archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

FortiOS modules for 2.9 - 7 (#61217)

Browse Source
pull/61270/head
Miguel Angel Muñoz González 5 years ago committed by Nilashish Chakraborty
parent 9d4dcc7506
commit a6b124cccc
41 changed files with 6915 additions and 1349 deletions
Show Stats Download Patch File Download Diff File

152
lib/ansible/modules/network/fortios/fortios_log_memory_global_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_memory_global_setting
short_description: Global settings for memory logging in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_memory feature and global_setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,46 +41,60 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_memory_global_setting:
description:
- Global settings for memory logging.
default: null
type: dict
suboptions:
full-final-warning-threshold:
full_final_warning_threshold:
description:
- Log full final warning threshold as a percent (3 - 100, default = 95).
full-first-warning-threshold:
- Log full final warning threshold as a percent (3 - 100).
type: int
full_first_warning_threshold:
description:
- Log full first warning threshold as a percent (1 - 98, default = 75).
full-second-warning-threshold:
- Log full first warning threshold as a percent (1 - 98).
type: int
full_second_warning_threshold:
description:
- Log full second warning threshold as a percent (2 - 99, default = 90).
max-size:
- Log full second warning threshold as a percent (2 - 99).
type: int
max_size:
description:
- Maximum amount of memory that can be used for memory logging in bytes.
type: int
'''
EXAMPLES = '''
@ -93,6 +104,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Global settings for memory logging.
fortios_log_memory_global_setting:
@ -102,10 +114,10 @@ EXAMPLES = '''
vdom: "{{ vdom }}"
https: "False"
log_memory_global_setting:
full-final-warning-threshold: "3"
full-first-warning-threshold: "4"
full-second-warning-threshold: "5"
max-size: "6"
full_final_warning_threshold: "3"
full_first_warning_threshold: "4"
full_second_warning_threshold: "5"
max_size: "6"
'''
RETURN = '''
@ -168,14 +180,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -183,12 +197,12 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_memory_global_setting_data(json):
option_list = ['full-final-warning-threshold', 'full-first-warning-threshold', 'full-second-warning-threshold',
'max-size']
option_list = ['full_final_warning_threshold', 'full_first_warning_threshold', 'full_second_warning_threshold',
'max_size']
dictionary = {}
for attribute in option_list:
@ -198,17 +212,15 @@ def filter_log_memory_global_setting_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -216,38 +228,44 @@ def flatten_multilists_attributes(data):
def log_memory_global_setting(data, fos):
vdom = data['vdom']
log_memory_global_setting_data = data['log_memory_global_setting']
flattened_data = flatten_multilists_attributes(log_memory_global_setting_data)
filtered_data = filter_log_memory_global_setting_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_memory_global_setting_data(log_memory_global_setting_data))
return fos.set('log.memory',
'global-setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_memory(data, fos):
login(data)
if data['log_memory_global_setting']:
resp = log_memory_global_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_memory_global_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"full-final-warning-threshold": {"required": False, "type": "int"},
"full-first-warning-threshold": {"required": False, "type": "int"},
"full-second-warning-threshold": {"required": False, "type": "int"},
"max-size": {"required": False, "type": "int"}
"full_final_warning_threshold": {"required": False, "type": "int"},
"full_first_warning_threshold": {"required": False, "type": "int"},
"full_second_warning_threshold": {"required": False, "type": "int"},
"max_size": {"required": False, "type": "int"}
}
}
@ -255,15 +273,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_memory(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_memory(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_memory(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

116
lib/ansible/modules/network/fortios/fortios_log_memory_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_memory_setting
short_description: Settings for memory buffer in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_memory feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,42 +41,54 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_memory_setting:
description:
- Settings for memory buffer.
default: null
type: dict
suboptions:
diskfull:
description:
- Action to take when memory is full.
type: str
choices:
- overwrite
status:
description:
- Enable/disable logging to the FortiGate's memory.
type: str
choices:
- enable
- disable
@ -92,6 +101,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Settings for memory buffer.
fortios_log_memory_setting:
@ -165,14 +175,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -180,7 +192,7 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_memory_setting_data(json):
@ -194,17 +206,15 @@ def filter_log_memory_setting_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -212,33 +222,39 @@ def flatten_multilists_attributes(data):
def log_memory_setting(data, fos):
vdom = data['vdom']
log_memory_setting_data = data['log_memory_setting']
flattened_data = flatten_multilists_attributes(log_memory_setting_data)
filtered_data = filter_log_memory_setting_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_memory_setting_data(log_memory_setting_data))
return fos.set('log.memory',
'setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_memory(data, fos):
login(data)
if data['log_memory_setting']:
resp = log_memory_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_memory_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"diskfull": {"required": False, "type": "str",
"choices": ["overwrite"]},
@ -251,15 +267,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_memory(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_memory(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_memory(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

176
lib/ansible/modules/network/fortios/fortios_log_null_device_filter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_null_device_filter
short_description: Filters for null device logging in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_null_device feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,88 +41,109 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_null_device_filter:
description:
- Filters for null device logging.
default: null
type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
filter:
description:
- Null-device log filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
severity:
description:
- Lowest severity level to log.
type: str
choices:
- emergency
- alert
@ -135,21 +153,24 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
@ -162,6 +183,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Filters for null device logging.
fortios_log_null_device_filter:
@ -174,15 +196,15 @@ EXAMPLES = '''
anomaly: "enable"
dns: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@ -247,14 +269,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -262,14 +286,14 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_null_device_filter_data(json):
option_list = ['anomaly', 'dns', 'filter',
'filter-type', 'forward-traffic', 'gtp',
'local-traffic', 'multicast-traffic', 'netscan-discovery',
'netscan-vulnerability', 'severity', 'sniffer-traffic',
'filter_type', 'forward_traffic', 'gtp',
'local_traffic', 'multicast_traffic', 'netscan_discovery',
'netscan_vulnerability', 'severity', 'sniffer_traffic',
'ssh', 'voip']
dictionary = {}
@ -280,17 +304,15 @@ def filter_log_null_device_filter_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -298,56 +320,62 @@ def flatten_multilists_attributes(data):
def log_null_device_filter(data, fos):
vdom = data['vdom']
log_null_device_filter_data = data['log_null_device_filter']
flattened_data = flatten_multilists_attributes(log_null_device_filter_data)
filtered_data = filter_log_null_device_filter_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_null_device_filter_data(log_null_device_filter_data))
return fos.set('log.null-device',
'filter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_null_device(data, fos):
login(data)
if data['log_null_device_filter']:
resp = log_null_device_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_null_device_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -360,15 +388,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_null_device(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_null_device(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_null_device(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

115
lib/ansible/modules/network/fortios/fortios_log_null_device_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_null_device_setting
short_description: Settings for null device logging in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_null_device feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,37 +41,48 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_null_device_setting:
description:
- Settings for null device logging.
default: null
type: dict
suboptions:
status:
description:
- Enable/disable statistics collection for when no external logging destination, such as FortiAnalyzer, is present (data is not saved).
type: str
choices:
- enable
- disable
@ -87,6 +95,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Settings for null device logging.
fortios_log_null_device_setting:
@ -159,14 +168,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -174,7 +185,7 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_null_device_setting_data(json):
@ -188,17 +199,15 @@ def filter_log_null_device_setting_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -206,33 +215,39 @@ def flatten_multilists_attributes(data):
def log_null_device_setting(data, fos):
vdom = data['vdom']
log_null_device_setting_data = data['log_null_device_setting']
flattened_data = flatten_multilists_attributes(log_null_device_setting_data)
filtered_data = filter_log_null_device_setting_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_null_device_setting_data(log_null_device_setting_data))
return fos.set('log.null-device',
'setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_null_device(data, fos):
login(data)
if data['log_null_device_setting']:
resp = log_null_device_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_null_device_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
@ -243,15 +258,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_null_device(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_null_device(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_null_device(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

