diff --git a/lib/ansible/modules/network/fortios/fortios_ips_sensor.py b/lib/ansible/modules/network/fortios/fortios_ips_sensor.py
index df12f09c48c..acf095098a5 100644
--- a/lib/ansible/modules/network/fortios/fortios_ips_sensor.py
+++ b/lib/ansible/modules/network/fortios/fortios_ips_sensor.py
@@ -1,6 +1,6 @@
#!/usr/bin/python
from __future__ import (absolute_import, division, print_function)
-# Copyright 2018 Fortinet, Inc.
+# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -27,12 +24,12 @@ ANSIBLE_METADATA = {'status': ['preview'],
DOCUMENTATION = '''
---
module: fortios_ips_sensor
-short_description: Configure IPS sensor.
+short_description: Configure IPS sensor in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by
- allowing the user to configure ips feature and sensor category.
- Examples includes all options and need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
+ user to set and modify ips feature and sensor category.
+ Examples include all parameters and values need to be adjusted to datasources before usage.
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,56 +41,73 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
- default: false
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
+ type: bool
+ default: true
+ version_added: 2.9
+ state:
+ description:
+ - Indicates whether to create or remove the object.
+ type: str
+ required: true
+ choices:
+ - present
+ - absent
+ version_added: 2.9
ips_sensor:
description:
- Configure IPS sensor.
default: null
+ type: dict
suboptions:
- state:
- description:
- - Indicates whether to create or remove the object
- choices:
- - present
- - absent
- block-malicious-url:
+ block_malicious_url:
description:
- Enable/disable malicious URL blocking.
+ type: str
choices:
- disable
- enable
comment:
description:
- Comment.
+ type: str
entries:
description:
- IPS sensor filter.
+ type: list
suboptions:
action:
description:
- Action taken with traffic in which signatures are detected.
+ type: str
choices:
- pass
- block
@@ -103,83 +117,102 @@ options:
description:
- Applications to be protected. set application ? lists available applications. all includes all applications. other includes all
unlisted applications.
- exempt-ip:
+ type: str
+ exempt_ip:
description:
- Traffic from selected source or destination IP addresses is exempt from this signature.
+ type: list
suboptions:
- dst-ip:
+ dst_ip:
description:
- Destination IP address and netmask.
+ type: str
id:
description:
- Exempt IP ID.
required: true
- src-ip:
+ type: int
+ src_ip:
description:
- Source IP address and netmask.
+ type: str
id:
description:
- Rule ID in IPS database (0 - 4294967295).
required: true
+ type: int
location:
description:
- Protect client or server traffic.
+ type: str
log:
description:
- Enable/disable logging of signatures included in filter.
+ type: str
choices:
- disable
- enable
- log-attack-context:
+ log_attack_context:
description:
- "Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer."
+ type: str
choices:
- disable
- enable
- log-packet:
+ log_packet:
description:
- Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format
for diagnostic use.
+ type: str
choices:
- disable
- enable
os:
description:
- Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems.
+ type: str
protocol:
description:
- Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted
protocols.
+ type: str
quarantine:
description:
- Quarantine method.
+ type: str
choices:
- none
- attacker
- quarantine-expiry:
+ quarantine_expiry:
description:
- - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to attacker.
- quarantine-log:
+ - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker.
+ type: str
+ quarantine_log:
description:
- Enable/disable quarantine logging.
+ type: str
choices:
- disable
- enable
- rate-count:
+ rate_count:
description:
- Count of the rate.
- rate-duration:
+ type: int
+ rate_duration:
description:
- Duration (sec) of the rate.
- rate-mode:
+ type: int
+ rate_mode:
description:
- Rate limit mode.
+ type: str
choices:
- periodical
- continuous
- rate-track:
+ rate_track:
description:
- Track the packet protocol field.
+ type: str
choices:
- none
- src-ip
@@ -189,35 +222,42 @@ options:
rule:
description:
- Identifies the predefined or custom IPS signatures to add to the sensor.
+ type: list
suboptions:
id:
description:
- Rule IPS.
required: true
+ type: int
severity:
description:
- Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity.
+ type: str
status:
description:
- Status of the signatures included in filter. default enables the filter and only use filters with default status of enable.
Filters with default status of disable will not be used.
+ type: str
choices:
- disable
- enable
- default
- extended-log:
+ extended_log:
description:
- Enable/disable extended logging.
+ type: str
choices:
- enable
- disable
filter:
description:
- IPS sensor filter.
+ type: list
suboptions:
action:
description:
- Action of selected rules.
+ type: str
choices:
- pass
- block
@@ -226,18 +266,22 @@ options:
application:
description:
- Vulnerable application filter.
+ type: str
location:
description:
- Vulnerability location filter.
+ type: str
log:
description:
- Enable/disable logging of selected rules.
+ type: str
choices:
- disable
- enable
- log-packet:
+ log_packet:
description:
- Enable/disable packet logging of selected rules.
+ type: str
choices:
- disable
- enable
@@ -245,33 +289,41 @@ options:
description:
- Filter name.
required: true
+ type: str
os:
description:
- Vulnerable OS filter.
+ type: str
protocol:
description:
- Vulnerable protocol filter.
+ type: str
quarantine:
description:
- Quarantine IP or interface.
+ type: str
choices:
- none
- attacker
- quarantine-expiry:
+ quarantine_expiry:
description:
- Duration of quarantine in minute.
- quarantine-log:
+ type: int
+ quarantine_log:
description:
- Enable/disable logging of selected quarantine.
+ type: str
choices:
- disable
- enable
severity:
description:
- Vulnerability severity filter.
+ type: str
status:
description:
- Selected rules status.
+ type: str
choices:
- disable
- enable
@@ -280,71 +332,85 @@ options:
description:
- Sensor name.
required: true
+ type: str
override:
description:
- IPS override rule.
+ type: list
suboptions:
action:
description:
- Action of override rule.
+ type: str
choices:
- pass
- block
- reset
- exempt-ip:
+ exempt_ip:
description:
- Exempted IP.
+ type: list
suboptions:
- dst-ip:
+ dst_ip:
description:
- Destination IP address and netmask.
+ type: str
id:
description:
- Exempt IP ID.
required: true
- src-ip:
+ type: int
+ src_ip:
description:
- Source IP address and netmask.
+ type: str
log:
description:
- Enable/disable logging.
+ type: str
choices:
- disable
- enable
- log-packet:
+ log_packet:
description:
- Enable/disable packet logging.
+ type: str
choices:
- disable
- enable
quarantine:
description:
- Quarantine IP or interface.
+ type: str
choices:
- none
- attacker
- quarantine-expiry:
+ quarantine_expiry:
description:
- Duration of quarantine in minute.
- quarantine-log:
+ type: int
+ quarantine_log:
description:
- Enable/disable logging of selected quarantine.
+ type: str
choices:
- disable
- enable
- rule-id:
+ rule_id:
description:
- Override rule ID.
- required: true
+ type: int
status:
description:
- Enable/disable status of override rule.
+ type: str
choices:
- disable
- enable
- replacemsg-group:
+ replacemsg_group:
description:
- Replacement message group. Source system.replacemsg-group.name.
+ type: str
'''
EXAMPLES = '''
@@ -354,78 +420,80 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Configure IPS sensor.
fortios_ips_sensor:
- host: "{{ host }}"
+ host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
- vdom: "{{ vdom }}"
+ vdom: "{{ vdom }}"
+ https: "False"
+ state: "present"
ips_sensor:
- state: "present"
- block-malicious-url: "disable"
+ block_malicious_url: "disable"
comment: "Comment."
entries:
-
action: "pass"
application: ""
- exempt-ip:
+ exempt_ip:
-
- dst-ip: ""
+ dst_ip: ""
id: "10"
- src-ip: ""
+ src_ip: ""
id: "12"
location: ""
log: "disable"
- log-attack-context: "disable"
- log-packet: "disable"
+ log_attack_context: "disable"
+ log_packet: "disable"
os: ""
protocol: ""
quarantine: "none"
- quarantine-expiry: ""
- quarantine-log: "disable"
- rate-count: "22"
- rate-duration: "23"
- rate-mode: "periodical"
- rate-track: "none"
+ quarantine_expiry: ""
+ quarantine_log: "disable"
+ rate_count: "22"
+ rate_duration: "23"
+ rate_mode: "periodical"
+ rate_track: "none"
rule:
-
id: "27"
severity: ""
status: "disable"
- extended-log: "enable"
+ extended_log: "enable"
filter:
-
action: "pass"
application: ""
location: ""
log: "disable"
- log-packet: "disable"
+ log_packet: "disable"
name: "default_name_37"
os: ""
protocol: ""
quarantine: "none"
- quarantine-expiry: "41"
- quarantine-log: "disable"
+ quarantine_expiry: "41"
+ quarantine_log: "disable"
severity: ""
status: "disable"
name: "default_name_45"
override:
-
action: "pass"
- exempt-ip:
+ exempt_ip:
-
- dst-ip: ""
+ dst_ip: ""
id: "50"
- src-ip: ""
+ src_ip: ""
log: "disable"
- log-packet: "disable"
+ log_packet: "disable"
quarantine: "none"
- quarantine-expiry: "55"
- quarantine-log: "disable"
- rule-id: "57"
+ quarantine_expiry: "55"
+ quarantine_log: "disable"
+ rule_id: "57"
status: "disable"
- replacemsg-group: " (source system.replacemsg-group.name)"
+ replacemsg_group: " (source system.replacemsg-group.name)"
'''
RETURN = '''
@@ -448,7 +516,7 @@ mkey:
description: Master key (id) used in the last call to FortiGate
returned: success
type: str
- sample: "key1"
+ sample: "id"
name:
description: Name of the table used to fulfill the request
returned: always
@@ -488,14 +556,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -503,65 +573,83 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_ips_sensor_data(json):
- option_list = ['block-malicious-url', 'comment', 'entries',
- 'extended-log', 'filter', 'name',
- 'override', 'replacemsg-group']
+ option_list = ['block_malicious_url', 'comment', 'entries',
+ 'extended_log', 'filter', 'name',
+ 'override', 'replacemsg_group']
dictionary = {}
for attribute in option_list:
- if attribute in json:
+ if attribute in json and json[attribute] is not None:
dictionary[attribute] = json[attribute]
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def ips_sensor(data, fos):
vdom = data['vdom']
+ state = data['state']
ips_sensor_data = data['ips_sensor']
- filtered_data = filter_ips_sensor_data(ips_sensor_data)
- if ips_sensor_data['state'] == "present":
+ filtered_data = underscore_to_hyphen(filter_ips_sensor_data(ips_sensor_data))
+
+ if state == "present":
return fos.set('ips',
'sensor',
data=filtered_data,
vdom=vdom)
- elif ips_sensor_data['state'] == "absent":
+ elif state == "absent":
return fos.delete('ips',
'sensor',
mkey=filtered_data['name'],
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_ips(data, fos):
- login(data)
- methodlist = ['ips_sensor']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['ips_sensor']:
+ resp = ips_sensor(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
- "https": {"required": False, "type": "bool", "default": "False"},
+ "https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
+ "state": {"required": True, "type": "str",
+ "choices": ["present", "absent"]},
"ips_sensor": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
- "state": {"required": True, "type": "str",
- "choices": ["present", "absent"]},
- "block-malicious-url": {"required": False, "type": "str",
+ "block_malicious_url": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"comment": {"required": False, "type": "str"},
"entries": {"required": False, "type": "list",
@@ -570,32 +658,32 @@ def main():
"choices": ["pass", "block", "reset",
"default"]},
"application": {"required": False, "type": "str"},
- "exempt-ip": {"required": False, "type": "list",
+ "exempt_ip": {"required": False, "type": "list",
"options": {
- "dst-ip": {"required": False, "type": "str"},
+ "dst_ip": {"required": False, "type": "str"},
"id": {"required": True, "type": "int"},
- "src-ip": {"required": False, "type": "str"}
+ "src_ip": {"required": False, "type": "str"}
}},
"id": {"required": True, "type": "int"},
"location": {"required": False, "type": "str"},
"log": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
- "log-attack-context": {"required": False, "type": "str",
+ "log_attack_context": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
- "log-packet": {"required": False, "type": "str",
+ "log_packet": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"os": {"required": False, "type": "str"},
"protocol": {"required": False, "type": "str"},
"quarantine": {"required": False, "type": "str",
"choices": ["none", "attacker"]},
- "quarantine-expiry": {"required": False, "type": "str"},
- "quarantine-log": {"required": False, "type": "str",
+ "quarantine_expiry": {"required": False, "type": "str"},
+ "quarantine_log": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
- "rate-count": {"required": False, "type": "int"},
- "rate-duration": {"required": False, "type": "int"},
- "rate-mode": {"required": False, "type": "str",
+ "rate_count": {"required": False, "type": "int"},
+ "rate_duration": {"required": False, "type": "int"},
+ "rate_mode": {"required": False, "type": "str",
"choices": ["periodical", "continuous"]},
- "rate-track": {"required": False, "type": "str",
+ "rate_track": {"required": False, "type": "str",
"choices": ["none", "src-ip", "dest-ip",
"dhcp-client-mac", "dns-domain"]},
"rule": {"required": False, "type": "list",
@@ -606,7 +694,7 @@ def main():
"status": {"required": False, "type": "str",
"choices": ["disable", "enable", "default"]}
}},
- "extended-log": {"required": False, "type": "str",
+ "extended_log": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "list",
"options": {
@@ -617,15 +705,15 @@ def main():
"location": {"required": False, "type": "str"},
"log": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
- "log-packet": {"required": False, "type": "str",
+ "log_packet": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"name": {"required": True, "type": "str"},
"os": {"required": False, "type": "str"},
"protocol": {"required": False, "type": "str"},
"quarantine": {"required": False, "type": "str",
"choices": ["none", "attacker"]},
- "quarantine-expiry": {"required": False, "type": "int"},
- "quarantine-log": {"required": False, "type": "str",
+ "quarantine_expiry": {"required": False, "type": "int"},
+ "quarantine_log": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"severity": {"required": False, "type": "str"},
"status": {"required": False, "type": "str",
@@ -636,26 +724,26 @@ def main():
"options": {
"action": {"required": False, "type": "str",
"choices": ["pass", "block", "reset"]},
- "exempt-ip": {"required": False, "type": "list",
+ "exempt_ip": {"required": False, "type": "list",
"options": {
- "dst-ip": {"required": False, "type": "str"},
+ "dst_ip": {"required": False, "type": "str"},
"id": {"required": True, "type": "int"},
- "src-ip": {"required": False, "type": "str"}
+ "src_ip": {"required": False, "type": "str"}
}},
"log": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
- "log-packet": {"required": False, "type": "str",
+ "log_packet": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"quarantine": {"required": False, "type": "str",
"choices": ["none", "attacker"]},
- "quarantine-expiry": {"required": False, "type": "int"},
- "quarantine-log": {"required": False, "type": "str",
+ "quarantine_expiry": {"required": False, "type": "int"},
+ "quarantine_log": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
- "rule-id": {"required": True, "type": "int"},
+ "rule_id": {"required": False, "type": "int"},
"status": {"required": False, "type": "str",
"choices": ["disable", "enable"]}
}},
- "replacemsg-group": {"required": False, "type": "str"}
+ "replacemsg_group": {"required": False, "type": "str"}
}
}
@@ -663,15 +751,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_ips(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_ips(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_ips(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_ips_settings.py b/lib/ansible/modules/network/fortios/fortios_ips_settings.py
index fee84a623b1..2ce33bc2367 100644
--- a/lib/ansible/modules/network/fortios/fortios_ips_settings.py
+++ b/lib/ansible/modules/network/fortios/fortios_ips_settings.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_ips_settings
short_description: Configure IPS VDOM parameter in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by
- allowing the user to configure ips feature and settings category.
- Examples includes all options and need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
+ user to set and modify ips feature and settings category.
+ Examples include all parameters and values need to be adjusted to datasources before usage.
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,46 +41,60 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip adress.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
ips_settings:
description:
- Configure IPS VDOM parameter.
default: null
+ type: dict
suboptions:
- ips-packet-quota:
+ ips_packet_quota:
description:
- Maximum amount of disk space in MB for logged packets when logging to disk. Range depends on disk size.
- packet-log-history:
+ type: int
+ packet_log_history:
description:
- Number of packets to capture before and including the one in which the IPS signature is detected (1 - 255).
- packet-log-memory:
+ type: int
+ packet_log_memory:
description:
- Maximum memory can be used by packet log (64 - 8192 kB).
- packet-log-post-attack:
+ type: int
+ packet_log_post_attack:
description:
- Number of packets to log after the IPS signature is detected (0 - 255).
+ type: int
'''
EXAMPLES = '''
@@ -93,6 +104,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Configure IPS VDOM parameter.
fortios_ips_settings:
@@ -102,10 +114,10 @@ EXAMPLES = '''
vdom: "{{ vdom }}"
https: "False"
ips_settings:
- ips-packet-quota: "3"
- packet-log-history: "4"
- packet-log-memory: "5"
- packet-log-post-attack: "6"
+ ips_packet_quota: "3"
+ packet_log_history: "4"
+ packet_log_memory: "5"
+ packet_log_post_attack: "6"
'''
RETURN = '''
@@ -168,14 +180,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -183,12 +197,12 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_ips_settings_data(json):
- option_list = ['ips-packet-quota', 'packet-log-history', 'packet-log-memory',
- 'packet-log-post-attack']
+ option_list = ['ips_packet_quota', 'packet_log_history', 'packet_log_memory',
+ 'packet_log_post_attack']
dictionary = {}
for attribute in option_list:
@@ -198,43 +212,60 @@ def filter_ips_settings_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def ips_settings(data, fos):
vdom = data['vdom']
ips_settings_data = data['ips_settings']
- filtered_data = filter_ips_settings_data(ips_settings_data)
+ filtered_data = underscore_to_hyphen(filter_ips_settings_data(ips_settings_data))
+
return fos.set('ips',
'settings',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_ips(data, fos):
- login(data)
- methodlist = ['ips_settings']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['ips_settings']:
+ resp = ips_settings(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"ips_settings": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
- "ips-packet-quota": {"required": False, "type": "int"},
- "packet-log-history": {"required": False, "type": "int"},
- "packet-log-memory": {"required": False, "type": "int"},
- "packet-log-post-attack": {"required": False, "type": "int"}
+ "ips_packet_quota": {"required": False, "type": "int"},
+ "packet_log_history": {"required": False, "type": "int"},
+ "packet_log_memory": {"required": False, "type": "int"},
+ "packet_log_post_attack": {"required": False, "type": "int"}
}
}
@@ -242,15 +273,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_ips(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_ips(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_ips(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_custom_field.py b/lib/ansible/modules/network/fortios/fortios_log_custom_field.py
index 8fc32e11005..448682dd362 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_custom_field.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_custom_field.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_custom_field
short_description: Configure custom log fields in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log feature and custom_field category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,50 +41,66 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
+ state:
+ description:
+ - Indicates whether to create or remove the object.
+ type: str
+ required: true
+ choices:
+ - present
+ - absent
+ version_added: 2.9
log_custom_field:
description:
- Configure custom log fields.
default: null
+ type: dict
suboptions:
- state:
- description:
- - Indicates whether to create or remove the object
- choices:
- - present
- - absent
id:
description:
- field ID .
required: true
+ type: str
name:
description:
- "Field name (max: 15 characters)."
+ type: str
value:
description:
- "Field value (max: 15 characters)."
+ type: str
'''
EXAMPLES = '''
@@ -97,6 +110,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Configure custom log fields.
fortios_log_custom_field:
@@ -105,8 +119,8 @@ EXAMPLES = '''
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
+ state: "present"
log_custom_field:
- state: "present"
id: "3"
name: "default_name_4"
value: ""
@@ -172,14 +186,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -187,7 +203,7 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_custom_field_data(json):
@@ -201,48 +217,66 @@ def filter_log_custom_field_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_custom_field(data, fos):
vdom = data['vdom']
+ state = data['state']
log_custom_field_data = data['log_custom_field']
- filtered_data = filter_log_custom_field_data(log_custom_field_data)
- if log_custom_field_data['state'] == "present":
+ filtered_data = underscore_to_hyphen(filter_log_custom_field_data(log_custom_field_data))
+
+ if state == "present":
return fos.set('log',
'custom-field',
data=filtered_data,
vdom=vdom)
- elif log_custom_field_data['state'] == "absent":
+ elif state == "absent":
return fos.delete('log',
'custom-field',
mkey=filtered_data['id'],
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log(data, fos):
- login(data)
- methodlist = ['log_custom_field']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_custom_field']:
+ resp = log_custom_field(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
+ "state": {"required": True, "type": "str",
+ "choices": ["present", "absent"]},
"log_custom_field": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
- "state": {"required": True, "type": "str",
- "choices": ["present", "absent"]},
"id": {"required": True, "type": "str"},
"name": {"required": False, "type": "str"},
"value": {"required": False, "type": "str"}
@@ -253,15 +287,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_disk_filter.py b/lib/ansible/modules/network/fortios/fortios_log_disk_filter.py
index 32020447a45..58135f8bda6 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_disk_filter.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_disk_filter.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -30,10 +27,10 @@ module: fortios_log_disk_filter
short_description: Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type in
Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_disk feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -45,160 +42,193 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_disk_filter:
description:
- Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type.
default: null
+ type: dict
suboptions:
admin:
description:
- Enable/disable admin login/logout logging.
+ type: str
choices:
- enable
- disable
anomaly:
description:
- Enable/disable anomaly logging.
+ type: str
choices:
- enable
- disable
auth:
description:
- Enable/disable firewall authentication logging.
+ type: str
choices:
- enable
- disable
- cpu-memory-usage:
+ cpu_memory_usage:
description:
- Enable/disable CPU & memory usage logging every 5 minutes.
+ type: str
choices:
- enable
- disable
dhcp:
description:
- Enable/disable DHCP service messages logging.
+ type: str
choices:
- enable
- disable
- dlp-archive:
+ dlp_archive:
description:
- Enable/disable DLP archive logging.
+ type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
+ type: str
choices:
- enable
- disable
event:
description:
- Enable/disable event logging.
+ type: str
choices:
- enable
- disable
filter:
description:
- Disk log filter.
