:
description:
- Enable/disable logging to FortiAnalyzer.
type: str
choices:
- enable
- disable
upload-day:
upload_day:
description:
- Day of week (month) to upload logs.
upload-interval:
type: str
upload_interval:
description:
- Frequency to upload log files to FortiAnalyzer.
type: str
choices:
- daily
- weekly
- monthly
upload-option:
upload_option:
description:
- Enable/disable logging to hard disk and then uploading to FortiAnalyzer.
type: str
choices:
- store-and-upload
- realtime
- 1-minute
- 5-minute
upload-time:
upload_time:
description:
- "Time to upload logs (hh:mm)."
type: str
'''
EXAMPLES = '''
@ -170,6 +195,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Global FortiAnalyzer settings.
fortios_log_fortianalyzer2_setting:
@ -181,23 +207,23 @@ EXAMPLES = '''
log_fortianalyzer2_setting:
__change_ip: "3"
certificate: "<your_own_value> (source certificate.local.name)"
conn-timeout: "5"
enc-algorithm: "high-medium"
faz-type: "7"
hmac-algorithm: "sha256"
ips-archive: "enable"
mgmt-name: "<your_own_value>"
monitor-failure-retry-period: "11"
monitor-keepalive-period: "12"
conn_timeout: "5"
enc_algorithm: "high-medium"
faz_type: "7"
hmac_algorithm: "sha256"
ips_archive: "enable"
mgmt_name: "<your_own_value>"
monitor_failure_retry_period: "11"
monitor_keepalive_period: "12"
reliable: "enable"
server: "192.168.100.40"
source-ip: "84.230.14.43"
ssl-min-proto-version: "default"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
upload-day: "<your_own_value>"
upload-interval: "daily"
upload-option: "store-and-upload"
upload-time: "<your_own_value>"
upload_day: "<your_own_value>"
upload_interval: "daily"
upload_option: "store-and-upload"
upload_time: "<your_own_value>"
'''
RETURN = '''
@ -260,14 +286,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -275,17 +303,17 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer2_setting_data(json):
option_list = ['__change_ip', 'certificate', 'conn-timeout',
'enc-algorithm', 'faz-type', 'hmac-algorithm',
'ips-archive', 'mgmt-name', 'monitor-failure-retry-period',
'monitor-keepalive-period', 'reliable', 'server',
'source-ip', 'ssl-min-proto-version', 'status',
'upload-day', 'upload-interval', 'upload-option',
'upload-time']
option_list = ['__change_ip', 'certificate', 'conn_timeout',
'enc_algorithm', 'faz_type', 'hmac_algorithm',
'ips_archive', 'mgmt_name', 'monitor_failure_retry_period',
'monitor_keepalive_period', 'reliable', 'server',
'source_ip', 'ssl_min_proto_version', 'status',
'upload_day', 'upload_interval', 'upload_option',
'upload_time']
dictionary = {}
for attribute in option_list:
@ -295,69 +323,85 @@ def filter_log_fortianalyzer2_setting_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_fortianalyzer2_setting(data, fos):
vdom = data['vdom']
log_fortianalyzer2_setting_data = data['log_fortianalyzer2_setting']
filtered_data = filter_log_fortianalyzer2_setting_data(log_fortianalyzer2_setting_data)
filtered_data = underscore_to_hyphen(filter_log_fortianalyzer2_setting_data(log_fortianalyzer2_setting_data))
return fos.set('log.fortianalyzer2',
'setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_fortianalyzer2(data, fos):
login(data)
methodlist = ['log_fortianalyzer2_setting']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_fortianalyzer2_setting']:
resp = log_fortianalyzer2_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer2_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"__change_ip": {"required": False, "type": "int"},
"certificate": {"required": False, "type": "str"},
"conn-timeout": {"required": False, "type": "int"},
"enc-algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low",
"disable"]},
"faz-type": {"required": False, "type": "int"},
"hmac-algorithm": {"required": False, "type": "str",
"conn_timeout": {"required": False, "type": "int"},
"enc_algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low"]},
"faz_type": {"required": False, "type": "int"},
"hmac_algorithm": {"required": False, "type": "str",
"choices": ["sha256", "sha1"]},
"ips-archive": {"required": False, "type": "str",
"ips_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"mgmt-name": {"required": False, "type": "str"},
"monitor-failure-retry-period": {"required": False, "type": "int"},
"monitor-keepalive-period": {"required": False, "type": "int"},
"mgmt_name": {"required": False, "type": "str"},
"monitor_failure_retry_period": {"required": False, "type": "int"},
"monitor_keepalive_period": {"required": False, "type": "int"},
"reliable": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"server": {"required": False, "type": "str"},
"source-ip": {"required": False, "type": "str"},
"ssl-min-proto-version": {"required": False, "type": "str",
"source_ip": {"required": False, "type": "str"},
"ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"upload-day": {"required": False, "type": "str"},
"upload-interval": {"required": False, "type": "str",
"upload_day": {"required": False, "type": "str"},
"upload_interval": {"required": False, "type": "str",
"choices": ["daily", "weekly", "monthly"]},
"upload-option": {"required": False, "type": "str",
"upload_option": {"required": False, "type": "str",
"choices": ["store-and-upload", "realtime", "1-minute",
"5-minute"]},
"upload-time": {"required": False, "type": "str"}
"upload_time": {"required": False, "type": "str"}
}
}
@ -365,15 +409,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

186
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_filter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer3_filter
short_description: Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer3 feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,94 +41,116 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_fortianalyzer3_filter:
description:
- Filters for FortiAnalyzer.
default: null
type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
dlp-archive:
dlp_archive:
description:
- Enable/disable DLP archive logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
filter:
description:
- FortiAnalyzer 3 log filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
severity:
description:
- Lowest severity level to log.
type: str
choices:
- emergency
- alert
@ -141,21 +160,24 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
@ -168,6 +190,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Filters for FortiAnalyzer.
fortios_log_fortianalyzer3_filter:
@ -178,18 +201,18 @@ EXAMPLES = '''
https: "False"
log_fortianalyzer3_filter:
anomaly: "enable"
dlp-archive: "enable"
dlp_archive: "enable"
dns: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@ -254,14 +277,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -269,15 +294,15 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer3_filter_data(json):
option_list = ['anomaly', 'dlp-archive', 'dns',
'filter', 'filter-type', 'forward-traffic',
'gtp', 'local-traffic', 'multicast-traffic',
'netscan-discovery', 'netscan-vulnerability', 'severity',
'sniffer-traffic', 'ssh', 'voip']
option_list = ['anomaly', 'dlp_archive', 'dns',
'filter', 'filter_type', 'forward_traffic',
'gtp', 'local_traffic', 'multicast_traffic',
'netscan_discovery', 'netscan_vulnerability', 'severity',
'sniffer_traffic', 'ssh', 'voip']
dictionary = {}
for attribute in option_list:
@ -287,63 +312,80 @@ def filter_log_fortianalyzer3_filter_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_fortianalyzer3_filter(data, fos):
vdom = data['vdom']
log_fortianalyzer3_filter_data = data['log_fortianalyzer3_filter']
filtered_data = filter_log_fortianalyzer3_filter_data(log_fortianalyzer3_filter_data)
filtered_data = underscore_to_hyphen(filter_log_fortianalyzer3_filter_data(log_fortianalyzer3_filter_data))
return fos.set('log.fortianalyzer3',
'filter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_fortianalyzer3(data, fos):
login(data)
methodlist = ['log_fortianalyzer3_filter']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_fortianalyzer3_filter']:
resp = log_fortianalyzer3_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer3_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dlp-archive": {"required": False, "type": "str",
"dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -356,15 +398,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

236
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer3_setting
short_description: Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer3 feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,90 +41,113 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_fortianalyzer3_setting:
description:
- Global FortiAnalyzer settings.
default: null
type: dict
suboptions:
__change_ip:
description:
- Hidden attribute.
type: int
certificate:
description:
- Certificate used to communicate with FortiAnalyzer. Source certificate.local.name.
conn-timeout:
type: str
conn_timeout:
description:
- FortiAnalyzer connection time-out in seconds (for status and log buffer).
enc-algorithm:
type: int
enc_algorithm:
description:
- Enable/disable sending FortiAnalyzer log data with SSL encryption.
type: str
choices:
- high-medium
- high
- low
- disable
faz-type:
faz_type:
description:
- Hidden setting index of FortiAnalyzer.
hmac-algorithm:
type: int
hmac_algorithm:
description:
- FortiAnalyzer IPsec tunnel HMAC algorithm.
type: str
choices:
- sha256
- sha1
ips-archive:
ips_archive:
description:
- Enable/disable IPS packet archive logging.
type: str
choices:
- enable
- disable
mgmt-name:
mgmt_name:
description:
- Hidden management name of FortiAnalyzer.
monitor-failure-retry-period:
type: str
monitor_failure_retry_period:
description:
- Time between FortiAnalyzer connection retries in seconds (for status and log buffer).
monitor-keepalive-period:
type: int
monitor_keepalive_period:
description:
- Time between OFTP keepalives in seconds (for status and log buffer).
type: int
reliable:
description:
- Enable/disable reliable logging to FortiAnalyzer.
type: str
choices:
- enable
- disable
server:
description:
- The remote FortiAnalyzer.
source-ip:
type: str
source_ip:
description:
- Source IPv4 or IPv6 address used to communicate with FortiAnalyzer.
ssl-min-proto-version:
type: str
ssl_min_proto_version:
description:
- Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Minimum supported protocol version for SSL/TLS connections .
type: str
choices:
- default
- SSLv3
@ -137,30 +157,35 @@ options:
status:
description:
- Enable/disable logging to FortiAnalyzer.
type: str
choices:
- enable
- disable
upload-day:
upload_day:
description:
- Day of week (month) to upload logs.
upload-interval:
type: str
upload_interval:
description:
- Frequency to upload log files to FortiAnalyzer.
type: str
choices:
- daily
- weekly
- monthly
upload-option:
upload_option:
description:
- Enable/disable logging to hard disk and then uploading to FortiAnalyzer.
type: str
choices:
- store-and-upload
- realtime
- 1-minute
- 5-minute
upload-time:
upload_time:
description:
- "Time to upload logs (hh:mm)."
type: str
'''
EXAMPLES = '''
@ -170,6 +195,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Global FortiAnalyzer settings.
fortios_log_fortianalyzer3_setting:
@ -181,23 +207,23 @@ EXAMPLES = '''
log_fortianalyzer3_setting:
__change_ip: "3"
certificate: "<your_own_value> (source certificate.local.name)"
conn-timeout: "5"
enc-algorithm: "high-medium"
faz-type: "7"
hmac-algorithm: "sha256"
ips-archive: "enable"
mgmt-name: "<your_own_value>"
monitor-failure-retry-period: "11"
monitor-keepalive-period: "12"
conn_timeout: "5"
enc_algorithm: "high-medium"
faz_type: "7"
hmac_algorithm: "sha256"
ips_archive: "enable"
mgmt_name: "<your_own_value>"
monitor_failure_retry_period: "11"
monitor_keepalive_period: "12"
reliable: "enable"
server: "192.168.100.40"
source-ip: "84.230.14.43"
ssl-min-proto-version: "default"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
upload-day: "<your_own_value>"
upload-interval: "daily"
upload-option: "store-and-upload"
upload-time: "<your_own_value>"
upload_day: "<your_own_value>"
upload_interval: "daily"
upload_option: "store-and-upload"
upload_time: "<your_own_value>"
'''
RETURN = '''
@ -260,14 +286,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -275,17 +303,17 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer3_setting_data(json):
option_list = ['__change_ip', 'certificate', 'conn-timeout',
'enc-algorithm', 'faz-type', 'hmac-algorithm',
'ips-archive', 'mgmt-name', 'monitor-failure-retry-period',
'monitor-keepalive-period', 'reliable', 'server',
'source-ip', 'ssl-min-proto-version', 'status',
'upload-day', 'upload-interval', 'upload-option',
'upload-time']
option_list = ['__change_ip', 'certificate', 'conn_timeout',
'enc_algorithm', 'faz_type', 'hmac_algorithm',
'ips_archive', 'mgmt_name', 'monitor_failure_retry_period',
'monitor_keepalive_period', 'reliable', 'server',
'source_ip', 'ssl_min_proto_version', 'status',
'upload_day', 'upload_interval', 'upload_option',
'upload_time']
dictionary = {}
for attribute in option_list:
@ -295,69 +323,85 @@ def filter_log_fortianalyzer3_setting_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_fortianalyzer3_setting(data, fos):
vdom = data['vdom']
log_fortianalyzer3_setting_data = data['log_fortianalyzer3_setting']
filtered_data = filter_log_fortianalyzer3_setting_data(log_fortianalyzer3_setting_data)
filtered_data = underscore_to_hyphen(filter_log_fortianalyzer3_setting_data(log_fortianalyzer3_setting_data))
return fos.set('log.fortianalyzer3',
'setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_fortianalyzer3(data, fos):
login(data)
methodlist = ['log_fortianalyzer3_setting']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_fortianalyzer3_setting']:
resp = log_fortianalyzer3_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer3_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"__change_ip": {"required": False, "type": "int"},
"certificate": {"required": False, "type": "str"},
"conn-timeout": {"required": False, "type": "int"},
"enc-algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low",
"disable"]},
"faz-type": {"required": False, "type": "int"},
"hmac-algorithm": {"required": False, "type": "str",
"conn_timeout": {"required": False, "type": "int"},
"enc_algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low"]},
"faz_type": {"required": False, "type": "int"},
"hmac_algorithm": {"required": False, "type": "str",
"choices": ["sha256", "sha1"]},
"ips-archive": {"required": False, "type": "str",
"ips_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"mgmt-name": {"required": False, "type": "str"},
"monitor-failure-retry-period": {"required": False, "type": "int"},
"monitor-keepalive-period": {"required": False, "type": "int"},
"mgmt_name": {"required": False, "type": "str"},
"monitor_failure_retry_period": {"required": False, "type": "int"},
"monitor_keepalive_period": {"required": False, "type": "int"},
"reliable": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"server": {"required": False, "type": "str"},
"source-ip": {"required": False, "type": "str"},
"ssl-min-proto-version": {"required": False, "type": "str",
"source_ip": {"required": False, "type": "str"},
"ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"upload-day": {"required": False, "type": "str"},
"upload-interval": {"required": False, "type": "str",
"upload_day": {"required": False, "type": "str"},
"upload_interval": {"required": False, "type": "str",
"choices": ["daily", "weekly", "monthly"]},
"upload-option": {"required": False, "type": "str",
"upload_option": {"required": False, "type": "str",
"choices": ["store-and-upload", "realtime", "1-minute",
"5-minute"]},
"upload-time": {"required": False, "type": "str"}
"upload_time": {"required": False, "type": "str"}
}
}
@ -365,15 +409,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