260
lib/ansible/modules/network/fortios/fortios_log_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_setting
short_description: Configure general log settings in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,141 +41,169 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_setting:
description:
- Configure general log settings.
default: null
type: dict
suboptions:
brief-traffic-format:
brief_traffic_format:
description:
- Enable/disable brief format traffic logging.
type: str
choices:
- enable
- disable
custom-log-fields:
custom_log_fields:
description:
- Custom fields to append to all log messages.
type: list
suboptions:
field-id:
field_id:
description:
- Custom log field. Source log.custom-field.id.
required: true
daemon-log:
type: str
daemon_log:
description:
- Enable/disable daemon logging.
type: str
choices:
- enable
- disable
expolicy-implicit-log:
expolicy_implicit_log:
description:
- Enable/disable explicit proxy firewall implicit policy logging.
type: str
choices:
- enable
- disable
fwpolicy-implicit-log:
fwpolicy_implicit_log:
description:
- Enable/disable implicit firewall policy logging.
type: str
choices:
- enable
- disable
fwpolicy6-implicit-log:
fwpolicy6_implicit_log:
description:
- Enable/disable implicit firewall policy6 logging.
type: str
choices:
- enable
- disable
local-in-allow:
local_in_allow:
description:
- Enable/disable local-in-allow logging.
type: str
choices:
- enable
- disable
local-in-deny-broadcast:
local_in_deny_broadcast:
description:
- Enable/disable local-in-deny-broadcast logging.
type: str
choices:
- enable
- disable
local-in-deny-unicast:
local_in_deny_unicast:
description:
- Enable/disable local-in-deny-unicast logging.
type: str
choices:
- enable
- disable
local-out:
local_out:
description:
- Enable/disable local-out logging.
type: str
choices:
- enable
- disable
log-invalid-packet:
log_invalid_packet:
description:
- Enable/disable invalid packet traffic logging.
type: str
choices:
- enable
- disable
log-policy-comment:
log_policy_comment:
description:
- Enable/disable inserting policy comments into traffic logs.
type: str
choices:
- enable
- disable
log-policy-name:
log_policy_name:
description:
- Enable/disable inserting policy name into traffic logs.
type: str
choices:
- enable
- disable
log-user-in-upper:
log_user_in_upper:
description:
- Enable/disable logs with user-in-upper.
type: str
choices:
- enable
- disable
neighbor-event:
neighbor_event:
description:
- Enable/disable neighbor event logging.
type: str
choices:
- enable
- disable
resolve-ip:
resolve_ip:
description:
- Enable/disable adding resolved domain names to traffic logs if possible.
type: str
choices:
- enable
- disable
resolve-port:
resolve_port:
description:
- Enable/disable adding resolved service names to traffic logs.
type: str
choices:
- enable
- disable
user-anonymize:
user_anonymize:
description:
- Enable/disable anonymizing user names in log messages.
type: str
choices:
- enable
- disable
@ -191,6 +216,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure general log settings.
fortios_log_setting:
@ -200,26 +226,26 @@ EXAMPLES = '''
vdom: "{{ vdom }}"
https: "False"
log_setting:
brief-traffic-format: "enable"
custom-log-fields:
brief_traffic_format: "enable"
custom_log_fields:
-
field-id: "<your_own_value> (source log.custom-field.id)"
daemon-log: "enable"
expolicy-implicit-log: "enable"
fwpolicy-implicit-log: "enable"
fwpolicy6-implicit-log: "enable"
local-in-allow: "enable"
local-in-deny-broadcast: "enable"
local-in-deny-unicast: "enable"
local-out: "enable"
log-invalid-packet: "enable"
log-policy-comment: "enable"
log-policy-name: "enable"
log-user-in-upper: "enable"
neighbor-event: "enable"
resolve-ip: "enable"
resolve-port: "enable"
user-anonymize: "enable"
field_id: "<your_own_value> (source log.custom-field.id)"
daemon_log: "enable"
expolicy_implicit_log: "enable"
fwpolicy_implicit_log: "enable"
fwpolicy6_implicit_log: "enable"
local_in_allow: "enable"
local_in_deny_broadcast: "enable"
local_in_deny_unicast: "enable"
local_out: "enable"
log_invalid_packet: "enable"
log_policy_comment: "enable"
log_policy_name: "enable"
log_user_in_upper: "enable"
neighbor_event: "enable"
resolve_ip: "enable"
resolve_port: "enable"
user_anonymize: "enable"
'''
RETURN = '''
@ -282,14 +308,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -297,16 +325,16 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_setting_data(json):
option_list = ['brief-traffic-format', 'custom-log-fields', 'daemon-log',
'expolicy-implicit-log', 'fwpolicy-implicit-log', 'fwpolicy6-implicit-log',
'local-in-allow', 'local-in-deny-broadcast', 'local-in-deny-unicast',
'local-out', 'log-invalid-packet', 'log-policy-comment',
'log-policy-name', 'log-user-in-upper', 'neighbor-event',
'resolve-ip', 'resolve-port', 'user-anonymize']
option_list = ['brief_traffic_format', 'custom_log_fields', 'daemon_log',
'expolicy_implicit_log', 'fwpolicy_implicit_log', 'fwpolicy6_implicit_log',
'local_in_allow', 'local_in_deny_broadcast', 'local_in_deny_unicast',
'local_out', 'log_invalid_packet', 'log_policy_comment',
'log_policy_name', 'log_user_in_upper', 'neighbor_event',
'resolve_ip', 'resolve_port', 'user_anonymize']
dictionary = {}
for attribute in option_list:
@ -316,17 +344,15 @@ def filter_log_setting_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -334,71 +360,77 @@ def flatten_multilists_attributes(data):
def log_setting(data, fos):
vdom = data['vdom']
log_setting_data = data['log_setting']
flattened_data = flatten_multilists_attributes(log_setting_data)
filtered_data = filter_log_setting_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_setting_data(log_setting_data))
return fos.set('log',
'setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log(data, fos):
login(data)
if data['log_setting']:
resp = log_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"brief-traffic-format": {"required": False, "type": "str",
"brief_traffic_format": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"custom-log-fields": {"required": False, "type": "list",
"custom_log_fields": {"required": False, "type": "list",
"options": {
"field-id": {"required": True, "type": "str"}
"field_id": {"required": False, "type": "str"}
}},
"daemon-log": {"required": False, "type": "str",
"daemon_log": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"expolicy-implicit-log": {"required": False, "type": "str",
"expolicy_implicit_log": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"fwpolicy-implicit-log": {"required": False, "type": "str",
"fwpolicy_implicit_log": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"fwpolicy6-implicit-log": {"required": False, "type": "str",
"fwpolicy6_implicit_log": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-in-allow": {"required": False, "type": "str",
"local_in_allow": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-in-deny-broadcast": {"required": False, "type": "str",
"local_in_deny_broadcast": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-in-deny-unicast": {"required": False, "type": "str",
"local_in_deny_unicast": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-out": {"required": False, "type": "str",
"local_out": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"log-invalid-packet": {"required": False, "type": "str",
"log_invalid_packet": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"log-policy-comment": {"required": False, "type": "str",
"log_policy_comment": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"log-policy-name": {"required": False, "type": "str",
"log_policy_name": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"log-user-in-upper": {"required": False, "type": "str",
"log_user_in_upper": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"neighbor-event": {"required": False, "type": "str",
"neighbor_event": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"resolve-ip": {"required": False, "type": "str",
"resolve_ip": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"resolve-port": {"required": False, "type": "str",
"resolve_port": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"user-anonymize": {"required": False, "type": "str",
"user_anonymize": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
@ -407,15 +439,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

176
lib/ansible/modules/network/fortios/fortios_log_syslogd2_filter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_syslogd2_filter
short_description: Filters for remote system server in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_syslogd2 feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,88 +41,109 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_syslogd2_filter:
description:
- Filters for remote system server.
default: null
type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
filter:
description:
- Syslog 2 filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
severity:
description:
- Lowest severity level to log.
type: str
choices:
- emergency
- alert
@ -135,21 +153,24 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
@ -162,6 +183,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Filters for remote system server.
fortios_log_syslogd2_filter:
@ -174,15 +196,15 @@ EXAMPLES = '''
anomaly: "enable"
dns: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@ -247,14 +269,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -262,14 +286,14 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_syslogd2_filter_data(json):
option_list = ['anomaly', 'dns', 'filter',
'filter-type', 'forward-traffic', 'gtp',
'local-traffic', 'multicast-traffic', 'netscan-discovery',
'netscan-vulnerability', 'severity', 'sniffer-traffic',
'filter_type', 'forward_traffic', 'gtp',
'local_traffic', 'multicast_traffic', 'netscan_discovery',
'netscan_vulnerability', 'severity', 'sniffer_traffic',
'ssh', 'voip']
dictionary = {}
@ -280,17 +304,15 @@ def filter_log_syslogd2_filter_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -298,56 +320,62 @@ def flatten_multilists_attributes(data):
def log_syslogd2_filter(data, fos):
vdom = data['vdom']
log_syslogd2_filter_data = data['log_syslogd2_filter']
flattened_data = flatten_multilists_attributes(log_syslogd2_filter_data)
filtered_data = filter_log_syslogd2_filter_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_syslogd2_filter_data(log_syslogd2_filter_data))
return fos.set('log.syslogd2',
'filter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_syslogd2(data, fos):
login(data)
if data['log_syslogd2_filter']:
resp = log_syslogd2_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_syslogd2_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -360,15 +388,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_syslogd2(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_syslogd2(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_syslogd2(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

165
lib/ansible/modules/network/fortios/fortios_log_syslogd2_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_syslogd2_setting
short_description: Global settings for remote syslog server in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_syslogd2 feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,54 +41,70 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_syslogd2_setting:
description:
- Global settings for remote syslog server.
default: null
type: dict
suboptions:
certificate:
description:
- Certificate used to communicate with Syslog server. Source certificate.local.name.
custom-field-name:
type: str
custom_field_name:
description:
- Custom field name for CEF format logging.
type: list
suboptions:
custom:
description:
- Field custom name.
type: str
id:
description:
- Entry ID.
required: true
type: int
name:
description:
- Field name.
enc-algorithm:
type: str
enc_algorithm:
description:
- Enable/disable reliable syslogging with TLS encryption.
type: str
choices:
- high-medium
- high
@ -100,6 +113,7 @@ options:
facility:
description:
- Remote syslog facility.
type: str
choices:
- kernel
- user
@ -128,6 +142,7 @@ options:
format:
description:
- Log format.
type: str
choices:
- default
- csv
@ -135,6 +150,7 @@ options:
mode:
description:
- Remote syslog logging over UDP/Reliable TCP.
type: str
choices:
- udp
- legacy-reliable
@ -142,15 +158,29 @@ options:
port:
description:
- Server listen port.
type: int
server:
description:
- Address of remote syslog server.
source-ip:
type: str
source_ip:
description:
- Source IP address of syslog.
type: str
ssl_min_proto_version:
description:
- Minimum supported protocol version for SSL/TLS connections .
type: str
choices:
- default
- SSLv3
- TLSv1
- TLSv1-1
- TLSv1-2
status:
description:
- Enable/disable remote syslog logging.
type: str
choices:
- enable
- disable
@ -163,6 +193,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Global settings for remote syslog server.
fortios_log_syslogd2_setting:
@ -173,18 +204,19 @@ EXAMPLES = '''
https: "False"
log_syslogd2_setting:
certificate: "<your_own_value> (source certificate.local.name)"
custom-field-name:
custom_field_name:
-
custom: "<your_own_value>"
id: "6"
name: "default_name_7"
enc-algorithm: "high-medium"
enc_algorithm: "high-medium"
facility: "kernel"
format: "default"
mode: "udp"
port: "12"
server: "192.168.100.40"
source-ip: "84.230.14.43"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
'''
@ -248,14 +280,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
fos = None
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -263,14 +297,14 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_syslogd2_setting_data(json):
option_list = ['certificate', 'custom-field-name', 'enc-algorithm',
option_list = ['certificate', 'custom_field_name', 'enc_algorithm',
'facility', 'format', 'mode',
'port', 'server', 'source-ip',
'status']
'port', 'server', 'source_ip',
'ssl_min_proto_version', 'status']
dictionary = {}
for attribute in option_list:
@ -280,17 +314,15 @@ def filter_log_syslogd2_setting_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -298,42 +330,48 @@ def flatten_multilists_attributes(data):
def log_syslogd2_setting(data, fos):
vdom = data['vdom']
log_syslogd2_setting_data = data['log_syslogd2_setting']
flattened_data = flatten_multilists_attributes(log_syslogd2_setting_data)
filtered_data = filter_log_syslogd2_setting_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_syslogd2_setting_data(log_syslogd2_setting_data))
return fos.set('log.syslogd2',
'setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_syslogd2(data, fos):
login(data)
if data['log_syslogd2_setting']:
resp = log_syslogd2_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_syslogd2_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"certificate": {"required": False, "type": "str"},
"custom-field-name": {"required": False, "type": "list",
"custom_field_name": {"required": False, "type": "list",
"options": {
"custom": {"required": False, "type": "str"},
"id": {"required": True, "type": "int"},
"name": {"required": False, "type": "str"}
}},
"enc-algorithm": {"required": False, "type": "str",
"enc_algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low",
"disable"]},
"facility": {"required": False, "type": "str",
@ -351,7 +389,10 @@ def main():
"choices": ["udp", "legacy-reliable", "reliable"]},
"port": {"required": False, "type": "int"},
"server": {"required": False, "type": "str"},
"source-ip": {"required": False, "type": "str"},
"source_ip": {"required": False, "type": "str"},
"ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
@ -361,15 +402,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_syslogd2(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_syslogd2(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_syslogd2(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