- filter-type:
+ type: str
+ filter_type:
description:
- Include/exclude logs that match the filter.
+ type: str
choices:
- include
- exclude
- forward-traffic:
+ forward_traffic:
description:
- Enable/disable forward traffic logging.
+ type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
+ type: str
choices:
- enable
- disable
ha:
description:
- Enable/disable HA logging.
+ type: str
choices:
- enable
- disable
ipsec:
description:
- Enable/disable IPsec negotiation messages logging.
+ type: str
choices:
- enable
- disable
- ldb-monitor:
+ ldb_monitor:
description:
- Enable/disable VIP real server health monitoring logging.
+ type: str
choices:
- enable
- disable
- local-traffic:
+ local_traffic:
description:
- Enable/disable local in or out traffic logging.
+ type: str
choices:
- enable
- disable
- multicast-traffic:
+ multicast_traffic:
description:
- Enable/disable multicast traffic logging.
+ type: str
choices:
- enable
- disable
- netscan-discovery:
+ netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
- netscan-vulnerability:
+ type: str
+ netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
+ type: str
pattern:
description:
- Enable/disable pattern update logging.
+ type: str
choices:
- enable
- disable
ppp:
description:
- Enable/disable L2TP/PPTP/PPPoE logging.
+ type: str
choices:
- enable
- disable
radius:
description:
- Enable/disable RADIUS messages logging.
+ type: str
choices:
- enable
- disable
severity:
description:
- Log to disk every message above and including this severity level.
+ type: str
choices:
- emergency
- alert
@@ -208,63 +238,73 @@ options:
- notification
- information
- debug
- sniffer-traffic:
+ sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
+ type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
+ type: str
choices:
- enable
- disable
- sslvpn-log-adm:
+ sslvpn_log_adm:
description:
- Enable/disable SSL administrator login logging.
+ type: str
choices:
- enable
- disable
- sslvpn-log-auth:
+ sslvpn_log_auth:
description:
- Enable/disable SSL user authentication logging.
+ type: str
choices:
- enable
- disable
- sslvpn-log-session:
+ sslvpn_log_session:
description:
- Enable/disable SSL session logging.
+ type: str
choices:
- enable
- disable
system:
description:
- Enable/disable system activity logging.
+ type: str
choices:
- enable
- disable
- vip-ssl:
+ vip_ssl:
description:
- Enable/disable VIP SSL logging.
+ type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
+ type: str
choices:
- enable
- disable
- wan-opt:
+ wan_opt:
description:
- Enable/disable WAN optimization event logging.
+ type: str
choices:
- enable
- disable
- wireless-activity:
+ wireless_activity:
description:
- Enable/disable wireless activity event logging.
+ type: str
choices:
- enable
- disable
@@ -277,6 +317,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type.
fortios_log_disk_filter:
@@ -289,36 +330,36 @@ EXAMPLES = '''
admin: "enable"
anomaly: "enable"
auth: "enable"
- cpu-memory-usage: "enable"
+ cpu_memory_usage: "enable"
dhcp: "enable"
- dlp-archive: "enable"
+ dlp_archive: "enable"
dns: "enable"
event: "enable"
filter: ""
- filter-type: "include"
- forward-traffic: "enable"
+ filter_type: "include"
+ forward_traffic: "enable"
gtp: "enable"
ha: "enable"
ipsec: "enable"
- ldb-monitor: "enable"
- local-traffic: "enable"
- multicast-traffic: "enable"
- netscan-discovery: ""
- netscan-vulnerability: ""
+ ldb_monitor: "enable"
+ local_traffic: "enable"
+ multicast_traffic: "enable"
+ netscan_discovery: ""
+ netscan_vulnerability: ""
pattern: "enable"
ppp: "enable"
radius: "enable"
severity: "emergency"
- sniffer-traffic: "enable"
+ sniffer_traffic: "enable"
ssh: "enable"
- sslvpn-log-adm: "enable"
- sslvpn-log-auth: "enable"
- sslvpn-log-session: "enable"
+ sslvpn_log_adm: "enable"
+ sslvpn_log_auth: "enable"
+ sslvpn_log_session: "enable"
system: "enable"
- vip-ssl: "enable"
+ vip_ssl: "enable"
voip: "enable"
- wan-opt: "enable"
- wireless-activity: "enable"
+ wan_opt: "enable"
+ wireless_activity: "enable"
'''
RETURN = '''
@@ -381,14 +422,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -396,21 +439,21 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_disk_filter_data(json):
option_list = ['admin', 'anomaly', 'auth',
- 'cpu-memory-usage', 'dhcp', 'dlp-archive',
+ 'cpu_memory_usage', 'dhcp', 'dlp_archive',
'dns', 'event', 'filter',
- 'filter-type', 'forward-traffic', 'gtp',
- 'ha', 'ipsec', 'ldb-monitor',
- 'local-traffic', 'multicast-traffic', 'netscan-discovery',
- 'netscan-vulnerability', 'pattern', 'ppp',
- 'radius', 'severity', 'sniffer-traffic',
- 'ssh', 'sslvpn-log-adm', 'sslvpn-log-auth',
- 'sslvpn-log-session', 'system', 'vip-ssl',
- 'voip', 'wan-opt', 'wireless-activity']
+ 'filter_type', 'forward_traffic', 'gtp',
+ 'ha', 'ipsec', 'ldb_monitor',
+ 'local_traffic', 'multicast_traffic', 'netscan_discovery',
+ 'netscan_vulnerability', 'pattern', 'ppp',
+ 'radius', 'severity', 'sniffer_traffic',
+ 'ssh', 'sslvpn_log_adm', 'sslvpn_log_auth',
+ 'sslvpn_log_session', 'system', 'vip_ssl',
+ 'voip', 'wan_opt', 'wireless_activity']
dictionary = {}
for attribute in option_list:
@@ -420,38 +463,55 @@ def filter_log_disk_filter_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_disk_filter(data, fos):
vdom = data['vdom']
log_disk_filter_data = data['log_disk_filter']
- filtered_data = filter_log_disk_filter_data(log_disk_filter_data)
+ filtered_data = underscore_to_hyphen(filter_log_disk_filter_data(log_disk_filter_data))
+
return fos.set('log.disk',
'filter',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_disk(data, fos):
- login(data)
- methodlist = ['log_disk_filter']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_disk_filter']:
+ resp = log_disk_filter(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_disk_filter": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
"admin": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@@ -459,20 +519,20 @@ def main():
"choices": ["enable", "disable"]},
"auth": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "cpu-memory-usage": {"required": False, "type": "str",
+ "cpu_memory_usage": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dhcp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "dlp-archive": {"required": False, "type": "str",
+ "dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"event": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
- "filter-type": {"required": False, "type": "str",
+ "filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
- "forward-traffic": {"required": False, "type": "str",
+ "forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@@ -480,14 +540,14 @@ def main():
"choices": ["enable", "disable"]},
"ipsec": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "ldb-monitor": {"required": False, "type": "str",
+ "ldb_monitor": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "local-traffic": {"required": False, "type": "str",
+ "local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "multicast-traffic": {"required": False, "type": "str",
+ "multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "netscan-discovery": {"required": False, "type": "str"},
- "netscan-vulnerability": {"required": False, "type": "str"},
+ "netscan_discovery": {"required": False, "type": "str"},
+ "netscan_vulnerability": {"required": False, "type": "str"},
"pattern": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ppp": {"required": False, "type": "str",
@@ -498,25 +558,25 @@ def main():
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
- "sniffer-traffic": {"required": False, "type": "str",
+ "sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "sslvpn-log-adm": {"required": False, "type": "str",
+ "sslvpn_log_adm": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "sslvpn-log-auth": {"required": False, "type": "str",
+ "sslvpn_log_auth": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "sslvpn-log-session": {"required": False, "type": "str",
+ "sslvpn_log_session": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"system": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "vip-ssl": {"required": False, "type": "str",
+ "vip_ssl": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"voip": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "wan-opt": {"required": False, "type": "str",
+ "wan_opt": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "wireless-activity": {"required": False, "type": "str",
+ "wireless_activity": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
@@ -525,15 +585,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_disk(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_disk(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_disk(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py b/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py
index 2485eaf28d1..ee1b9cea672 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_disk_setting
short_description: Settings for local disk logging in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_disk feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,77 +41,98 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_disk_setting:
description:
- Settings for local disk logging.
default: null
+ type: dict
suboptions:
diskfull:
description:
- - Action to take when disk is full. The system can overwrite the oldest log messages or stop logging when the disk is full (default =
- overwrite).
+ - Action to take when disk is full. The system can overwrite the oldest log messages or stop logging when the disk is full .
+ type: str
choices:
- overwrite
- nolog
- dlp-archive-quota:
+ dlp_archive_quota:
description:
- DLP archive quota (MB).
- full-final-warning-threshold:
+ type: int
+ full_final_warning_threshold:
description:
- - Log full final warning threshold as a percent (3 - 100, default = 95).
- full-first-warning-threshold:
+ - Log full final warning threshold as a percent (3 - 100).
+ type: int
+ full_first_warning_threshold:
description:
- - Log full first warning threshold as a percent (1 - 98, default = 75).
- full-second-warning-threshold:
+ - Log full first warning threshold as a percent (1 - 98).
+ type: int
+ full_second_warning_threshold:
description:
- - Log full second warning threshold as a percent (2 - 99, default = 90).
- ips-archive:
+ - Log full second warning threshold as a percent (2 - 99).
+ type: int
+ ips_archive:
description:
- Enable/disable IPS packet archiving to the local disk.
+ type: str
choices:
- enable
- disable
- log-quota:
+ log_quota:
description:
- Disk log quota (MB).
- max-log-file-size:
+ type: int
+ max_log_file_size:
description:
- Maximum log file size before rolling (1 - 100 Mbytes).
- max-policy-packet-capture-size:
+ type: int
+ max_policy_packet_capture_size:
description:
- Maximum size of policy sniffer in MB (0 means unlimited).
- maximum-log-age:
+ type: int
+ maximum_log_age:
description:
- Delete log files older than (days).
- report-quota:
+ type: int
+ report_quota:
description:
- Report quota (MB).
- roll-day:
+ type: int
+ roll_day:
description:
- Day of week on which to roll log file.
+ type: str
choices:
- sunday
- monday
@@ -123,44 +141,52 @@ options:
- thursday
- friday
- saturday
- roll-schedule:
+ roll_schedule:
description:
- Frequency to check log file for rolling.
+ type: str
choices:
- daily
- weekly
- roll-time:
+ roll_time:
description:
- "Time of day to roll the log file (hh:mm)."
- source-ip:
+ type: str
+ source_ip:
description:
- Source IP address to use for uploading disk log files.
+ type: str
status:
description:
- Enable/disable local disk logging.
+ type: str
choices:
- enable
- disable
upload:
description:
- Enable/disable uploading log files when they are rolled.
+ type: str
choices:
- enable
- disable
- upload-delete-files:
+ upload_delete_files:
description:
- - Delete log files after uploading (default = enable).
+ - Delete log files after uploading .
+ type: str
choices:
- enable
- disable
- upload-destination:
+ upload_destination:
description:
- The type of server to upload log files to. Only FTP is currently supported.
+ type: str
choices:
- ftp-server
- upload-ssl-conn:
+ upload_ssl_conn:
description:
- Enable/disable encrypted FTPS communication to upload log files.
+ type: str
choices:
- default
- high
@@ -169,27 +195,34 @@ options:
uploaddir:
description:
- The remote directory on the FTP server to upload log files to.
+ type: str
uploadip:
description:
- IP address of the FTP server to upload log files to.
+ type: str
uploadpass:
description:
- Password required to log into the FTP server to upload disk log files.
+ type: str
uploadport:
description:
- - TCP port to use for communicating with the FTP server (default = 21).
+ - TCP port to use for communicating with the FTP server .
+ type: int
uploadsched:
description:
- - Set the schedule for uploading log files to the FTP server (default = disable = upload when rolling).
+ - Set the schedule for uploading log files to the FTP server .
+ type: str
choices:
- disable
- enable
uploadtime:
description:
- "Time of day at which log files are uploaded if uploadsched is enabled (hh:mm or hh)."
+ type: str
uploadtype:
description:
- Types of log files to upload. Separate multiple entries with a space.
+ type: str
choices:
- traffic
- event
@@ -209,6 +242,7 @@ options:
uploaduser:
description:
- Username required to log into the FTP server to upload disk log files.
+ type: str
'''
EXAMPLES = '''
@@ -218,6 +252,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Settings for local disk logging.
fortios_log_disk_setting:
@@ -228,25 +263,25 @@ EXAMPLES = '''
https: "False"
log_disk_setting:
diskfull: "overwrite"
- dlp-archive-quota: "4"
- full-final-warning-threshold: "5"
- full-first-warning-threshold: "6"
- full-second-warning-threshold: "7"
- ips-archive: "enable"
- log-quota: "9"
- max-log-file-size: "10"
- max-policy-packet-capture-size: "11"
- maximum-log-age: "12"
- report-quota: "13"
- roll-day: "sunday"
- roll-schedule: "daily"
- roll-time: ""
- source-ip: "84.230.14.43"
+ dlp_archive_quota: "4"
+ full_final_warning_threshold: "5"
+ full_first_warning_threshold: "6"
+ full_second_warning_threshold: "7"
+ ips_archive: "enable"
+ log_quota: "9"
+ max_log_file_size: "10"
+ max_policy_packet_capture_size: "11"
+ maximum_log_age: "12"
+ report_quota: "13"
+ roll_day: "sunday"
+ roll_schedule: "daily"
+ roll_time: ""
+ source_ip: "84.230.14.43"
status: "enable"
upload: "enable"
- upload-delete-files: "enable"
- upload-destination: "ftp-server"
- upload-ssl-conn: "default"
+ upload_delete_files: "enable"
+ upload_destination: "ftp-server"
+ upload_ssl_conn: "default"
uploaddir: ""
uploadip: ""
uploadpass: ""
@@ -317,14 +352,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -332,17 +369,17 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_disk_setting_data(json):
- option_list = ['diskfull', 'dlp-archive-quota', 'full-final-warning-threshold',
- 'full-first-warning-threshold', 'full-second-warning-threshold', 'ips-archive',
- 'log-quota', 'max-log-file-size', 'max-policy-packet-capture-size',
- 'maximum-log-age', 'report-quota', 'roll-day',
- 'roll-schedule', 'roll-time', 'source-ip',
- 'status', 'upload', 'upload-delete-files',
- 'upload-destination', 'upload-ssl-conn', 'uploaddir',
+ option_list = ['diskfull', 'dlp_archive_quota', 'full_final_warning_threshold',
+ 'full_first_warning_threshold', 'full_second_warning_threshold', 'ips_archive',
+ 'log_quota', 'max_log_file_size', 'max_policy_packet_capture_size',
+ 'maximum_log_age', 'report_quota', 'roll_day',
+ 'roll_schedule', 'roll_time', 'source_ip',
+ 'status', 'upload', 'upload_delete_files',
+ 'upload_destination', 'upload_ssl_conn', 'uploaddir',
'uploadip', 'uploadpass', 'uploadport',
'uploadsched', 'uploadtime', 'uploadtype',
'uploaduser']
@@ -355,69 +392,86 @@ def filter_log_disk_setting_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_disk_setting(data, fos):
vdom = data['vdom']
log_disk_setting_data = data['log_disk_setting']
- filtered_data = filter_log_disk_setting_data(log_disk_setting_data)
+ filtered_data = underscore_to_hyphen(filter_log_disk_setting_data(log_disk_setting_data))
+
return fos.set('log.disk',
'setting',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_disk(data, fos):
- login(data)
- methodlist = ['log_disk_setting']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_disk_setting']:
+ resp = log_disk_setting(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_disk_setting": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
"diskfull": {"required": False, "type": "str",
"choices": ["overwrite", "nolog"]},
- "dlp-archive-quota": {"required": False, "type": "int"},
- "full-final-warning-threshold": {"required": False, "type": "int"},
- "full-first-warning-threshold": {"required": False, "type": "int"},
- "full-second-warning-threshold": {"required": False, "type": "int"},
- "ips-archive": {"required": False, "type": "str",
+ "dlp_archive_quota": {"required": False, "type": "int"},
+ "full_final_warning_threshold": {"required": False, "type": "int"},
+ "full_first_warning_threshold": {"required": False, "type": "int"},
+ "full_second_warning_threshold": {"required": False, "type": "int"},
+ "ips_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "log-quota": {"required": False, "type": "int"},
- "max-log-file-size": {"required": False, "type": "int"},
- "max-policy-packet-capture-size": {"required": False, "type": "int"},
- "maximum-log-age": {"required": False, "type": "int"},
- "report-quota": {"required": False, "type": "int"},
- "roll-day": {"required": False, "type": "str",
+ "log_quota": {"required": False, "type": "int"},
+ "max_log_file_size": {"required": False, "type": "int"},
+ "max_policy_packet_capture_size": {"required": False, "type": "int"},
+ "maximum_log_age": {"required": False, "type": "int"},
+ "report_quota": {"required": False, "type": "int"},
+ "roll_day": {"required": False, "type": "str",
"choices": ["sunday", "monday", "tuesday",
"wednesday", "thursday", "friday",
"saturday"]},
- "roll-schedule": {"required": False, "type": "str",
+ "roll_schedule": {"required": False, "type": "str",
"choices": ["daily", "weekly"]},
- "roll-time": {"required": False, "type": "str"},
- "source-ip": {"required": False, "type": "str"},
+ "roll_time": {"required": False, "type": "str"},
+ "source_ip": {"required": False, "type": "str"},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"upload": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "upload-delete-files": {"required": False, "type": "str",
+ "upload_delete_files": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "upload-destination": {"required": False, "type": "str",
+ "upload_destination": {"required": False, "type": "str",
"choices": ["ftp-server"]},
- "upload-ssl-conn": {"required": False, "type": "str",
+ "upload_ssl_conn": {"required": False, "type": "str",
"choices": ["default", "high", "low",
"disable"]},
"uploaddir": {"required": False, "type": "str"},
@@ -441,15 +495,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_disk(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_disk(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_disk(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_eventfilter.py b/lib/ansible/modules/network/fortios/fortios_log_eventfilter.py
index c9c08da15e1..2bd47bd361a 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_eventfilter.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_eventfilter.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_eventfilter
short_description: Configure log event filters in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log feature and eventfilter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,97 +41,118 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_eventfilter:
description:
- Configure log event filters.
default: null
+ type: dict
suboptions:
- compliance-check:
+ compliance_check:
description:
- Enable/disable PCI DSS compliance check logging.
+ type: str
choices:
- enable
- disable
endpoint:
description:
- Enable/disable endpoint event logging.
+ type: str
choices:
- enable
- disable
event:
description:
- Enable/disable event logging.
+ type: str
choices:
- enable
- disable
ha:
description:
- Enable/disable ha event logging.
+ type: str
choices:
- enable
- disable
router:
description:
- Enable/disable router event logging.
+ type: str
choices:
- enable
- disable
- security-rating:
+ security_rating:
description:
- Enable/disable Security Rating result logging.
+ type: str
choices:
- enable
- disable
system:
description:
- Enable/disable system event logging.
+ type: str
choices:
- enable
- disable
user:
description:
- Enable/disable user authentication event logging.
+ type: str
choices:
- enable
- disable
vpn:
description:
- Enable/disable VPN event logging.
+ type: str
choices:
- enable
- disable
- wan-opt:
+ wan_opt:
description:
- Enable/disable WAN optimization event logging.
+ type: str
choices:
- enable
- disable
- wireless-activity:
+ wireless_activity:
description:
- Enable/disable wireless event logging.
+ type: str
choices:
- enable
- disable
@@ -147,6 +165,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Configure log event filters.
fortios_log_eventfilter:
@@ -156,17 +175,17 @@ EXAMPLES = '''
vdom: "{{ vdom }}"
https: "False"
log_eventfilter:
- compliance-check: "enable"
+ compliance_check: "enable"
endpoint: "enable"
event: "enable"
ha: "enable"
router: "enable"
- security-rating: "enable"
+ security_rating: "enable"
system: "enable"
user: "enable"
vpn: "enable"
- wan-opt: "enable"
- wireless-activity: "enable"
+ wan_opt: "enable"
+ wireless_activity: "enable"
'''
RETURN = '''
@@ -229,14 +248,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -244,14 +265,14 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_eventfilter_data(json):
- option_list = ['compliance-check', 'endpoint', 'event',
- 'ha', 'router', 'security-rating',
+ option_list = ['compliance_check', 'endpoint', 'event',
+ 'ha', 'router', 'security_rating',
'system', 'user', 'vpn',
- 'wan-opt', 'wireless-activity']
+ 'wan_opt', 'wireless_activity']
dictionary = {}
for attribute in option_list:
@@ -261,40 +282,57 @@ def filter_log_eventfilter_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_eventfilter(data, fos):
vdom = data['vdom']
log_eventfilter_data = data['log_eventfilter']
- filtered_data = filter_log_eventfilter_data(log_eventfilter_data)
+ filtered_data = underscore_to_hyphen(filter_log_eventfilter_data(log_eventfilter_data))
+
return fos.set('log',
'eventfilter',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log(data, fos):
- login(data)
- methodlist = ['log_eventfilter']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_eventfilter']:
+ resp = log_eventfilter(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_eventfilter": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
- "compliance-check": {"required": False, "type": "str",
+ "compliance_check": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"endpoint": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@@ -304,7 +342,7 @@ def main():
"choices": ["enable", "disable"]},
"router": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "security-rating": {"required": False, "type": "str",
+ "security_rating": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"system": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@@ -312,9 +350,9 @@ def main():
"choices": ["enable", "disable"]},
"vpn": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "wan-opt": {"required": False, "type": "str",
+ "wan_opt": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "wireless-activity": {"required": False, "type": "str",
+ "wireless_activity": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
@@ -323,15 +361,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_filter.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_filter.py
index 1817b1a503a..080c3e6404d 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_filter.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_filter.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer2_filter
short_description: Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer2 feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,94 +41,116 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_fortianalyzer2_filter:
description:
- Filters for FortiAnalyzer.
default: null
+ type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
+ type: str
choices:
- enable
- disable
- dlp-archive:
+ dlp_archive:
description:
- Enable/disable DLP archive logging.