186
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_filter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer_filter
short_description: Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,94 +41,116 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_fortianalyzer_filter:
description:
- Filters for FortiAnalyzer.
default: null
type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
dlp-archive:
dlp_archive:
description:
- Enable/disable DLP archive logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
filter:
description:
- FortiAnalyzer log filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
severity:
description:
- Lowest severity level to log.
type: str
choices:
- emergency
- alert
@ -141,21 +160,24 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
@ -168,6 +190,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Filters for FortiAnalyzer.
fortios_log_fortianalyzer_filter:
@ -178,18 +201,18 @@ EXAMPLES = '''
https: "False"
log_fortianalyzer_filter:
anomaly: "enable"
dlp-archive: "enable"
dlp_archive: "enable"
dns: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@ -254,14 +277,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -269,15 +294,15 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer_filter_data(json):
option_list = ['anomaly', 'dlp-archive', 'dns',
'filter', 'filter-type', 'forward-traffic',
'gtp', 'local-traffic', 'multicast-traffic',
'netscan-discovery', 'netscan-vulnerability', 'severity',
'sniffer-traffic', 'ssh', 'voip']
option_list = ['anomaly', 'dlp_archive', 'dns',
'filter', 'filter_type', 'forward_traffic',
'gtp', 'local_traffic', 'multicast_traffic',
'netscan_discovery', 'netscan_vulnerability', 'severity',
'sniffer_traffic', 'ssh', 'voip']
dictionary = {}
for attribute in option_list:
@ -287,63 +312,80 @@ def filter_log_fortianalyzer_filter_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_fortianalyzer_filter(data, fos):
vdom = data['vdom']
log_fortianalyzer_filter_data = data['log_fortianalyzer_filter']
filtered_data = filter_log_fortianalyzer_filter_data(log_fortianalyzer_filter_data)
filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_filter_data(log_fortianalyzer_filter_data))
return fos.set('log.fortianalyzer',
'filter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_fortianalyzer(data, fos):
login(data)
methodlist = ['log_fortianalyzer_filter']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_fortianalyzer_filter']:
resp = log_fortianalyzer_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dlp-archive": {"required": False, "type": "str",
"dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -356,15 +398,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

186
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_filter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer_override_filter
short_description: Override filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer feature and override_filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,94 +41,116 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_fortianalyzer_override_filter:
description:
- Override filters for FortiAnalyzer.
default: null
type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
dlp-archive:
dlp_archive:
description:
- Enable/disable DLP archive logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
filter:
description:
- FortiAnalyzer log filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
severity:
description:
- Lowest severity level to log.
type: str
choices:
- emergency
- alert
@ -141,21 +160,24 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
@ -168,6 +190,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Override filters for FortiAnalyzer.
fortios_log_fortianalyzer_override_filter:
@ -178,18 +201,18 @@ EXAMPLES = '''
https: "False"
log_fortianalyzer_override_filter:
anomaly: "enable"
dlp-archive: "enable"
dlp_archive: "enable"
dns: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@ -254,14 +277,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -269,15 +294,15 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer_override_filter_data(json):
option_list = ['anomaly', 'dlp-archive', 'dns',
'filter', 'filter-type', 'forward-traffic',
'gtp', 'local-traffic', 'multicast-traffic',
'netscan-discovery', 'netscan-vulnerability', 'severity',
'sniffer-traffic', 'ssh', 'voip']
option_list = ['anomaly', 'dlp_archive', 'dns',
'filter', 'filter_type', 'forward_traffic',
'gtp', 'local_traffic', 'multicast_traffic',
'netscan_discovery', 'netscan_vulnerability', 'severity',
'sniffer_traffic', 'ssh', 'voip']
dictionary = {}
for attribute in option_list:
@ -287,63 +312,80 @@ def filter_log_fortianalyzer_override_filter_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_fortianalyzer_override_filter(data, fos):
vdom = data['vdom']
log_fortianalyzer_override_filter_data = data['log_fortianalyzer_override_filter']
filtered_data = filter_log_fortianalyzer_override_filter_data(log_fortianalyzer_override_filter_data)
filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_override_filter_data(log_fortianalyzer_override_filter_data))
return fos.set('log.fortianalyzer',
'override-filter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_fortianalyzer(data, fos):
login(data)
methodlist = ['log_fortianalyzer_override_filter']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_fortianalyzer_override_filter']:
resp = log_fortianalyzer_override_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer_override_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dlp-archive": {"required": False, "type": "str",
"dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -356,15 +398,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

244
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer_override_setting
short_description: Override FortiAnalyzer settings in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer feature and override_setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,96 +41,120 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_fortianalyzer_override_setting:
description:
- Override FortiAnalyzer settings.
default: null
type: dict
suboptions:
__change_ip:
description:
- Hidden attribute.
type: int
certificate:
description:
- Certificate used to communicate with FortiAnalyzer. Source certificate.local.name.
conn-timeout:
type: str
conn_timeout:
description:
- FortiAnalyzer connection time-out in seconds (for status and log buffer).
enc-algorithm:
type: int
enc_algorithm:
description:
- Enable/disable sending FortiAnalyzer log data with SSL encryption.
type: str
choices:
- high-medium
- high
- low
- disable
faz-type:
faz_type:
description:
- Hidden setting index of FortiAnalyzer.
hmac-algorithm:
type: int
hmac_algorithm:
description:
- FortiAnalyzer IPsec tunnel HMAC algorithm.
type: str
choices:
- sha256
- sha1
ips-archive:
ips_archive:
description:
- Enable/disable IPS packet archive logging.
type: str
choices:
- enable
- disable
mgmt-name:
mgmt_name:
description:
- Hidden management name of FortiAnalyzer.
monitor-failure-retry-period:
type: str
monitor_failure_retry_period:
description:
- Time between FortiAnalyzer connection retries in seconds (for status and log buffer).
monitor-keepalive-period:
type: int
monitor_keepalive_period:
description:
- Time between OFTP keepalives in seconds (for status and log buffer).
type: int
override:
description:
- Enable/disable overriding FortiAnalyzer settings or use global settings.
type: str
choices:
- enable
- disable
reliable:
description:
- Enable/disable reliable logging to FortiAnalyzer.
type: str
choices:
- enable
- disable
server:
description:
- The remote FortiAnalyzer.
source-ip:
type: str
source_ip:
description:
- Source IPv4 or IPv6 address used to communicate with FortiAnalyzer.
ssl-min-proto-version:
type: str
ssl_min_proto_version:
description:
- Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Minimum supported protocol version for SSL/TLS connections .
type: str
choices:
- default
- SSLv3
@ -143,33 +164,39 @@ options:
status:
description:
- Enable/disable logging to FortiAnalyzer.
type: str
choices:
- enable
- disable
upload-day:
upload_day:
description:
- Day of week (month) to upload logs.
upload-interval:
type: str
upload_interval:
description:
- Frequency to upload log files to FortiAnalyzer.
type: str
choices:
- daily
- weekly
- monthly
upload-option:
upload_option:
description:
- Enable/disable logging to hard disk and then uploading to FortiAnalyzer.
type: str
choices:
- store-and-upload
- realtime
- 1-minute
- 5-minute
upload-time:
upload_time:
description:
- "Time to upload logs (hh:mm)."
use-management-vdom:
type: str
use_management_vdom:
description:
- Enable/disable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer.
type: str
choices:
- enable
- disable
@ -182,6 +209,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Override FortiAnalyzer settings.
fortios_log_fortianalyzer_override_setting:
@ -193,25 +221,25 @@ EXAMPLES = '''
log_fortianalyzer_override_setting:
__change_ip: "3"
certificate: "<your_own_value> (source certificate.local.name)"
conn-timeout: "5"
enc-algorithm: "high-medium"
faz-type: "7"
hmac-algorithm: "sha256"
ips-archive: "enable"
mgmt-name: "<your_own_value>"
monitor-failure-retry-period: "11"
monitor-keepalive-period: "12"
conn_timeout: "5"
enc_algorithm: "high-medium"
faz_type: "7"
hmac_algorithm: "sha256"
ips_archive: "enable"
mgmt_name: "<your_own_value>"
monitor_failure_retry_period: "11"
monitor_keepalive_period: "12"
override: "enable"
reliable: "enable"
server: "192.168.100.40"
source-ip: "84.230.14.43"
ssl-min-proto-version: "default"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
upload-day: "<your_own_value>"
upload-interval: "daily"
upload-option: "store-and-upload"
upload-time: "<your_own_value>"
use-management-vdom: "enable"
upload_day: "<your_own_value>"
upload_interval: "daily"
upload_option: "store-and-upload"
upload_time: "<your_own_value>"
use_management_vdom: "enable"
'''
RETURN = '''
@ -274,14 +302,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -289,17 +319,17 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer_override_setting_data(json):
option_list = ['__change_ip', 'certificate', 'conn-timeout',
'enc-algorithm', 'faz-type', 'hmac-algorithm',
'ips-archive', 'mgmt-name', 'monitor-failure-retry-period',
'monitor-keepalive-period', 'override', 'reliable',
'server', 'source-ip', 'ssl-min-proto-version',
'status', 'upload-day', 'upload-interval',
'upload-option', 'upload-time', 'use-management-vdom']
option_list = ['__change_ip', 'certificate', 'conn_timeout',
'enc_algorithm', 'faz_type', 'hmac_algorithm',
'ips_archive', 'mgmt_name', 'monitor_failure_retry_period',
'monitor_keepalive_period', 'override', 'reliable',
'server', 'source_ip', 'ssl_min_proto_version',
'status', 'upload_day', 'upload_interval',
'upload_option', 'upload_time', 'use_management_vdom']
dictionary = {}
for attribute in option_list:
@ -309,72 +339,88 @@ def filter_log_fortianalyzer_override_setting_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_fortianalyzer_override_setting(data, fos):
vdom = data['vdom']
log_fortianalyzer_override_setting_data = data['log_fortianalyzer_override_setting']
filtered_data = filter_log_fortianalyzer_override_setting_data(log_fortianalyzer_override_setting_data)
filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_override_setting_data(log_fortianalyzer_override_setting_data))
return fos.set('log.fortianalyzer',
'override-setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_fortianalyzer(data, fos):
login(data)
methodlist = ['log_fortianalyzer_override_setting']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_fortianalyzer_override_setting']:
resp = log_fortianalyzer_override_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer_override_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"__change_ip": {"required": False, "type": "int"},
"certificate": {"required": False, "type": "str"},
"conn-timeout": {"required": False, "type": "int"},
"enc-algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low",
"disable"]},
"faz-type": {"required": False, "type": "int"},
"hmac-algorithm": {"required": False, "type": "str",
"conn_timeout": {"required": False, "type": "int"},
"enc_algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low"]},
"faz_type": {"required": False, "type": "int"},
"hmac_algorithm": {"required": False, "type": "str",
"choices": ["sha256", "sha1"]},
"ips-archive": {"required": False, "type": "str",
"ips_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"mgmt-name": {"required": False, "type": "str"},
"monitor-failure-retry-period": {"required": False, "type": "int"},
"monitor-keepalive-period": {"required": False, "type": "int"},
"mgmt_name": {"required": False, "type": "str"},
"monitor_failure_retry_period": {"required": False, "type": "int"},
"monitor_keepalive_period": {"required": False, "type": "int"},
"override": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"reliable": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"server": {"required": False, "type": "str"},
"source-ip": {"required": False, "type": "str"},
"ssl-min-proto-version": {"required": False, "type": "str",
"source_ip": {"required": False, "type": "str"},
"ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"upload-day": {"required": False, "type": "str"},
"upload-interval": {"required": False, "type": "str",
"upload_day": {"required": False, "type": "str"},
"upload_interval": {"required": False, "type": "str",
"choices": ["daily", "weekly", "monthly"]},
"upload-option": {"required": False, "type": "str",
"upload_option": {"required": False, "type": "str",
"choices": ["store-and-upload", "realtime", "1-minute",
"5-minute"]},
"upload-time": {"required": False, "type": "str"},
"use-management-vdom": {"required": False, "type": "str",
"upload_time": {"required": False, "type": "str"},
"use_management_vdom": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
@ -383,15 +429,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