176
lib/ansible/modules/network/fortios/fortios_log_syslogd3_filter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_syslogd3_filter
short_description: Filters for remote system server in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_syslogd3 feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,88 +41,109 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_syslogd3_filter:
description:
- Filters for remote system server.
default: null
type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
filter:
description:
- Syslog 3 filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
severity:
description:
- Lowest severity level to log.
type: str
choices:
- emergency
- alert
@ -135,21 +153,24 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
@ -162,6 +183,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Filters for remote system server.
fortios_log_syslogd3_filter:
@ -174,15 +196,15 @@ EXAMPLES = '''
anomaly: "enable"
dns: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@ -247,14 +269,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -262,14 +286,14 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_syslogd3_filter_data(json):
option_list = ['anomaly', 'dns', 'filter',
'filter-type', 'forward-traffic', 'gtp',
'local-traffic', 'multicast-traffic', 'netscan-discovery',
'netscan-vulnerability', 'severity', 'sniffer-traffic',
'filter_type', 'forward_traffic', 'gtp',
'local_traffic', 'multicast_traffic', 'netscan_discovery',
'netscan_vulnerability', 'severity', 'sniffer_traffic',
'ssh', 'voip']
dictionary = {}
@ -280,17 +304,15 @@ def filter_log_syslogd3_filter_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -298,56 +320,62 @@ def flatten_multilists_attributes(data):
def log_syslogd3_filter(data, fos):
vdom = data['vdom']
log_syslogd3_filter_data = data['log_syslogd3_filter']
flattened_data = flatten_multilists_attributes(log_syslogd3_filter_data)
filtered_data = filter_log_syslogd3_filter_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_syslogd3_filter_data(log_syslogd3_filter_data))
return fos.set('log.syslogd3',
'filter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_syslogd3(data, fos):
login(data)
if data['log_syslogd3_filter']:
resp = log_syslogd3_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_syslogd3_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -360,15 +388,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_syslogd3(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_syslogd3(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_syslogd3(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

165
lib/ansible/modules/network/fortios/fortios_log_syslogd3_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_syslogd3_setting
short_description: Global settings for remote syslog server in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_syslogd3 feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,54 +41,70 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_syslogd3_setting:
description:
- Global settings for remote syslog server.
default: null
type: dict
suboptions:
certificate:
description:
- Certificate used to communicate with Syslog server. Source certificate.local.name.
custom-field-name:
type: str
custom_field_name:
description:
- Custom field name for CEF format logging.
type: list
suboptions:
custom:
description:
- Field custom name.
type: str
id:
description:
- Entry ID.
required: true
type: int
name:
description:
- Field name.
enc-algorithm:
type: str
enc_algorithm:
description:
- Enable/disable reliable syslogging with TLS encryption.
type: str
choices:
- high-medium
- high
@ -100,6 +113,7 @@ options:
facility:
description:
- Remote syslog facility.
type: str
choices:
- kernel
- user
@ -128,6 +142,7 @@ options:
format:
description:
- Log format.
type: str
choices:
- default
- csv
@ -135,6 +150,7 @@ options:
mode:
description:
- Remote syslog logging over UDP/Reliable TCP.
type: str
choices:
- udp
- legacy-reliable
@ -142,15 +158,29 @@ options:
port:
description:
- Server listen port.
type: int
server:
description:
- Address of remote syslog server.
source-ip:
type: str
source_ip:
description:
- Source IP address of syslog.
type: str
ssl_min_proto_version:
description:
- Minimum supported protocol version for SSL/TLS connections .
type: str
choices:
- default
- SSLv3
- TLSv1
- TLSv1-1
- TLSv1-2
status:
description:
- Enable/disable remote syslog logging.
type: str
choices:
- enable
- disable
@ -163,6 +193,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Global settings for remote syslog server.
fortios_log_syslogd3_setting:
@ -173,18 +204,19 @@ EXAMPLES = '''
https: "False"
log_syslogd3_setting:
certificate: "<your_own_value> (source certificate.local.name)"
custom-field-name:
custom_field_name:
-
custom: "<your_own_value>"
id: "6"
name: "default_name_7"
enc-algorithm: "high-medium"
enc_algorithm: "high-medium"
facility: "kernel"
format: "default"
mode: "udp"
port: "12"
server: "192.168.100.40"
source-ip: "84.230.14.43"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
'''
@ -248,14 +280,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
fos = None
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -263,14 +297,14 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_syslogd3_setting_data(json):
option_list = ['certificate', 'custom-field-name', 'enc-algorithm',
option_list = ['certificate', 'custom_field_name', 'enc_algorithm',
'facility', 'format', 'mode',
'port', 'server', 'source-ip',
'status']
'port', 'server', 'source_ip',
'ssl_min_proto_version', 'status']
dictionary = {}
for attribute in option_list:
@ -280,17 +314,15 @@ def filter_log_syslogd3_setting_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -298,42 +330,48 @@ def flatten_multilists_attributes(data):
def log_syslogd3_setting(data, fos):
vdom = data['vdom']
log_syslogd3_setting_data = data['log_syslogd3_setting']
flattened_data = flatten_multilists_attributes(log_syslogd3_setting_data)
filtered_data = filter_log_syslogd3_setting_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_syslogd3_setting_data(log_syslogd3_setting_data))
return fos.set('log.syslogd3',
'setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_syslogd3(data, fos):
login(data)
if data['log_syslogd3_setting']:
resp = log_syslogd3_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_syslogd3_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"certificate": {"required": False, "type": "str"},
"custom-field-name": {"required": False, "type": "list",
"custom_field_name": {"required": False, "type": "list",
"options": {
"custom": {"required": False, "type": "str"},
"id": {"required": True, "type": "int"},
"name": {"required": False, "type": "str"}
}},
"enc-algorithm": {"required": False, "type": "str",
"enc_algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low",
"disable"]},
"facility": {"required": False, "type": "str",
@ -351,7 +389,10 @@ def main():
"choices": ["udp", "legacy-reliable", "reliable"]},
"port": {"required": False, "type": "int"},
"server": {"required": False, "type": "str"},
"source-ip": {"required": False, "type": "str"},
"source_ip": {"required": False, "type": "str"},
"ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
@ -361,15 +402,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_syslogd3(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_syslogd3(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_syslogd3(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

176
lib/ansible/modules/network/fortios/fortios_log_syslogd4_filter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_syslogd4_filter
short_description: Filters for remote system server in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_syslogd4 feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,88 +41,109 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_syslogd4_filter:
description:
- Filters for remote system server.
default: null
type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
filter:
description:
- Syslog 4 filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
severity:
description:
- Lowest severity level to log.
type: str
choices:
- emergency
- alert
@ -135,21 +153,24 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
@ -162,6 +183,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Filters for remote system server.
fortios_log_syslogd4_filter:
@ -174,15 +196,15 @@ EXAMPLES = '''
anomaly: "enable"
dns: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@ -247,14 +269,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -262,14 +286,14 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_syslogd4_filter_data(json):
option_list = ['anomaly', 'dns', 'filter',
'filter-type', 'forward-traffic', 'gtp',
'local-traffic', 'multicast-traffic', 'netscan-discovery',
'netscan-vulnerability', 'severity', 'sniffer-traffic',
'filter_type', 'forward_traffic', 'gtp',
'local_traffic', 'multicast_traffic', 'netscan_discovery',
'netscan_vulnerability', 'severity', 'sniffer_traffic',
'ssh', 'voip']
dictionary = {}
@ -280,17 +304,15 @@ def filter_log_syslogd4_filter_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -298,56 +320,62 @@ def flatten_multilists_attributes(data):
def log_syslogd4_filter(data, fos):
vdom = data['vdom']
log_syslogd4_filter_data = data['log_syslogd4_filter']
flattened_data = flatten_multilists_attributes(log_syslogd4_filter_data)
filtered_data = filter_log_syslogd4_filter_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_syslogd4_filter_data(log_syslogd4_filter_data))
return fos.set('log.syslogd4',
'filter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_syslogd4(data, fos):
login(data)
if data['log_syslogd4_filter']:
resp = log_syslogd4_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_syslogd4_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -360,15 +388,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_syslogd4(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_syslogd4(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_syslogd4(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