+ type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
+ type: str
choices:
- enable
- disable
filter:
description:
- FortiAnalyzer 2 log filter.
- filter-type:
+ type: str
+ filter_type:
description:
- Include/exclude logs that match the filter.
+ type: str
choices:
- include
- exclude
- forward-traffic:
+ forward_traffic:
description:
- Enable/disable forward traffic logging.
+ type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
+ type: str
choices:
- enable
- disable
- local-traffic:
+ local_traffic:
description:
- Enable/disable local in or out traffic logging.
+ type: str
choices:
- enable
- disable
- multicast-traffic:
+ multicast_traffic:
description:
- Enable/disable multicast traffic logging.
+ type: str
choices:
- enable
- disable
- netscan-discovery:
+ netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
- netscan-vulnerability:
+ type: str
+ netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
+ type: str
severity:
description:
- Log every message above and including this severity level.
+ type: str
choices:
- emergency
- alert
@@ -141,21 +160,24 @@ options:
- notification
- information
- debug
- sniffer-traffic:
+ sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
+ type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
+ type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
+ type: str
choices:
- enable
- disable
@@ -168,6 +190,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Filters for FortiAnalyzer.
fortios_log_fortianalyzer2_filter:
@@ -178,18 +201,18 @@ EXAMPLES = '''
https: "False"
log_fortianalyzer2_filter:
anomaly: "enable"
- dlp-archive: "enable"
+ dlp_archive: "enable"
dns: "enable"
filter: ""
- filter-type: "include"
- forward-traffic: "enable"
+ filter_type: "include"
+ forward_traffic: "enable"
gtp: "enable"
- local-traffic: "enable"
- multicast-traffic: "enable"
- netscan-discovery: ""
- netscan-vulnerability: ""
+ local_traffic: "enable"
+ multicast_traffic: "enable"
+ netscan_discovery: ""
+ netscan_vulnerability: ""
severity: "emergency"
- sniffer-traffic: "enable"
+ sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@@ -254,14 +277,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -269,15 +294,15 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer2_filter_data(json):
- option_list = ['anomaly', 'dlp-archive', 'dns',
- 'filter', 'filter-type', 'forward-traffic',
- 'gtp', 'local-traffic', 'multicast-traffic',
- 'netscan-discovery', 'netscan-vulnerability', 'severity',
- 'sniffer-traffic', 'ssh', 'voip']
+ option_list = ['anomaly', 'dlp_archive', 'dns',
+ 'filter', 'filter_type', 'forward_traffic',
+ 'gtp', 'local_traffic', 'multicast_traffic',
+ 'netscan_discovery', 'netscan_vulnerability', 'severity',
+ 'sniffer_traffic', 'ssh', 'voip']
dictionary = {}
for attribute in option_list:
@@ -287,63 +312,80 @@ def filter_log_fortianalyzer2_filter_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_fortianalyzer2_filter(data, fos):
vdom = data['vdom']
log_fortianalyzer2_filter_data = data['log_fortianalyzer2_filter']
- filtered_data = filter_log_fortianalyzer2_filter_data(log_fortianalyzer2_filter_data)
+ filtered_data = underscore_to_hyphen(filter_log_fortianalyzer2_filter_data(log_fortianalyzer2_filter_data))
+
return fos.set('log.fortianalyzer2',
'filter',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_fortianalyzer2(data, fos):
- login(data)
- methodlist = ['log_fortianalyzer2_filter']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_fortianalyzer2_filter']:
+ resp = log_fortianalyzer2_filter(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer2_filter": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "dlp-archive": {"required": False, "type": "str",
+ "dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
- "filter-type": {"required": False, "type": "str",
+ "filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
- "forward-traffic": {"required": False, "type": "str",
+ "forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "local-traffic": {"required": False, "type": "str",
+ "local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "multicast-traffic": {"required": False, "type": "str",
+ "multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "netscan-discovery": {"required": False, "type": "str"},
- "netscan-vulnerability": {"required": False, "type": "str"},
+ "netscan_discovery": {"required": False, "type": "str"},
+ "netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
- "sniffer-traffic": {"required": False, "type": "str",
+ "sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@@ -356,15 +398,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_setting.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_setting.py
index da6450c7e61..c8f723125e7 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_setting.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_setting.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer2_setting
short_description: Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer2 feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,90 +41,113 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_fortianalyzer2_setting:
description:
- Global FortiAnalyzer settings.
default: null
+ type: dict
suboptions:
__change_ip:
description:
- Hidden attribute.
+ type: int
certificate:
description:
- Certificate used to communicate with FortiAnalyzer. Source certificate.local.name.
- conn-timeout:
+ type: str
+ conn_timeout:
description:
- FortiAnalyzer connection time-out in seconds (for status and log buffer).
- enc-algorithm:
+ type: int
+ enc_algorithm:
description:
- Enable/disable sending FortiAnalyzer log data with SSL encryption.
+ type: str
choices:
- high-medium
- high
- low
- - disable
- faz-type:
+ faz_type:
description:
- Hidden setting index of FortiAnalyzer.
- hmac-algorithm:
+ type: int
+ hmac_algorithm:
description:
- FortiAnalyzer IPsec tunnel HMAC algorithm.
+ type: str
choices:
- sha256
- sha1
- ips-archive:
+ ips_archive:
description:
- Enable/disable IPS packet archive logging.
+ type: str
choices:
- enable
- disable
- mgmt-name:
+ mgmt_name:
description:
- Hidden management name of FortiAnalyzer.
- monitor-failure-retry-period:
+ type: str
+ monitor_failure_retry_period:
description:
- Time between FortiAnalyzer connection retries in seconds (for status and log buffer).
- monitor-keepalive-period:
+ type: int
+ monitor_keepalive_period:
description:
- Time between OFTP keepalives in seconds (for status and log buffer).
+ type: int
reliable:
description:
- Enable/disable reliable logging to FortiAnalyzer.
+ type: str
choices:
- enable
- disable
server:
description:
- The remote FortiAnalyzer.
- source-ip:
+ type: str
+ source_ip:
description:
- Source IPv4 or IPv6 address used to communicate with FortiAnalyzer.
- ssl-min-proto-version:
+ type: str
+ ssl_min_proto_version:
description:
- - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
+ - Minimum supported protocol version for SSL/TLS connections .
+ type: str
choices:
- default
- SSLv3
@@ -137,30 +157,35 @@ options:
status:
description:
- Enable/disable logging to FortiAnalyzer.
+ type: str
choices:
- enable
- disable
- upload-day:
+ upload_day:
description:
- Day of week (month) to upload logs.
- upload-interval:
+ type: str
+ upload_interval:
description:
- Frequency to upload log files to FortiAnalyzer.
+ type: str
choices:
- daily
- weekly
- monthly
- upload-option:
+ upload_option:
description:
- Enable/disable logging to hard disk and then uploading to FortiAnalyzer.
+ type: str
choices:
- store-and-upload
- realtime
- 1-minute
- 5-minute
- upload-time:
+ upload_time:
description:
- "Time to upload logs (hh:mm)."
+ type: str
'''
EXAMPLES = '''
@@ -170,6 +195,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Global FortiAnalyzer settings.
fortios_log_fortianalyzer2_setting:
@@ -181,23 +207,23 @@ EXAMPLES = '''
log_fortianalyzer2_setting:
__change_ip: "3"
certificate: " (source certificate.local.name)"
- conn-timeout: "5"
- enc-algorithm: "high-medium"
- faz-type: "7"
- hmac-algorithm: "sha256"
- ips-archive: "enable"
- mgmt-name: ""
- monitor-failure-retry-period: "11"
- monitor-keepalive-period: "12"
+ conn_timeout: "5"
+ enc_algorithm: "high-medium"
+ faz_type: "7"
+ hmac_algorithm: "sha256"
+ ips_archive: "enable"
+ mgmt_name: ""
+ monitor_failure_retry_period: "11"
+ monitor_keepalive_period: "12"
reliable: "enable"
server: "192.168.100.40"
- source-ip: "84.230.14.43"
- ssl-min-proto-version: "default"
+ source_ip: "84.230.14.43"
+ ssl_min_proto_version: "default"
status: "enable"
- upload-day: ""
- upload-interval: "daily"
- upload-option: "store-and-upload"
- upload-time: ""
+ upload_day: ""
+ upload_interval: "daily"
+ upload_option: "store-and-upload"
+ upload_time: ""
'''
RETURN = '''
@@ -260,14 +286,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -275,17 +303,17 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer2_setting_data(json):
- option_list = ['__change_ip', 'certificate', 'conn-timeout',
- 'enc-algorithm', 'faz-type', 'hmac-algorithm',
- 'ips-archive', 'mgmt-name', 'monitor-failure-retry-period',
- 'monitor-keepalive-period', 'reliable', 'server',
- 'source-ip', 'ssl-min-proto-version', 'status',
- 'upload-day', 'upload-interval', 'upload-option',
- 'upload-time']
+ option_list = ['__change_ip', 'certificate', 'conn_timeout',
+ 'enc_algorithm', 'faz_type', 'hmac_algorithm',
+ 'ips_archive', 'mgmt_name', 'monitor_failure_retry_period',
+ 'monitor_keepalive_period', 'reliable', 'server',
+ 'source_ip', 'ssl_min_proto_version', 'status',
+ 'upload_day', 'upload_interval', 'upload_option',
+ 'upload_time']
dictionary = {}
for attribute in option_list:
@@ -295,69 +323,85 @@ def filter_log_fortianalyzer2_setting_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_fortianalyzer2_setting(data, fos):
vdom = data['vdom']
log_fortianalyzer2_setting_data = data['log_fortianalyzer2_setting']
- filtered_data = filter_log_fortianalyzer2_setting_data(log_fortianalyzer2_setting_data)
+ filtered_data = underscore_to_hyphen(filter_log_fortianalyzer2_setting_data(log_fortianalyzer2_setting_data))
+
return fos.set('log.fortianalyzer2',
'setting',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_fortianalyzer2(data, fos):
- login(data)
- methodlist = ['log_fortianalyzer2_setting']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_fortianalyzer2_setting']:
+ resp = log_fortianalyzer2_setting(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer2_setting": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
"__change_ip": {"required": False, "type": "int"},
"certificate": {"required": False, "type": "str"},
- "conn-timeout": {"required": False, "type": "int"},
- "enc-algorithm": {"required": False, "type": "str",
- "choices": ["high-medium", "high", "low",
- "disable"]},
- "faz-type": {"required": False, "type": "int"},
- "hmac-algorithm": {"required": False, "type": "str",
+ "conn_timeout": {"required": False, "type": "int"},
+ "enc_algorithm": {"required": False, "type": "str",
+ "choices": ["high-medium", "high", "low"]},
+ "faz_type": {"required": False, "type": "int"},
+ "hmac_algorithm": {"required": False, "type": "str",
"choices": ["sha256", "sha1"]},
- "ips-archive": {"required": False, "type": "str",
+ "ips_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "mgmt-name": {"required": False, "type": "str"},
- "monitor-failure-retry-period": {"required": False, "type": "int"},
- "monitor-keepalive-period": {"required": False, "type": "int"},
+ "mgmt_name": {"required": False, "type": "str"},
+ "monitor_failure_retry_period": {"required": False, "type": "int"},
+ "monitor_keepalive_period": {"required": False, "type": "int"},
"reliable": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"server": {"required": False, "type": "str"},
- "source-ip": {"required": False, "type": "str"},
- "ssl-min-proto-version": {"required": False, "type": "str",
+ "source_ip": {"required": False, "type": "str"},
+ "ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "upload-day": {"required": False, "type": "str"},
- "upload-interval": {"required": False, "type": "str",
+ "upload_day": {"required": False, "type": "str"},
+ "upload_interval": {"required": False, "type": "str",
"choices": ["daily", "weekly", "monthly"]},
- "upload-option": {"required": False, "type": "str",
+ "upload_option": {"required": False, "type": "str",
"choices": ["store-and-upload", "realtime", "1-minute",
"5-minute"]},
- "upload-time": {"required": False, "type": "str"}
+ "upload_time": {"required": False, "type": "str"}
}
}
@@ -365,15 +409,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_filter.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_filter.py
index 1dd1f27ce6a..c42eed476f9 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_filter.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_filter.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer3_filter
short_description: Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer3 feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,94 +41,116 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_fortianalyzer3_filter:
description:
- Filters for FortiAnalyzer.
default: null
+ type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
+ type: str
choices:
- enable
- disable
- dlp-archive:
+ dlp_archive:
description:
- Enable/disable DLP archive logging.
+ type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
+ type: str
choices:
- enable
- disable
filter:
description:
- FortiAnalyzer 3 log filter.
- filter-type:
+ type: str
+ filter_type:
description:
- Include/exclude logs that match the filter.
+ type: str
choices:
- include
- exclude
- forward-traffic:
+ forward_traffic:
description:
- Enable/disable forward traffic logging.
+ type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
+ type: str
choices:
- enable
- disable
- local-traffic:
+ local_traffic:
description:
- Enable/disable local in or out traffic logging.
+ type: str
choices:
- enable
- disable
- multicast-traffic:
+ multicast_traffic:
description:
- Enable/disable multicast traffic logging.
+ type: str
choices:
- enable
- disable
- netscan-discovery:
+ netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
- netscan-vulnerability:
+ type: str
+ netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
+ type: str
severity:
description:
- Lowest severity level to log.
+ type: str
choices:
- emergency
- alert
@@ -141,21 +160,24 @@ options:
- notification
- information
- debug
- sniffer-traffic:
+ sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
+ type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
+ type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
+ type: str
choices:
- enable
- disable
@@ -168,6 +190,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Filters for FortiAnalyzer.
fortios_log_fortianalyzer3_filter:
@@ -178,18 +201,18 @@ EXAMPLES = '''
https: "False"
log_fortianalyzer3_filter:
anomaly: "enable"
- dlp-archive: "enable"
+ dlp_archive: "enable"
dns: "enable"
filter: ""
- filter-type: "include"
- forward-traffic: "enable"
+ filter_type: "include"
+ forward_traffic: "enable"
gtp: "enable"
- local-traffic: "enable"
- multicast-traffic: "enable"
- netscan-discovery: ""
- netscan-vulnerability: ""
+ local_traffic: "enable"
+ multicast_traffic: "enable"
+ netscan_discovery: ""
+ netscan_vulnerability: ""
severity: "emergency"
- sniffer-traffic: "enable"
+ sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@@ -254,14 +277,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -269,15 +294,15 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer3_filter_data(json):
- option_list = ['anomaly', 'dlp-archive', 'dns',
- 'filter', 'filter-type', 'forward-traffic',
- 'gtp', 'local-traffic', 'multicast-traffic',
- 'netscan-discovery', 'netscan-vulnerability', 'severity',
- 'sniffer-traffic', 'ssh', 'voip']
+ option_list = ['anomaly', 'dlp_archive', 'dns',
+ 'filter', 'filter_type', 'forward_traffic',
+ 'gtp', 'local_traffic', 'multicast_traffic',
+ 'netscan_discovery', 'netscan_vulnerability', 'severity',
+ 'sniffer_traffic', 'ssh', 'voip']
dictionary = {}
for attribute in option_list:
@@ -287,63 +312,80 @@ def filter_log_fortianalyzer3_filter_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_fortianalyzer3_filter(data, fos):
vdom = data['vdom']
log_fortianalyzer3_filter_data = data['log_fortianalyzer3_filter']
- filtered_data = filter_log_fortianalyzer3_filter_data(log_fortianalyzer3_filter_data)
+ filtered_data = underscore_to_hyphen(filter_log_fortianalyzer3_filter_data(log_fortianalyzer3_filter_data))
+
return fos.set('log.fortianalyzer3',
'filter',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_fortianalyzer3(data, fos):
- login(data)
- methodlist = ['log_fortianalyzer3_filter']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_fortianalyzer3_filter']:
+ resp = log_fortianalyzer3_filter(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer3_filter": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "dlp-archive": {"required": False, "type": "str",
+ "dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
- "filter-type": {"required": False, "type": "str",
+ "filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
- "forward-traffic": {"required": False, "type": "str",
+ "forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "local-traffic": {"required": False, "type": "str",
+ "local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "multicast-traffic": {"required": False, "type": "str",
+ "multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "netscan-discovery": {"required": False, "type": "str"},
- "netscan-vulnerability": {"required": False, "type": "str"},
+ "netscan_discovery": {"required": False, "type": "str"},
+ "netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
- "sniffer-traffic": {"required": False, "type": "str",
+ "sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@@ -356,15 +398,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_setting.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_setting.py
index d21043f9078..3034f9b33f4 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_setting.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_setting.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer3_setting
short_description: Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer3 feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,90 +41,113 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_fortianalyzer3_setting:
description:
- Global FortiAnalyzer settings.
default: null
+ type: dict
suboptions:
__change_ip:
description:
- Hidden attribute.
+ type: int
certificate:
description:
- Certificate used to communicate with FortiAnalyzer. Source certificate.local.name.
- conn-timeout:
+ type: str
+ conn_timeout:
description:
- FortiAnalyzer connection time-out in seconds (for status and log buffer).
- enc-algorithm:
+ type: int
+ enc_algorithm:
description:
- Enable/disable sending FortiAnalyzer log data with SSL encryption.
+ type: str
choices:
- high-medium
- high
- low
- - disable
- faz-type:
+ faz_type:
description:
- Hidden setting index of FortiAnalyzer.
- hmac-algorithm:
+ type: int
+ hmac_algorithm:
description:
- FortiAnalyzer IPsec tunnel HMAC algorithm.
+ type: str
choices:
- sha256
- sha1
- ips-archive:
+ ips_archive:
description:
- Enable/disable IPS packet archive logging.
+ type: str
choices:
- enable
- disable
- mgmt-name:
+ mgmt_name:
description:
- Hidden management name of FortiAnalyzer.
- monitor-failure-retry-period:
+ type: str
+ monitor_failure_retry_period:
description:
- Time between FortiAnalyzer connection retries in seconds (for status and log buffer).
- monitor-keepalive-period:
+ type: int
+ monitor_keepalive_period:
description:
- Time between OFTP keepalives in seconds (for status and log buffer).
+ type: int
reliable:
description:
- Enable/disable reliable logging to FortiAnalyzer.
+ type: str
choices:
- enable
- disable
server:
description:
- The remote FortiAnalyzer.
- source-ip:
+ type: str
+ source_ip:
description:
- Source IPv4 or IPv6 address used to communicate with FortiAnalyzer.
- ssl-min-proto-version:
+ type: str
+ ssl_min_proto_version:
description:
- - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
+ - Minimum supported protocol version for SSL/TLS connections .
+ type: str
choices:
- default
- SSLv3
@@ -137,30 +157,35 @@ options:
status:
description:
- Enable/disable logging to FortiAnalyzer.
+ type: str
choices:
- enable
- disable
- upload-day:
+ upload_day:
description:
- Day of week (month) to upload logs.
- upload-interval:
+ type: str
+ upload_interval:
description:
- Frequency to upload log files to FortiAnalyzer.
+ type: str
choices:
- daily
- weekly
- monthly
- upload-option:
+ upload_option:
description:
- Enable/disable logging to hard disk and then uploading to FortiAnalyzer.
+ type: str
choices:
- store-and-upload
- realtime
- 1-minute
- 5-minute
- upload-time:
+ upload_time:
description:
- "Time to upload logs (hh:mm)."
+ type: str
'''
EXAMPLES = '''
@@ -170,6 +195,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Global FortiAnalyzer settings.
fortios_log_fortianalyzer3_setting:
@@ -181,23 +207,23 @@ EXAMPLES = '''
log_fortianalyzer3_setting:
__change_ip: "3"
certificate: " (source certificate.local.name)"
- conn-timeout: "5"
- enc-algorithm: "high-medium"
- faz-type: "7"
- hmac-algorithm: "sha256"
- ips-archive: "enable"
- mgmt-name: ""
- monitor-failure-retry-period: "11"
- monitor-keepalive-period: "12"
+ conn_timeout: "5"
+ enc_algorithm: "high-medium"
+ faz_type: "7"
+ hmac_algorithm: "sha256"
+ ips_archive: "enable"
+ mgmt_name: ""
+ monitor_failure_retry_period: "11"
+ monitor_keepalive_period: "12"
reliable: "enable"
server: "192.168.100.40"
- source-ip: "84.230.14.43"
- ssl-min-proto-version: "default"
+ source_ip: "84.230.14.43"
+ ssl_min_proto_version: "default"
status: "enable"
- upload-day: ""
- upload-interval: "daily"
- upload-option: "store-and-upload"
- upload-time: ""
+ upload_day: ""
+ upload_interval: "daily"
+ upload_option: "store-and-upload"
+ upload_time: ""
'''
RETURN = '''
@@ -260,14 +286,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -275,17 +303,17 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer3_setting_data(json):
- option_list = ['__change_ip', 'certificate', 'conn-timeout',
- 'enc-algorithm', 'faz-type', 'hmac-algorithm',
- 'ips-archive', 'mgmt-name', 'monitor-failure-retry-period',
- 'monitor-keepalive-period', 'reliable', 'server',
- 'source-ip', 'ssl-min-proto-version', 'status',
- 'upload-day', 'upload-interval', 'upload-option',
- 'upload-time']
+ option_list = ['__change_ip', 'certificate', 'conn_timeout',
+ 'enc_algorithm', 'faz_type', 'hmac_algorithm',
+ 'ips_archive', 'mgmt_name', 'monitor_failure_retry_period',
+ 'monitor_keepalive_period', 'reliable', 'server',
+ 'source_ip', 'ssl_min_proto_version', 'status',
+ 'upload_day', 'upload_interval', 'upload_option',
+ 'upload_time']
dictionary = {}
for attribute in option_list:
@@ -295,69 +323,85 @@ def filter_log_fortianalyzer3_setting_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_fortianalyzer3_setting(data, fos):
vdom = data['vdom']
log_fortianalyzer3_setting_data = data['log_fortianalyzer3_setting']
- filtered_data = filter_log_fortianalyzer3_setting_data(log_fortianalyzer3_setting_data)
+ filtered_data = underscore_to_hyphen(filter_log_fortianalyzer3_setting_data(log_fortianalyzer3_setting_data))
+
return fos.set('log.fortianalyzer3',
'setting',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_fortianalyzer3(data, fos):
- login(data)
- methodlist = ['log_fortianalyzer3_setting']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_fortianalyzer3_setting']:
+ resp = log_fortianalyzer3_setting(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer3_setting": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
"__change_ip": {"required": False, "type": "int"},
"certificate": {"required": False, "type": "str"},
- "conn-timeout": {"required": False, "type": "int"},
- "enc-algorithm": {"required": False, "type": "str",
- "choices": ["high-medium", "high", "low",
- "disable"]},
- "faz-type": {"required": False, "type": "int"},
- "hmac-algorithm": {"required": False, "type": "str",
+ "conn_timeout": {"required": False, "type": "int"},
+ "enc_algorithm": {"required": False, "type": "str",
+ "choices": ["high-medium", "high", "low"]},
+ "faz_type": {"required": False, "type": "int"},
+ "hmac_algorithm": {"required": False, "type": "str",
"choices": ["sha256", "sha1"]},
- "ips-archive": {"required": False, "type": "str",
+ "ips_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "mgmt-name": {"required": False, "type": "str"},
- "monitor-failure-retry-period": {"required": False, "type": "int"},
- "monitor-keepalive-period": {"required": False, "type": "int"},
+ "mgmt_name": {"required": False, "type": "str"},
+ "monitor_failure_retry_period": {"required": False, "type": "int"},
+ "monitor_keepalive_period": {"required": False, "type": "int"},
"reliable": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"server": {"required": False, "type": "str"},
- "source-ip": {"required": False, "type": "str"},
- "ssl-min-proto-version": {"required": False, "type": "str",
+ "source_ip": {"required": False, "type": "str"},
+ "ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "upload-day": {"required": False, "type": "str"},
- "upload-interval": {"required": False, "type": "str",
+ "upload_day": {"required": False, "type": "str"},
+ "upload_interval": {"required": False, "type": "str",
"choices": ["daily", "weekly", "monthly"]},
- "upload-option": {"required": False, "type": "str",
+ "upload_option": {"required": False, "type": "str",
"choices": ["store-and-upload", "realtime", "1-minute",
"5-minute"]},
- "upload-time": {"required": False, "type": "str"}
+ "upload_time": {"required": False, "type": "str"}
}
}
@@ -365,15 +409,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_filter.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_filter.py
index ff2ae4eb1c5..bd2d99a4d28 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_filter.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_filter.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer_filter
short_description: Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,94 +41,116 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_fortianalyzer_filter:
description:
- Filters for FortiAnalyzer.
default: null
+ type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
+ type: str
choices:
- enable
- disable
- dlp-archive:
+ dlp_archive:
description:
- Enable/disable DLP archive logging.