236
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer_setting
short_description: Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,90 +41,113 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_fortianalyzer_setting:
description:
- Global FortiAnalyzer settings.
default: null
type: dict
suboptions:
__change_ip:
description:
- Hidden attribute.
type: int
certificate:
description:
- Certificate used to communicate with FortiAnalyzer. Source certificate.local.name.
conn-timeout:
type: str
conn_timeout:
description:
- FortiAnalyzer connection time-out in seconds (for status and log buffer).
enc-algorithm:
type: int
enc_algorithm:
description:
- Enable/disable sending FortiAnalyzer log data with SSL encryption.
type: str
choices:
- high-medium
- high
- low
- disable
faz-type:
faz_type:
description:
- Hidden setting index of FortiAnalyzer.
hmac-algorithm:
type: int
hmac_algorithm:
description:
- FortiAnalyzer IPsec tunnel HMAC algorithm.
type: str
choices:
- sha256
- sha1
ips-archive:
ips_archive:
description:
- Enable/disable IPS packet archive logging.
type: str
choices:
- enable
- disable
mgmt-name:
mgmt_name:
description:
- Hidden management name of FortiAnalyzer.
monitor-failure-retry-period:
type: str
monitor_failure_retry_period:
description:
- Time between FortiAnalyzer connection retries in seconds (for status and log buffer).
monitor-keepalive-period:
type: int
monitor_keepalive_period:
description:
- Time between OFTP keepalives in seconds (for status and log buffer).
type: int
reliable:
description:
- Enable/disable reliable logging to FortiAnalyzer.
type: str
choices:
- enable
- disable
server:
description:
- The remote FortiAnalyzer.
source-ip:
type: str
source_ip:
description:
- Source IPv4 or IPv6 address used to communicate with FortiAnalyzer.
ssl-min-proto-version:
type: str
ssl_min_proto_version:
description:
- Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Minimum supported protocol version for SSL/TLS connections .
type: str
choices:
- default
- SSLv3
@ -137,30 +157,35 @@ options:
status:
description:
- Enable/disable logging to FortiAnalyzer.
type: str
choices:
- enable
- disable
upload-day:
upload_day:
description:
- Day of week (month) to upload logs.
upload-interval:
type: str
upload_interval:
description:
- Frequency to upload log files to FortiAnalyzer.
type: str
choices:
- daily
- weekly
- monthly
upload-option:
upload_option:
description:
- Enable/disable logging to hard disk and then uploading to FortiAnalyzer.
type: str
choices:
- store-and-upload
- realtime
- 1-minute
- 5-minute
upload-time:
upload_time:
description:
- "Time to upload logs (hh:mm)."
type: str
'''
EXAMPLES = '''
@ -170,6 +195,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Global FortiAnalyzer settings.
fortios_log_fortianalyzer_setting:
@ -181,23 +207,23 @@ EXAMPLES = '''
log_fortianalyzer_setting:
__change_ip: "3"
certificate: "<your_own_value> (source certificate.local.name)"
conn-timeout: "5"
enc-algorithm: "high-medium"
faz-type: "7"
hmac-algorithm: "sha256"
ips-archive: "enable"
mgmt-name: "<your_own_value>"
monitor-failure-retry-period: "11"
monitor-keepalive-period: "12"
conn_timeout: "5"
enc_algorithm: "high-medium"
faz_type: "7"
hmac_algorithm: "sha256"
ips_archive: "enable"
mgmt_name: "<your_own_value>"
monitor_failure_retry_period: "11"
monitor_keepalive_period: "12"
reliable: "enable"
server: "192.168.100.40"
source-ip: "84.230.14.43"
ssl-min-proto-version: "default"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
upload-day: "<your_own_value>"
upload-interval: "daily"
upload-option: "store-and-upload"
upload-time: "<your_own_value>"
upload_day: "<your_own_value>"
upload_interval: "daily"
upload_option: "store-and-upload"
upload_time: "<your_own_value>"
'''
RETURN = '''
@ -260,14 +286,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -275,17 +303,17 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer_setting_data(json):
option_list = ['__change_ip', 'certificate', 'conn-timeout',
'enc-algorithm', 'faz-type', 'hmac-algorithm',
'ips-archive', 'mgmt-name', 'monitor-failure-retry-period',
'monitor-keepalive-period', 'reliable', 'server',
'source-ip', 'ssl-min-proto-version', 'status',
'upload-day', 'upload-interval', 'upload-option',
'upload-time']
option_list = ['__change_ip', 'certificate', 'conn_timeout',
'enc_algorithm', 'faz_type', 'hmac_algorithm',
'ips_archive', 'mgmt_name', 'monitor_failure_retry_period',
'monitor_keepalive_period', 'reliable', 'server',
'source_ip', 'ssl_min_proto_version', 'status',
'upload_day', 'upload_interval', 'upload_option',
'upload_time']
dictionary = {}
for attribute in option_list:
@ -295,69 +323,85 @@ def filter_log_fortianalyzer_setting_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_fortianalyzer_setting(data, fos):
vdom = data['vdom']
log_fortianalyzer_setting_data = data['log_fortianalyzer_setting']
filtered_data = filter_log_fortianalyzer_setting_data(log_fortianalyzer_setting_data)
filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_setting_data(log_fortianalyzer_setting_data))
return fos.set('log.fortianalyzer',
'setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_fortianalyzer(data, fos):
login(data)
methodlist = ['log_fortianalyzer_setting']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_fortianalyzer_setting']:
resp = log_fortianalyzer_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"__change_ip": {"required": False, "type": "int"},
"certificate": {"required": False, "type": "str"},
"conn-timeout": {"required": False, "type": "int"},
"enc-algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low",
"disable"]},
"faz-type": {"required": False, "type": "int"},
"hmac-algorithm": {"required": False, "type": "str",
"conn_timeout": {"required": False, "type": "int"},
"enc_algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low"]},
"faz_type": {"required": False, "type": "int"},
"hmac_algorithm": {"required": False, "type": "str",
"choices": ["sha256", "sha1"]},
"ips-archive": {"required": False, "type": "str",
"ips_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"mgmt-name": {"required": False, "type": "str"},
"monitor-failure-retry-period": {"required": False, "type": "int"},
"monitor-keepalive-period": {"required": False, "type": "int"},
"mgmt_name": {"required": False, "type": "str"},
"monitor_failure_retry_period": {"required": False, "type": "int"},
"monitor_keepalive_period": {"required": False, "type": "int"},
"reliable": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"server": {"required": False, "type": "str"},
"source-ip": {"required": False, "type": "str"},
"ssl-min-proto-version": {"required": False, "type": "str",
"source_ip": {"required": False, "type": "str"},
"ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"upload-day": {"required": False, "type": "str"},
"upload-interval": {"required": False, "type": "str",
"upload_day": {"required": False, "type": "str"},
"upload_interval": {"required": False, "type": "str",
"choices": ["daily", "weekly", "monthly"]},
"upload-option": {"required": False, "type": "str",
"upload_option": {"required": False, "type": "str",
"choices": ["store-and-upload", "realtime", "1-minute",
"5-minute"]},
"upload-time": {"required": False, "type": "str"}
"upload_time": {"required": False, "type": "str"}
}
}
@ -365,15 +409,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

186
lib/ansible/modules/network/fortios/fortios_log_fortiguard_filter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortiguard_filter
short_description: Filters for FortiCloud in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortiguard feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,94 +41,116 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_fortiguard_filter:
description:
- Filters for FortiCloud.
default: null
type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
dlp-archive:
dlp_archive:
description:
- Enable/disable DLP archive logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
filter:
description:
- FortiCloud log filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
severity:
description:
- Lowest severity level to log.
type: str
choices:
- emergency
- alert
@ -141,21 +160,24 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
@ -168,6 +190,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Filters for FortiCloud.
fortios_log_fortiguard_filter:
@ -178,18 +201,18 @@ EXAMPLES = '''
https: "False"
log_fortiguard_filter:
anomaly: "enable"
dlp-archive: "enable"
dlp_archive: "enable"
dns: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@ -254,14 +277,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -269,15 +294,15 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortiguard_filter_data(json):
option_list = ['anomaly', 'dlp-archive', 'dns',
'filter', 'filter-type', 'forward-traffic',
'gtp', 'local-traffic', 'multicast-traffic',
'netscan-discovery', 'netscan-vulnerability', 'severity',
'sniffer-traffic', 'ssh', 'voip']
option_list = ['anomaly', 'dlp_archive', 'dns',
'filter', 'filter_type', 'forward_traffic',
'gtp', 'local_traffic', 'multicast_traffic',
'netscan_discovery', 'netscan_vulnerability', 'severity',
'sniffer_traffic', 'ssh', 'voip']
dictionary = {}
for attribute in option_list:
@ -287,63 +312,80 @@ def filter_log_fortiguard_filter_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_fortiguard_filter(data, fos):
vdom = data['vdom']
log_fortiguard_filter_data = data['log_fortiguard_filter']
filtered_data = filter_log_fortiguard_filter_data(log_fortiguard_filter_data)
filtered_data = underscore_to_hyphen(filter_log_fortiguard_filter_data(log_fortiguard_filter_data))
return fos.set('log.fortiguard',
'filter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_fortiguard(data, fos):
login(data)
methodlist = ['log_fortiguard_filter']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_fortiguard_filter']:
resp = log_fortiguard_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortiguard_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dlp-archive": {"required": False, "type": "str",
"dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -356,15 +398,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