165
lib/ansible/modules/network/fortios/fortios_log_syslogd4_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_syslogd4_setting
short_description: Global settings for remote syslog server in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_syslogd4 feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,54 +41,70 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_syslogd4_setting:
description:
- Global settings for remote syslog server.
default: null
type: dict
suboptions:
certificate:
description:
- Certificate used to communicate with Syslog server. Source certificate.local.name.
custom-field-name:
type: str
custom_field_name:
description:
- Custom field name for CEF format logging.
type: list
suboptions:
custom:
description:
- Field custom name.
type: str
id:
description:
- Entry ID.
required: true
type: int
name:
description:
- Field name.
enc-algorithm:
type: str
enc_algorithm:
description:
- Enable/disable reliable syslogging with TLS encryption.
type: str
choices:
- high-medium
- high
@ -100,6 +113,7 @@ options:
facility:
description:
- Remote syslog facility.
type: str
choices:
- kernel
- user
@ -128,6 +142,7 @@ options:
format:
description:
- Log format.
type: str
choices:
- default
- csv
@ -135,6 +150,7 @@ options:
mode:
description:
- Remote syslog logging over UDP/Reliable TCP.
type: str
choices:
- udp
- legacy-reliable
@ -142,15 +158,29 @@ options:
port:
description:
- Server listen port.
type: int
server:
description:
- Address of remote syslog server.
source-ip:
type: str
source_ip:
description:
- Source IP address of syslog.
type: str
ssl_min_proto_version:
description:
- Minimum supported protocol version for SSL/TLS connections .
type: str
choices:
- default
- SSLv3
- TLSv1
- TLSv1-1
- TLSv1-2
status:
description:
- Enable/disable remote syslog logging.
type: str
choices:
- enable
- disable
@ -163,6 +193,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Global settings for remote syslog server.
fortios_log_syslogd4_setting:
@ -173,18 +204,19 @@ EXAMPLES = '''
https: "False"
log_syslogd4_setting:
certificate: "<your_own_value> (source certificate.local.name)"
custom-field-name:
custom_field_name:
-
custom: "<your_own_value>"
id: "6"
name: "default_name_7"
enc-algorithm: "high-medium"
enc_algorithm: "high-medium"
facility: "kernel"
format: "default"
mode: "udp"
port: "12"
server: "192.168.100.40"
source-ip: "84.230.14.43"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
'''
@ -248,14 +280,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
fos = None
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -263,14 +297,14 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_syslogd4_setting_data(json):
option_list = ['certificate', 'custom-field-name', 'enc-algorithm',
option_list = ['certificate', 'custom_field_name', 'enc_algorithm',
'facility', 'format', 'mode',
'port', 'server', 'source-ip',
'status']
'port', 'server', 'source_ip',
'ssl_min_proto_version', 'status']
dictionary = {}
for attribute in option_list:
@ -280,17 +314,15 @@ def filter_log_syslogd4_setting_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -298,42 +330,48 @@ def flatten_multilists_attributes(data):
def log_syslogd4_setting(data, fos):
vdom = data['vdom']
log_syslogd4_setting_data = data['log_syslogd4_setting']
flattened_data = flatten_multilists_attributes(log_syslogd4_setting_data)
filtered_data = filter_log_syslogd4_setting_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_syslogd4_setting_data(log_syslogd4_setting_data))
return fos.set('log.syslogd4',
'setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_syslogd4(data, fos):
login(data)
if data['log_syslogd4_setting']:
resp = log_syslogd4_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_syslogd4_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"certificate": {"required": False, "type": "str"},
"custom-field-name": {"required": False, "type": "list",
"custom_field_name": {"required": False, "type": "list",
"options": {
"custom": {"required": False, "type": "str"},
"id": {"required": True, "type": "int"},
"name": {"required": False, "type": "str"}
}},
"enc-algorithm": {"required": False, "type": "str",
"enc_algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low",
"disable"]},
"facility": {"required": False, "type": "str",
@ -351,7 +389,10 @@ def main():
"choices": ["udp", "legacy-reliable", "reliable"]},
"port": {"required": False, "type": "int"},
"server": {"required": False, "type": "str"},
"source-ip": {"required": False, "type": "str"},
"source_ip": {"required": False, "type": "str"},
"ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
@ -361,15 +402,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_syslogd4(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_syslogd4(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_syslogd4(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

176
lib/ansible/modules/network/fortios/fortios_log_syslogd_filter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_syslogd_filter
short_description: Filters for remote system server in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_syslogd feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,88 +41,109 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_syslogd_filter:
description:
- Filters for remote system server.
default: null
type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
filter:
description:
- Syslog filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
severity:
description:
- Lowest severity level to log.
type: str
choices:
- emergency
- alert
@ -135,21 +153,24 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
@ -162,6 +183,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Filters for remote system server.
fortios_log_syslogd_filter:
@ -174,15 +196,15 @@ EXAMPLES = '''
anomaly: "enable"
dns: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@ -247,14 +269,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -262,14 +286,14 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_syslogd_filter_data(json):
option_list = ['anomaly', 'dns', 'filter',
'filter-type', 'forward-traffic', 'gtp',
'local-traffic', 'multicast-traffic', 'netscan-discovery',
'netscan-vulnerability', 'severity', 'sniffer-traffic',
'filter_type', 'forward_traffic', 'gtp',
'local_traffic', 'multicast_traffic', 'netscan_discovery',
'netscan_vulnerability', 'severity', 'sniffer_traffic',
'ssh', 'voip']
dictionary = {}
@ -280,17 +304,15 @@ def filter_log_syslogd_filter_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -298,56 +320,62 @@ def flatten_multilists_attributes(data):
def log_syslogd_filter(data, fos):
vdom = data['vdom']
log_syslogd_filter_data = data['log_syslogd_filter']
flattened_data = flatten_multilists_attributes(log_syslogd_filter_data)
filtered_data = filter_log_syslogd_filter_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_syslogd_filter_data(log_syslogd_filter_data))
return fos.set('log.syslogd',
'filter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_syslogd(data, fos):
login(data)
if data['log_syslogd_filter']:
resp = log_syslogd_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_syslogd_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -360,15 +388,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_syslogd(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_syslogd(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_syslogd(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

176
lib/ansible/modules/network/fortios/fortios_log_syslogd_override_filter.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_syslogd_override_filter
short_description: Override filters for remote system server in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_syslogd feature and override_filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,88 +41,109 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_syslogd_override_filter:
description:
- Override filters for remote system server.
default: null
type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
filter:
description:
- Syslog filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
severity:
description:
- Lowest severity level to log.
type: str
choices:
- emergency
- alert
@ -135,21 +153,24 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
@ -162,6 +183,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Override filters for remote system server.
fortios_log_syslogd_override_filter:
@ -174,15 +196,15 @@ EXAMPLES = '''
anomaly: "enable"
dns: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@ -247,14 +269,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -262,14 +286,14 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_syslogd_override_filter_data(json):
option_list = ['anomaly', 'dns', 'filter',
'filter-type', 'forward-traffic', 'gtp',
'local-traffic', 'multicast-traffic', 'netscan-discovery',
'netscan-vulnerability', 'severity', 'sniffer-traffic',
'filter_type', 'forward_traffic', 'gtp',
'local_traffic', 'multicast_traffic', 'netscan_discovery',
'netscan_vulnerability', 'severity', 'sniffer_traffic',
'ssh', 'voip']
dictionary = {}
@ -280,17 +304,15 @@ def filter_log_syslogd_override_filter_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -298,56 +320,62 @@ def flatten_multilists_attributes(data):
def log_syslogd_override_filter(data, fos):
vdom = data['vdom']
log_syslogd_override_filter_data = data['log_syslogd_override_filter']
flattened_data = flatten_multilists_attributes(log_syslogd_override_filter_data)
filtered_data = filter_log_syslogd_override_filter_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_syslogd_override_filter_data(log_syslogd_override_filter_data))
return fos.set('log.syslogd',
'override-filter',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_syslogd(data, fos):
login(data)
if data['log_syslogd_override_filter']:
resp = log_syslogd_override_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_syslogd_override_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -360,15 +388,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_syslogd(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_syslogd(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_syslogd(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