+ type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
+ type: str
choices:
- enable
- disable
filter:
description:
- FortiAnalyzer log filter.
- filter-type:
+ type: str
+ filter_type:
description:
- Include/exclude logs that match the filter.
+ type: str
choices:
- include
- exclude
- forward-traffic:
+ forward_traffic:
description:
- Enable/disable forward traffic logging.
+ type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
+ type: str
choices:
- enable
- disable
- local-traffic:
+ local_traffic:
description:
- Enable/disable local in or out traffic logging.
+ type: str
choices:
- enable
- disable
- multicast-traffic:
+ multicast_traffic:
description:
- Enable/disable multicast traffic logging.
+ type: str
choices:
- enable
- disable
- netscan-discovery:
+ netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
- netscan-vulnerability:
+ type: str
+ netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
+ type: str
severity:
description:
- Lowest severity level to log.
+ type: str
choices:
- emergency
- alert
@@ -141,21 +160,24 @@ options:
- notification
- information
- debug
- sniffer-traffic:
+ sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
+ type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
+ type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
+ type: str
choices:
- enable
- disable
@@ -168,6 +190,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Filters for FortiAnalyzer.
fortios_log_fortianalyzer_filter:
@@ -178,18 +201,18 @@ EXAMPLES = '''
https: "False"
log_fortianalyzer_filter:
anomaly: "enable"
- dlp-archive: "enable"
+ dlp_archive: "enable"
dns: "enable"
filter: ""
- filter-type: "include"
- forward-traffic: "enable"
+ filter_type: "include"
+ forward_traffic: "enable"
gtp: "enable"
- local-traffic: "enable"
- multicast-traffic: "enable"
- netscan-discovery: ""
- netscan-vulnerability: ""
+ local_traffic: "enable"
+ multicast_traffic: "enable"
+ netscan_discovery: ""
+ netscan_vulnerability: ""
severity: "emergency"
- sniffer-traffic: "enable"
+ sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@@ -254,14 +277,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -269,15 +294,15 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer_filter_data(json):
- option_list = ['anomaly', 'dlp-archive', 'dns',
- 'filter', 'filter-type', 'forward-traffic',
- 'gtp', 'local-traffic', 'multicast-traffic',
- 'netscan-discovery', 'netscan-vulnerability', 'severity',
- 'sniffer-traffic', 'ssh', 'voip']
+ option_list = ['anomaly', 'dlp_archive', 'dns',
+ 'filter', 'filter_type', 'forward_traffic',
+ 'gtp', 'local_traffic', 'multicast_traffic',
+ 'netscan_discovery', 'netscan_vulnerability', 'severity',
+ 'sniffer_traffic', 'ssh', 'voip']
dictionary = {}
for attribute in option_list:
@@ -287,63 +312,80 @@ def filter_log_fortianalyzer_filter_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_fortianalyzer_filter(data, fos):
vdom = data['vdom']
log_fortianalyzer_filter_data = data['log_fortianalyzer_filter']
- filtered_data = filter_log_fortianalyzer_filter_data(log_fortianalyzer_filter_data)
+ filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_filter_data(log_fortianalyzer_filter_data))
+
return fos.set('log.fortianalyzer',
'filter',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_fortianalyzer(data, fos):
- login(data)
- methodlist = ['log_fortianalyzer_filter']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_fortianalyzer_filter']:
+ resp = log_fortianalyzer_filter(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer_filter": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "dlp-archive": {"required": False, "type": "str",
+ "dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
- "filter-type": {"required": False, "type": "str",
+ "filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
- "forward-traffic": {"required": False, "type": "str",
+ "forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "local-traffic": {"required": False, "type": "str",
+ "local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "multicast-traffic": {"required": False, "type": "str",
+ "multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "netscan-discovery": {"required": False, "type": "str"},
- "netscan-vulnerability": {"required": False, "type": "str"},
+ "netscan_discovery": {"required": False, "type": "str"},
+ "netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
- "sniffer-traffic": {"required": False, "type": "str",
+ "sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@@ -356,15 +398,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_filter.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_filter.py
index 7d90713603f..e8c4620d9cd 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_filter.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_filter.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer_override_filter
short_description: Override filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer feature and override_filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,94 +41,116 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_fortianalyzer_override_filter:
description:
- Override filters for FortiAnalyzer.
default: null
+ type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
+ type: str
choices:
- enable
- disable
- dlp-archive:
+ dlp_archive:
description:
- Enable/disable DLP archive logging.
+ type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
+ type: str
choices:
- enable
- disable
filter:
description:
- FortiAnalyzer log filter.
- filter-type:
+ type: str
+ filter_type:
description:
- Include/exclude logs that match the filter.
+ type: str
choices:
- include
- exclude
- forward-traffic:
+ forward_traffic:
description:
- Enable/disable forward traffic logging.
+ type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
+ type: str
choices:
- enable
- disable
- local-traffic:
+ local_traffic:
description:
- Enable/disable local in or out traffic logging.
+ type: str
choices:
- enable
- disable
- multicast-traffic:
+ multicast_traffic:
description:
- Enable/disable multicast traffic logging.
+ type: str
choices:
- enable
- disable
- netscan-discovery:
+ netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
- netscan-vulnerability:
+ type: str
+ netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
+ type: str
severity:
description:
- Lowest severity level to log.
+ type: str
choices:
- emergency
- alert
@@ -141,21 +160,24 @@ options:
- notification
- information
- debug
- sniffer-traffic:
+ sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
+ type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
+ type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
+ type: str
choices:
- enable
- disable
@@ -168,6 +190,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Override filters for FortiAnalyzer.
fortios_log_fortianalyzer_override_filter:
@@ -178,18 +201,18 @@ EXAMPLES = '''
https: "False"
log_fortianalyzer_override_filter:
anomaly: "enable"
- dlp-archive: "enable"
+ dlp_archive: "enable"
dns: "enable"
filter: ""
- filter-type: "include"
- forward-traffic: "enable"
+ filter_type: "include"
+ forward_traffic: "enable"
gtp: "enable"
- local-traffic: "enable"
- multicast-traffic: "enable"
- netscan-discovery: ""
- netscan-vulnerability: ""
+ local_traffic: "enable"
+ multicast_traffic: "enable"
+ netscan_discovery: ""
+ netscan_vulnerability: ""
severity: "emergency"
- sniffer-traffic: "enable"
+ sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@@ -254,14 +277,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -269,15 +294,15 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer_override_filter_data(json):
- option_list = ['anomaly', 'dlp-archive', 'dns',
- 'filter', 'filter-type', 'forward-traffic',
- 'gtp', 'local-traffic', 'multicast-traffic',
- 'netscan-discovery', 'netscan-vulnerability', 'severity',
- 'sniffer-traffic', 'ssh', 'voip']
+ option_list = ['anomaly', 'dlp_archive', 'dns',
+ 'filter', 'filter_type', 'forward_traffic',
+ 'gtp', 'local_traffic', 'multicast_traffic',
+ 'netscan_discovery', 'netscan_vulnerability', 'severity',
+ 'sniffer_traffic', 'ssh', 'voip']
dictionary = {}
for attribute in option_list:
@@ -287,63 +312,80 @@ def filter_log_fortianalyzer_override_filter_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_fortianalyzer_override_filter(data, fos):
vdom = data['vdom']
log_fortianalyzer_override_filter_data = data['log_fortianalyzer_override_filter']
- filtered_data = filter_log_fortianalyzer_override_filter_data(log_fortianalyzer_override_filter_data)
+ filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_override_filter_data(log_fortianalyzer_override_filter_data))
+
return fos.set('log.fortianalyzer',
'override-filter',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_fortianalyzer(data, fos):
- login(data)
- methodlist = ['log_fortianalyzer_override_filter']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_fortianalyzer_override_filter']:
+ resp = log_fortianalyzer_override_filter(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer_override_filter": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "dlp-archive": {"required": False, "type": "str",
+ "dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
- "filter-type": {"required": False, "type": "str",
+ "filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
- "forward-traffic": {"required": False, "type": "str",
+ "forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "local-traffic": {"required": False, "type": "str",
+ "local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "multicast-traffic": {"required": False, "type": "str",
+ "multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "netscan-discovery": {"required": False, "type": "str"},
- "netscan-vulnerability": {"required": False, "type": "str"},
+ "netscan_discovery": {"required": False, "type": "str"},
+ "netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
- "sniffer-traffic": {"required": False, "type": "str",
+ "sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@@ -356,15 +398,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_setting.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_setting.py
index 5cd129daf19..f45035f7d2c 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_setting.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_setting.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer_override_setting
short_description: Override FortiAnalyzer settings in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer feature and override_setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,96 +41,120 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_fortianalyzer_override_setting:
description:
- Override FortiAnalyzer settings.
default: null
+ type: dict
suboptions:
__change_ip:
description:
- Hidden attribute.
+ type: int
certificate:
description:
- Certificate used to communicate with FortiAnalyzer. Source certificate.local.name.
- conn-timeout:
+ type: str
+ conn_timeout:
description:
- FortiAnalyzer connection time-out in seconds (for status and log buffer).
- enc-algorithm:
+ type: int
+ enc_algorithm:
description:
- Enable/disable sending FortiAnalyzer log data with SSL encryption.
+ type: str
choices:
- high-medium
- high
- low
- - disable
- faz-type:
+ faz_type:
description:
- Hidden setting index of FortiAnalyzer.
- hmac-algorithm:
+ type: int
+ hmac_algorithm:
description:
- FortiAnalyzer IPsec tunnel HMAC algorithm.
+ type: str
choices:
- sha256
- sha1
- ips-archive:
+ ips_archive:
description:
- Enable/disable IPS packet archive logging.
+ type: str
choices:
- enable
- disable
- mgmt-name:
+ mgmt_name:
description:
- Hidden management name of FortiAnalyzer.
- monitor-failure-retry-period:
+ type: str
+ monitor_failure_retry_period:
description:
- Time between FortiAnalyzer connection retries in seconds (for status and log buffer).
- monitor-keepalive-period:
+ type: int
+ monitor_keepalive_period:
description:
- Time between OFTP keepalives in seconds (for status and log buffer).
+ type: int
override:
description:
- Enable/disable overriding FortiAnalyzer settings or use global settings.
+ type: str
choices:
- enable
- disable
reliable:
description:
- Enable/disable reliable logging to FortiAnalyzer.
+ type: str
choices:
- enable
- disable
server:
description:
- The remote FortiAnalyzer.
- source-ip:
+ type: str
+ source_ip:
description:
- Source IPv4 or IPv6 address used to communicate with FortiAnalyzer.
- ssl-min-proto-version:
+ type: str
+ ssl_min_proto_version:
description:
- - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
+ - Minimum supported protocol version for SSL/TLS connections .
+ type: str
choices:
- default
- SSLv3
@@ -143,33 +164,39 @@ options:
status:
description:
- Enable/disable logging to FortiAnalyzer.
+ type: str
choices:
- enable
- disable
- upload-day:
+ upload_day:
description:
- Day of week (month) to upload logs.
- upload-interval:
+ type: str
+ upload_interval:
description:
- Frequency to upload log files to FortiAnalyzer.
+ type: str
choices:
- daily
- weekly
- monthly
- upload-option:
+ upload_option:
description:
- Enable/disable logging to hard disk and then uploading to FortiAnalyzer.
+ type: str
choices:
- store-and-upload
- realtime
- 1-minute
- 5-minute
- upload-time:
+ upload_time:
description:
- "Time to upload logs (hh:mm)."
- use-management-vdom:
+ type: str
+ use_management_vdom:
description:
- Enable/disable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer.
+ type: str
choices:
- enable
- disable
@@ -182,6 +209,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Override FortiAnalyzer settings.
fortios_log_fortianalyzer_override_setting:
@@ -193,25 +221,25 @@ EXAMPLES = '''
log_fortianalyzer_override_setting:
__change_ip: "3"
certificate: " (source certificate.local.name)"
- conn-timeout: "5"
- enc-algorithm: "high-medium"
- faz-type: "7"
- hmac-algorithm: "sha256"
- ips-archive: "enable"
- mgmt-name: ""
- monitor-failure-retry-period: "11"
- monitor-keepalive-period: "12"
+ conn_timeout: "5"
+ enc_algorithm: "high-medium"
+ faz_type: "7"
+ hmac_algorithm: "sha256"
+ ips_archive: "enable"
+ mgmt_name: ""
+ monitor_failure_retry_period: "11"
+ monitor_keepalive_period: "12"
override: "enable"
reliable: "enable"
server: "192.168.100.40"
- source-ip: "84.230.14.43"
- ssl-min-proto-version: "default"
+ source_ip: "84.230.14.43"
+ ssl_min_proto_version: "default"
status: "enable"
- upload-day: ""
- upload-interval: "daily"
- upload-option: "store-and-upload"
- upload-time: ""
- use-management-vdom: "enable"
+ upload_day: ""
+ upload_interval: "daily"
+ upload_option: "store-and-upload"
+ upload_time: ""
+ use_management_vdom: "enable"
'''
RETURN = '''
@@ -274,14 +302,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -289,17 +319,17 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer_override_setting_data(json):
- option_list = ['__change_ip', 'certificate', 'conn-timeout',
- 'enc-algorithm', 'faz-type', 'hmac-algorithm',
- 'ips-archive', 'mgmt-name', 'monitor-failure-retry-period',
- 'monitor-keepalive-period', 'override', 'reliable',
- 'server', 'source-ip', 'ssl-min-proto-version',
- 'status', 'upload-day', 'upload-interval',
- 'upload-option', 'upload-time', 'use-management-vdom']
+ option_list = ['__change_ip', 'certificate', 'conn_timeout',
+ 'enc_algorithm', 'faz_type', 'hmac_algorithm',
+ 'ips_archive', 'mgmt_name', 'monitor_failure_retry_period',
+ 'monitor_keepalive_period', 'override', 'reliable',
+ 'server', 'source_ip', 'ssl_min_proto_version',
+ 'status', 'upload_day', 'upload_interval',
+ 'upload_option', 'upload_time', 'use_management_vdom']
dictionary = {}
for attribute in option_list:
@@ -309,72 +339,88 @@ def filter_log_fortianalyzer_override_setting_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_fortianalyzer_override_setting(data, fos):
vdom = data['vdom']
log_fortianalyzer_override_setting_data = data['log_fortianalyzer_override_setting']
- filtered_data = filter_log_fortianalyzer_override_setting_data(log_fortianalyzer_override_setting_data)
+ filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_override_setting_data(log_fortianalyzer_override_setting_data))
+
return fos.set('log.fortianalyzer',
'override-setting',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_fortianalyzer(data, fos):
- login(data)
- methodlist = ['log_fortianalyzer_override_setting']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_fortianalyzer_override_setting']:
+ resp = log_fortianalyzer_override_setting(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer_override_setting": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
"__change_ip": {"required": False, "type": "int"},
"certificate": {"required": False, "type": "str"},
- "conn-timeout": {"required": False, "type": "int"},
- "enc-algorithm": {"required": False, "type": "str",
- "choices": ["high-medium", "high", "low",
- "disable"]},
- "faz-type": {"required": False, "type": "int"},
- "hmac-algorithm": {"required": False, "type": "str",
+ "conn_timeout": {"required": False, "type": "int"},
+ "enc_algorithm": {"required": False, "type": "str",
+ "choices": ["high-medium", "high", "low"]},
+ "faz_type": {"required": False, "type": "int"},
+ "hmac_algorithm": {"required": False, "type": "str",
"choices": ["sha256", "sha1"]},
- "ips-archive": {"required": False, "type": "str",
+ "ips_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "mgmt-name": {"required": False, "type": "str"},
- "monitor-failure-retry-period": {"required": False, "type": "int"},
- "monitor-keepalive-period": {"required": False, "type": "int"},
+ "mgmt_name": {"required": False, "type": "str"},
+ "monitor_failure_retry_period": {"required": False, "type": "int"},
+ "monitor_keepalive_period": {"required": False, "type": "int"},
"override": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"reliable": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"server": {"required": False, "type": "str"},
- "source-ip": {"required": False, "type": "str"},
- "ssl-min-proto-version": {"required": False, "type": "str",
+ "source_ip": {"required": False, "type": "str"},
+ "ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "upload-day": {"required": False, "type": "str"},
- "upload-interval": {"required": False, "type": "str",
+ "upload_day": {"required": False, "type": "str"},
+ "upload_interval": {"required": False, "type": "str",
"choices": ["daily", "weekly", "monthly"]},
- "upload-option": {"required": False, "type": "str",
+ "upload_option": {"required": False, "type": "str",
"choices": ["store-and-upload", "realtime", "1-minute",
"5-minute"]},
- "upload-time": {"required": False, "type": "str"},
- "use-management-vdom": {"required": False, "type": "str",
+ "upload_time": {"required": False, "type": "str"},
+ "use_management_vdom": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
@@ -383,15 +429,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_setting.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_setting.py
index 535e6a86d7e..e77d8ce496f 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_setting.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_setting.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortianalyzer_setting
short_description: Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortianalyzer feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,90 +41,113 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_fortianalyzer_setting:
description:
- Global FortiAnalyzer settings.
default: null
+ type: dict
suboptions:
__change_ip:
description:
- Hidden attribute.
+ type: int
certificate:
description:
- Certificate used to communicate with FortiAnalyzer. Source certificate.local.name.
- conn-timeout:
+ type: str
+ conn_timeout:
description:
- FortiAnalyzer connection time-out in seconds (for status and log buffer).
- enc-algorithm:
+ type: int
+ enc_algorithm:
description:
- Enable/disable sending FortiAnalyzer log data with SSL encryption.
+ type: str
choices:
- high-medium
- high
- low
- - disable
- faz-type:
+ faz_type:
description:
- Hidden setting index of FortiAnalyzer.
- hmac-algorithm:
+ type: int
+ hmac_algorithm:
description:
- FortiAnalyzer IPsec tunnel HMAC algorithm.
+ type: str
choices:
- sha256
- sha1
- ips-archive:
+ ips_archive:
description:
- Enable/disable IPS packet archive logging.
+ type: str
choices:
- enable
- disable
- mgmt-name:
+ mgmt_name:
description:
- Hidden management name of FortiAnalyzer.
- monitor-failure-retry-period:
+ type: str
+ monitor_failure_retry_period:
description:
- Time between FortiAnalyzer connection retries in seconds (for status and log buffer).
- monitor-keepalive-period:
+ type: int
+ monitor_keepalive_period:
description:
- Time between OFTP keepalives in seconds (for status and log buffer).
+ type: int
reliable:
description:
- Enable/disable reliable logging to FortiAnalyzer.
+ type: str
choices:
- enable
- disable
server:
description:
- The remote FortiAnalyzer.
- source-ip:
+ type: str
+ source_ip:
description:
- Source IPv4 or IPv6 address used to communicate with FortiAnalyzer.
- ssl-min-proto-version:
+ type: str
+ ssl_min_proto_version:
description:
- - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
+ - Minimum supported protocol version for SSL/TLS connections .
+ type: str
choices:
- default
- SSLv3
@@ -137,30 +157,35 @@ options:
status:
description:
- Enable/disable logging to FortiAnalyzer.
+ type: str
choices:
- enable
- disable
- upload-day:
+ upload_day:
description:
- Day of week (month) to upload logs.
- upload-interval:
+ type: str
+ upload_interval:
description:
- Frequency to upload log files to FortiAnalyzer.