186
lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_filter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortiguard_override_filter
short_description: Override filters for FortiCloud in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortiguard feature and override_filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,94 +41,116 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_fortiguard_override_filter:
description:
- Override filters for FortiCloud.
default: null
type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
dlp-archive:
dlp_archive:
description:
- Enable/disable DLP archive logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
filter:
description:
- FortiCloud log filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
severity:
description:
- Lowest severity level to log.
type: str
choices:
- emergency
- alert
@ -141,21 +160,24 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
@ -168,6 +190,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Override filters for FortiCloud.
fortios_log_fortiguard_override_filter:
@ -178,18 +201,18 @@ EXAMPLES = '''
https: "False"
log_fortiguard_override_filter:
anomaly: "enable"
dlp-archive: "enable"
dlp_archive: "enable"
dns: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@ -254,14 +277,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -269,15 +294,15 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortiguard_override_filter_data(json):
option_list = ['anomaly', 'dlp-archive', 'dns',
'filter', 'filter-type', 'forward-traffic',
'gtp', 'local-traffic', 'multicast-traffic',
'netscan-discovery', 'netscan-vulnerability', 'severity',
'sniffer-traffic', 'ssh', 'voip']
option_list = ['anomaly', 'dlp_archive', 'dns',
'filter', 'filter_type', 'forward_traffic',
'gtp', 'local_traffic', 'multicast_traffic',
'netscan_discovery', 'netscan_vulnerability', 'severity',
'sniffer_traffic', 'ssh', 'voip']
dictionary = {}
for attribute in option_list:
@ -287,63 +312,80 @@ def filter_log_fortiguard_override_filter_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_fortiguard_override_filter(data, fos):
vdom = data['vdom']
log_fortiguard_override_filter_data = data['log_fortiguard_override_filter']
filtered_data = filter_log_fortiguard_override_filter_data(log_fortiguard_override_filter_data)
filtered_data = underscore_to_hyphen(filter_log_fortiguard_override_filter_data(log_fortiguard_override_filter_data))
return fos.set('log.fortiguard',
'override-filter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_fortiguard(data, fos):
login(data)
methodlist = ['log_fortiguard_override_filter']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_fortiguard_override_filter']:
resp = log_fortiguard_override_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortiguard_override_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dlp-archive": {"required": False, "type": "str",
"dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -356,15 +398,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

147
lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortiguard_override_setting
short_description: Override global FortiCloud logging settings for this VDOM in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortiguard feature and override_setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,67 +41,83 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_fortiguard_override_setting:
description:
- Override global FortiCloud logging settings for this VDOM.
default: null
type: dict
suboptions:
override:
description:
- Overriding FortiCloud settings for this VDOM or use global settings.
type: str
choices:
- enable
- disable
status:
description:
- Enable/disable logging to FortiCloud.
type: str
choices:
- enable
- disable
upload-day:
upload_day:
description:
- Day of week to roll logs.
upload-interval:
type: str
upload_interval:
description:
- Frequency of uploading log files to FortiCloud.
type: str
choices:
- daily
- weekly
- monthly
upload-option:
upload_option:
description:
- Configure how log messages are sent to FortiCloud.
type: str
choices:
- store-and-upload
- realtime
- 1-minute
- 5-minute
upload-time:
upload_time:
description:
- "Time of day to roll logs (hh:mm)."
type: str
'''
EXAMPLES = '''
@ -114,6 +127,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Override global FortiCloud logging settings for this VDOM.
fortios_log_fortiguard_override_setting:
@ -125,10 +139,10 @@ EXAMPLES = '''
log_fortiguard_override_setting:
override: "enable"
status: "enable"
upload-day: "<your_own_value>"
upload-interval: "daily"
upload-option: "store-and-upload"
upload-time: "<your_own_value>"
upload_day: "<your_own_value>"
upload_interval: "daily"
upload_option: "store-and-upload"
upload_time: "<your_own_value>"
'''
RETURN = '''
@ -191,14 +205,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -206,12 +222,12 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortiguard_override_setting_data(json):
option_list = ['override', 'status', 'upload-day',
'upload-interval', 'upload-option', 'upload-time']
option_list = ['override', 'status', 'upload_day',
'upload_interval', 'upload_option', 'upload_time']
dictionary = {}
for attribute in option_list:
@ -221,50 +237,67 @@ def filter_log_fortiguard_override_setting_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_fortiguard_override_setting(data, fos):
vdom = data['vdom']
log_fortiguard_override_setting_data = data['log_fortiguard_override_setting']
filtered_data = filter_log_fortiguard_override_setting_data(log_fortiguard_override_setting_data)
filtered_data = underscore_to_hyphen(filter_log_fortiguard_override_setting_data(log_fortiguard_override_setting_data))
return fos.set('log.fortiguard',
'override-setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_fortiguard(data, fos):
login(data)
methodlist = ['log_fortiguard_override_setting']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_fortiguard_override_setting']:
resp = log_fortiguard_override_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortiguard_override_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"override": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"upload-day": {"required": False, "type": "str"},
"upload-interval": {"required": False, "type": "str",
"upload_day": {"required": False, "type": "str"},
"upload_interval": {"required": False, "type": "str",
"choices": ["daily", "weekly", "monthly"]},
"upload-option": {"required": False, "type": "str",
"upload_option": {"required": False, "type": "str",
"choices": ["store-and-upload", "realtime", "1-minute",
"5-minute"]},
"upload-time": {"required": False, "type": "str"}
"upload_time": {"required": False, "type": "str"}
}
}
@ -272,15 +305,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

177
lib/ansible/modules/network/fortios/fortios_log_fortiguard_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortiguard_setting
short_description: Configure logging to FortiCloud in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortiguard feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,48 +41,60 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_fortiguard_setting:
description:
- Configure logging to FortiCloud.
default: null
type: dict
suboptions:
enc-algorithm:
enc_algorithm:
description:
- Enable/disable and set the SSL security level for for sending encrypted logs to FortiCloud.
- Enable and set the SSL security level for for sending encrypted logs to FortiCloud.
type: str
choices:
- high-medium
- high
- low
- disable
source-ip:
source_ip:
description:
- Source IP address used to connect FortiCloud.
ssl-min-proto-version:
type: str
ssl_min_proto_version:
description:
- Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Minimum supported protocol version for SSL/TLS connections .
type: str
choices:
- default
- SSLv3
@ -95,30 +104,35 @@ options:
status:
description:
- Enable/disable logging to FortiCloud.
type: str
choices:
- enable
- disable
upload-day:
upload_day:
description:
- Day of week to roll logs.
upload-interval:
type: str
upload_interval:
description:
- Frequency of uploading log files to FortiCloud.
type: str
choices:
- daily
- weekly
- monthly
upload-option:
upload_option:
description:
- Configure how log messages are sent to FortiCloud.
type: str
choices:
- store-and-upload
- realtime
- 1-minute
- 5-minute
upload-time:
upload_time:
description:
- "Time of day to roll logs (hh:mm)."
type: str
'''
EXAMPLES = '''
@ -128,6 +142,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure logging to FortiCloud.
fortios_log_fortiguard_setting:
@ -137,14 +152,14 @@ EXAMPLES = '''
vdom: "{{ vdom }}"
https: "False"
log_fortiguard_setting:
enc-algorithm: "high-medium"
source-ip: "84.230.14.43"
ssl-min-proto-version: "default"
enc_algorithm: "high-medium"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
upload-day: "<your_own_value>"
upload-interval: "daily"
upload-option: "store-and-upload"
upload-time: "<your_own_value>"
upload_day: "<your_own_value>"
upload_interval: "daily"
upload_option: "store-and-upload"
upload_time: "<your_own_value>"
'''
RETURN = '''
@ -207,14 +222,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -222,13 +239,13 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortiguard_setting_data(json):
option_list = ['enc-algorithm', 'source-ip', 'ssl-min-proto-version',
'status', 'upload-day', 'upload-interval',
'upload-option', 'upload-time']
option_list = ['enc_algorithm', 'source_ip', 'ssl_min_proto_version',
'status', 'upload_day', 'upload_interval',
'upload_option', 'upload_time']
dictionary = {}
for attribute in option_list:
@ -238,55 +255,71 @@ def filter_log_fortiguard_setting_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_fortiguard_setting(data, fos):
vdom = data['vdom']
log_fortiguard_setting_data = data['log_fortiguard_setting']
filtered_data = filter_log_fortiguard_setting_data(log_fortiguard_setting_data)
filtered_data = underscore_to_hyphen(filter_log_fortiguard_setting_data(log_fortiguard_setting_data))
return fos.set('log.fortiguard',
'setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_fortiguard(data, fos):
login(data)
methodlist = ['log_fortiguard_setting']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_fortiguard_setting']:
resp = log_fortiguard_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortiguard_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"enc-algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low",
"disable"]},
"source-ip": {"required": False, "type": "str"},
"ssl-min-proto-version": {"required": False, "type": "str",
"enc_algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low"]},
"source_ip": {"required": False, "type": "str"},
"ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"upload-day": {"required": False, "type": "str"},
"upload-interval": {"required": False, "type": "str",
"upload_day": {"required": False, "type": "str"},
"upload_interval": {"required": False, "type": "str",
"choices": ["daily", "weekly", "monthly"]},
"upload-option": {"required": False, "type": "str",
"upload_option": {"required": False, "type": "str",
"choices": ["store-and-upload", "realtime", "1-minute",
"5-minute"]},
"upload-time": {"required": False, "type": "str"}
"upload_time": {"required": False, "type": "str"}
}
}
@ -294,15 +327,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

136
lib/ansible/modules/network/fortios/fortios_log_gui_display.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_gui_display
short_description: Configure how log messages are displayed on the GUI in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log feature and gui_display category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,49 +41,62 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_gui_display:
description:
- Configure how log messages are displayed on the GUI.
default: null
type: dict
suboptions:
fortiview-unscanned-apps:
fortiview_unscanned_apps:
description:
- Enable/disable showing unscanned traffic in FortiView application charts.
type: str
choices:
- enable
- disable
resolve-apps:
resolve_apps:
description:
- Resolve unknown applications on the GUI using Fortinet's remote application database.
type: str
choices:
- enable
- disable
resolve-hosts:
resolve_hosts:
description:
- Enable/disable resolving IP addresses to hostname in log messages on the GUI using reverse DNS lookup
type: str
choices:
- enable
- disable
@ -99,6 +109,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure how log messages are displayed on the GUI.
fortios_log_gui_display:
@ -108,9 +119,9 @@ EXAMPLES = '''
vdom: "{{ vdom }}"
https: "False"
log_gui_display:
fortiview-unscanned-apps: "enable"
resolve-apps: "enable"
resolve-hosts: "enable"
fortiview_unscanned_apps: "enable"
resolve_apps: "enable"
resolve_hosts: "enable"
'''
RETURN = '''
@ -173,14 +184,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -188,11 +201,11 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_gui_display_data(json):
option_list = ['fortiview-unscanned-apps', 'resolve-apps', 'resolve-hosts']
option_list = ['fortiview_unscanned_apps', 'resolve_apps', 'resolve_hosts']
dictionary = {}
for attribute in option_list:
@ -202,44 +215,61 @@ def filter_log_gui_display_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_gui_display(data, fos):
vdom = data['vdom']
log_gui_display_data = data['log_gui_display']
filtered_data = filter_log_gui_display_data(log_gui_display_data)
filtered_data = underscore_to_hyphen(filter_log_gui_display_data(log_gui_display_data))
return fos.set('log',
'gui-display',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log(data, fos):
login(data)
methodlist = ['log_gui_display']
for method in methodlist:
if data[method]:
resp = eval(method)(data, fos)
break
if data['log_gui_display']:
resp = log_gui_display(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_gui_display": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"fortiview-unscanned-apps": {"required": False, "type": "str",
"fortiview_unscanned_apps": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"resolve-apps": {"required": False, "type": "str",
"resolve_apps": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"resolve-hosts": {"required": False, "type": "str",
"resolve_hosts": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
@ -248,15 +278,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