164
lib/ansible/modules/network/fortios/fortios_log_syslogd_override_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_syslogd_override_setting
short_description: Override settings for remote syslog server in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_syslogd feature and override_setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,54 +41,70 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_syslogd_override_setting:
description:
- Override settings for remote syslog server.
default: null
type: dict
suboptions:
certificate:
description:
- Certificate used to communicate with Syslog server. Source certificate.local.name.
custom-field-name:
type: str
custom_field_name:
description:
- Custom field name for CEF format logging.
type: list
suboptions:
custom:
description:
- Field custom name.
type: str
id:
description:
- Entry ID.
required: true
type: int
name:
description:
- Field name.
enc-algorithm:
type: str
enc_algorithm:
description:
- Enable/disable reliable syslogging with TLS encryption.
type: str
choices:
- high-medium
- high
@ -100,6 +113,7 @@ options:
facility:
description:
- Remote syslog facility.
type: str
choices:
- kernel
- user
@ -128,6 +142,7 @@ options:
format:
description:
- Log format.
type: str
choices:
- default
- csv
@ -135,6 +150,7 @@ options:
mode:
description:
- Remote syslog logging over UDP/Reliable TCP.
type: str
choices:
- udp
- legacy-reliable
@ -142,21 +158,36 @@ options:
override:
description:
- Enable/disable override syslog settings.
type: str
choices:
- enable
- disable
port:
description:
- Server listen port.
type: int
server:
description:
- Address of remote syslog server.
source-ip:
type: str
source_ip:
description:
- Source IP address of syslog.
type: str
ssl_min_proto_version:
description:
- Minimum supported protocol version for SSL/TLS connections .
type: str
choices:
- default
- SSLv3
- TLSv1
- TLSv1-1
- TLSv1-2
status:
description:
- Enable/disable remote syslog logging.
type: str
choices:
- enable
- disable
@ -169,6 +200,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Override settings for remote syslog server.
fortios_log_syslogd_override_setting:
@ -179,19 +211,20 @@ EXAMPLES = '''
https: "False"
log_syslogd_override_setting:
certificate: "<your_own_value> (source certificate.local.name)"
custom-field-name:
custom_field_name:
-
custom: "<your_own_value>"
id: "6"
name: "default_name_7"
enc-algorithm: "high-medium"
enc_algorithm: "high-medium"
facility: "kernel"
format: "default"
mode: "udp"
override: "enable"
port: "13"
server: "192.168.100.40"
source-ip: "84.230.14.43"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
'''
@ -255,14 +288,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
fos = None
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -270,14 +305,14 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_syslogd_override_setting_data(json):
option_list = ['certificate', 'custom-field-name', 'enc-algorithm',
option_list = ['certificate', 'custom_field_name', 'enc_algorithm',
'facility', 'format', 'mode',
'override', 'port', 'server',
'source-ip', 'status']
'source_ip', 'ssl_min_proto_version', 'status']
dictionary = {}
for attribute in option_list:
@ -287,17 +322,15 @@ def filter_log_syslogd_override_setting_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -305,42 +338,48 @@ def flatten_multilists_attributes(data):
def log_syslogd_override_setting(data, fos):
vdom = data['vdom']
log_syslogd_override_setting_data = data['log_syslogd_override_setting']
flattened_data = flatten_multilists_attributes(log_syslogd_override_setting_data)
filtered_data = filter_log_syslogd_override_setting_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_syslogd_override_setting_data(log_syslogd_override_setting_data))
return fos.set('log.syslogd',
'override-setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_syslogd(data, fos):
login(data)
if data['log_syslogd_override_setting']:
resp = log_syslogd_override_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_syslogd_override_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"certificate": {"required": False, "type": "str"},
"custom-field-name": {"required": False, "type": "list",
"custom_field_name": {"required": False, "type": "list",
"options": {
"custom": {"required": False, "type": "str"},
"id": {"required": True, "type": "int"},
"name": {"required": False, "type": "str"}
}},
"enc-algorithm": {"required": False, "type": "str",
"enc_algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low",
"disable"]},
"facility": {"required": False, "type": "str",
@ -360,7 +399,10 @@ def main():
"choices": ["enable", "disable"]},
"port": {"required": False, "type": "int"},
"server": {"required": False, "type": "str"},
"source-ip": {"required": False, "type": "str"},
"source_ip": {"required": False, "type": "str"},
"ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
@ -370,15 +412,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_syslogd(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_syslogd(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_syslogd(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

165
lib/ansible/modules/network/fortios/fortios_log_syslogd_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_syslogd_setting
short_description: Global settings for remote syslog server in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_syslogd feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,54 +41,70 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_syslogd_setting:
description:
- Global settings for remote syslog server.
default: null
type: dict
suboptions:
certificate:
description:
- Certificate used to communicate with Syslog server. Source certificate.local.name.
custom-field-name:
type: str
custom_field_name:
description:
- Custom field name for CEF format logging.
type: list
suboptions:
custom:
description:
- Field custom name.
type: str
id:
description:
- Entry ID.
required: true
type: int
name:
description:
- Field name.
enc-algorithm:
type: str
enc_algorithm:
description:
- Enable/disable reliable syslogging with TLS encryption.
type: str
choices:
- high-medium
- high
@ -100,6 +113,7 @@ options:
facility:
description:
- Remote syslog facility.
type: str
choices:
- kernel
- user
@ -128,6 +142,7 @@ options:
format:
description:
- Log format.
type: str
choices:
- default
- csv
@ -135,6 +150,7 @@ options:
mode:
description:
- Remote syslog logging over UDP/Reliable TCP.
type: str
choices:
- udp
- legacy-reliable
@ -142,15 +158,29 @@ options:
port:
description:
- Server listen port.
type: int
server:
description:
- Address of remote syslog server.
source-ip:
type: str
source_ip:
description:
- Source IP address of syslog.
type: str
ssl_min_proto_version:
description:
- Minimum supported protocol version for SSL/TLS connections .
type: str
choices:
- default
- SSLv3
- TLSv1
- TLSv1-1
- TLSv1-2
status:
description:
- Enable/disable remote syslog logging.
type: str
choices:
- enable
- disable
@ -163,6 +193,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Global settings for remote syslog server.
fortios_log_syslogd_setting:
@ -173,18 +204,19 @@ EXAMPLES = '''
https: "False"
log_syslogd_setting:
certificate: "<your_own_value> (source certificate.local.name)"
custom-field-name:
custom_field_name:
-
custom: "<your_own_value>"
id: "6"
name: "default_name_7"
enc-algorithm: "high-medium"
enc_algorithm: "high-medium"
facility: "kernel"
format: "default"
mode: "udp"
port: "12"
server: "192.168.100.40"
source-ip: "84.230.14.43"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
'''
@ -248,14 +280,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
fos = None
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -263,14 +297,14 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_syslogd_setting_data(json):
option_list = ['certificate', 'custom-field-name', 'enc-algorithm',
option_list = ['certificate', 'custom_field_name', 'enc_algorithm',
'facility', 'format', 'mode',
'port', 'server', 'source-ip',
'status']
'port', 'server', 'source_ip',
'ssl_min_proto_version', 'status']
dictionary = {}
for attribute in option_list:
@ -280,17 +314,15 @@ def filter_log_syslogd_setting_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -298,42 +330,48 @@ def flatten_multilists_attributes(data):
def log_syslogd_setting(data, fos):
vdom = data['vdom']
log_syslogd_setting_data = data['log_syslogd_setting']
flattened_data = flatten_multilists_attributes(log_syslogd_setting_data)
filtered_data = filter_log_syslogd_setting_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_syslogd_setting_data(log_syslogd_setting_data))
return fos.set('log.syslogd',
'setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_syslogd(data, fos):
login(data)
if data['log_syslogd_setting']:
resp = log_syslogd_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_syslogd_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"certificate": {"required": False, "type": "str"},
"custom-field-name": {"required": False, "type": "list",
"custom_field_name": {"required": False, "type": "list",
"options": {
"custom": {"required": False, "type": "str"},
"id": {"required": True, "type": "int"},
"name": {"required": False, "type": "str"}
}},
"enc-algorithm": {"required": False, "type": "str",
"enc_algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low",
"disable"]},
"facility": {"required": False, "type": "str",
@ -351,7 +389,10 @@ def main():
"choices": ["udp", "legacy-reliable", "reliable"]},
"port": {"required": False, "type": "int"},
"server": {"required": False, "type": "str"},
"source-ip": {"required": False, "type": "str"},
"source_ip": {"required": False, "type": "str"},
"ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
@ -361,15 +402,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_syslogd(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_syslogd(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_syslogd(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