+ type: str
choices:
- daily
- weekly
- monthly
- upload-option:
+ upload_option:
description:
- Enable/disable logging to hard disk and then uploading to FortiAnalyzer.
+ type: str
choices:
- store-and-upload
- realtime
- 1-minute
- 5-minute
- upload-time:
+ upload_time:
description:
- "Time to upload logs (hh:mm)."
+ type: str
'''
EXAMPLES = '''
@@ -170,6 +195,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Global FortiAnalyzer settings.
fortios_log_fortianalyzer_setting:
@@ -181,23 +207,23 @@ EXAMPLES = '''
log_fortianalyzer_setting:
__change_ip: "3"
certificate: " (source certificate.local.name)"
- conn-timeout: "5"
- enc-algorithm: "high-medium"
- faz-type: "7"
- hmac-algorithm: "sha256"
- ips-archive: "enable"
- mgmt-name: ""
- monitor-failure-retry-period: "11"
- monitor-keepalive-period: "12"
+ conn_timeout: "5"
+ enc_algorithm: "high-medium"
+ faz_type: "7"
+ hmac_algorithm: "sha256"
+ ips_archive: "enable"
+ mgmt_name: ""
+ monitor_failure_retry_period: "11"
+ monitor_keepalive_period: "12"
reliable: "enable"
server: "192.168.100.40"
- source-ip: "84.230.14.43"
- ssl-min-proto-version: "default"
+ source_ip: "84.230.14.43"
+ ssl_min_proto_version: "default"
status: "enable"
- upload-day: ""
- upload-interval: "daily"
- upload-option: "store-and-upload"
- upload-time: ""
+ upload_day: ""
+ upload_interval: "daily"
+ upload_option: "store-and-upload"
+ upload_time: ""
'''
RETURN = '''
@@ -260,14 +286,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -275,17 +303,17 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortianalyzer_setting_data(json):
- option_list = ['__change_ip', 'certificate', 'conn-timeout',
- 'enc-algorithm', 'faz-type', 'hmac-algorithm',
- 'ips-archive', 'mgmt-name', 'monitor-failure-retry-period',
- 'monitor-keepalive-period', 'reliable', 'server',
- 'source-ip', 'ssl-min-proto-version', 'status',
- 'upload-day', 'upload-interval', 'upload-option',
- 'upload-time']
+ option_list = ['__change_ip', 'certificate', 'conn_timeout',
+ 'enc_algorithm', 'faz_type', 'hmac_algorithm',
+ 'ips_archive', 'mgmt_name', 'monitor_failure_retry_period',
+ 'monitor_keepalive_period', 'reliable', 'server',
+ 'source_ip', 'ssl_min_proto_version', 'status',
+ 'upload_day', 'upload_interval', 'upload_option',
+ 'upload_time']
dictionary = {}
for attribute in option_list:
@@ -295,69 +323,85 @@ def filter_log_fortianalyzer_setting_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_fortianalyzer_setting(data, fos):
vdom = data['vdom']
log_fortianalyzer_setting_data = data['log_fortianalyzer_setting']
- filtered_data = filter_log_fortianalyzer_setting_data(log_fortianalyzer_setting_data)
+ filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_setting_data(log_fortianalyzer_setting_data))
+
return fos.set('log.fortianalyzer',
'setting',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_fortianalyzer(data, fos):
- login(data)
- methodlist = ['log_fortianalyzer_setting']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_fortianalyzer_setting']:
+ resp = log_fortianalyzer_setting(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer_setting": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
"__change_ip": {"required": False, "type": "int"},
"certificate": {"required": False, "type": "str"},
- "conn-timeout": {"required": False, "type": "int"},
- "enc-algorithm": {"required": False, "type": "str",
- "choices": ["high-medium", "high", "low",
- "disable"]},
- "faz-type": {"required": False, "type": "int"},
- "hmac-algorithm": {"required": False, "type": "str",
+ "conn_timeout": {"required": False, "type": "int"},
+ "enc_algorithm": {"required": False, "type": "str",
+ "choices": ["high-medium", "high", "low"]},
+ "faz_type": {"required": False, "type": "int"},
+ "hmac_algorithm": {"required": False, "type": "str",
"choices": ["sha256", "sha1"]},
- "ips-archive": {"required": False, "type": "str",
+ "ips_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "mgmt-name": {"required": False, "type": "str"},
- "monitor-failure-retry-period": {"required": False, "type": "int"},
- "monitor-keepalive-period": {"required": False, "type": "int"},
+ "mgmt_name": {"required": False, "type": "str"},
+ "monitor_failure_retry_period": {"required": False, "type": "int"},
+ "monitor_keepalive_period": {"required": False, "type": "int"},
"reliable": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"server": {"required": False, "type": "str"},
- "source-ip": {"required": False, "type": "str"},
- "ssl-min-proto-version": {"required": False, "type": "str",
+ "source_ip": {"required": False, "type": "str"},
+ "ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "upload-day": {"required": False, "type": "str"},
- "upload-interval": {"required": False, "type": "str",
+ "upload_day": {"required": False, "type": "str"},
+ "upload_interval": {"required": False, "type": "str",
"choices": ["daily", "weekly", "monthly"]},
- "upload-option": {"required": False, "type": "str",
+ "upload_option": {"required": False, "type": "str",
"choices": ["store-and-upload", "realtime", "1-minute",
"5-minute"]},
- "upload-time": {"required": False, "type": "str"}
+ "upload_time": {"required": False, "type": "str"}
}
}
@@ -365,15 +409,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_filter.py b/lib/ansible/modules/network/fortios/fortios_log_fortiguard_filter.py
index c5ff37f6f4f..8f68659c482 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_filter.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_fortiguard_filter.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortiguard_filter
short_description: Filters for FortiCloud in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortiguard feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,94 +41,116 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_fortiguard_filter:
description:
- Filters for FortiCloud.
default: null
+ type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
+ type: str
choices:
- enable
- disable
- dlp-archive:
+ dlp_archive:
description:
- Enable/disable DLP archive logging.
+ type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
+ type: str
choices:
- enable
- disable
filter:
description:
- FortiCloud log filter.
- filter-type:
+ type: str
+ filter_type:
description:
- Include/exclude logs that match the filter.
+ type: str
choices:
- include
- exclude
- forward-traffic:
+ forward_traffic:
description:
- Enable/disable forward traffic logging.
+ type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
+ type: str
choices:
- enable
- disable
- local-traffic:
+ local_traffic:
description:
- Enable/disable local in or out traffic logging.
+ type: str
choices:
- enable
- disable
- multicast-traffic:
+ multicast_traffic:
description:
- Enable/disable multicast traffic logging.
+ type: str
choices:
- enable
- disable
- netscan-discovery:
+ netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
- netscan-vulnerability:
+ type: str
+ netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
+ type: str
severity:
description:
- Lowest severity level to log.
+ type: str
choices:
- emergency
- alert
@@ -141,21 +160,24 @@ options:
- notification
- information
- debug
- sniffer-traffic:
+ sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
+ type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
+ type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
+ type: str
choices:
- enable
- disable
@@ -168,6 +190,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Filters for FortiCloud.
fortios_log_fortiguard_filter:
@@ -178,18 +201,18 @@ EXAMPLES = '''
https: "False"
log_fortiguard_filter:
anomaly: "enable"
- dlp-archive: "enable"
+ dlp_archive: "enable"
dns: "enable"
filter: ""
- filter-type: "include"
- forward-traffic: "enable"
+ filter_type: "include"
+ forward_traffic: "enable"
gtp: "enable"
- local-traffic: "enable"
- multicast-traffic: "enable"
- netscan-discovery: ""
- netscan-vulnerability: ""
+ local_traffic: "enable"
+ multicast_traffic: "enable"
+ netscan_discovery: ""
+ netscan_vulnerability: ""
severity: "emergency"
- sniffer-traffic: "enable"
+ sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@@ -254,14 +277,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -269,15 +294,15 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortiguard_filter_data(json):
- option_list = ['anomaly', 'dlp-archive', 'dns',
- 'filter', 'filter-type', 'forward-traffic',
- 'gtp', 'local-traffic', 'multicast-traffic',
- 'netscan-discovery', 'netscan-vulnerability', 'severity',
- 'sniffer-traffic', 'ssh', 'voip']
+ option_list = ['anomaly', 'dlp_archive', 'dns',
+ 'filter', 'filter_type', 'forward_traffic',
+ 'gtp', 'local_traffic', 'multicast_traffic',
+ 'netscan_discovery', 'netscan_vulnerability', 'severity',
+ 'sniffer_traffic', 'ssh', 'voip']
dictionary = {}
for attribute in option_list:
@@ -287,63 +312,80 @@ def filter_log_fortiguard_filter_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_fortiguard_filter(data, fos):
vdom = data['vdom']
log_fortiguard_filter_data = data['log_fortiguard_filter']
- filtered_data = filter_log_fortiguard_filter_data(log_fortiguard_filter_data)
+ filtered_data = underscore_to_hyphen(filter_log_fortiguard_filter_data(log_fortiguard_filter_data))
+
return fos.set('log.fortiguard',
'filter',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_fortiguard(data, fos):
- login(data)
- methodlist = ['log_fortiguard_filter']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_fortiguard_filter']:
+ resp = log_fortiguard_filter(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortiguard_filter": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "dlp-archive": {"required": False, "type": "str",
+ "dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
- "filter-type": {"required": False, "type": "str",
+ "filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
- "forward-traffic": {"required": False, "type": "str",
+ "forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "local-traffic": {"required": False, "type": "str",
+ "local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "multicast-traffic": {"required": False, "type": "str",
+ "multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "netscan-discovery": {"required": False, "type": "str"},
- "netscan-vulnerability": {"required": False, "type": "str"},
+ "netscan_discovery": {"required": False, "type": "str"},
+ "netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
- "sniffer-traffic": {"required": False, "type": "str",
+ "sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@@ -356,15 +398,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_filter.py b/lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_filter.py
index c747fb458a5..9a7f6b31282 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_filter.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_filter.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortiguard_override_filter
short_description: Override filters for FortiCloud in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortiguard feature and override_filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,94 +41,116 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_fortiguard_override_filter:
description:
- Override filters for FortiCloud.
default: null
+ type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
+ type: str
choices:
- enable
- disable
- dlp-archive:
+ dlp_archive:
description:
- Enable/disable DLP archive logging.
+ type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
+ type: str
choices:
- enable
- disable
filter:
description:
- FortiCloud log filter.
- filter-type:
+ type: str
+ filter_type:
description:
- Include/exclude logs that match the filter.
+ type: str
choices:
- include
- exclude
- forward-traffic:
+ forward_traffic:
description:
- Enable/disable forward traffic logging.
+ type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
+ type: str
choices:
- enable
- disable
- local-traffic:
+ local_traffic:
description:
- Enable/disable local in or out traffic logging.
+ type: str
choices:
- enable
- disable
- multicast-traffic:
+ multicast_traffic:
description:
- Enable/disable multicast traffic logging.
+ type: str
choices:
- enable
- disable
- netscan-discovery:
+ netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
- netscan-vulnerability:
+ type: str
+ netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
+ type: str
severity:
description:
- Lowest severity level to log.
+ type: str
choices:
- emergency
- alert
@@ -141,21 +160,24 @@ options:
- notification
- information
- debug
- sniffer-traffic:
+ sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
+ type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
+ type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
+ type: str
choices:
- enable
- disable
@@ -168,6 +190,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Override filters for FortiCloud.
fortios_log_fortiguard_override_filter:
@@ -178,18 +201,18 @@ EXAMPLES = '''
https: "False"
log_fortiguard_override_filter:
anomaly: "enable"
- dlp-archive: "enable"
+ dlp_archive: "enable"
dns: "enable"
filter: ""
- filter-type: "include"
- forward-traffic: "enable"
+ filter_type: "include"
+ forward_traffic: "enable"
gtp: "enable"
- local-traffic: "enable"
- multicast-traffic: "enable"
- netscan-discovery: ""
- netscan-vulnerability: ""
+ local_traffic: "enable"
+ multicast_traffic: "enable"
+ netscan_discovery: ""
+ netscan_vulnerability: ""
severity: "emergency"
- sniffer-traffic: "enable"
+ sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@@ -254,14 +277,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -269,15 +294,15 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortiguard_override_filter_data(json):
- option_list = ['anomaly', 'dlp-archive', 'dns',
- 'filter', 'filter-type', 'forward-traffic',
- 'gtp', 'local-traffic', 'multicast-traffic',
- 'netscan-discovery', 'netscan-vulnerability', 'severity',
- 'sniffer-traffic', 'ssh', 'voip']
+ option_list = ['anomaly', 'dlp_archive', 'dns',
+ 'filter', 'filter_type', 'forward_traffic',
+ 'gtp', 'local_traffic', 'multicast_traffic',
+ 'netscan_discovery', 'netscan_vulnerability', 'severity',
+ 'sniffer_traffic', 'ssh', 'voip']
dictionary = {}
for attribute in option_list:
@@ -287,63 +312,80 @@ def filter_log_fortiguard_override_filter_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_fortiguard_override_filter(data, fos):
vdom = data['vdom']
log_fortiguard_override_filter_data = data['log_fortiguard_override_filter']
- filtered_data = filter_log_fortiguard_override_filter_data(log_fortiguard_override_filter_data)
+ filtered_data = underscore_to_hyphen(filter_log_fortiguard_override_filter_data(log_fortiguard_override_filter_data))
+
return fos.set('log.fortiguard',
'override-filter',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_fortiguard(data, fos):
- login(data)
- methodlist = ['log_fortiguard_override_filter']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_fortiguard_override_filter']:
+ resp = log_fortiguard_override_filter(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortiguard_override_filter": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "dlp-archive": {"required": False, "type": "str",
+ "dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
- "filter-type": {"required": False, "type": "str",
+ "filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
- "forward-traffic": {"required": False, "type": "str",
+ "forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "local-traffic": {"required": False, "type": "str",
+ "local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "multicast-traffic": {"required": False, "type": "str",
+ "multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "netscan-discovery": {"required": False, "type": "str"},
- "netscan-vulnerability": {"required": False, "type": "str"},
+ "netscan_discovery": {"required": False, "type": "str"},
+ "netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
- "sniffer-traffic": {"required": False, "type": "str",
+ "sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@@ -356,15 +398,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_setting.py b/lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_setting.py
index 3c8db2401db..bf2fee5549a 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_setting.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_setting.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortiguard_override_setting
short_description: Override global FortiCloud logging settings for this VDOM in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortiguard feature and override_setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,67 +41,83 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_fortiguard_override_setting:
description:
- Override global FortiCloud logging settings for this VDOM.
default: null
+ type: dict
suboptions:
override:
description:
- Overriding FortiCloud settings for this VDOM or use global settings.
+ type: str
choices:
- enable
- disable
status:
description:
- Enable/disable logging to FortiCloud.
+ type: str
choices:
- enable
- disable
- upload-day:
+ upload_day:
description:
- Day of week to roll logs.
- upload-interval:
+ type: str
+ upload_interval:
description:
- Frequency of uploading log files to FortiCloud.
+ type: str
choices:
- daily
- weekly
- monthly
- upload-option:
+ upload_option:
description:
- Configure how log messages are sent to FortiCloud.
+ type: str
choices:
- store-and-upload
- realtime
- 1-minute
- 5-minute
- upload-time:
+ upload_time:
description:
- "Time of day to roll logs (hh:mm)."
+ type: str
'''
EXAMPLES = '''
@@ -114,6 +127,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Override global FortiCloud logging settings for this VDOM.
fortios_log_fortiguard_override_setting:
@@ -125,10 +139,10 @@ EXAMPLES = '''
log_fortiguard_override_setting:
override: "enable"
status: "enable"
- upload-day: ""
- upload-interval: "daily"
- upload-option: "store-and-upload"
- upload-time: ""
+ upload_day: ""
+ upload_interval: "daily"
+ upload_option: "store-and-upload"
+ upload_time: ""
'''
RETURN = '''
@@ -191,14 +205,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -206,12 +222,12 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortiguard_override_setting_data(json):
- option_list = ['override', 'status', 'upload-day',
- 'upload-interval', 'upload-option', 'upload-time']
+ option_list = ['override', 'status', 'upload_day',
+ 'upload_interval', 'upload_option', 'upload_time']
dictionary = {}
for attribute in option_list:
@@ -221,50 +237,67 @@ def filter_log_fortiguard_override_setting_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_fortiguard_override_setting(data, fos):
vdom = data['vdom']
log_fortiguard_override_setting_data = data['log_fortiguard_override_setting']
- filtered_data = filter_log_fortiguard_override_setting_data(log_fortiguard_override_setting_data)
+ filtered_data = underscore_to_hyphen(filter_log_fortiguard_override_setting_data(log_fortiguard_override_setting_data))
+
return fos.set('log.fortiguard',
'override-setting',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_fortiguard(data, fos):
- login(data)
- methodlist = ['log_fortiguard_override_setting']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_fortiguard_override_setting']:
+ resp = log_fortiguard_override_setting(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortiguard_override_setting": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
"override": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "upload-day": {"required": False, "type": "str"},
- "upload-interval": {"required": False, "type": "str",
+ "upload_day": {"required": False, "type": "str"},
+ "upload_interval": {"required": False, "type": "str",
"choices": ["daily", "weekly", "monthly"]},
- "upload-option": {"required": False, "type": "str",
+ "upload_option": {"required": False, "type": "str",
"choices": ["store-and-upload", "realtime", "1-minute",
"5-minute"]},
- "upload-time": {"required": False, "type": "str"}
+ "upload_time": {"required": False, "type": "str"}
}
}
@@ -272,15 +305,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_setting.py b/lib/ansible/modules/network/fortios/fortios_log_fortiguard_setting.py
index 94d2b469705..886337a0b10 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_setting.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_fortiguard_setting.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_fortiguard_setting
short_description: Configure logging to FortiCloud in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_fortiguard feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,48 +41,60 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_fortiguard_setting:
description:
- Configure logging to FortiCloud.
default: null
+ type: dict
suboptions:
- enc-algorithm:
+ enc_algorithm:
description:
- - Enable/disable and set the SSL security level for for sending encrypted logs to FortiCloud.
+ - Enable and set the SSL security level for for sending encrypted logs to FortiCloud.
+ type: str
choices:
- high-medium
- high
- low
- - disable
- source-ip:
+ source_ip:
description:
- Source IP address used to connect FortiCloud.
- ssl-min-proto-version:
+ type: str
+ ssl_min_proto_version:
description:
- - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
+ - Minimum supported protocol version for SSL/TLS connections .
+ type: str
choices:
- default
- SSLv3
@@ -95,30 +104,35 @@ options:
status:
description:
- Enable/disable logging to FortiCloud.
+ type: str
choices:
- enable
- disable
- upload-day:
+ upload_day:
description:
- Day of week to roll logs.
- upload-interval:
+ type: str
+ upload_interval:
description:
- Frequency of uploading log files to FortiCloud.
+ type: str
choices:
- daily
- weekly
- monthly
- upload-option:
+ upload_option:
description:
- Configure how log messages are sent to FortiCloud.
+ type: str
choices:
- store-and-upload
- realtime
- 1-minute
- 5-minute
- upload-time:
+ upload_time:
description:
- "Time of day to roll logs (hh:mm)."
+ type: str
'''
EXAMPLES = '''
@@ -128,6 +142,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Configure logging to FortiCloud.
fortios_log_fortiguard_setting:
@@ -137,14 +152,14 @@ EXAMPLES = '''
vdom: "{{ vdom }}"
https: "False"
log_fortiguard_setting:
- enc-algorithm: "high-medium"
- source-ip: "84.230.14.43"
- ssl-min-proto-version: "default"
+ enc_algorithm: "high-medium"
+ source_ip: "84.230.14.43"
+ ssl_min_proto_version: "default"
status: "enable"
- upload-day: ""
- upload-interval: "daily"
- upload-option: "store-and-upload"
- upload-time: ""
+ upload_day: ""
+ upload_interval: "daily"
+ upload_option: "store-and-upload"
+ upload_time: ""
'''
RETURN = '''
@@ -207,14 +222,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -222,13 +239,13 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_fortiguard_setting_data(json):
- option_list = ['enc-algorithm', 'source-ip', 'ssl-min-proto-version',
- 'status', 'upload-day', 'upload-interval',
- 'upload-option', 'upload-time']
+ option_list = ['enc_algorithm', 'source_ip', 'ssl_min_proto_version',
+ 'status', 'upload_day', 'upload_interval',
+ 'upload_option', 'upload_time']
dictionary = {}
for attribute in option_list:
@@ -238,55 +255,71 @@ def filter_log_fortiguard_setting_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_fortiguard_setting(data, fos):
vdom = data['vdom']
log_fortiguard_setting_data = data['log_fortiguard_setting']
- filtered_data = filter_log_fortiguard_setting_data(log_fortiguard_setting_data)
+ filtered_data = underscore_to_hyphen(filter_log_fortiguard_setting_data(log_fortiguard_setting_data))
+
return fos.set('log.fortiguard',
'setting',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_fortiguard(data, fos):
- login(data)
- methodlist = ['log_fortiguard_setting']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_fortiguard_setting']:
+ resp = log_fortiguard_setting(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortiguard_setting": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
- "enc-algorithm": {"required": False, "type": "str",
- "choices": ["high-medium", "high", "low",
- "disable"]},
- "source-ip": {"required": False, "type": "str"},
- "ssl-min-proto-version": {"required": False, "type": "str",
+ "enc_algorithm": {"required": False, "type": "str",
+ "choices": ["high-medium", "high", "low"]},
+ "source_ip": {"required": False, "type": "str"},
+ "ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "upload-day": {"required": False, "type": "str"},
- "upload-interval": {"required": False, "type": "str",
+ "upload_day": {"required": False, "type": "str"},
+ "upload_interval": {"required": False, "type": "str",
"choices": ["daily", "weekly", "monthly"]},
- "upload-option": {"required": False, "type": "str",
+ "upload_option": {"required": False, "type": "str",
"choices": ["store-and-upload", "realtime", "1-minute",
"5-minute"]},
- "upload-time": {"required": False, "type": "str"}
+ "upload_time": {"required": False, "type": "str"}
}
}
@@ -294,15 +327,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_gui_display.py b/lib/ansible/modules/network/fortios/fortios_log_gui_display.py
index 94aff82c892..31ecf5456c1 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_gui_display.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_gui_display.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_gui_display
short_description: Configure how log messages are displayed on the GUI in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log feature and gui_display category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,49 +41,62 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_gui_display:
description:
- Configure how log messages are displayed on the GUI.
default: null
+ type: dict
suboptions:
- fortiview-unscanned-apps:
+ fortiview_unscanned_apps:
description:
- Enable/disable showing unscanned traffic in FortiView application charts.