254
lib/ansible/modules/network/fortios/fortios_log_memory_filter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_memory_filter
short_description: Filters for memory buffer in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_memory feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,154 +41,186 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_memory_filter:
description:
- Filters for memory buffer.
default: null
type: dict
suboptions:
admin:
description:
- Enable/disable admin login/logout logging.
type: str
choices:
- enable
- disable
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
auth:
description:
- Enable/disable firewall authentication logging.
type: str
choices:
- enable
- disable
cpu-memory-usage:
cpu_memory_usage:
description:
- Enable/disable CPU & memory usage logging every 5 minutes.
type: str
choices:
- enable
- disable
dhcp:
description:
- Enable/disable DHCP service messages logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
event:
description:
- Enable/disable event logging.
type: str
choices:
- enable
- disable
filter:
description:
- Memory log filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
ha:
description:
- Enable/disable HA logging.
type: str
choices:
- enable
- disable
ipsec:
description:
- Enable/disable IPsec negotiation messages logging.
type: str
choices:
- enable
- disable
ldb-monitor:
ldb_monitor:
description:
- Enable/disable VIP real server health monitoring logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
pattern:
description:
- Enable/disable pattern update logging.
type: str
choices:
- enable
- disable
ppp:
description:
- Enable/disable L2TP/PPTP/PPPoE logging.
type: str
choices:
- enable
- disable
radius:
description:
- Enable/disable RADIUS messages logging.
type: str
choices:
- enable
- disable
severity:
description:
- Log every message above and including this severity level.
type: str
choices:
- emergency
- alert
@ -201,63 +230,73 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
sslvpn-log-adm:
sslvpn_log_adm:
description:
- Enable/disable SSL administrator login logging.
type: str
choices:
- enable
- disable
sslvpn-log-auth:
sslvpn_log_auth:
description:
- Enable/disable SSL user authentication logging.
type: str
choices:
- enable
- disable
sslvpn-log-session:
sslvpn_log_session:
description:
- Enable/disable SSL session logging.
type: str
choices:
- enable
- disable
system:
description:
- Enable/disable system activity logging.
type: str
choices:
- enable
- disable
vip-ssl:
vip_ssl:
description:
- Enable/disable VIP SSL logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
wan-opt:
wan_opt:
description:
- Enable/disable WAN optimization event logging.
type: str
choices:
- enable
- disable
wireless-activity:
wireless_activity:
description:
- Enable/disable wireless activity event logging.
type: str
choices:
- enable
- disable
@ -270,6 +309,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Filters for memory buffer.
fortios_log_memory_filter:
@ -282,35 +322,35 @@ EXAMPLES = '''
admin: "enable"
anomaly: "enable"
auth: "enable"
cpu-memory-usage: "enable"
cpu_memory_usage: "enable"
dhcp: "enable"
dns: "enable"
event: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
ha: "enable"
ipsec: "enable"
ldb-monitor: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
ldb_monitor: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
pattern: "enable"
ppp: "enable"
radius: "enable"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
sslvpn-log-adm: "enable"
sslvpn-log-auth: "enable"
sslvpn-log-session: "enable"
sslvpn_log_adm: "enable"
sslvpn_log_auth: "enable"
sslvpn_log_session: "enable"
system: "enable"
vip-ssl: "enable"
vip_ssl: "enable"
voip: "enable"
wan-opt: "enable"
wireless-activity: "enable"
wan_opt: "enable"
wireless_activity: "enable"
'''
RETURN = '''
@ -373,14 +413,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -388,21 +430,21 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_memory_filter_data(json):
option_list = ['admin', 'anomaly', 'auth',
'cpu-memory-usage', 'dhcp', 'dns',
'event', 'filter', 'filter-type',
'forward-traffic', 'gtp', 'ha',
'ipsec', 'ldb-monitor', 'local-traffic',
'multicast-traffic', 'netscan-discovery', 'netscan-vulnerability',
'cpu_memory_usage', 'dhcp', 'dns',
'event', 'filter', 'filter_type',
'forward_traffic', 'gtp', 'ha',
'ipsec', 'ldb_monitor', 'local_traffic',
'multicast_traffic', 'netscan_discovery', 'netscan_vulnerability',
'pattern', 'ppp', 'radius',
'severity', 'sniffer-traffic', 'ssh',
'sslvpn-log-adm', 'sslvpn-log-auth', 'sslvpn-log-session',
'system', 'vip-ssl', 'voip',
'wan-opt', 'wireless-activity']
'severity', 'sniffer_traffic', 'ssh',
'sslvpn_log_adm', 'sslvpn_log_auth', 'sslvpn_log_session',
'system', 'vip_ssl', 'voip',
'wan_opt', 'wireless_activity']
dictionary = {}
for attribute in option_list:
@ -412,17 +454,15 @@ def filter_log_memory_filter_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -430,33 +470,39 @@ def flatten_multilists_attributes(data):
def log_memory_filter(data, fos):
vdom = data['vdom']
log_memory_filter_data = data['log_memory_filter']
flattened_data = flatten_multilists_attributes(log_memory_filter_data)
filtered_data = filter_log_memory_filter_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_memory_filter_data(log_memory_filter_data))
return fos.set('log.memory',
'filter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_memory(data, fos):
login(data)
if data['log_memory_filter']:
resp = log_memory_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_memory_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"admin": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -464,7 +510,7 @@ def main():
"choices": ["enable", "disable"]},
"auth": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"cpu-memory-usage": {"required": False, "type": "str",
"cpu_memory_usage": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dhcp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -473,9 +519,9 @@ def main():
"event": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -483,14 +529,14 @@ def main():
"choices": ["enable", "disable"]},
"ipsec": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ldb-monitor": {"required": False, "type": "str",
"ldb_monitor": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"pattern": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ppp": {"required": False, "type": "str",
@ -501,25 +547,25 @@ def main():
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"sslvpn-log-adm": {"required": False, "type": "str",
"sslvpn_log_adm": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"sslvpn-log-auth": {"required": False, "type": "str",
"sslvpn_log_auth": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"sslvpn-log-session": {"required": False, "type": "str",
"sslvpn_log_session": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"system": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"vip-ssl": {"required": False, "type": "str",
"vip_ssl": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"voip": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"wan-opt": {"required": False, "type": "str",
"wan_opt": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"wireless-activity": {"required": False, "type": "str",
"wireless_activity": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
@ -528,15 +574,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_memory(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_memory(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_memory(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

39
test/sanity/ignore.txt
Unescape Escape View File

@ -3693,47 +3693,8 @@ lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy.py validate-modu
lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy6.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_firewall_policy.py validate-modules:E326
lib/ansible/modules/network/fortios/fortios_firewall_sniffer.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_ips_sensor.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_ips_sensor.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_ips_settings.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_ips_settings.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_ipv4_policy.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_ipv4_policy.py validate-modules:E338
lib/ansible/modules/network/fortios/fortios_log_custom_field.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_disk_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_disk_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_disk_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_disk_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_eventfilter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_eventfilter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_fortiguard_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_fortiguard_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_fortiguard_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_fortiguard_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_gui_display.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_gui_display.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_memory_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_memory_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_memory_global_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_memory_global_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_memory_setting.py validate-modules:E337

239
test/units/modules/network/fortios/test_fortios_ips_sensor.py
Unescape Escape View File

@ -0,0 +1,239 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_ips_sensor
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_ips_sensor.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_ips_sensor_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'ips_sensor': {
'block_malicious_url': 'disable',
'comment': 'Comment.',
'extended_log': 'enable',
'name': 'default_name_6',
'replacemsg_group': 'test_value_7'
},
'vdom': 'root'}
is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance)
expected_data = {
'block-malicious-url': 'disable',
'comment': 'Comment.',
'extended-log': 'enable',
'name': 'default_name_6',
'replacemsg-group': 'test_value_7'
}
set_method_mock.assert_called_with('ips', 'sensor', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_ips_sensor_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'ips_sensor': {
'block_malicious_url': 'disable',
'comment': 'Comment.',
'extended_log': 'enable',
'name': 'default_name_6',
'replacemsg_group': 'test_value_7'
},
'vdom': 'root'}
is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance)
expected_data = {
'block-malicious-url': 'disable',
'comment': 'Comment.',
'extended-log': 'enable',
'name': 'default_name_6',
'replacemsg-group': 'test_value_7'
}
set_method_mock.assert_called_with('ips', 'sensor', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_ips_sensor_removal(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result)
input_data = {
'username': 'admin',
'state': 'absent',
'ips_sensor': {
'block_malicious_url': 'disable',
'comment': 'Comment.',
'extended_log': 'enable',
'name': 'default_name_6',
'replacemsg_group': 'test_value_7'
},
'vdom': 'root'}
is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance)
delete_method_mock.assert_called_with('ips', 'sensor', mkey=ANY, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_ips_sensor_deletion_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result)
input_data = {
'username': 'admin',
'state': 'absent',
'ips_sensor': {
'block_malicious_url': 'disable',
'comment': 'Comment.',
'extended_log': 'enable',
'name': 'default_name_6',
'replacemsg_group': 'test_value_7'
},
'vdom': 'root'}
is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance)
delete_method_mock.assert_called_with('ips', 'sensor', mkey=ANY, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_ips_sensor_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'ips_sensor': {
'block_malicious_url': 'disable',
'comment': 'Comment.',
'extended_log': 'enable',
'name': 'default_name_6',
'replacemsg_group': 'test_value_7'
},
'vdom': 'root'}
is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance)
expected_data = {
'block-malicious-url': 'disable',
'comment': 'Comment.',
'extended-log': 'enable',
'name': 'default_name_6',
'replacemsg-group': 'test_value_7'
}
set_method_mock.assert_called_with('ips', 'sensor', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_ips_sensor_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'ips_sensor': {
'random_attribute_not_valid': 'tag',
'block_malicious_url': 'disable',
'comment': 'Comment.',
'extended_log': 'enable',
'name': 'default_name_6',
'replacemsg_group': 'test_value_7'
},
'vdom': 'root'}
is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance)
expected_data = {
'block-malicious-url': 'disable',
'comment': 'Comment.',
'extended-log': 'enable',
'name': 'default_name_6',
'replacemsg-group': 'test_value_7'
}
set_method_mock.assert_called_with('ips', 'sensor', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

175
test/units/modules/network/fortios/test_fortios_ips_settings.py
Unescape Escape View File

@ -0,0 +1,175 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_ips_settings
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_ips_settings.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_ips_settings_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'ips_settings': {
'ips_packet_quota': '3',
'packet_log_history': '4',
'packet_log_memory': '5',
'packet_log_post_attack': '6'
},
'vdom': 'root'}
is_error, changed, response = fortios_ips_settings.fortios_ips(input_data, fos_instance)
expected_data = {
'ips-packet-quota': '3',
'packet-log-history': '4',
'packet-log-memory': '5',
'packet-log-post-attack': '6'
}
set_method_mock.assert_called_with('ips', 'settings', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_ips_settings_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'ips_settings': {
'ips_packet_quota': '3',
'packet_log_history': '4',
'packet_log_memory': '5',
'packet_log_post_attack': '6'
},
'vdom': 'root'}
is_error, changed, response = fortios_ips_settings.fortios_ips(input_data, fos_instance)
expected_data = {
'ips-packet-quota': '3',
'packet-log-history': '4',
'packet-log-memory': '5',
'packet-log-post-attack': '6'
}
set_method_mock.assert_called_with('ips', 'settings', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_ips_settings_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'ips_settings': {
'ips_packet_quota': '3',
'packet_log_history': '4',
'packet_log_memory': '5',
'packet_log_post_attack': '6'
},
'vdom': 'root'}
is_error, changed, response = fortios_ips_settings.fortios_ips(input_data, fos_instance)
expected_data = {
'ips-packet-quota': '3',
'packet-log-history': '4',
'packet-log-memory': '5',
'packet-log-post-attack': '6'
}
set_method_mock.assert_called_with('ips', 'settings', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_ips_settings_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'ips_settings': {
'random_attribute_not_valid': 'tag',
'ips_packet_quota': '3',
'packet_log_history': '4',
'packet_log_memory': '5',
'packet_log_post_attack': '6'
},
'vdom': 'root'}
is_error, changed, response = fortios_ips_settings.fortios_ips(input_data, fos_instance)
expected_data = {
'ips-packet-quota': '3',
'packet-log-history': '4',
'packet-log-memory': '5',
'packet-log-post-attack': '6'
}
set_method_mock.assert_called_with('ips', 'settings', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

219
test/units/modules/network/fortios/test_fortios_log_custom_field.py
Unescape Escape View File