270
lib/ansible/modules/network/fortios/fortios_log_threat_weight.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_threat_weight
short_description: Configure threat weight settings in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log feature and threat_weight category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,66 +41,82 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_threat_weight:
description:
- Configure threat weight settings.
default: null
type: dict
suboptions:
application:
description:
- Application-control threat weight settings.
type: list
suboptions:
category:
description:
- Application category.
type: int
id:
description:
- Entry ID.
required: true
type: int
level:
description:
- Threat weight score for Application events.
type: str
choices:
- disable
- low
- medium
- high
- critical
blocked-connection:
blocked_connection:
description:
- Threat weight score for blocked connections.
type: str
choices:
- disable
- low
- medium
- high
- critical
failed-connection:
failed_connection:
description:
- Threat weight score for failed connections.
type: str
choices:
- disable
- low
@ -113,17 +126,21 @@ options:
geolocation:
description:
- Geolocation-based threat weight settings.
type: list
suboptions:
country:
description:
- Country code.
type: str
id:
description:
- Entry ID.
required: true
type: int
level:
description:
- Threat weight score for Geolocation-based events.
type: str
choices:
- disable
- low
@ -133,46 +150,52 @@ options:
ips:
description:
- IPS threat weight settings.
type: dict
suboptions:
critical-severity:
critical_severity:
description:
- Threat weight score for IPS critical severity events.
type: str
choices:
- disable
- low
- medium
- high
- critical
high-severity:
high_severity:
description:
- Threat weight score for IPS high severity events.
type: str
choices:
- disable
- low
- medium
- high
- critical
info-severity:
info_severity:
description:
- Threat weight score for IPS info severity events.
type: str
choices:
- disable
- low
- medium
- high
- critical
low-severity:
low_severity:
description:
- Threat weight score for IPS low severity events.
type: str
choices:
- disable
- low
- medium
- high
- critical
medium-severity:
medium_severity:
description:
- Threat weight score for IPS medium severity events.
type: str
choices:
- disable
- low
@ -182,35 +205,53 @@ options:
level:
description:
- Score mapping for threat weight levels.
type: dict
suboptions:
critical:
description:
- Critical level score value (1 - 100).
type: int
high:
description:
- High level score value (1 - 100).
type: int
low:
description:
- Low level score value (1 - 100).
type: int
medium:
description:
- Medium level score value (1 - 100).
type: int
malware:
description:
- Anti-virus malware threat weight settings.
type: dict
suboptions:
botnet-connection:
botnet_connection:
description:
- Threat weight score for detected botnet connections.
type: str
choices:
- disable
- low
- medium
- high
- critical
command-blocked:
command_blocked:
description:
- Threat weight score for blocked command detected.
type: str
choices:
- disable
- low
- medium
- high
- critical
content_disarm:
description:
- Threat weight score for virus (content disarm) detected.
type: str
choices:
- disable
- low
@ -220,6 +261,7 @@ options:
mimefragmented:
description:
- Threat weight score for mimefragmented detected.
type: str
choices:
- disable
- low
@ -229,60 +271,67 @@ options:
oversized:
description:
- Threat weight score for oversized file detected.
type: str
choices:
- disable
- low
- medium
- high
- critical
switch-proto:
switch_proto:
description:
- Threat weight score for switch proto detected.
type: str
choices:
- disable
- low
- medium
- high
- critical
virus-blocked:
virus_blocked:
description:
- Threat weight score for virus (blocked) detected.
type: str
choices:
- disable
- low
- medium
- high
- critical
virus-file-type-executable:
virus_file_type_executable:
description:
- Threat weight score for virus (filetype executable) detected.
type: str
choices:
- disable
- low
- medium
- high
- critical
virus-infected:
virus_infected:
description:
- Threat weight score for virus (infected) detected.
type: str
choices:
- disable
- low
- medium
- high
- critical
virus-outbreak-prevention:
virus_outbreak_prevention:
description:
- Threat weight score for virus (outbreak prevention) event.
type: str
choices:
- disable
- low
- medium
- high
- critical
virus-scan-error:
virus_scan_error:
description:
- Threat weight score for virus (scan error) detected.
type: str
choices:
- disable
- low
@ -292,12 +341,14 @@ options:
status:
description:
- Enable/disable the threat weight feature.
type: str
choices:
- enable
- disable
url-block-detected:
url_block_detected:
description:
- Threat weight score for URL blocking.
type: str
choices:
- disable
- low
@ -307,17 +358,21 @@ options:
web:
description:
- Web filtering threat weight settings.
type: list
suboptions:
category:
description:
- Threat weight score for web category filtering matches.
type: int
id:
description:
- Entry ID.
required: true
type: int
level:
description:
- Threat weight score for web category filtering matches.
type: str
choices:
- disable
- low
@ -333,6 +388,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure threat weight settings.
fortios_log_threat_weight:
@ -347,41 +403,42 @@ EXAMPLES = '''
category: "4"
id: "5"
level: "disable"
blocked-connection: "disable"
failed-connection: "disable"
blocked_connection: "disable"
failed_connection: "disable"
geolocation:
-
country: "<your_own_value>"
id: "11"
level: "disable"
ips:
critical-severity: "disable"
high-severity: "disable"
info-severity: "disable"
low-severity: "disable"
medium-severity: "disable"
critical_severity: "disable"
high_severity: "disable"
info_severity: "disable"
low_severity: "disable"
medium_severity: "disable"
level:
critical: "20"
high: "21"
low: "22"
medium: "23"
malware:
botnet-connection: "disable"
command-blocked: "disable"
botnet_connection: "disable"
command_blocked: "disable"
content_disarm: "disable"
mimefragmented: "disable"
oversized: "disable"
switch-proto: "disable"
virus-blocked: "disable"
virus-file-type-executable: "disable"
virus-infected: "disable"
virus-outbreak-prevention: "disable"
virus-scan-error: "disable"
switch_proto: "disable"
virus_blocked: "disable"
virus_file_type_executable: "disable"
virus_infected: "disable"
virus_outbreak_prevention: "disable"
virus_scan_error: "disable"
status: "enable"
url-block-detected: "disable"
url_block_detected: "disable"
web:
-
category: "38"
id: "39"
category: "39"
id: "40"
level: "disable"
'''
@ -445,14 +502,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -460,13 +519,13 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_threat_weight_data(json):
option_list = ['application', 'blocked-connection', 'failed-connection',
option_list = ['application', 'blocked_connection', 'failed_connection',
'geolocation', 'ips', 'level',
'malware', 'status', 'url-block-detected',
'malware', 'status', 'url_block_detected',
'web']
dictionary = {}
@ -477,17 +536,15 @@ def filter_log_threat_weight_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -495,33 +552,39 @@ def flatten_multilists_attributes(data):
def log_threat_weight(data, fos):
vdom = data['vdom']
log_threat_weight_data = data['log_threat_weight']
flattened_data = flatten_multilists_attributes(log_threat_weight_data)
filtered_data = filter_log_threat_weight_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_threat_weight_data(log_threat_weight_data))
return fos.set('log',
'threat-weight',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log(data, fos):
login(data)
if data['log_threat_weight']:
resp = log_threat_weight(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_threat_weight": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"application": {"required": False, "type": "list",
"options": {
@ -531,10 +594,10 @@ def main():
"choices": ["disable", "low", "medium",
"high", "critical"]}
}},
"blocked-connection": {"required": False, "type": "str",
"blocked_connection": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"failed-connection": {"required": False, "type": "str",
"failed_connection": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"geolocation": {"required": False, "type": "list",
@ -547,19 +610,19 @@ def main():
}},
"ips": {"required": False, "type": "dict",
"options": {
"critical-severity": {"required": False, "type": "str",
"critical_severity": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"high-severity": {"required": False, "type": "str",
"high_severity": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"info-severity": {"required": False, "type": "str",
"info_severity": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"low-severity": {"required": False, "type": "str",
"low_severity": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"medium-severity": {"required": False, "type": "str",
"medium_severity": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]}
}},
@ -572,40 +635,43 @@ def main():
}},
"malware": {"required": False, "type": "dict",
"options": {
"botnet-connection": {"required": False, "type": "str",
"botnet_connection": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"command-blocked": {"required": False, "type": "str",
"command_blocked": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"content_disarm": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"mimefragmented": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"oversized": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"switch-proto": {"required": False, "type": "str",
"switch_proto": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"virus-blocked": {"required": False, "type": "str",
"virus_blocked": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"virus-file-type-executable": {"required": False, "type": "str",
"virus_file_type_executable": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"virus-infected": {"required": False, "type": "str",
"virus_infected": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"virus-outbreak-prevention": {"required": False, "type": "str",
"virus_outbreak_prevention": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"virus-scan-error": {"required": False, "type": "str",
"virus_scan_error": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]}
}},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"url-block-detected": {"required": False, "type": "str",
"url_block_detected": {"required": False, "type": "str",
"choices": ["disable", "low", "medium",
"high", "critical"]},
"web": {"required": False, "type": "list",
@ -623,15 +689,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

159
lib/ansible/modules/network/fortios/fortios_log_webtrends_filter.py
Unescape Escape View File

@ -26,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_webtrends_filter
short_description: Filters for WebTrends in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_webtrends feature and filter category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -41,88 +41,109 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_webtrends_filter:
description:
- Filters for WebTrends.
default: null
type: dict
suboptions:
anomaly:
description:
- Enable/disable anomaly logging.
type: str
choices:
- enable
- disable
dns:
description:
- Enable/disable detailed DNS event logging.
type: str
choices:
- enable
- disable
filter:
description:
- Webtrends log filter.
filter-type:
type: str
filter_type:
description:
- Include/exclude logs that match the filter.
type: str
choices:
- include
- exclude
forward-traffic:
forward_traffic:
description:
- Enable/disable forward traffic logging.
type: str
choices:
- enable
- disable
gtp:
description:
- Enable/disable GTP messages logging.
type: str
choices:
- enable
- disable
local-traffic:
local_traffic:
description:
- Enable/disable local in or out traffic logging.
type: str
choices:
- enable
- disable
multicast-traffic:
multicast_traffic:
description:
- Enable/disable multicast traffic logging.
type: str
choices:
- enable
- disable
netscan-discovery:
netscan_discovery:
description:
- Enable/disable netscan discovery event logging.
netscan-vulnerability:
type: str
netscan_vulnerability:
description:
- Enable/disable netscan vulnerability event logging.
type: str
severity:
description:
- Lowest severity level to log to WebTrends.
type: str
choices:
- emergency
- alert
@ -132,21 +153,24 @@ options:
- notification
- information
- debug
sniffer-traffic:
sniffer_traffic:
description:
- Enable/disable sniffer traffic logging.
type: str
choices:
- enable
- disable
ssh:
description:
- Enable/disable SSH logging.
type: str
choices:
- enable
- disable
voip:
description:
- Enable/disable VoIP logging.
type: str
choices:
- enable
- disable
@ -159,6 +183,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Filters for WebTrends.
fortios_log_webtrends_filter:
@ -171,15 +196,15 @@ EXAMPLES = '''
anomaly: "enable"
dns: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer-traffic: "enable"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
'''
@ -244,12 +269,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -257,14 +286,14 @@ def login(data, fos):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_webtrends_filter_data(json):
option_list = ['anomaly', 'dns', 'filter',
'filter-type', 'forward-traffic', 'gtp',
'local-traffic', 'multicast-traffic', 'netscan-discovery',
'netscan-vulnerability', 'severity', 'sniffer-traffic',
'filter_type', 'forward_traffic', 'gtp',
'local_traffic', 'multicast_traffic', 'netscan_discovery',
'netscan_vulnerability', 'severity', 'sniffer_traffic',
'ssh', 'voip']
dictionary = {}
@ -275,10 +304,23 @@ def filter_log_webtrends_filter_data(json):
return dictionary
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def log_webtrends_filter(data, fos):
vdom = data['vdom']
log_webtrends_filter_data = data['log_webtrends_filter']
filtered_data = filter_log_webtrends_filter_data(log_webtrends_filter_data)
filtered_data = underscore_to_hyphen(filter_log_webtrends_filter_data(log_webtrends_filter_data))
return fos.set('log.webtrends',
'filter',
@ -286,48 +328,54 @@ def log_webtrends_filter(data, fos):
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_webtrends(data, fos):
login(data, fos)
if data['log_webtrends_filter']:
resp = log_webtrends_filter(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_webtrends_filter": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter-type": {"required": False, "type": "str",
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward-traffic": {"required": False, "type": "str",
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local-traffic": {"required": False, "type": "str",
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast-traffic": {"required": False, "type": "str",
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan-discovery": {"required": False, "type": "str"},
"netscan-vulnerability": {"required": False, "type": "str"},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer-traffic": {"required": False, "type": "str",
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -340,14 +388,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_webtrends(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_webtrends(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_webtrends(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