+ type: str
choices:
- enable
- disable
- resolve-apps:
+ resolve_apps:
description:
- Resolve unknown applications on the GUI using Fortinet's remote application database.
+ type: str
choices:
- enable
- disable
- resolve-hosts:
+ resolve_hosts:
description:
- Enable/disable resolving IP addresses to hostname in log messages on the GUI using reverse DNS lookup
+ type: str
choices:
- enable
- disable
@@ -99,6 +109,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Configure how log messages are displayed on the GUI.
fortios_log_gui_display:
@@ -108,9 +119,9 @@ EXAMPLES = '''
vdom: "{{ vdom }}"
https: "False"
log_gui_display:
- fortiview-unscanned-apps: "enable"
- resolve-apps: "enable"
- resolve-hosts: "enable"
+ fortiview_unscanned_apps: "enable"
+ resolve_apps: "enable"
+ resolve_hosts: "enable"
'''
RETURN = '''
@@ -173,14 +184,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -188,11 +201,11 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_gui_display_data(json):
- option_list = ['fortiview-unscanned-apps', 'resolve-apps', 'resolve-hosts']
+ option_list = ['fortiview_unscanned_apps', 'resolve_apps', 'resolve_hosts']
dictionary = {}
for attribute in option_list:
@@ -202,44 +215,61 @@ def filter_log_gui_display_data(json):
return dictionary
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
+
+ return data
+
+
def log_gui_display(data, fos):
vdom = data['vdom']
log_gui_display_data = data['log_gui_display']
- filtered_data = filter_log_gui_display_data(log_gui_display_data)
+ filtered_data = underscore_to_hyphen(filter_log_gui_display_data(log_gui_display_data))
+
return fos.set('log',
'gui-display',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log(data, fos):
- login(data)
- methodlist = ['log_gui_display']
- for method in methodlist:
- if data[method]:
- resp = eval(method)(data, fos)
- break
+ if data['log_gui_display']:
+ resp = log_gui_display(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_gui_display": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
- "fortiview-unscanned-apps": {"required": False, "type": "str",
+ "fortiview_unscanned_apps": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "resolve-apps": {"required": False, "type": "str",
+ "resolve_apps": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "resolve-hosts": {"required": False, "type": "str",
+ "resolve_hosts": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
@@ -248,15 +278,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/lib/ansible/modules/network/fortios/fortios_log_memory_filter.py b/lib/ansible/modules/network/fortios/fortios_log_memory_filter.py
index 6b6d704d09b..2ae1a5195be 100644
--- a/lib/ansible/modules/network/fortios/fortios_log_memory_filter.py
+++ b/lib/ansible/modules/network/fortios/fortios_log_memory_filter.py
@@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-#
-# the lib use python logging can get it if the following is set in your
-# Ansible config.
__metaclass__ = type
@@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_memory_filter
short_description: Filters for memory buffer in Fortinet's FortiOS and FortiGate.
description:
- - This module is able to configure a FortiGate or FortiOS by allowing the
+ - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_memory feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
- Tested with FOS v6.0.2
+ Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@@ -44,154 +41,186 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
- description:
- - FortiOS or FortiGate ip address.
- required: true
+ description:
+ - FortiOS or FortiGate IP address.
+ type: str
+ required: false
username:
description:
- FortiOS or FortiGate username.
- required: true
+ type: str
+ required: false
password:
description:
- FortiOS or FortiGate password.
+ type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
+ type: str
default: root
https:
description:
- - Indicates if the requests towards FortiGate must use HTTPS
- protocol
+ - Indicates if the requests towards FortiGate must use HTTPS protocol.
+ type: bool
+ default: true
+ ssl_verify:
+ description:
+ - Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
+ version_added: 2.9
log_memory_filter:
description:
- Filters for memory buffer.
default: null
+ type: dict
suboptions:
admin:
description:
- Enable/disable admin login/logout logging.
+ type: str
choices:
- enable
- disable
anomaly:
description:
- Enable/disable anomaly logging.
+ type: str
choices:
- enable
- disable
auth:
description:
- Enable/disable firewall authentication logging.
+ type: str
choices:
- enable
- disable
- cpu-memory-usage:
+ cpu_memory_usage:
description:
- Enable/disable CPU & memory usage logging every 5 minutes.
+ type: str
choices:
- enable
- disable
dhcp:
description:
- Enable/disable DHCP service messages logging.
+ type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
+ type: str
choices:
- enable
- disable
event:
description:
- Enable/disable event logging.
+ type: str
choices:
- enable
- disable
filter:
description:
- Memory log filter.
- filter-type:
+ type: str
+ filter_type:
description:
- Include/exclude logs that match the filter.
+ type: str
choices:
- include
- exclude
- forward-traffic:
+ forward_traffic:
description:
- Enable/disable forward traffic logging.
+ type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
+ type: str
choices:
- enable
- disable
ha:
description:
- Enable/disable HA logging.
+ type: str
choices:
- enable
- disable
ipsec:
description:
- Enable/disable IPsec negotiation messages logging.
+ type: str
choices:
- enable
- disable
- ldb-monitor:
+ ldb_monitor:
description:
- Enable/disable VIP real server health monitoring logging.
+ type: str
choices:
- enable
- disable
- local-traffic:
+ local_traffic:
description:
- Enable/disable local in or out traffic logging.
+ type: str
choices:
- enable
- disable
- multicast-traffic:
+ multicast_traffic:
description:
- Enable/disable multicast traffic logging.
+ type: str
choices:
- enable
- disable
- netscan-discovery:
+ netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
- netscan-vulnerability:
+ type: str
+ netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
+ type: str
pattern:
description:
- Enable/disable pattern update logging.
+ type: str
choices:
- enable
- disable
ppp:
description:
- Enable/disable L2TP/PPTP/PPPoE logging.
+ type: str
choices:
- enable
- disable
radius:
description:
- Enable/disable RADIUS messages logging.
+ type: str
choices:
- enable
- disable
severity:
description:
- Log every message above and including this severity level.
+ type: str
choices:
- emergency
- alert
@@ -201,63 +230,73 @@ options:
- notification
- information
- debug
- sniffer-traffic:
+ sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
+ type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
+ type: str
choices:
- enable
- disable
- sslvpn-log-adm:
+ sslvpn_log_adm:
description:
- Enable/disable SSL administrator login logging.
+ type: str
choices:
- enable
- disable
- sslvpn-log-auth:
+ sslvpn_log_auth:
description:
- Enable/disable SSL user authentication logging.
+ type: str
choices:
- enable
- disable
- sslvpn-log-session:
+ sslvpn_log_session:
description:
- Enable/disable SSL session logging.
+ type: str
choices:
- enable
- disable
system:
description:
- Enable/disable system activity logging.
+ type: str
choices:
- enable
- disable
- vip-ssl:
+ vip_ssl:
description:
- Enable/disable VIP SSL logging.
+ type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
+ type: str
choices:
- enable
- disable
- wan-opt:
+ wan_opt:
description:
- Enable/disable WAN optimization event logging.
+ type: str
choices:
- enable
- disable
- wireless-activity:
+ wireless_activity:
description:
- Enable/disable wireless activity event logging.
+ type: str
choices:
- enable
- disable
@@ -270,6 +309,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
+ ssl_verify: "False"
tasks:
- name: Filters for memory buffer.
fortios_log_memory_filter:
@@ -282,35 +322,35 @@ EXAMPLES = '''
admin: "enable"
anomaly: "enable"
auth: "enable"
- cpu-memory-usage: "enable"
+ cpu_memory_usage: "enable"
dhcp: "enable"
dns: "enable"
event: "enable"
filter: ""
- filter-type: "include"
- forward-traffic: "enable"
+ filter_type: "include"
+ forward_traffic: "enable"
gtp: "enable"
ha: "enable"
ipsec: "enable"
- ldb-monitor: "enable"
- local-traffic: "enable"
- multicast-traffic: "enable"
- netscan-discovery: ""
- netscan-vulnerability: ""
+ ldb_monitor: "enable"
+ local_traffic: "enable"
+ multicast_traffic: "enable"
+ netscan_discovery: ""
+ netscan_vulnerability: ""
pattern: "enable"
ppp: "enable"
radius: "enable"
severity: "emergency"
- sniffer-traffic: "enable"
+ sniffer_traffic: "enable"
ssh: "enable"
- sslvpn-log-adm: "enable"
- sslvpn-log-auth: "enable"
- sslvpn-log-session: "enable"
+ sslvpn_log_adm: "enable"
+ sslvpn_log_auth: "enable"
+ sslvpn_log_session: "enable"
system: "enable"
- vip-ssl: "enable"
+ vip_ssl: "enable"
voip: "enable"
- wan-opt: "enable"
- wireless-activity: "enable"
+ wan_opt: "enable"
+ wireless_activity: "enable"
'''
RETURN = '''
@@ -373,14 +413,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
-
-fos = None
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
-def login(data):
+def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
+ ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@@ -388,21 +430,21 @@ def login(data):
else:
fos.https('on')
- fos.login(host, username, password)
+ fos.login(host, username, password, verify=ssl_verify)
def filter_log_memory_filter_data(json):
option_list = ['admin', 'anomaly', 'auth',
- 'cpu-memory-usage', 'dhcp', 'dns',
- 'event', 'filter', 'filter-type',
- 'forward-traffic', 'gtp', 'ha',
- 'ipsec', 'ldb-monitor', 'local-traffic',
- 'multicast-traffic', 'netscan-discovery', 'netscan-vulnerability',
+ 'cpu_memory_usage', 'dhcp', 'dns',
+ 'event', 'filter', 'filter_type',
+ 'forward_traffic', 'gtp', 'ha',
+ 'ipsec', 'ldb_monitor', 'local_traffic',
+ 'multicast_traffic', 'netscan_discovery', 'netscan_vulnerability',
'pattern', 'ppp', 'radius',
- 'severity', 'sniffer-traffic', 'ssh',
- 'sslvpn-log-adm', 'sslvpn-log-auth', 'sslvpn-log-session',
- 'system', 'vip-ssl', 'voip',
- 'wan-opt', 'wireless-activity']
+ 'severity', 'sniffer_traffic', 'ssh',
+ 'sslvpn_log_adm', 'sslvpn_log_auth', 'sslvpn_log_session',
+ 'system', 'vip_ssl', 'voip',
+ 'wan_opt', 'wireless_activity']
dictionary = {}
for attribute in option_list:
@@ -412,17 +454,15 @@ def filter_log_memory_filter_data(json):
return dictionary
-def flatten_multilists_attributes(data):
- multilist_attrs = []
-
- for attr in multilist_attrs:
- try:
- path = "data['" + "']['".join(elem for elem in attr) + "']"
- current_val = eval(path)
- flattened_val = ' '.join(elem for elem in current_val)
- exec(path + '= flattened_val')
- except BaseException:
- pass
+def underscore_to_hyphen(data):
+ if isinstance(data, list):
+ for elem in data:
+ elem = underscore_to_hyphen(elem)
+ elif isinstance(data, dict):
+ new_data = {}
+ for k, v in data.items():
+ new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
+ data = new_data
return data
@@ -430,33 +470,39 @@ def flatten_multilists_attributes(data):
def log_memory_filter(data, fos):
vdom = data['vdom']
log_memory_filter_data = data['log_memory_filter']
- flattened_data = flatten_multilists_attributes(log_memory_filter_data)
- filtered_data = filter_log_memory_filter_data(flattened_data)
+ filtered_data = underscore_to_hyphen(filter_log_memory_filter_data(log_memory_filter_data))
+
return fos.set('log.memory',
'filter',
data=filtered_data,
vdom=vdom)
+def is_successful_status(status):
+ return status['status'] == "success" or \
+ status['http_method'] == "DELETE" and status['http_status'] == 404
+
+
def fortios_log_memory(data, fos):
- login(data)
if data['log_memory_filter']:
resp = log_memory_filter(data, fos)
- fos.logout()
- return not resp['status'] == "success", resp['status'] == "success", resp
+ return not is_successful_status(resp), \
+ resp['status'] == "success", \
+ resp
def main():
fields = {
- "host": {"required": True, "type": "str"},
- "username": {"required": True, "type": "str"},
- "password": {"required": False, "type": "str", "no_log": True},
+ "host": {"required": False, "type": "str"},
+ "username": {"required": False, "type": "str"},
+ "password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
+ "ssl_verify": {"required": False, "type": "bool", "default": True},
"log_memory_filter": {
- "required": False, "type": "dict",
+ "required": False, "type": "dict", "default": None,
"options": {
"admin": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@@ -464,7 +510,7 @@ def main():
"choices": ["enable", "disable"]},
"auth": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "cpu-memory-usage": {"required": False, "type": "str",
+ "cpu_memory_usage": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dhcp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@@ -473,9 +519,9 @@ def main():
"event": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
- "filter-type": {"required": False, "type": "str",
+ "filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
- "forward-traffic": {"required": False, "type": "str",
+ "forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@@ -483,14 +529,14 @@ def main():
"choices": ["enable", "disable"]},
"ipsec": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "ldb-monitor": {"required": False, "type": "str",
+ "ldb_monitor": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "local-traffic": {"required": False, "type": "str",
+ "local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "multicast-traffic": {"required": False, "type": "str",
+ "multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "netscan-discovery": {"required": False, "type": "str"},
- "netscan-vulnerability": {"required": False, "type": "str"},
+ "netscan_discovery": {"required": False, "type": "str"},
+ "netscan_vulnerability": {"required": False, "type": "str"},
"pattern": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ppp": {"required": False, "type": "str",
@@ -501,25 +547,25 @@ def main():
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
- "sniffer-traffic": {"required": False, "type": "str",
+ "sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "sslvpn-log-adm": {"required": False, "type": "str",
+ "sslvpn_log_adm": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "sslvpn-log-auth": {"required": False, "type": "str",
+ "sslvpn_log_auth": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "sslvpn-log-session": {"required": False, "type": "str",
+ "sslvpn_log_session": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"system": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "vip-ssl": {"required": False, "type": "str",
+ "vip_ssl": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"voip": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "wan-opt": {"required": False, "type": "str",
+ "wan_opt": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
- "wireless-activity": {"required": False, "type": "str",
+ "wireless_activity": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
@@ -528,15 +574,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
- try:
- from fortiosapi import FortiOSAPI
- except ImportError:
- module.fail_json(msg="fortiosapi module is required")
- global fos
- fos = FortiOSAPI()
+ # legacy_mode refers to using fortiosapi instead of HTTPAPI
+ legacy_mode = 'host' in module.params and module.params['host'] is not None and \
+ 'username' in module.params and module.params['username'] is not None and \
+ 'password' in module.params and module.params['password'] is not None
+
+ if not legacy_mode:
+ if module._socket_path:
+ connection = Connection(module._socket_path)
+ fos = FortiOSHandler(connection)
+
+ is_error, has_changed, result = fortios_log_memory(module.params, fos)
+ else:
+ module.fail_json(**FAIL_SOCKET_MSG)
+ else:
+ try:
+ from fortiosapi import FortiOSAPI
+ except ImportError:
+ module.fail_json(msg="fortiosapi module is required")
+
+ fos = FortiOSAPI()
- is_error, has_changed, result = fortios_log_memory(module.params, fos)
+ login(module.params, fos)
+ is_error, has_changed, result = fortios_log_memory(module.params, fos)
+ fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
diff --git a/test/sanity/ignore.txt b/test/sanity/ignore.txt
index 548b5c327f3..c0a33abbdde 100644
--- a/test/sanity/ignore.txt
+++ b/test/sanity/ignore.txt
@@ -3693,47 +3693,8 @@ lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy.py validate-modu
lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy6.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_firewall_policy.py validate-modules:E326
lib/ansible/modules/network/fortios/fortios_firewall_sniffer.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_ips_sensor.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_ips_sensor.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_ips_settings.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_ips_settings.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_ipv4_policy.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_ipv4_policy.py validate-modules:E338
-lib/ansible/modules/network/fortios/fortios_log_custom_field.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_disk_filter.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_disk_filter.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_disk_setting.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_disk_setting.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_eventfilter.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_eventfilter.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_filter.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_filter.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_setting.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_setting.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_filter.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_filter.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_setting.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_setting.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_filter.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_filter.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_filter.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_filter.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_setting.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_setting.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_setting.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_setting.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_fortiguard_filter.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_fortiguard_filter.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_filter.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_filter.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_setting.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_setting.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_fortiguard_setting.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_fortiguard_setting.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_gui_display.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_gui_display.py validate-modules:E337
-lib/ansible/modules/network/fortios/fortios_log_memory_filter.py validate-modules:E336
-lib/ansible/modules/network/fortios/fortios_log_memory_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_memory_global_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_memory_global_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_memory_setting.py validate-modules:E337
diff --git a/test/units/modules/network/fortios/test_fortios_ips_sensor.py b/test/units/modules/network/fortios/test_fortios_ips_sensor.py
new file mode 100644
index 00000000000..dad537080c4
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_ips_sensor.py
@@ -0,0 +1,239 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_ips_sensor
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_ips_sensor.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_ips_sensor_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'ips_sensor': {
+ 'block_malicious_url': 'disable',
+ 'comment': 'Comment.',
+ 'extended_log': 'enable',
+ 'name': 'default_name_6',
+ 'replacemsg_group': 'test_value_7'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance)
+
+ expected_data = {
+ 'block-malicious-url': 'disable',
+ 'comment': 'Comment.',
+ 'extended-log': 'enable',
+ 'name': 'default_name_6',
+ 'replacemsg-group': 'test_value_7'
+ }
+
+ set_method_mock.assert_called_with('ips', 'sensor', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_ips_sensor_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'ips_sensor': {
+ 'block_malicious_url': 'disable',
+ 'comment': 'Comment.',
+ 'extended_log': 'enable',
+ 'name': 'default_name_6',
+ 'replacemsg_group': 'test_value_7'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance)
+
+ expected_data = {
+ 'block-malicious-url': 'disable',
+ 'comment': 'Comment.',
+ 'extended-log': 'enable',
+ 'name': 'default_name_6',
+ 'replacemsg-group': 'test_value_7'
+ }
+
+ set_method_mock.assert_called_with('ips', 'sensor', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_ips_sensor_removal(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'absent',
+ 'ips_sensor': {
+ 'block_malicious_url': 'disable',
+ 'comment': 'Comment.',
+ 'extended_log': 'enable',
+ 'name': 'default_name_6',
+ 'replacemsg_group': 'test_value_7'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance)
+
+ delete_method_mock.assert_called_with('ips', 'sensor', mkey=ANY, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_ips_sensor_deletion_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'absent',
+ 'ips_sensor': {
+ 'block_malicious_url': 'disable',
+ 'comment': 'Comment.',
+ 'extended_log': 'enable',
+ 'name': 'default_name_6',
+ 'replacemsg_group': 'test_value_7'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance)
+
+ delete_method_mock.assert_called_with('ips', 'sensor', mkey=ANY, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_ips_sensor_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'ips_sensor': {
+ 'block_malicious_url': 'disable',
+ 'comment': 'Comment.',
+ 'extended_log': 'enable',
+ 'name': 'default_name_6',
+ 'replacemsg_group': 'test_value_7'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance)
+
+ expected_data = {
+ 'block-malicious-url': 'disable',
+ 'comment': 'Comment.',
+ 'extended-log': 'enable',
+ 'name': 'default_name_6',
+ 'replacemsg-group': 'test_value_7'
+ }
+
+ set_method_mock.assert_called_with('ips', 'sensor', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_ips_sensor_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'ips_sensor': {
+ 'random_attribute_not_valid': 'tag',
+ 'block_malicious_url': 'disable',
+ 'comment': 'Comment.',
+ 'extended_log': 'enable',
+ 'name': 'default_name_6',
+ 'replacemsg_group': 'test_value_7'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance)
+
+ expected_data = {
+ 'block-malicious-url': 'disable',
+ 'comment': 'Comment.',
+ 'extended-log': 'enable',
+ 'name': 'default_name_6',
+ 'replacemsg-group': 'test_value_7'
+ }
+
+ set_method_mock.assert_called_with('ips', 'sensor', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_ips_settings.py b/test/units/modules/network/fortios/test_fortios_ips_settings.py
new file mode 100644
index 00000000000..00132bcd835
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_ips_settings.py
@@ -0,0 +1,175 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_ips_settings
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_ips_settings.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_ips_settings_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'ips_settings': {
+ 'ips_packet_quota': '3',
+ 'packet_log_history': '4',
+ 'packet_log_memory': '5',
+ 'packet_log_post_attack': '6'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_ips_settings.fortios_ips(input_data, fos_instance)
+
+ expected_data = {
+ 'ips-packet-quota': '3',
+ 'packet-log-history': '4',
+ 'packet-log-memory': '5',
+ 'packet-log-post-attack': '6'
+ }
+
+ set_method_mock.assert_called_with('ips', 'settings', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_ips_settings_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'ips_settings': {
+ 'ips_packet_quota': '3',
+ 'packet_log_history': '4',
+ 'packet_log_memory': '5',
+ 'packet_log_post_attack': '6'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_ips_settings.fortios_ips(input_data, fos_instance)
+
+ expected_data = {
+ 'ips-packet-quota': '3',
+ 'packet-log-history': '4',
+ 'packet-log-memory': '5',
+ 'packet-log-post-attack': '6'
+ }
+
+ set_method_mock.assert_called_with('ips', 'settings', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_ips_settings_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'ips_settings': {
+ 'ips_packet_quota': '3',
+ 'packet_log_history': '4',
+ 'packet_log_memory': '5',
+ 'packet_log_post_attack': '6'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_ips_settings.fortios_ips(input_data, fos_instance)
+
+ expected_data = {
+ 'ips-packet-quota': '3',
+ 'packet-log-history': '4',
+ 'packet-log-memory': '5',
+ 'packet-log-post-attack': '6'
+ }
+
+ set_method_mock.assert_called_with('ips', 'settings', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_ips_settings_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'ips_settings': {
+ 'random_attribute_not_valid': 'tag',
+ 'ips_packet_quota': '3',
+ 'packet_log_history': '4',
+ 'packet_log_memory': '5',
+ 'packet_log_post_attack': '6'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_ips_settings.fortios_ips(input_data, fos_instance)
+
+ expected_data = {
+ 'ips-packet-quota': '3',
+ 'packet-log-history': '4',
+ 'packet-log-memory': '5',
+ 'packet-log-post-attack': '6'
+ }
+
+ set_method_mock.assert_called_with('ips', 'settings', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_custom_field.py b/test/units/modules/network/fortios/test_fortios_log_custom_field.py
new file mode 100644
index 00000000000..74035aa91ec
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_custom_field.py
@@ -0,0 +1,219 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_custom_field
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_custom_field.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_custom_field_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_custom_field': {
+ 'id': '3',
+ 'name': 'default_name_4',
+ 'value': 'test_value_5'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance)
+
+ expected_data = {
+ 'id': '3',
+ 'name': 'default_name_4',
+ 'value': 'test_value_5'
+ }
+
+ set_method_mock.assert_called_with('log', 'custom-field', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_custom_field_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_custom_field': {
+ 'id': '3',
+ 'name': 'default_name_4',
+ 'value': 'test_value_5'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance)
+
+ expected_data = {
+ 'id': '3',
+ 'name': 'default_name_4',
+ 'value': 'test_value_5'
+ }
+
+ set_method_mock.assert_called_with('log', 'custom-field', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_custom_field_removal(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'absent',
+ 'log_custom_field': {
+ 'id': '3',
+ 'name': 'default_name_4',
+ 'value': 'test_value_5'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance)
+
+ delete_method_mock.assert_called_with('log', 'custom-field', mkey=ANY, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_custom_field_deletion_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'absent',
+ 'log_custom_field': {
+ 'id': '3',
+ 'name': 'default_name_4',
+ 'value': 'test_value_5'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance)
+
+ delete_method_mock.assert_called_with('log', 'custom-field', mkey=ANY, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_custom_field_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_custom_field': {
+ 'id': '3',
+ 'name': 'default_name_4',
+ 'value': 'test_value_5'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance)
+
+ expected_data = {
+ 'id': '3',
+ 'name': 'default_name_4',
+ 'value': 'test_value_5'
+ }
+
+ set_method_mock.assert_called_with('log', 'custom-field', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_custom_field_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_custom_field': {
+ 'random_attribute_not_valid': 'tag',
+ 'id': '3',
+ 'name': 'default_name_4',
+ 'value': 'test_value_5'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance)
+
+ expected_data = {
+ 'id': '3',
+ 'name': 'default_name_4',
+ 'value': 'test_value_5'
+ }
+