@ -0,0 +1,219 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_custom_field
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_custom_field.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_custom_field_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_custom_field': {
'id': '3',
'name': 'default_name_4',
'value': 'test_value_5'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance)
expected_data = {
'id': '3',
'name': 'default_name_4',
'value': 'test_value_5'
}
set_method_mock.assert_called_with('log', 'custom-field', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_custom_field_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_custom_field': {
'id': '3',
'name': 'default_name_4',
'value': 'test_value_5'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance)
expected_data = {
'id': '3',
'name': 'default_name_4',
'value': 'test_value_5'
}
set_method_mock.assert_called_with('log', 'custom-field', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_custom_field_removal(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result)
input_data = {
'username': 'admin',
'state': 'absent',
'log_custom_field': {
'id': '3',
'name': 'default_name_4',
'value': 'test_value_5'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance)
delete_method_mock.assert_called_with('log', 'custom-field', mkey=ANY, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_custom_field_deletion_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result)
input_data = {
'username': 'admin',
'state': 'absent',
'log_custom_field': {
'id': '3',
'name': 'default_name_4',
'value': 'test_value_5'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance)
delete_method_mock.assert_called_with('log', 'custom-field', mkey=ANY, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_custom_field_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_custom_field': {
'id': '3',
'name': 'default_name_4',
'value': 'test_value_5'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance)
expected_data = {
'id': '3',
'name': 'default_name_4',
'value': 'test_value_5'
}
set_method_mock.assert_called_with('log', 'custom-field', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_custom_field_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_custom_field': {
'random_attribute_not_valid': 'tag',
'id': '3',
'name': 'default_name_4',
'value': 'test_value_5'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance)
expected_data = {
'id': '3',
'name': 'default_name_4',
'value': 'test_value_5'
}
set_method_mock.assert_called_with('log', 'custom-field', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

407
test/units/modules/network/fortios/test_fortios_log_disk_filter.py
Unescape Escape View File

@ -0,0 +1,407 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_disk_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_disk_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_disk_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_disk_filter': {
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu_memory_usage': 'enable',
'dhcp': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_11',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb_monitor': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_20,',
'netscan_vulnerability': 'test_value_21,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'sslvpn_log_adm': 'enable',
'sslvpn_log_auth': 'enable',
'sslvpn_log_session': 'enable',
'system': 'enable',
'vip_ssl': 'enable',
'voip': 'enable',
'wan_opt': 'enable',
'wireless_activity': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_disk_filter.fortios_log_disk(input_data, fos_instance)
expected_data = {
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu-memory-usage': 'enable',
'dhcp': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_11',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb-monitor': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_20,',
'netscan-vulnerability': 'test_value_21,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'sslvpn-log-adm': 'enable',
'sslvpn-log-auth': 'enable',
'sslvpn-log-session': 'enable',
'system': 'enable',
'vip-ssl': 'enable',
'voip': 'enable',
'wan-opt': 'enable',
'wireless-activity': 'enable'
}
set_method_mock.assert_called_with('log.disk', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_disk_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_disk_filter': {
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu_memory_usage': 'enable',
'dhcp': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_11',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb_monitor': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_20,',
'netscan_vulnerability': 'test_value_21,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'sslvpn_log_adm': 'enable',
'sslvpn_log_auth': 'enable',
'sslvpn_log_session': 'enable',
'system': 'enable',
'vip_ssl': 'enable',
'voip': 'enable',
'wan_opt': 'enable',
'wireless_activity': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_disk_filter.fortios_log_disk(input_data, fos_instance)
expected_data = {
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu-memory-usage': 'enable',
'dhcp': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_11',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb-monitor': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_20,',
'netscan-vulnerability': 'test_value_21,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'sslvpn-log-adm': 'enable',
'sslvpn-log-auth': 'enable',
'sslvpn-log-session': 'enable',
'system': 'enable',
'vip-ssl': 'enable',
'voip': 'enable',
'wan-opt': 'enable',
'wireless-activity': 'enable'
}
set_method_mock.assert_called_with('log.disk', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_disk_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_disk_filter': {
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu_memory_usage': 'enable',
'dhcp': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_11',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb_monitor': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_20,',
'netscan_vulnerability': 'test_value_21,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'sslvpn_log_adm': 'enable',
'sslvpn_log_auth': 'enable',
'sslvpn_log_session': 'enable',
'system': 'enable',
'vip_ssl': 'enable',
'voip': 'enable',
'wan_opt': 'enable',
'wireless_activity': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_disk_filter.fortios_log_disk(input_data, fos_instance)
expected_data = {
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu-memory-usage': 'enable',
'dhcp': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_11',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb-monitor': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_20,',
'netscan-vulnerability': 'test_value_21,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'sslvpn-log-adm': 'enable',
'sslvpn-log-auth': 'enable',
'sslvpn-log-session': 'enable',
'system': 'enable',
'vip-ssl': 'enable',
'voip': 'enable',
'wan-opt': 'enable',
'wireless-activity': 'enable'
}
set_method_mock.assert_called_with('log.disk', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_disk_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_disk_filter': {
'random_attribute_not_valid': 'tag',
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu_memory_usage': 'enable',
'dhcp': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_11',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb_monitor': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_20,',
'netscan_vulnerability': 'test_value_21,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'sslvpn_log_adm': 'enable',
'sslvpn_log_auth': 'enable',
'sslvpn_log_session': 'enable',
'system': 'enable',
'vip_ssl': 'enable',
'voip': 'enable',
'wan_opt': 'enable',
'wireless_activity': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_disk_filter.fortios_log_disk(input_data, fos_instance)
expected_data = {
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu-memory-usage': 'enable',
'dhcp': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_11',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb-monitor': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_20,',
'netscan-vulnerability': 'test_value_21,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'sslvpn-log-adm': 'enable',
'sslvpn-log-auth': 'enable',
'sslvpn-log-session': 'enable',
'system': 'enable',
'vip-ssl': 'enable',
'voip': 'enable',
'wan-opt': 'enable',
'wireless-activity': 'enable'
}
set_method_mock.assert_called_with('log.disk', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

367
test/units/modules/network/fortios/test_fortios_log_disk_setting.py
Unescape Escape View File

@ -0,0 +1,367 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_disk_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_disk_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_disk_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_disk_setting': {
'diskfull': 'overwrite',
'dlp_archive_quota': '4',
'full_final_warning_threshold': '5',
'full_first_warning_threshold': '6',
'full_second_warning_threshold': '7',
'ips_archive': 'enable',
'log_quota': '9',
'max_log_file_size': '10',
'max_policy_packet_capture_size': '11',
'maximum_log_age': '12',
'report_quota': '13',
'roll_day': 'sunday',
'roll_schedule': 'daily',
'roll_time': 'test_value_16',
'source_ip': '84.230.14.17',
'status': 'enable',
'upload': 'enable',
'upload_delete_files': 'enable',
'upload_destination': 'ftp-server',
'upload_ssl_conn': 'default',
'uploaddir': 'test_value_23',
'uploadip': 'test_value_24',
'uploadpass': 'test_value_25',
'uploadport': '26',
'uploadsched': 'disable',
'uploadtime': 'test_value_28',
'uploadtype': 'traffic',
'uploaduser': 'test_value_30'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_disk_setting.fortios_log_disk(input_data, fos_instance)
expected_data = {
'diskfull': 'overwrite',
'dlp-archive-quota': '4',
'full-final-warning-threshold': '5',
'full-first-warning-threshold': '6',
'full-second-warning-threshold': '7',
'ips-archive': 'enable',
'log-quota': '9',
'max-log-file-size': '10',
'max-policy-packet-capture-size': '11',
'maximum-log-age': '12',
'report-quota': '13',
'roll-day': 'sunday',
'roll-schedule': 'daily',
'roll-time': 'test_value_16',
'source-ip': '84.230.14.17',
'status': 'enable',
'upload': 'enable',
'upload-delete-files': 'enable',
'upload-destination': 'ftp-server',
'upload-ssl-conn': 'default',
'uploaddir': 'test_value_23',
'uploadip': 'test_value_24',
'uploadpass': 'test_value_25',
'uploadport': '26',
'uploadsched': 'disable',
'uploadtime': 'test_value_28',
'uploadtype': 'traffic',
'uploaduser': 'test_value_30'
}
set_method_mock.assert_called_with('log.disk', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_disk_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_disk_setting': {
'diskfull': 'overwrite',
'dlp_archive_quota': '4',
'full_final_warning_threshold': '5',
'full_first_warning_threshold': '6',
'full_second_warning_threshold': '7',
'ips_archive': 'enable',
'log_quota': '9',
'max_log_file_size': '10',
'max_policy_packet_capture_size': '11',
'maximum_log_age': '12',
'report_quota': '13',
'roll_day': 'sunday',
'roll_schedule': 'daily',
'roll_time': 'test_value_16',
'source_ip': '84.230.14.17',
'status': 'enable',
'upload': 'enable',
'upload_delete_files': 'enable',
'upload_destination': 'ftp-server',
'upload_ssl_conn': 'default',
'uploaddir': 'test_value_23',
'uploadip': 'test_value_24',
'uploadpass': 'test_value_25',
'uploadport': '26',
'uploadsched': 'disable',
'uploadtime': 'test_value_28',
'uploadtype': 'traffic',
'uploaduser': 'test_value_30'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_disk_setting.fortios_log_disk(input_data, fos_instance)
expected_data = {
'diskfull': 'overwrite',
'dlp-archive-quota': '4',
'full-final-warning-threshold': '5',
'full-first-warning-threshold': '6',
'full-second-warning-threshold': '7',
'ips-archive': 'enable',
'log-quota': '9',
'max-log-file-size': '10',
'max-policy-packet-capture-size': '11',
'maximum-log-age': '12',
'report-quota': '13',
'roll-day': 'sunday',
'roll-schedule': 'daily',
'roll-time': 'test_value_16',
'source-ip': '84.230.14.17',
'status': 'enable',
'upload': 'enable',
'upload-delete-files': 'enable',
'upload-destination': 'ftp-server',
'upload-ssl-conn': 'default',
'uploaddir': 'test_value_23',
'uploadip': 'test_value_24',
'uploadpass': 'test_value_25',
'uploadport': '26',
'uploadsched': 'disable',
'uploadtime': 'test_value_28',
'uploadtype': 'traffic',
'uploaduser': 'test_value_30'
}
set_method_mock.assert_called_with('log.disk', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_disk_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_disk_setting': {
'diskfull': 'overwrite',
'dlp_archive_quota': '4',
'full_final_warning_threshold': '5',
'full_first_warning_threshold': '6',
'full_second_warning_threshold': '7',
'ips_archive': 'enable',
'log_quota': '9',
'max_log_file_size': '10',
'max_policy_packet_capture_size': '11',
'maximum_log_age': '12',
'report_quota': '13',
'roll_day': 'sunday',
'roll_schedule': 'daily',
'roll_time': 'test_value_16',
'source_ip': '84.230.14.17',
'status': 'enable',
'upload': 'enable',
'upload_delete_files': 'enable',
'upload_destination': 'ftp-server',
'upload_ssl_conn': 'default',
'uploaddir': 'test_value_23',
'uploadip': 'test_value_24',
'uploadpass': 'test_value_25',
'uploadport': '26',
'uploadsched': 'disable',
'uploadtime': 'test_value_28',
'uploadtype': 'traffic',
'uploaduser': 'test_value_30'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_disk_setting.fortios_log_disk(input_data, fos_instance)
expected_data = {
'diskfull': 'overwrite',
'dlp-archive-quota': '4',
'full-final-warning-threshold': '5',
'full-first-warning-threshold': '6',
'full-second-warning-threshold': '7',
'ips-archive': 'enable',
'log-quota': '9',
'max-log-file-size': '10',
'max-policy-packet-capture-size': '11',
'maximum-log-age': '12',
'report-quota': '13',
'roll-day': 'sunday',
'roll-schedule': 'daily',
'roll-time': 'test_value_16',
'source-ip': '84.230.14.17',
'status': 'enable',
'upload': 'enable',
'upload-delete-files': 'enable',
'upload-destination': 'ftp-server',
'upload-ssl-conn': 'default',
'uploaddir': 'test_value_23',
'uploadip': 'test_value_24',
'uploadpass': 'test_value_25',
'uploadport': '26',
'uploadsched': 'disable',
'uploadtime': 'test_value_28',
'uploadtype': 'traffic',
'uploaduser': 'test_value_30'
}
set_method_mock.assert_called_with('log.disk', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_disk_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_disk_setting': {
'random_attribute_not_valid': 'tag',
'diskfull': 'overwrite',
'dlp_archive_quota': '4',
'full_final_warning_threshold': '5',
'full_first_warning_threshold': '6',
'full_second_warning_threshold': '7',
'ips_archive': 'enable',
'log_quota': '9',
'max_log_file_size': '10',
'max_policy_packet_capture_size': '11',
'maximum_log_age': '12',
'report_quota': '13',
'roll_day': 'sunday',
'roll_schedule': 'daily',
'roll_time': 'test_value_16',
'source_ip': '84.230.14.17',
'status': 'enable',
'upload': 'enable',
'upload_delete_files': 'enable',
'upload_destination': 'ftp-server',
'upload_ssl_conn': 'default',
'uploaddir': 'test_value_23',
'uploadip': 'test_value_24',
'uploadpass': 'test_value_25',
'uploadport': '26',
'uploadsched': 'disable',
'uploadtime': 'test_value_28',
'uploadtype': 'traffic',
'uploaduser': 'test_value_30'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_disk_setting.fortios_log_disk(input_data, fos_instance)
expected_data = {
'diskfull': 'overwrite',
'dlp-archive-quota': '4',
'full-final-warning-threshold': '5',
'full-first-warning-threshold': '6',
'full-second-warning-threshold': '7',
'ips-archive': 'enable',
'log-quota': '9',
'max-log-file-size': '10',
'max-policy-packet-capture-size': '11',
'maximum-log-age': '12',
'report-quota': '13',
'roll-day': 'sunday',
'roll-schedule': 'daily',
'roll-time': 'test_value_16',
'source-ip': '84.230.14.17',
'status': 'enable',
'upload': 'enable',
'upload-delete-files': 'enable',
'upload-destination': 'ftp-server',
'upload-ssl-conn': 'default',
'uploaddir': 'test_value_23',
'uploadip': 'test_value_24',
'uploadpass': 'test_value_25',
'uploadport': '26',
'uploadsched': 'disable',
'uploadtime': 'test_value_28',
'uploadtype': 'traffic',
'uploaduser': 'test_value_30'
}
set_method_mock.assert_called_with('log.disk', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