116
lib/ansible/modules/network/fortios/fortios_log_webtrends_setting.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_log_webtrends_setting
short_description: Settings for WebTrends in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify log_webtrends feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,40 +41,52 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
log_webtrends_setting:
description:
- Settings for WebTrends.
default: null
type: dict
suboptions:
server:
description:
- Address of the remote WebTrends server.
type: str
status:
description:
- Enable/disable logging to WebTrends.
type: str
choices:
- enable
- disable
@ -90,6 +99,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Settings for WebTrends.
fortios_log_webtrends_setting:
@ -163,14 +173,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -178,7 +190,7 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_log_webtrends_setting_data(json):
@ -192,17 +204,15 @@ def filter_log_webtrends_setting_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
@ -210,33 +220,39 @@ def flatten_multilists_attributes(data):
def log_webtrends_setting(data, fos):
vdom = data['vdom']
log_webtrends_setting_data = data['log_webtrends_setting']
flattened_data = flatten_multilists_attributes(log_webtrends_setting_data)
filtered_data = filter_log_webtrends_setting_data(flattened_data)
filtered_data = underscore_to_hyphen(filter_log_webtrends_setting_data(log_webtrends_setting_data))
return fos.set('log.webtrends',
'setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_log_webtrends(data, fos):
login(data)
if data['log_webtrends_setting']:
resp = log_webtrends_setting(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_webtrends_setting": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"server": {"required": False, "type": "str"},
"status": {"required": False, "type": "str",
@ -248,15 +264,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_webtrends(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_log_webtrends(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_log_webtrends(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

410
lib/ansible/modules/network/fortios/fortios_report_chart.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_report_chart
short_description: Report chart widget configuration in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify report feature and chart category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,46 +41,61 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
state:
description:
- Indicates whether to create or remove the object.
type: str
required: true
choices:
- present
- absent
version_added: 2.9
report_chart:
description:
- Report chart widget configuration.
default: null
type: dict
suboptions:
state:
description:
- Indicates whether to create or remove the object
choices:
- present
- absent
background:
description:
- Chart background.
type: str
category:
description:
- Category.
type: str
choices:
- misc
- traffic
@ -95,56 +107,71 @@ options:
- dlp
- app-ctrl
- vulnerability
category-series:
category_series:
description:
- Category series of pie chart.
type: dict
suboptions:
databind:
description:
- Category series value expression.
font-size:
type: str
font_size:
description:
- Font size of category-series title.
color-palette:
type: int
color_palette:
description:
- Color palette (system will pick color automatically by default).
type: str
column:
description:
- Table column definition.
type: list
suboptions:
detail-unit:
detail_unit:
description:
- Detail unit of column.
detail-value:
type: str
detail_value:
description:
- Detail value of column.
footer-unit:
type: str
footer_unit:
description:
- Footer unit of column.
footer-value:
type: str
footer_value:
description:
- Footer value of column.
header-value:
type: str
header_value:
description:
- Display name of table header.
type: str
id:
description:
- ID.
required: true
type: int
mapping:
description:
- Show detail in certain display value for certain condition.
type: list
suboptions:
displayname:
description:
- Display name.
type: str
id:
description:
- id
required: true
type: int
op:
description:
- Comparision operater.
type: str
choices:
- none
- greater
@ -153,56 +180,68 @@ options:
- less-equal
- equal
- between
value-type:
value_type:
description:
- Value type.
type: str
choices:
- integer
- string
value1:
description:
- Value 1.
type: str
value2:
description:
- Value 2.
type: str
comments:
description:
- Comment.
type: str
dataset:
description:
- Bind dataset to chart.
type: str
dimension:
description:
- Dimension.
type: str
choices:
- 2D
- 3D
drill-down-charts:
drill_down_charts:
description:
- Drill down charts.
type: list
suboptions:
chart-name:
chart_name:
description:
- Drill down chart name.
type: str
id:
description:
- Drill down chart ID.
required: true
type: int
status:
description:
- Enable/disable this drill down chart.
type: str
choices:
- enable
- disable
favorite:
description:
- Favorite.
type: str
choices:
- no
- yes
graph-type:
graph_type:
description:
- Graph type.
type: str
choices:
- none
- bar
@ -212,88 +251,108 @@ options:
legend:
description:
- Enable/Disable Legend area.
type: str
choices:
- enable
- disable
legend-font-size:
legend_font_size:
description:
- Font size of legend area.
type: int
name:
description:
- Chart Widget Name
required: true
type: str
period:
description:
- Time period.
type: str
choices:
- last24h
- last7d
policy:
description:
- Used by monitor policy.
type: int
style:
description:
- Style.
type: str
choices:
- auto
- manual
title:
description:
- Chart title.
title-font-size:
type: str
title_font_size:
description:
- Font size of chart title.
type: int
type:
description:
- Chart type.
type: str
choices:
- graph
- table
value-series:
value_series:
description:
- Value series of pie chart.
type: dict
suboptions:
databind:
description:
- Value series value expression.
x-series:
type: str
x_series:
description:
- X-series of chart.
type: dict
suboptions:
caption:
description:
- X-series caption.
caption-font-size:
type: str
caption_font_size:
description:
- X-series caption font size.
type: int
databind:
description:
- X-series value expression.
font-size:
type: str
font_size:
description:
- X-series label font size.
is-category:
type: int
is_category:
description:
- X-series represent category or not.
type: str
choices:
- yes
- no
label-angle:
label_angle:
description:
- X-series label angle.
type: str
choices:
- 45-degree
- vertical
- horizontal
scale-direction:
scale_direction:
description:
- Scale increase or decrease.
type: str
choices:
- decrease
- increase
scale-format:
scale_format:
description:
- Date/time format.
type: str
choices:
- YYYY-MM-DD-HH-MM
- YYYY-MM-DD HH
@ -302,12 +361,14 @@ options:
- YYYY
- HH-MM
- MM-DD
scale-step:
scale_step:
description:
- Scale step.
scale-unit:
type: int
scale_unit:
description:
- Scale unit.
type: str
choices:
- minute
- hour
@ -317,40 +378,51 @@ options:
unit:
description:
- X-series unit.
y-series:
type: str
y_series:
description:
- Y-series of chart.
type: dict
suboptions:
caption:
description:
- Y-series caption.
caption-font-size:
type: str
caption_font_size:
description:
- Y-series caption font size.
type: int
databind:
description:
- Y-series value expression.
extra-databind:
type: str
extra_databind:
description:
- Extra Y-series value.
extra-y:
type: str
extra_y:
description:
- Allow another Y-series value
type: str
choices:
- enable
- disable
extra-y-legend:
extra_y_legend:
description:
- Extra Y-series legend type/name.
font-size:
type: str
font_size:
description:
- Y-series label font size.
type: int
group:
description:
- Y-series group option.
label-angle:
type: str
label_angle:
description:
- Y-series label angle.
type: str
choices:
- 45-degree
- vertical
@ -358,9 +430,11 @@ options:
unit:
description:
- Y-series unit.
y-legend:
type: str
y_legend:
description:
- First Y-series legend type/name.
type: str
'''
EXAMPLES = '''
@ -370,6 +444,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Report chart widget configuration.
fortios_report_chart:
@ -378,75 +453,75 @@ EXAMPLES = '''
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
state: "present"
report_chart:
state: "present"
background: "<your_own_value>"
category: "misc"
category-series:
category_series:
databind: "<your_own_value>"
font-size: "7"
color-palette: "<your_own_value>"
font_size: "7"
color_palette: "<your_own_value>"
column:
-
detail-unit: "<your_own_value>"
detail-value: "<your_own_value>"
footer-unit: "<your_own_value>"
footer-value: "<your_own_value>"
header-value: "<your_own_value>"
detail_unit: "<your_own_value>"
detail_value: "<your_own_value>"
footer_unit: "<your_own_value>"
footer_value: "<your_own_value>"
header_value: "<your_own_value>"
id: "15"
mapping:
-
displayname: "<your_own_value>"
id: "18"
op: "none"
value-type: "integer"
value_type: "integer"
value1: "<your_own_value>"
value2: "<your_own_value>"
comments: "<your_own_value>"
dataset: "<your_own_value>"
dimension: "2D"
drill-down-charts:
drill_down_charts:
-
chart-name: "<your_own_value>"
chart_name: "<your_own_value>"
id: "28"
status: "enable"
favorite: "no"
graph-type: "none"
graph_type: "none"
legend: "enable"
legend-font-size: "33"
legend_font_size: "33"
name: "default_name_34"
period: "last24h"
policy: "36"
style: "auto"
title: "<your_own_value>"
title-font-size: "39"
title_font_size: "39"
type: "graph"
value-series:
value_series:
databind: "<your_own_value>"
x-series:
x_series:
caption: "<your_own_value>"
caption-font-size: "45"
caption_font_size: "45"
databind: "<your_own_value>"
font-size: "47"
is-category: "yes"
label-angle: "45-degree"
scale-direction: "decrease"
scale-format: "YYYY-MM-DD-HH-MM"
scale-step: "52"
scale-unit: "minute"
font_size: "47"
is_category: "yes"
label_angle: "45-degree"
scale_direction: "decrease"
scale_format: "YYYY-MM-DD-HH-MM"
scale_step: "52"
scale_unit: "minute"
unit: "<your_own_value>"
y-series:
y_series:
caption: "<your_own_value>"
caption-font-size: "57"
caption_font_size: "57"
databind: "<your_own_value>"
extra-databind: "<your_own_value>"
extra-y: "enable"
extra-y-legend: "<your_own_value>"
font-size: "62"
extra_databind: "<your_own_value>"
extra_y: "enable"
extra_y_legend: "<your_own_value>"
font_size: "62"
group: "<your_own_value>"
label-angle: "45-degree"
label_angle: "45-degree"
unit: "<your_own_value>"
y-legend: "<your_own_value>"
y_legend: "<your_own_value>"
'''
RETURN = '''
@ -509,14 +584,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -524,18 +601,18 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_report_chart_data(json):
option_list = ['background', 'category', 'category-series',
'color-palette', 'column', 'comments',
'dataset', 'dimension', 'drill-down-charts',
'favorite', 'graph-type', 'legend',
'legend-font-size', 'name', 'period',
option_list = ['background', 'category', 'category_series',
'color_palette', 'column', 'comments',
'dataset', 'dimension', 'drill_down_charts',
'favorite', 'graph_type', 'legend',
'legend_font_size', 'name', 'period',
'policy', 'style', 'title',
'title-font-size', 'type', 'value-series',
'x-series', 'y-series']
'title_font_size', 'type', 'value_series',
'x_series', 'y_series']
dictionary = {}
for attribute in option_list:
@ -545,80 +622,85 @@ def filter_report_chart_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def report_chart(data, fos):
vdom = data['vdom']
state = data['state']
report_chart_data = data['report_chart']
flattened_data = flatten_multilists_attributes(report_chart_data)
filtered_data = filter_report_chart_data(flattened_data)
if report_chart_data['state'] == "present":
filtered_data = underscore_to_hyphen(filter_report_chart_data(report_chart_data))
if state == "present":
return fos.set('report',
'chart',
data=filtered_data,
vdom=vdom)
elif report_chart_data['state'] == "absent":
elif state == "absent":
return fos.delete('report',
'chart',
mkey=filtered_data['name'],
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_report(data, fos):
login(data)
if data['report_chart']:
resp = report_chart(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"report_chart": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"background": {"required": False, "type": "str"},
"category": {"required": False, "type": "str",
"choices": ["misc", "traffic", "event",
"virus", "webfilter", "attack",
"spam", "dlp", "app-ctrl",
"vulnerability"]},
"category-series": {"required": False, "type": "dict",
"category_series": {"required": False, "type": "dict",
"options": {
"databind": {"required": False, "type": "str"},
"font-size": {"required": False, "type": "int"}
"font_size": {"required": False, "type": "int"}
}},
"color-palette": {"required": False, "type": "str"},
"color_palette": {"required": False, "type": "str"},
"column": {"required": False, "type": "list",
"options": {
"detail-unit": {"required": False, "type": "str"},
"detail-value": {"required": False, "type": "str"},
"footer-unit": {"required": False, "type": "str"},
"footer-value": {"required": False, "type": "str"},
"header-value": {"required": False, "type": "str"},
"detail_unit": {"required": False, "type": "str"},
"detail_value": {"required": False, "type": "str"},
"footer_unit": {"required": False, "type": "str"},
"footer_value": {"required": False, "type": "str"},
"header_value": {"required": False, "type": "str"},
"id": {"required": True, "type": "int"},
"mapping": {"required": False, "type": "list",
"options": {
@ -628,7 +710,7 @@ def main():
"choices": ["none", "greater", "greater-equal",
"less", "less-equal", "equal",
"between"]},
"value-type": {"required": False, "type": "str",
"value_type": {"required": False, "type": "str",
"choices": ["integer", "string"]},
"value1": {"required": False, "type": "str"},
"value2": {"required": False, "type": "str"}
@ -638,21 +720,21 @@ def main():
"dataset": {"required": False, "type": "str"},
"dimension": {"required": False, "type": "str",
"choices": ["2D", "3D"]},
"drill-down-charts": {"required": False, "type": "list",
"drill_down_charts": {"required": False, "type": "list",
"options": {
"chart-name": {"required": False, "type": "str"},
"chart_name": {"required": False, "type": "str"},
"id": {"required": True, "type": "int"},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}},
"favorite": {"required": False, "type": "str",
"choices": ["no", "yes"]},
"graph-type": {"required": False, "type": "str",
"graph_type": {"required": False, "type": "str",
"choices": ["none", "bar", "pie",
"line", "flow"]},
"legend": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"legend-font-size": {"required": False, "type": "int"},
"legend_font_size": {"required": False, "type": "int"},
"name": {"required": True, "type": "str"},
"period": {"required": False, "type": "str",
"choices": ["last24h", "last7d"]},
@ -660,50 +742,50 @@ def main():
"style": {"required": False, "type": "str",
"choices": ["auto", "manual"]},
"title": {"required": False, "type": "str"},
"title-font-size": {"required": False, "type": "int"},
"title_font_size": {"required": False, "type": "int"},
"type": {"required": False, "type": "str",
"choices": ["graph", "table"]},
"value-series": {"required": False, "type": "dict",
"value_series": {"required": False, "type": "dict",
"options": {
"databind": {"required": False, "type": "str"}
}},
"x-series": {"required": False, "type": "dict",
"x_series": {"required": False, "type": "dict",
"options": {
"caption": {"required": False, "type": "str"},
"caption-font-size": {"required": False, "type": "int"},
"caption_font_size": {"required": False, "type": "int"},
"databind": {"required": False, "type": "str"},
"font-size": {"required": False, "type": "int"},
"is-category": {"required": False, "type": "str",
"font_size": {"required": False, "type": "int"},
"is_category": {"required": False, "type": "str",
"choices": ["yes", "no"]},
"label-angle": {"required": False, "type": "str",
"label_angle": {"required": False, "type": "str",
"choices": ["45-degree", "vertical", "horizontal"]},
"scale-direction": {"required": False, "type": "str",
"scale_direction": {"required": False, "type": "str",
"choices": ["decrease", "increase"]},
"scale-format": {"required": False, "type": "str",
"scale_format": {"required": False, "type": "str",
"choices": ["YYYY-MM-DD-HH-MM", "YYYY-MM-DD HH", "YYYY-MM-DD",
"YYYY-MM", "YYYY", "HH-MM",
"MM-DD"]},
"scale-step": {"required": False, "type": "int"},
"scale-unit": {"required": False, "type": "str",
"scale_step": {"required": False, "type": "int"},
"scale_unit": {"required": False, "type": "str",
"choices": ["minute", "hour", "day",
"month", "year"]},
"unit": {"required": False, "type": "str"}
}},
"y-series": {"required": False, "type": "dict",
"y_series": {"required": False, "type": "dict",
"options": {
"caption": {"required": False, "type": "str"},
"caption-font-size": {"required": False, "type": "int"},
"caption_font_size": {"required": False, "type": "int"},
"databind": {"required": False, "type": "str"},
"extra-databind": {"required": False, "type": "str"},
"extra-y": {"required": False, "type": "str",
"extra_databind": {"required": False, "type": "str"},
"extra_y": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"extra-y-legend": {"required": False, "type": "str"},
"font-size": {"required": False, "type": "int"},
"extra_y_legend": {"required": False, "type": "str"},
"font_size": {"required": False, "type": "int"},
"group": {"required": False, "type": "str"},
"label-angle": {"required": False, "type": "str",
"label_angle": {"required": False, "type": "str",
"choices": ["45-degree", "vertical", "horizontal"]},
"unit": {"required": False, "type": "str"},
"y-legend": {"required": False, "type": "str"}
"y_legend": {"required": False, "type": "str"}
}}
}
@ -712,15 +794,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_report(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_report(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_report(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