+ set_method_mock.assert_called_with('log', 'custom-field', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_disk_filter.py b/test/units/modules/network/fortios/test_fortios_log_disk_filter.py
new file mode 100644
index 00000000000..6ffef21cdb0
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_disk_filter.py
@@ -0,0 +1,407 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_disk_filter
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_disk_filter.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_disk_filter_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_disk_filter': {
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu_memory_usage': 'enable',
+ 'dhcp': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_11',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb_monitor': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_20,',
+ 'netscan_vulnerability': 'test_value_21,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn_log_adm': 'enable',
+ 'sslvpn_log_auth': 'enable',
+ 'sslvpn_log_session': 'enable',
+ 'system': 'enable',
+ 'vip_ssl': 'enable',
+ 'voip': 'enable',
+ 'wan_opt': 'enable',
+ 'wireless_activity': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_disk_filter.fortios_log_disk(input_data, fos_instance)
+
+ expected_data = {
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu-memory-usage': 'enable',
+ 'dhcp': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_11',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb-monitor': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_20,',
+ 'netscan-vulnerability': 'test_value_21,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn-log-adm': 'enable',
+ 'sslvpn-log-auth': 'enable',
+ 'sslvpn-log-session': 'enable',
+ 'system': 'enable',
+ 'vip-ssl': 'enable',
+ 'voip': 'enable',
+ 'wan-opt': 'enable',
+ 'wireless-activity': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.disk', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_disk_filter_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_disk_filter': {
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu_memory_usage': 'enable',
+ 'dhcp': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_11',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb_monitor': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_20,',
+ 'netscan_vulnerability': 'test_value_21,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn_log_adm': 'enable',
+ 'sslvpn_log_auth': 'enable',
+ 'sslvpn_log_session': 'enable',
+ 'system': 'enable',
+ 'vip_ssl': 'enable',
+ 'voip': 'enable',
+ 'wan_opt': 'enable',
+ 'wireless_activity': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_disk_filter.fortios_log_disk(input_data, fos_instance)
+
+ expected_data = {
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu-memory-usage': 'enable',
+ 'dhcp': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_11',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb-monitor': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_20,',
+ 'netscan-vulnerability': 'test_value_21,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn-log-adm': 'enable',
+ 'sslvpn-log-auth': 'enable',
+ 'sslvpn-log-session': 'enable',
+ 'system': 'enable',
+ 'vip-ssl': 'enable',
+ 'voip': 'enable',
+ 'wan-opt': 'enable',
+ 'wireless-activity': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.disk', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_disk_filter_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_disk_filter': {
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu_memory_usage': 'enable',
+ 'dhcp': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_11',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb_monitor': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_20,',
+ 'netscan_vulnerability': 'test_value_21,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn_log_adm': 'enable',
+ 'sslvpn_log_auth': 'enable',
+ 'sslvpn_log_session': 'enable',
+ 'system': 'enable',
+ 'vip_ssl': 'enable',
+ 'voip': 'enable',
+ 'wan_opt': 'enable',
+ 'wireless_activity': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_disk_filter.fortios_log_disk(input_data, fos_instance)
+
+ expected_data = {
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu-memory-usage': 'enable',
+ 'dhcp': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_11',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb-monitor': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_20,',
+ 'netscan-vulnerability': 'test_value_21,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn-log-adm': 'enable',
+ 'sslvpn-log-auth': 'enable',
+ 'sslvpn-log-session': 'enable',
+ 'system': 'enable',
+ 'vip-ssl': 'enable',
+ 'voip': 'enable',
+ 'wan-opt': 'enable',
+ 'wireless-activity': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.disk', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_disk_filter_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_disk_filter': {
+ 'random_attribute_not_valid': 'tag',
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu_memory_usage': 'enable',
+ 'dhcp': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_11',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb_monitor': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_20,',
+ 'netscan_vulnerability': 'test_value_21,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn_log_adm': 'enable',
+ 'sslvpn_log_auth': 'enable',
+ 'sslvpn_log_session': 'enable',
+ 'system': 'enable',
+ 'vip_ssl': 'enable',
+ 'voip': 'enable',
+ 'wan_opt': 'enable',
+ 'wireless_activity': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_disk_filter.fortios_log_disk(input_data, fos_instance)
+
+ expected_data = {
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu-memory-usage': 'enable',
+ 'dhcp': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_11',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb-monitor': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_20,',
+ 'netscan-vulnerability': 'test_value_21,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn-log-adm': 'enable',
+ 'sslvpn-log-auth': 'enable',
+ 'sslvpn-log-session': 'enable',
+ 'system': 'enable',
+ 'vip-ssl': 'enable',
+ 'voip': 'enable',
+ 'wan-opt': 'enable',
+ 'wireless-activity': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.disk', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_disk_setting.py b/test/units/modules/network/fortios/test_fortios_log_disk_setting.py
new file mode 100644
index 00000000000..17515716785
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_disk_setting.py
@@ -0,0 +1,367 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_disk_setting
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_disk_setting.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_disk_setting_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_disk_setting': {
+ 'diskfull': 'overwrite',
+ 'dlp_archive_quota': '4',
+ 'full_final_warning_threshold': '5',
+ 'full_first_warning_threshold': '6',
+ 'full_second_warning_threshold': '7',
+ 'ips_archive': 'enable',
+ 'log_quota': '9',
+ 'max_log_file_size': '10',
+ 'max_policy_packet_capture_size': '11',
+ 'maximum_log_age': '12',
+ 'report_quota': '13',
+ 'roll_day': 'sunday',
+ 'roll_schedule': 'daily',
+ 'roll_time': 'test_value_16',
+ 'source_ip': '84.230.14.17',
+ 'status': 'enable',
+ 'upload': 'enable',
+ 'upload_delete_files': 'enable',
+ 'upload_destination': 'ftp-server',
+ 'upload_ssl_conn': 'default',
+ 'uploaddir': 'test_value_23',
+ 'uploadip': 'test_value_24',
+ 'uploadpass': 'test_value_25',
+ 'uploadport': '26',
+ 'uploadsched': 'disable',
+ 'uploadtime': 'test_value_28',
+ 'uploadtype': 'traffic',
+ 'uploaduser': 'test_value_30'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_disk_setting.fortios_log_disk(input_data, fos_instance)
+
+ expected_data = {
+ 'diskfull': 'overwrite',
+ 'dlp-archive-quota': '4',
+ 'full-final-warning-threshold': '5',
+ 'full-first-warning-threshold': '6',
+ 'full-second-warning-threshold': '7',
+ 'ips-archive': 'enable',
+ 'log-quota': '9',
+ 'max-log-file-size': '10',
+ 'max-policy-packet-capture-size': '11',
+ 'maximum-log-age': '12',
+ 'report-quota': '13',
+ 'roll-day': 'sunday',
+ 'roll-schedule': 'daily',
+ 'roll-time': 'test_value_16',
+ 'source-ip': '84.230.14.17',
+ 'status': 'enable',
+ 'upload': 'enable',
+ 'upload-delete-files': 'enable',
+ 'upload-destination': 'ftp-server',
+ 'upload-ssl-conn': 'default',
+ 'uploaddir': 'test_value_23',
+ 'uploadip': 'test_value_24',
+ 'uploadpass': 'test_value_25',
+ 'uploadport': '26',
+ 'uploadsched': 'disable',
+ 'uploadtime': 'test_value_28',
+ 'uploadtype': 'traffic',
+ 'uploaduser': 'test_value_30'
+ }
+
+ set_method_mock.assert_called_with('log.disk', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_disk_setting_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_disk_setting': {
+ 'diskfull': 'overwrite',
+ 'dlp_archive_quota': '4',
+ 'full_final_warning_threshold': '5',
+ 'full_first_warning_threshold': '6',
+ 'full_second_warning_threshold': '7',
+ 'ips_archive': 'enable',
+ 'log_quota': '9',
+ 'max_log_file_size': '10',
+ 'max_policy_packet_capture_size': '11',
+ 'maximum_log_age': '12',
+ 'report_quota': '13',
+ 'roll_day': 'sunday',
+ 'roll_schedule': 'daily',
+ 'roll_time': 'test_value_16',
+ 'source_ip': '84.230.14.17',
+ 'status': 'enable',
+ 'upload': 'enable',
+ 'upload_delete_files': 'enable',
+ 'upload_destination': 'ftp-server',
+ 'upload_ssl_conn': 'default',
+ 'uploaddir': 'test_value_23',
+ 'uploadip': 'test_value_24',
+ 'uploadpass': 'test_value_25',
+ 'uploadport': '26',
+ 'uploadsched': 'disable',
+ 'uploadtime': 'test_value_28',
+ 'uploadtype': 'traffic',
+ 'uploaduser': 'test_value_30'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_disk_setting.fortios_log_disk(input_data, fos_instance)
+
+ expected_data = {
+ 'diskfull': 'overwrite',
+ 'dlp-archive-quota': '4',
+ 'full-final-warning-threshold': '5',
+ 'full-first-warning-threshold': '6',
+ 'full-second-warning-threshold': '7',
+ 'ips-archive': 'enable',
+ 'log-quota': '9',
+ 'max-log-file-size': '10',
+ 'max-policy-packet-capture-size': '11',
+ 'maximum-log-age': '12',
+ 'report-quota': '13',
+ 'roll-day': 'sunday',
+ 'roll-schedule': 'daily',
+ 'roll-time': 'test_value_16',
+ 'source-ip': '84.230.14.17',
+ 'status': 'enable',
+ 'upload': 'enable',
+ 'upload-delete-files': 'enable',
+ 'upload-destination': 'ftp-server',
+ 'upload-ssl-conn': 'default',
+ 'uploaddir': 'test_value_23',
+ 'uploadip': 'test_value_24',
+ 'uploadpass': 'test_value_25',
+ 'uploadport': '26',
+ 'uploadsched': 'disable',
+ 'uploadtime': 'test_value_28',
+ 'uploadtype': 'traffic',
+ 'uploaduser': 'test_value_30'
+ }
+
+ set_method_mock.assert_called_with('log.disk', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_disk_setting_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_disk_setting': {
+ 'diskfull': 'overwrite',
+ 'dlp_archive_quota': '4',
+ 'full_final_warning_threshold': '5',
+ 'full_first_warning_threshold': '6',
+ 'full_second_warning_threshold': '7',
+ 'ips_archive': 'enable',
+ 'log_quota': '9',
+ 'max_log_file_size': '10',
+ 'max_policy_packet_capture_size': '11',
+ 'maximum_log_age': '12',
+ 'report_quota': '13',
+ 'roll_day': 'sunday',
+ 'roll_schedule': 'daily',
+ 'roll_time': 'test_value_16',
+ 'source_ip': '84.230.14.17',
+ 'status': 'enable',
+ 'upload': 'enable',
+ 'upload_delete_files': 'enable',
+ 'upload_destination': 'ftp-server',
+ 'upload_ssl_conn': 'default',
+ 'uploaddir': 'test_value_23',
+ 'uploadip': 'test_value_24',
+ 'uploadpass': 'test_value_25',
+ 'uploadport': '26',
+ 'uploadsched': 'disable',
+ 'uploadtime': 'test_value_28',
+ 'uploadtype': 'traffic',
+ 'uploaduser': 'test_value_30'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_disk_setting.fortios_log_disk(input_data, fos_instance)
+
+ expected_data = {
+ 'diskfull': 'overwrite',
+ 'dlp-archive-quota': '4',
+ 'full-final-warning-threshold': '5',
+ 'full-first-warning-threshold': '6',
+ 'full-second-warning-threshold': '7',
+ 'ips-archive': 'enable',
+ 'log-quota': '9',
+ 'max-log-file-size': '10',
+ 'max-policy-packet-capture-size': '11',
+ 'maximum-log-age': '12',
+ 'report-quota': '13',
+ 'roll-day': 'sunday',
+ 'roll-schedule': 'daily',
+ 'roll-time': 'test_value_16',
+ 'source-ip': '84.230.14.17',
+ 'status': 'enable',
+ 'upload': 'enable',
+ 'upload-delete-files': 'enable',
+ 'upload-destination': 'ftp-server',
+ 'upload-ssl-conn': 'default',
+ 'uploaddir': 'test_value_23',
+ 'uploadip': 'test_value_24',
+ 'uploadpass': 'test_value_25',
+ 'uploadport': '26',
+ 'uploadsched': 'disable',
+ 'uploadtime': 'test_value_28',
+ 'uploadtype': 'traffic',
+ 'uploaduser': 'test_value_30'
+ }
+
+ set_method_mock.assert_called_with('log.disk', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_disk_setting_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_disk_setting': {
+ 'random_attribute_not_valid': 'tag',
+ 'diskfull': 'overwrite',
+ 'dlp_archive_quota': '4',
+ 'full_final_warning_threshold': '5',
+ 'full_first_warning_threshold': '6',
+ 'full_second_warning_threshold': '7',
+ 'ips_archive': 'enable',
+ 'log_quota': '9',
+ 'max_log_file_size': '10',
+ 'max_policy_packet_capture_size': '11',
+ 'maximum_log_age': '12',
+ 'report_quota': '13',
+ 'roll_day': 'sunday',
+ 'roll_schedule': 'daily',
+ 'roll_time': 'test_value_16',
+ 'source_ip': '84.230.14.17',
+ 'status': 'enable',
+ 'upload': 'enable',
+ 'upload_delete_files': 'enable',
+ 'upload_destination': 'ftp-server',
+ 'upload_ssl_conn': 'default',
+ 'uploaddir': 'test_value_23',
+ 'uploadip': 'test_value_24',
+ 'uploadpass': 'test_value_25',
+ 'uploadport': '26',
+ 'uploadsched': 'disable',
+ 'uploadtime': 'test_value_28',
+ 'uploadtype': 'traffic',
+ 'uploaduser': 'test_value_30'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_disk_setting.fortios_log_disk(input_data, fos_instance)
+
+ expected_data = {
+ 'diskfull': 'overwrite',
+ 'dlp-archive-quota': '4',
+ 'full-final-warning-threshold': '5',
+ 'full-first-warning-threshold': '6',
+ 'full-second-warning-threshold': '7',
+ 'ips-archive': 'enable',
+ 'log-quota': '9',
+ 'max-log-file-size': '10',
+ 'max-policy-packet-capture-size': '11',
+ 'maximum-log-age': '12',
+ 'report-quota': '13',
+ 'roll-day': 'sunday',
+ 'roll-schedule': 'daily',
+ 'roll-time': 'test_value_16',
+ 'source-ip': '84.230.14.17',
+ 'status': 'enable',
+ 'upload': 'enable',
+ 'upload-delete-files': 'enable',
+ 'upload-destination': 'ftp-server',
+ 'upload-ssl-conn': 'default',
+ 'uploaddir': 'test_value_23',
+ 'uploadip': 'test_value_24',
+ 'uploadpass': 'test_value_25',
+ 'uploadport': '26',
+ 'uploadsched': 'disable',
+ 'uploadtime': 'test_value_28',
+ 'uploadtype': 'traffic',
+ 'uploaduser': 'test_value_30'
+ }
+
+ set_method_mock.assert_called_with('log.disk', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_eventfilter.py b/test/units/modules/network/fortios/test_fortios_log_eventfilter.py
new file mode 100644
index 00000000000..09d66d4adaa
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_eventfilter.py
@@ -0,0 +1,231 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_eventfilter
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_eventfilter.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_eventfilter_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_eventfilter': {
+ 'compliance_check': 'enable',
+ 'endpoint': 'enable',
+ 'event': 'enable',
+ 'ha': 'enable',
+ 'router': 'enable',
+ 'security_rating': 'enable',
+ 'system': 'enable',
+ 'user': 'enable',
+ 'vpn': 'enable',
+ 'wan_opt': 'enable',
+ 'wireless_activity': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_eventfilter.fortios_log(input_data, fos_instance)
+
+ expected_data = {
+ 'compliance-check': 'enable',
+ 'endpoint': 'enable',
+ 'event': 'enable',
+ 'ha': 'enable',
+ 'router': 'enable',
+ 'security-rating': 'enable',
+ 'system': 'enable',
+ 'user': 'enable',
+ 'vpn': 'enable',
+ 'wan-opt': 'enable',
+ 'wireless-activity': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log', 'eventfilter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_eventfilter_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_eventfilter': {
+ 'compliance_check': 'enable',
+ 'endpoint': 'enable',
+ 'event': 'enable',
+ 'ha': 'enable',
+ 'router': 'enable',
+ 'security_rating': 'enable',
+ 'system': 'enable',
+ 'user': 'enable',
+ 'vpn': 'enable',
+ 'wan_opt': 'enable',
+ 'wireless_activity': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_eventfilter.fortios_log(input_data, fos_instance)
+
+ expected_data = {
+ 'compliance-check': 'enable',
+ 'endpoint': 'enable',
+ 'event': 'enable',
+ 'ha': 'enable',
+ 'router': 'enable',
+ 'security-rating': 'enable',
+ 'system': 'enable',
+ 'user': 'enable',
+ 'vpn': 'enable',
+ 'wan-opt': 'enable',
+ 'wireless-activity': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log', 'eventfilter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_eventfilter_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_eventfilter': {
+ 'compliance_check': 'enable',
+ 'endpoint': 'enable',
+ 'event': 'enable',
+ 'ha': 'enable',
+ 'router': 'enable',
+ 'security_rating': 'enable',
+ 'system': 'enable',
+ 'user': 'enable',
+ 'vpn': 'enable',
+ 'wan_opt': 'enable',
+ 'wireless_activity': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_eventfilter.fortios_log(input_data, fos_instance)
+
+ expected_data = {
+ 'compliance-check': 'enable',
+ 'endpoint': 'enable',
+ 'event': 'enable',
+ 'ha': 'enable',
+ 'router': 'enable',
+ 'security-rating': 'enable',
+ 'system': 'enable',
+ 'user': 'enable',
+ 'vpn': 'enable',
+ 'wan-opt': 'enable',
+ 'wireless-activity': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log', 'eventfilter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_eventfilter_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_eventfilter': {
+ 'random_attribute_not_valid': 'tag',
+ 'compliance_check': 'enable',
+ 'endpoint': 'enable',
+ 'event': 'enable',
+ 'ha': 'enable',
+ 'router': 'enable',
+ 'security_rating': 'enable',
+ 'system': 'enable',
+ 'user': 'enable',
+ 'vpn': 'enable',
+ 'wan_opt': 'enable',
+ 'wireless_activity': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_eventfilter.fortios_log(input_data, fos_instance)
+
+ expected_data = {
+ 'compliance-check': 'enable',
+ 'endpoint': 'enable',
+ 'event': 'enable',
+ 'ha': 'enable',
+ 'router': 'enable',
+ 'security-rating': 'enable',
+ 'system': 'enable',
+ 'user': 'enable',
+ 'vpn': 'enable',
+ 'wan-opt': 'enable',
+ 'wireless-activity': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log', 'eventfilter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_filter.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_filter.py
new file mode 100644
index 00000000000..76436603613
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_filter.py
@@ -0,0 +1,263 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_fortianalyzer2_filter
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer2_filter.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_fortianalyzer2_filter_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer2_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer2_filter.fortios_log_fortianalyzer2(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer2', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_fortianalyzer2_filter_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer2_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer2_filter.fortios_log_fortianalyzer2(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer2', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_fortianalyzer2_filter_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer2_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer2_filter.fortios_log_fortianalyzer2(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer2', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_fortianalyzer2_filter_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer2_filter': {
+ 'random_attribute_not_valid': 'tag',
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer2_filter.fortios_log_fortianalyzer2(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer2', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_setting.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_setting.py
new file mode 100644
index 00000000000..7b1b3269d30
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_setting.py
@@ -0,0 +1,295 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_fortianalyzer2_setting
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer2_setting.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_fortianalyzer2_setting_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer2_setting': {
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source_ip': '84.230.14.15',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_18',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_21'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer2_setting.fortios_log_fortianalyzer2(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source-ip': '84.230.14.15',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_18',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_21'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer2', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_fortianalyzer2_setting_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer2_setting': {
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source_ip': '84.230.14.15',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_18',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_21'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer2_setting.fortios_log_fortianalyzer2(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source-ip': '84.230.14.15',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_18',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_21'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer2', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_fortianalyzer2_setting_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer2_setting': {
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source_ip': '84.230.14.15',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_18',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_21'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer2_setting.fortios_log_fortianalyzer2(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source-ip': '84.230.14.15',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_18',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_21'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer2', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_fortianalyzer2_setting_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer2_setting': {
+ 'random_attribute_not_valid': 'tag',
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source_ip': '84.230.14.15',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_18',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_21'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer2_setting.fortios_log_fortianalyzer2(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source-ip': '84.230.14.15',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_18',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_21'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer2', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_filter.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_filter.py
new file mode 100644
index 00000000000..325f4cace17
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_filter.py
@@ -0,0 +1,263 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_fortianalyzer3_filter
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer3_filter.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_fortianalyzer3_filter_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer3_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer3_filter.fortios_log_fortianalyzer3(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer3', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_fortianalyzer3_filter_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer3_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer3_filter.fortios_log_fortianalyzer3(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer3', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_fortianalyzer3_filter_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer3_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer3_filter.fortios_log_fortianalyzer3(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer3', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_fortianalyzer3_filter_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer3_filter': {
+ 'random_attribute_not_valid': 'tag',
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer3_filter.fortios_log_fortianalyzer3(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer3', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_setting.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_setting.py
new file mode 100644
index 00000000000..59a76a48e46
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_setting.py
@@ -0,0 +1,295 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_fortianalyzer3_setting
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer3_setting.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_fortianalyzer3_setting_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer3_setting': {
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source_ip': '84.230.14.15',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_18',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_21'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer3_setting.fortios_log_fortianalyzer3(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source-ip': '84.230.14.15',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_18',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_21'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer3', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_fortianalyzer3_setting_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer3_setting': {
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source_ip': '84.230.14.15',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_18',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_21'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer3_setting.fortios_log_fortianalyzer3(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source-ip': '84.230.14.15',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_18',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_21'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer3', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_fortianalyzer3_setting_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer3_setting': {
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source_ip': '84.230.14.15',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_18',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_21'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer3_setting.fortios_log_fortianalyzer3(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source-ip': '84.230.14.15',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_18',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_21'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer3', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_fortianalyzer3_setting_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer3_setting': {
+ 'random_attribute_not_valid': 'tag',
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source_ip': '84.230.14.15',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_18',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_21'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer3_setting.fortios_log_fortianalyzer3(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source-ip': '84.230.14.15',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_18',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_21'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer3', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_filter.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_filter.py
new file mode 100644
index 00000000000..cd3273cb330
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_filter.py
@@ -0,0 +1,263 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_fortianalyzer_filter
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer_filter.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_fortianalyzer_filter_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_filter.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_fortianalyzer_filter_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_filter.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_fortianalyzer_filter_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_filter.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_fortianalyzer_filter_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_filter': {