231
test/units/modules/network/fortios/test_fortios_log_eventfilter.py
Unescape Escape View File

@ -0,0 +1,231 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_eventfilter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_eventfilter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_eventfilter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_eventfilter': {
'compliance_check': 'enable',
'endpoint': 'enable',
'event': 'enable',
'ha': 'enable',
'router': 'enable',
'security_rating': 'enable',
'system': 'enable',
'user': 'enable',
'vpn': 'enable',
'wan_opt': 'enable',
'wireless_activity': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_eventfilter.fortios_log(input_data, fos_instance)
expected_data = {
'compliance-check': 'enable',
'endpoint': 'enable',
'event': 'enable',
'ha': 'enable',
'router': 'enable',
'security-rating': 'enable',
'system': 'enable',
'user': 'enable',
'vpn': 'enable',
'wan-opt': 'enable',
'wireless-activity': 'enable'
}
set_method_mock.assert_called_with('log', 'eventfilter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_eventfilter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_eventfilter': {
'compliance_check': 'enable',
'endpoint': 'enable',
'event': 'enable',
'ha': 'enable',
'router': 'enable',
'security_rating': 'enable',
'system': 'enable',
'user': 'enable',
'vpn': 'enable',
'wan_opt': 'enable',
'wireless_activity': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_eventfilter.fortios_log(input_data, fos_instance)
expected_data = {
'compliance-check': 'enable',
'endpoint': 'enable',
'event': 'enable',
'ha': 'enable',
'router': 'enable',
'security-rating': 'enable',
'system': 'enable',
'user': 'enable',
'vpn': 'enable',
'wan-opt': 'enable',
'wireless-activity': 'enable'
}
set_method_mock.assert_called_with('log', 'eventfilter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_eventfilter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_eventfilter': {
'compliance_check': 'enable',
'endpoint': 'enable',
'event': 'enable',
'ha': 'enable',
'router': 'enable',
'security_rating': 'enable',
'system': 'enable',
'user': 'enable',
'vpn': 'enable',
'wan_opt': 'enable',
'wireless_activity': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_eventfilter.fortios_log(input_data, fos_instance)
expected_data = {
'compliance-check': 'enable',
'endpoint': 'enable',
'event': 'enable',
'ha': 'enable',
'router': 'enable',
'security-rating': 'enable',
'system': 'enable',
'user': 'enable',
'vpn': 'enable',
'wan-opt': 'enable',
'wireless-activity': 'enable'
}
set_method_mock.assert_called_with('log', 'eventfilter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_eventfilter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_eventfilter': {
'random_attribute_not_valid': 'tag',
'compliance_check': 'enable',
'endpoint': 'enable',
'event': 'enable',
'ha': 'enable',
'router': 'enable',
'security_rating': 'enable',
'system': 'enable',
'user': 'enable',
'vpn': 'enable',
'wan_opt': 'enable',
'wireless_activity': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_eventfilter.fortios_log(input_data, fos_instance)
expected_data = {
'compliance-check': 'enable',
'endpoint': 'enable',
'event': 'enable',
'ha': 'enable',
'router': 'enable',
'security-rating': 'enable',
'system': 'enable',
'user': 'enable',
'vpn': 'enable',
'wan-opt': 'enable',
'wireless-activity': 'enable'
}
set_method_mock.assert_called_with('log', 'eventfilter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

263
test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_filter.py
Unescape Escape View File

@ -0,0 +1,263 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_fortianalyzer2_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer2_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_fortianalyzer2_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer2_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer2_filter.fortios_log_fortianalyzer2(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer2', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_fortianalyzer2_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer2_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer2_filter.fortios_log_fortianalyzer2(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer2', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_fortianalyzer2_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer2_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer2_filter.fortios_log_fortianalyzer2(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer2', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_fortianalyzer2_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer2_filter': {
'random_attribute_not_valid': 'tag',
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer2_filter.fortios_log_fortianalyzer2(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer2', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

295
test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_setting.py
Unescape Escape View File

@ -0,0 +1,295 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_fortianalyzer2_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer2_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_fortianalyzer2_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer2_setting': {
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source_ip': '84.230.14.15',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_18',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_21'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer2_setting.fortios_log_fortianalyzer2(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source-ip': '84.230.14.15',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_18',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_21'
}
set_method_mock.assert_called_with('log.fortianalyzer2', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_fortianalyzer2_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer2_setting': {
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source_ip': '84.230.14.15',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_18',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_21'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer2_setting.fortios_log_fortianalyzer2(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source-ip': '84.230.14.15',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_18',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_21'
}
set_method_mock.assert_called_with('log.fortianalyzer2', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_fortianalyzer2_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer2_setting': {
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source_ip': '84.230.14.15',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_18',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_21'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer2_setting.fortios_log_fortianalyzer2(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source-ip': '84.230.14.15',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_18',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_21'
}
set_method_mock.assert_called_with('log.fortianalyzer2', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_fortianalyzer2_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer2_setting': {
'random_attribute_not_valid': 'tag',
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source_ip': '84.230.14.15',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_18',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_21'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer2_setting.fortios_log_fortianalyzer2(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source-ip': '84.230.14.15',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_18',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_21'
}
set_method_mock.assert_called_with('log.fortianalyzer2', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

263
test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_filter.py
Unescape Escape View File

@ -0,0 +1,263 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_fortianalyzer3_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer3_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_fortianalyzer3_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer3_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer3_filter.fortios_log_fortianalyzer3(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer3', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_fortianalyzer3_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer3_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer3_filter.fortios_log_fortianalyzer3(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer3', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_fortianalyzer3_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer3_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer3_filter.fortios_log_fortianalyzer3(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer3', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_fortianalyzer3_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer3_filter': {
'random_attribute_not_valid': 'tag',
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer3_filter.fortios_log_fortianalyzer3(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer3', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

295
test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_setting.py
Unescape Escape View File

@ -0,0 +1,295 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_fortianalyzer3_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer3_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_fortianalyzer3_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer3_setting': {
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source_ip': '84.230.14.15',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_18',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_21'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer3_setting.fortios_log_fortianalyzer3(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source-ip': '84.230.14.15',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_18',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_21'
}
set_method_mock.assert_called_with('log.fortianalyzer3', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_fortianalyzer3_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer3_setting': {
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source_ip': '84.230.14.15',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_18',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_21'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer3_setting.fortios_log_fortianalyzer3(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source-ip': '84.230.14.15',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_18',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_21'
}
set_method_mock.assert_called_with('log.fortianalyzer3', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_fortianalyzer3_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer3_setting': {
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source_ip': '84.230.14.15',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_18',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_21'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer3_setting.fortios_log_fortianalyzer3(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source-ip': '84.230.14.15',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_18',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_21'
}
set_method_mock.assert_called_with('log.fortianalyzer3', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_fortianalyzer3_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer3_setting': {
'random_attribute_not_valid': 'tag',
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source_ip': '84.230.14.15',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_18',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_21'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer3_setting.fortios_log_fortianalyzer3(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source-ip': '84.230.14.15',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_18',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_21'
}
set_method_mock.assert_called_with('log.fortianalyzer3', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

263
test/units/modules/network/fortios/test_fortios_log_fortianalyzer_filter.py
Unescape Escape View File

@ -0,0 +1,263 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_fortianalyzer_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_fortianalyzer_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_filter.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_fortianalyzer_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_filter.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_fortianalyzer_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_filter.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_fortianalyzer_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_filter': {
'random_attribute_not_valid': 'tag',
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_filter.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

263
test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_filter.py
Unescape Escape View File

@ -0,0 +1,263 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_fortianalyzer_override_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer_override_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_fortianalyzer_override_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_override_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_override_filter.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'override-filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_fortianalyzer_override_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_override_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_override_filter.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'override-filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_fortianalyzer_override_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_override_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_override_filter.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'override-filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_fortianalyzer_override_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_override_filter': {
'random_attribute_not_valid': 'tag',
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_override_filter.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'override-filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

311
test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_setting.py
Unescape Escape View File

@ -0,0 +1,311 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_fortianalyzer_override_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer_override_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_fortianalyzer_override_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_override_setting': {
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'override': 'enable',
'reliable': 'enable',
'server': '192.168.100.15',
'source_ip': '84.230.14.16',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_19',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_22',
'use_management_vdom': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_override_setting.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'override': 'enable',
'reliable': 'enable',
'server': '192.168.100.15',
'source-ip': '84.230.14.16',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_19',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_22',
'use-management-vdom': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'override-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_fortianalyzer_override_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_override_setting': {
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'override': 'enable',
'reliable': 'enable',
'server': '192.168.100.15',
'source_ip': '84.230.14.16',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_19',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_22',
'use_management_vdom': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_override_setting.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'override': 'enable',
'reliable': 'enable',
'server': '192.168.100.15',
'source-ip': '84.230.14.16',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_19',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_22',
'use-management-vdom': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'override-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_fortianalyzer_override_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_override_setting': {
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'override': 'enable',
'reliable': 'enable',
'server': '192.168.100.15',
'source_ip': '84.230.14.16',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_19',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_22',
'use_management_vdom': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_override_setting.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'override': 'enable',
'reliable': 'enable',
'server': '192.168.100.15',
'source-ip': '84.230.14.16',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_19',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_22',
'use-management-vdom': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'override-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_fortianalyzer_override_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_override_setting': {
'random_attribute_not_valid': 'tag',
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'override': 'enable',
'reliable': 'enable',
'server': '192.168.100.15',
'source_ip': '84.230.14.16',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_19',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_22',
'use_management_vdom': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_override_setting.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'override': 'enable',
'reliable': 'enable',
'server': '192.168.100.15',
'source-ip': '84.230.14.16',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_19',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_22',
'use-management-vdom': 'enable'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'override-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

295
test/units/modules/network/fortios/test_fortios_log_fortianalyzer_setting.py
Unescape Escape View File

@ -0,0 +1,295 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_fortianalyzer_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_fortianalyzer_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_setting': {
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source_ip': '84.230.14.15',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_18',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_21'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_setting.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source-ip': '84.230.14.15',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_18',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_21'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_fortianalyzer_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_setting': {
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source_ip': '84.230.14.15',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_18',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_21'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_setting.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source-ip': '84.230.14.15',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_18',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_21'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_fortianalyzer_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_setting': {
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source_ip': '84.230.14.15',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_18',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_21'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_setting.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source-ip': '84.230.14.15',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_18',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_21'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_fortianalyzer_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortianalyzer_setting': {
'random_attribute_not_valid': 'tag',
'__change_ip': '3',
'certificate': 'test_value_4',
'conn_timeout': '5',
'enc_algorithm': 'high-medium',
'faz_type': '7',
'hmac_algorithm': 'sha256',
'ips_archive': 'enable',
'mgmt_name': 'test_value_10',
'monitor_failure_retry_period': '11',
'monitor_keepalive_period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source_ip': '84.230.14.15',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_18',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_21'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortianalyzer_setting.fortios_log_fortianalyzer(input_data, fos_instance)
expected_data = {
'--change-ip': '3',
'certificate': 'test_value_4',
'conn-timeout': '5',
'enc-algorithm': 'high-medium',
'faz-type': '7',
'hmac-algorithm': 'sha256',
'ips-archive': 'enable',
'mgmt-name': 'test_value_10',
'monitor-failure-retry-period': '11',
'monitor-keepalive-period': '12',
'reliable': 'enable',
'server': '192.168.100.14',
'source-ip': '84.230.14.15',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_18',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_21'
}
set_method_mock.assert_called_with('log.fortianalyzer', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

263
test/units/modules/network/fortios/test_fortios_log_fortiguard_filter.py
Unescape Escape View File

@ -0,0 +1,263 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_fortiguard_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortiguard_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_fortiguard_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_filter.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortiguard', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_fortiguard_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_filter.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortiguard', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_fortiguard_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_filter.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortiguard', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_fortiguard_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_filter': {
'random_attribute_not_valid': 'tag',
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_filter.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortiguard', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

263
test/units/modules/network/fortios/test_fortios_log_fortiguard_override_filter.py
Unescape Escape View File

@ -0,0 +1,263 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_fortiguard_override_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortiguard_override_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_fortiguard_override_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_override_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_override_filter.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortiguard', 'override-filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_fortiguard_override_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_override_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_override_filter.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortiguard', 'override-filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_fortiguard_override_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_override_filter': {
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_override_filter.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortiguard', 'override-filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_fortiguard_override_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_override_filter': {
'random_attribute_not_valid': 'tag',
'anomaly': 'enable',
'dlp_archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_12,',
'netscan_vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_override_filter.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dlp-archive': 'enable',
'dns': 'enable',
'filter': 'test_value_6',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_12,',
'netscan-vulnerability': 'test_value_13,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.fortiguard', 'override-filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

191
test/units/modules/network/fortios/test_fortios_log_fortiguard_override_setting.py
Unescape Escape View File

@ -0,0 +1,191 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_fortiguard_override_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortiguard_override_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_fortiguard_override_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_override_setting': {
'override': 'enable',
'status': 'enable',
'upload_day': 'test_value_5',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_8'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_override_setting.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'override': 'enable',
'status': 'enable',
'upload-day': 'test_value_5',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_8'
}
set_method_mock.assert_called_with('log.fortiguard', 'override-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_fortiguard_override_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_override_setting': {
'override': 'enable',
'status': 'enable',
'upload_day': 'test_value_5',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_8'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_override_setting.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'override': 'enable',
'status': 'enable',
'upload-day': 'test_value_5',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_8'
}
set_method_mock.assert_called_with('log.fortiguard', 'override-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_fortiguard_override_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_override_setting': {
'override': 'enable',
'status': 'enable',
'upload_day': 'test_value_5',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_8'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_override_setting.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'override': 'enable',
'status': 'enable',
'upload-day': 'test_value_5',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_8'
}
set_method_mock.assert_called_with('log.fortiguard', 'override-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_fortiguard_override_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_override_setting': {
'random_attribute_not_valid': 'tag',
'override': 'enable',
'status': 'enable',
'upload_day': 'test_value_5',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_8'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_override_setting.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'override': 'enable',
'status': 'enable',
'upload-day': 'test_value_5',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_8'
}
set_method_mock.assert_called_with('log.fortiguard', 'override-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

207
test/units/modules/network/fortios/test_fortios_log_fortiguard_setting.py
Unescape Escape View File

@ -0,0 +1,207 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_fortiguard_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortiguard_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_fortiguard_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_setting': {
'enc_algorithm': 'high-medium',
'source_ip': '84.230.14.4',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_7',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_10'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_setting.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'enc-algorithm': 'high-medium',
'source-ip': '84.230.14.4',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_7',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_10'
}
set_method_mock.assert_called_with('log.fortiguard', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_fortiguard_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_setting': {
'enc_algorithm': 'high-medium',
'source_ip': '84.230.14.4',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_7',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_10'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_setting.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'enc-algorithm': 'high-medium',
'source-ip': '84.230.14.4',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_7',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_10'
}
set_method_mock.assert_called_with('log.fortiguard', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_fortiguard_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_setting': {
'enc_algorithm': 'high-medium',
'source_ip': '84.230.14.4',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_7',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_10'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_setting.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'enc-algorithm': 'high-medium',
'source-ip': '84.230.14.4',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_7',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_10'
}
set_method_mock.assert_called_with('log.fortiguard', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_fortiguard_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_fortiguard_setting': {
'random_attribute_not_valid': 'tag',
'enc_algorithm': 'high-medium',
'source_ip': '84.230.14.4',
'ssl_min_proto_version': 'default',
'status': 'enable',
'upload_day': 'test_value_7',
'upload_interval': 'daily',
'upload_option': 'store-and-upload',
'upload_time': 'test_value_10'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_fortiguard_setting.fortios_log_fortiguard(input_data, fos_instance)
expected_data = {
'enc-algorithm': 'high-medium',
'source-ip': '84.230.14.4',
'ssl-min-proto-version': 'default',
'status': 'enable',
'upload-day': 'test_value_7',
'upload-interval': 'daily',
'upload-option': 'store-and-upload',
'upload-time': 'test_value_10'
}
set_method_mock.assert_called_with('log.fortiguard', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

167
test/units/modules/network/fortios/test_fortios_log_gui_display.py
Unescape Escape View File

@ -0,0 +1,167 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_gui_display
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_gui_display.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_gui_display_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_gui_display': {
'fortiview_unscanned_apps': 'enable',
'resolve_apps': 'enable',
'resolve_hosts': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_gui_display.fortios_log(input_data, fos_instance)
expected_data = {
'fortiview-unscanned-apps': 'enable',
'resolve-apps': 'enable',
'resolve-hosts': 'enable'
}
set_method_mock.assert_called_with('log', 'gui-display', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_gui_display_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_gui_display': {
'fortiview_unscanned_apps': 'enable',
'resolve_apps': 'enable',
'resolve_hosts': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_gui_display.fortios_log(input_data, fos_instance)
expected_data = {
'fortiview-unscanned-apps': 'enable',
'resolve-apps': 'enable',
'resolve-hosts': 'enable'
}
set_method_mock.assert_called_with('log', 'gui-display', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_gui_display_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_gui_display': {
'fortiview_unscanned_apps': 'enable',
'resolve_apps': 'enable',
'resolve_hosts': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_gui_display.fortios_log(input_data, fos_instance)
expected_data = {
'fortiview-unscanned-apps': 'enable',
'resolve-apps': 'enable',
'resolve-hosts': 'enable'
}
set_method_mock.assert_called_with('log', 'gui-display', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_gui_display_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_gui_display': {
'random_attribute_not_valid': 'tag',
'fortiview_unscanned_apps': 'enable',
'resolve_apps': 'enable',
'resolve_hosts': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_gui_display.fortios_log(input_data, fos_instance)
expected_data = {
'fortiview-unscanned-apps': 'enable',
'resolve-apps': 'enable',
'resolve-hosts': 'enable'
}
set_method_mock.assert_called_with('log', 'gui-display', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

399
test/units/modules/network/fortios/test_fortios_log_memory_filter.py
Unescape Escape View File

@ -0,0 +1,399 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_memory_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_memory_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_memory_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_memory_filter': {
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu_memory_usage': 'enable',
'dhcp': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_10',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb_monitor': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_19,',
'netscan_vulnerability': 'test_value_20,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'sslvpn_log_adm': 'enable',
'sslvpn_log_auth': 'enable',
'sslvpn_log_session': 'enable',
'system': 'enable',
'vip_ssl': 'enable',
'voip': 'enable',
'wan_opt': 'enable',
'wireless_activity': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_memory_filter.fortios_log_memory(input_data, fos_instance)
expected_data = {
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu-memory-usage': 'enable',
'dhcp': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_10',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb-monitor': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_19,',
'netscan-vulnerability': 'test_value_20,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'sslvpn-log-adm': 'enable',
'sslvpn-log-auth': 'enable',
'sslvpn-log-session': 'enable',
'system': 'enable',
'vip-ssl': 'enable',
'voip': 'enable',
'wan-opt': 'enable',
'wireless-activity': 'enable'
}
set_method_mock.assert_called_with('log.memory', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_memory_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_memory_filter': {
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu_memory_usage': 'enable',
'dhcp': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_10',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb_monitor': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_19,',
'netscan_vulnerability': 'test_value_20,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'sslvpn_log_adm': 'enable',
'sslvpn_log_auth': 'enable',
'sslvpn_log_session': 'enable',
'system': 'enable',
'vip_ssl': 'enable',
'voip': 'enable',
'wan_opt': 'enable',
'wireless_activity': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_memory_filter.fortios_log_memory(input_data, fos_instance)
expected_data = {
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu-memory-usage': 'enable',
'dhcp': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_10',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb-monitor': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_19,',
'netscan-vulnerability': 'test_value_20,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'sslvpn-log-adm': 'enable',
'sslvpn-log-auth': 'enable',
'sslvpn-log-session': 'enable',
'system': 'enable',
'vip-ssl': 'enable',
'voip': 'enable',
'wan-opt': 'enable',
'wireless-activity': 'enable'
}
set_method_mock.assert_called_with('log.memory', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_memory_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_memory_filter': {
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu_memory_usage': 'enable',
'dhcp': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_10',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb_monitor': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_19,',
'netscan_vulnerability': 'test_value_20,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'sslvpn_log_adm': 'enable',
'sslvpn_log_auth': 'enable',
'sslvpn_log_session': 'enable',
'system': 'enable',
'vip_ssl': 'enable',
'voip': 'enable',
'wan_opt': 'enable',
'wireless_activity': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_memory_filter.fortios_log_memory(input_data, fos_instance)
expected_data = {
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu-memory-usage': 'enable',
'dhcp': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_10',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb-monitor': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_19,',
'netscan-vulnerability': 'test_value_20,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'sslvpn-log-adm': 'enable',
'sslvpn-log-auth': 'enable',
'sslvpn-log-session': 'enable',
'system': 'enable',
'vip-ssl': 'enable',
'voip': 'enable',
'wan-opt': 'enable',
'wireless-activity': 'enable'
}
set_method_mock.assert_called_with('log.memory', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_memory_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_memory_filter': {
'random_attribute_not_valid': 'tag',
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu_memory_usage': 'enable',
'dhcp': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_10',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb_monitor': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_19,',
'netscan_vulnerability': 'test_value_20,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'sslvpn_log_adm': 'enable',
'sslvpn_log_auth': 'enable',
'sslvpn_log_session': 'enable',
'system': 'enable',
'vip_ssl': 'enable',
'voip': 'enable',
'wan_opt': 'enable',
'wireless_activity': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_memory_filter.fortios_log_memory(input_data, fos_instance)
expected_data = {
'admin': 'enable',
'anomaly': 'enable',
'auth': 'enable',
'cpu-memory-usage': 'enable',
'dhcp': 'enable',
'dns': 'enable',
'event': 'enable',
'filter': 'test_value_10',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'ha': 'enable',
'ipsec': 'enable',
'ldb-monitor': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_19,',
'netscan-vulnerability': 'test_value_20,',
'pattern': 'enable',
'ppp': 'enable',
'radius': 'enable',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'sslvpn-log-adm': 'enable',
'sslvpn-log-auth': 'enable',
'sslvpn-log-session': 'enable',
'system': 'enable',
'vip-ssl': 'enable',
'voip': 'enable',
'wan-opt': 'enable',
'wireless-activity': 'enable'
}
set_method_mock.assert_called_with('log.memory', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
Write Preview
Loading…
Cancel
Save