+ 'random_attribute_not_valid': 'tag',
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_filter.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_filter.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_filter.py
new file mode 100644
index 00000000000..30e42c9c2ad
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_filter.py
@@ -0,0 +1,263 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_fortianalyzer_override_filter
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer_override_filter.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_fortianalyzer_override_filter_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_override_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_override_filter.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'override-filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_fortianalyzer_override_filter_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_override_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_override_filter.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'override-filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_fortianalyzer_override_filter_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_override_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_override_filter.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'override-filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_fortianalyzer_override_filter_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_override_filter': {
+ 'random_attribute_not_valid': 'tag',
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_override_filter.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'override-filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_setting.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_setting.py
new file mode 100644
index 00000000000..c933de926f1
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_setting.py
@@ -0,0 +1,311 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_fortianalyzer_override_setting
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer_override_setting.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_fortianalyzer_override_setting_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_override_setting': {
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'override': 'enable',
+ 'reliable': 'enable',
+ 'server': '192.168.100.15',
+ 'source_ip': '84.230.14.16',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_19',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_22',
+ 'use_management_vdom': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_override_setting.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'override': 'enable',
+ 'reliable': 'enable',
+ 'server': '192.168.100.15',
+ 'source-ip': '84.230.14.16',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_19',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_22',
+ 'use-management-vdom': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'override-setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_fortianalyzer_override_setting_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_override_setting': {
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'override': 'enable',
+ 'reliable': 'enable',
+ 'server': '192.168.100.15',
+ 'source_ip': '84.230.14.16',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_19',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_22',
+ 'use_management_vdom': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_override_setting.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'override': 'enable',
+ 'reliable': 'enable',
+ 'server': '192.168.100.15',
+ 'source-ip': '84.230.14.16',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_19',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_22',
+ 'use-management-vdom': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'override-setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_fortianalyzer_override_setting_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_override_setting': {
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'override': 'enable',
+ 'reliable': 'enable',
+ 'server': '192.168.100.15',
+ 'source_ip': '84.230.14.16',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_19',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_22',
+ 'use_management_vdom': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_override_setting.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'override': 'enable',
+ 'reliable': 'enable',
+ 'server': '192.168.100.15',
+ 'source-ip': '84.230.14.16',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_19',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_22',
+ 'use-management-vdom': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'override-setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_fortianalyzer_override_setting_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_override_setting': {
+ 'random_attribute_not_valid': 'tag',
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'override': 'enable',
+ 'reliable': 'enable',
+ 'server': '192.168.100.15',
+ 'source_ip': '84.230.14.16',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_19',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_22',
+ 'use_management_vdom': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_override_setting.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'override': 'enable',
+ 'reliable': 'enable',
+ 'server': '192.168.100.15',
+ 'source-ip': '84.230.14.16',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_19',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_22',
+ 'use-management-vdom': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'override-setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_setting.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_setting.py
new file mode 100644
index 00000000000..6f19cf21e3e
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_setting.py
@@ -0,0 +1,295 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_fortianalyzer_setting
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer_setting.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_fortianalyzer_setting_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_setting': {
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source_ip': '84.230.14.15',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_18',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_21'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_setting.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source-ip': '84.230.14.15',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_18',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_21'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_fortianalyzer_setting_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_setting': {
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source_ip': '84.230.14.15',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_18',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_21'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_setting.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source-ip': '84.230.14.15',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_18',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_21'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_fortianalyzer_setting_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_setting': {
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source_ip': '84.230.14.15',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_18',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_21'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_setting.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source-ip': '84.230.14.15',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_18',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_21'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_fortianalyzer_setting_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortianalyzer_setting': {
+ 'random_attribute_not_valid': 'tag',
+ '__change_ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn_timeout': '5',
+ 'enc_algorithm': 'high-medium',
+ 'faz_type': '7',
+ 'hmac_algorithm': 'sha256',
+ 'ips_archive': 'enable',
+ 'mgmt_name': 'test_value_10',
+ 'monitor_failure_retry_period': '11',
+ 'monitor_keepalive_period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source_ip': '84.230.14.15',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_18',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_21'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortianalyzer_setting.fortios_log_fortianalyzer(input_data, fos_instance)
+
+ expected_data = {
+ '--change-ip': '3',
+ 'certificate': 'test_value_4',
+ 'conn-timeout': '5',
+ 'enc-algorithm': 'high-medium',
+ 'faz-type': '7',
+ 'hmac-algorithm': 'sha256',
+ 'ips-archive': 'enable',
+ 'mgmt-name': 'test_value_10',
+ 'monitor-failure-retry-period': '11',
+ 'monitor-keepalive-period': '12',
+ 'reliable': 'enable',
+ 'server': '192.168.100.14',
+ 'source-ip': '84.230.14.15',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_18',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_21'
+ }
+
+ set_method_mock.assert_called_with('log.fortianalyzer', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_fortiguard_filter.py b/test/units/modules/network/fortios/test_fortios_log_fortiguard_filter.py
new file mode 100644
index 00000000000..94bf1ff49fa
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_fortiguard_filter.py
@@ -0,0 +1,263 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_fortiguard_filter
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortiguard_filter.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_fortiguard_filter_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_filter.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_fortiguard_filter_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_filter.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_fortiguard_filter_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_filter.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_fortiguard_filter_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_filter': {
+ 'random_attribute_not_valid': 'tag',
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_filter.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_fortiguard_override_filter.py b/test/units/modules/network/fortios/test_fortios_log_fortiguard_override_filter.py
new file mode 100644
index 00000000000..b28f9d81e3c
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_fortiguard_override_filter.py
@@ -0,0 +1,263 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_fortiguard_override_filter
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortiguard_override_filter.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_fortiguard_override_filter_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_override_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_override_filter.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'override-filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_fortiguard_override_filter_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_override_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_override_filter.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'override-filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_fortiguard_override_filter_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_override_filter': {
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_override_filter.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'override-filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_fortiguard_override_filter_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_override_filter': {
+ 'random_attribute_not_valid': 'tag',
+ 'anomaly': 'enable',
+ 'dlp_archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_12,',
+ 'netscan_vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_override_filter.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'anomaly': 'enable',
+ 'dlp-archive': 'enable',
+ 'dns': 'enable',
+ 'filter': 'test_value_6',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_12,',
+ 'netscan-vulnerability': 'test_value_13,',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'voip': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'override-filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_fortiguard_override_setting.py b/test/units/modules/network/fortios/test_fortios_log_fortiguard_override_setting.py
new file mode 100644
index 00000000000..4882a1027a5
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_fortiguard_override_setting.py
@@ -0,0 +1,191 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_fortiguard_override_setting
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortiguard_override_setting.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_fortiguard_override_setting_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_override_setting': {
+ 'override': 'enable',
+ 'status': 'enable',
+ 'upload_day': 'test_value_5',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_8'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_override_setting.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'override': 'enable',
+ 'status': 'enable',
+ 'upload-day': 'test_value_5',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_8'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'override-setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_fortiguard_override_setting_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_override_setting': {
+ 'override': 'enable',
+ 'status': 'enable',
+ 'upload_day': 'test_value_5',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_8'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_override_setting.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'override': 'enable',
+ 'status': 'enable',
+ 'upload-day': 'test_value_5',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_8'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'override-setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_fortiguard_override_setting_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_override_setting': {
+ 'override': 'enable',
+ 'status': 'enable',
+ 'upload_day': 'test_value_5',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_8'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_override_setting.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'override': 'enable',
+ 'status': 'enable',
+ 'upload-day': 'test_value_5',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_8'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'override-setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_fortiguard_override_setting_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_override_setting': {
+ 'random_attribute_not_valid': 'tag',
+ 'override': 'enable',
+ 'status': 'enable',
+ 'upload_day': 'test_value_5',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_8'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_override_setting.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'override': 'enable',
+ 'status': 'enable',
+ 'upload-day': 'test_value_5',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_8'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'override-setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_fortiguard_setting.py b/test/units/modules/network/fortios/test_fortios_log_fortiguard_setting.py
new file mode 100644
index 00000000000..5978b84e3e3
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_fortiguard_setting.py
@@ -0,0 +1,207 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_fortiguard_setting
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortiguard_setting.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_fortiguard_setting_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_setting': {
+ 'enc_algorithm': 'high-medium',
+ 'source_ip': '84.230.14.4',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_7',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_10'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_setting.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'enc-algorithm': 'high-medium',
+ 'source-ip': '84.230.14.4',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_7',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_10'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_fortiguard_setting_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_setting': {
+ 'enc_algorithm': 'high-medium',
+ 'source_ip': '84.230.14.4',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_7',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_10'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_setting.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'enc-algorithm': 'high-medium',
+ 'source-ip': '84.230.14.4',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_7',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_10'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_fortiguard_setting_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_setting': {
+ 'enc_algorithm': 'high-medium',
+ 'source_ip': '84.230.14.4',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_7',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_10'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_setting.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'enc-algorithm': 'high-medium',
+ 'source-ip': '84.230.14.4',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_7',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_10'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_fortiguard_setting_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_fortiguard_setting': {
+ 'random_attribute_not_valid': 'tag',
+ 'enc_algorithm': 'high-medium',
+ 'source_ip': '84.230.14.4',
+ 'ssl_min_proto_version': 'default',
+ 'status': 'enable',
+ 'upload_day': 'test_value_7',
+ 'upload_interval': 'daily',
+ 'upload_option': 'store-and-upload',
+ 'upload_time': 'test_value_10'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_fortiguard_setting.fortios_log_fortiguard(input_data, fos_instance)
+
+ expected_data = {
+ 'enc-algorithm': 'high-medium',
+ 'source-ip': '84.230.14.4',
+ 'ssl-min-proto-version': 'default',
+ 'status': 'enable',
+ 'upload-day': 'test_value_7',
+ 'upload-interval': 'daily',
+ 'upload-option': 'store-and-upload',
+ 'upload-time': 'test_value_10'
+ }
+
+ set_method_mock.assert_called_with('log.fortiguard', 'setting', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_gui_display.py b/test/units/modules/network/fortios/test_fortios_log_gui_display.py
new file mode 100644
index 00000000000..f54b2d66fe1
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_gui_display.py
@@ -0,0 +1,167 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_gui_display
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_gui_display.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_gui_display_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_gui_display': {
+ 'fortiview_unscanned_apps': 'enable',
+ 'resolve_apps': 'enable',
+ 'resolve_hosts': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_gui_display.fortios_log(input_data, fos_instance)
+
+ expected_data = {
+ 'fortiview-unscanned-apps': 'enable',
+ 'resolve-apps': 'enable',
+ 'resolve-hosts': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log', 'gui-display', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_gui_display_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_gui_display': {
+ 'fortiview_unscanned_apps': 'enable',
+ 'resolve_apps': 'enable',
+ 'resolve_hosts': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_gui_display.fortios_log(input_data, fos_instance)
+
+ expected_data = {
+ 'fortiview-unscanned-apps': 'enable',
+ 'resolve-apps': 'enable',
+ 'resolve-hosts': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log', 'gui-display', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_gui_display_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_gui_display': {
+ 'fortiview_unscanned_apps': 'enable',
+ 'resolve_apps': 'enable',
+ 'resolve_hosts': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_gui_display.fortios_log(input_data, fos_instance)
+
+ expected_data = {
+ 'fortiview-unscanned-apps': 'enable',
+ 'resolve-apps': 'enable',
+ 'resolve-hosts': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log', 'gui-display', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_gui_display_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_gui_display': {
+ 'random_attribute_not_valid': 'tag',
+ 'fortiview_unscanned_apps': 'enable',
+ 'resolve_apps': 'enable',
+ 'resolve_hosts': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_gui_display.fortios_log(input_data, fos_instance)
+
+ expected_data = {
+ 'fortiview-unscanned-apps': 'enable',
+ 'resolve-apps': 'enable',
+ 'resolve-hosts': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log', 'gui-display', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
diff --git a/test/units/modules/network/fortios/test_fortios_log_memory_filter.py b/test/units/modules/network/fortios/test_fortios_log_memory_filter.py
new file mode 100644
index 00000000000..488709c52fe
--- /dev/null
+++ b/test/units/modules/network/fortios/test_fortios_log_memory_filter.py
@@ -0,0 +1,399 @@
+# Copyright 2019 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+from mock import ANY
+from ansible.module_utils.network.fortios.fortios import FortiOSHandler
+
+try:
+ from ansible.modules.network.fortios import fortios_log_memory_filter
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+ connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_memory_filter.Connection')
+ return connection_class_mock
+
+
+fos_instance = FortiOSHandler(connection_mock)
+
+
+def test_log_memory_filter_creation(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_memory_filter': {
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu_memory_usage': 'enable',
+ 'dhcp': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_10',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb_monitor': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_19,',
+ 'netscan_vulnerability': 'test_value_20,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn_log_adm': 'enable',
+ 'sslvpn_log_auth': 'enable',
+ 'sslvpn_log_session': 'enable',
+ 'system': 'enable',
+ 'vip_ssl': 'enable',
+ 'voip': 'enable',
+ 'wan_opt': 'enable',
+ 'wireless_activity': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_memory_filter.fortios_log_memory(input_data, fos_instance)
+
+ expected_data = {
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu-memory-usage': 'enable',
+ 'dhcp': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_10',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb-monitor': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_19,',
+ 'netscan-vulnerability': 'test_value_20,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn-log-adm': 'enable',
+ 'sslvpn-log-auth': 'enable',
+ 'sslvpn-log-session': 'enable',
+ 'system': 'enable',
+ 'vip-ssl': 'enable',
+ 'voip': 'enable',
+ 'wan-opt': 'enable',
+ 'wireless-activity': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.memory', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200
+
+
+def test_log_memory_filter_creation_fails(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_memory_filter': {
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu_memory_usage': 'enable',
+ 'dhcp': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_10',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb_monitor': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_19,',
+ 'netscan_vulnerability': 'test_value_20,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn_log_adm': 'enable',
+ 'sslvpn_log_auth': 'enable',
+ 'sslvpn_log_session': 'enable',
+ 'system': 'enable',
+ 'vip_ssl': 'enable',
+ 'voip': 'enable',
+ 'wan_opt': 'enable',
+ 'wireless_activity': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_memory_filter.fortios_log_memory(input_data, fos_instance)
+
+ expected_data = {
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu-memory-usage': 'enable',
+ 'dhcp': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_10',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb-monitor': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_19,',
+ 'netscan-vulnerability': 'test_value_20,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn-log-adm': 'enable',
+ 'sslvpn-log-auth': 'enable',
+ 'sslvpn-log-session': 'enable',
+ 'system': 'enable',
+ 'vip-ssl': 'enable',
+ 'voip': 'enable',
+ 'wan-opt': 'enable',
+ 'wireless-activity': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.memory', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 500
+
+
+def test_log_memory_filter_idempotent(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_memory_filter': {
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu_memory_usage': 'enable',
+ 'dhcp': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_10',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb_monitor': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_19,',
+ 'netscan_vulnerability': 'test_value_20,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn_log_adm': 'enable',
+ 'sslvpn_log_auth': 'enable',
+ 'sslvpn_log_session': 'enable',
+ 'system': 'enable',
+ 'vip_ssl': 'enable',
+ 'voip': 'enable',
+ 'wan_opt': 'enable',
+ 'wireless_activity': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_memory_filter.fortios_log_memory(input_data, fos_instance)
+
+ expected_data = {
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu-memory-usage': 'enable',
+ 'dhcp': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_10',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb-monitor': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_19,',
+ 'netscan-vulnerability': 'test_value_20,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn-log-adm': 'enable',
+ 'sslvpn-log-auth': 'enable',
+ 'sslvpn-log-session': 'enable',
+ 'system': 'enable',
+ 'vip-ssl': 'enable',
+ 'voip': 'enable',
+ 'wan-opt': 'enable',
+ 'wireless-activity': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.memory', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert not changed
+ assert response['status'] == 'error'
+ assert response['http_status'] == 404
+
+
+def test_log_memory_filter_filter_foreign_attributes(mocker):
+ schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
+
+ set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
+ set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
+
+ input_data = {
+ 'username': 'admin',
+ 'state': 'present',
+ 'log_memory_filter': {
+ 'random_attribute_not_valid': 'tag',
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu_memory_usage': 'enable',
+ 'dhcp': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_10',
+ 'filter_type': 'include',
+ 'forward_traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb_monitor': 'enable',
+ 'local_traffic': 'enable',
+ 'multicast_traffic': 'enable',
+ 'netscan_discovery': 'test_value_19,',
+ 'netscan_vulnerability': 'test_value_20,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer_traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn_log_adm': 'enable',
+ 'sslvpn_log_auth': 'enable',
+ 'sslvpn_log_session': 'enable',
+ 'system': 'enable',
+ 'vip_ssl': 'enable',
+ 'voip': 'enable',
+ 'wan_opt': 'enable',
+ 'wireless_activity': 'enable'
+ },
+ 'vdom': 'root'}
+
+ is_error, changed, response = fortios_log_memory_filter.fortios_log_memory(input_data, fos_instance)
+
+ expected_data = {
+ 'admin': 'enable',
+ 'anomaly': 'enable',
+ 'auth': 'enable',
+ 'cpu-memory-usage': 'enable',
+ 'dhcp': 'enable',
+ 'dns': 'enable',
+ 'event': 'enable',
+ 'filter': 'test_value_10',
+ 'filter-type': 'include',
+ 'forward-traffic': 'enable',
+ 'gtp': 'enable',
+ 'ha': 'enable',
+ 'ipsec': 'enable',
+ 'ldb-monitor': 'enable',
+ 'local-traffic': 'enable',
+ 'multicast-traffic': 'enable',
+ 'netscan-discovery': 'test_value_19,',
+ 'netscan-vulnerability': 'test_value_20,',
+ 'pattern': 'enable',
+ 'ppp': 'enable',
+ 'radius': 'enable',
+ 'severity': 'emergency',
+ 'sniffer-traffic': 'enable',
+ 'ssh': 'enable',
+ 'sslvpn-log-adm': 'enable',
+ 'sslvpn-log-auth': 'enable',
+ 'sslvpn-log-session': 'enable',
+ 'system': 'enable',
+ 'vip-ssl': 'enable',
+ 'voip': 'enable',
+ 'wan-opt': 'enable',
+ 'wireless-activity': 'enable'
+ }
+
+ set_method_mock.assert_called_with('log.memory', 'filter', data=expected_data, vdom='root')
+ schema_method_mock.assert_not_called()
+ assert not is_error
+ assert changed
+ assert response['status'] == 'success'
+ assert response['http_status'] == 200