165
lib/ansible/modules/network/fortios/fortios_report_dataset.py
Unescape Escape View File

@ -14,9 +14,6 @@ from __future__ import (absolute_import, division, print_function)
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# the lib use python logging can get it if the following is set in your
# Ansible config.
__metaclass__ = type
@ -29,10 +26,10 @@ DOCUMENTATION = '''
module: fortios_report_dataset
short_description: Report dataset configuration in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS by allowing the
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify report feature and dataset category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.2
Tested with FOS v6.0.5
version_added: "2.8"
author:
- Miguel Angel Munoz (@mamunozgonzalez)
@ -44,57 +41,75 @@ requirements:
- fortiosapi>=0.9.8
options:
host:
description:
- FortiOS or FortiGate ip address.
required: true
description:
- FortiOS or FortiGate IP address.
type: str
required: false
username:
description:
- FortiOS or FortiGate username.
required: true
type: str
required: false
password:
description:
- FortiOS or FortiGate password.
type: str
default: ""
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
https:
description:
- Indicates if the requests towards FortiGate must use HTTPS
protocol
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
default: true
ssl_verify:
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
default: true
version_added: 2.9
state:
description:
- Indicates whether to create or remove the object.
type: str
required: true
choices:
- present
- absent
version_added: 2.9
report_dataset:
description:
- Report dataset configuration.
default: null
type: dict
suboptions:
state:
description:
- Indicates whether to create or remove the object
choices:
- present
- absent
field:
description:
- Fields.
type: list
suboptions:
displayname:
description:
- Display name.
type: str
id:
description:
- Field ID (1 to number of columns in SQL result).
required: true
type: int
name:
description:
- Name.
type: str
type:
description:
- Field type.
type: str
choices:
- text
- integer
@ -103,35 +118,43 @@ options:
description:
- Name.
required: true
type: str
parameters:
description:
- Parameters.
type: list
suboptions:
data-type:
data_type:
description:
- Data type.
type: str
choices:
- text
- integer
- double
- long-integer
- date-time
display-name:
display_name:
description:
- Display name.
type: str
field:
description:
- SQL field name.
type: str
id:
description:
- Parameter ID (1 to number of columns in SQL result).
required: true
type: int
policy:
description:
- Used by monitor policy.
type: int
query:
description:
- SQL query statement.
type: str
'''
EXAMPLES = '''
@ -141,6 +164,7 @@ EXAMPLES = '''
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Report dataset configuration.
fortios_report_dataset:
@ -149,8 +173,8 @@ EXAMPLES = '''
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
state: "present"
report_dataset:
state: "present"
field:
-
displayname: "<your_own_value>"
@ -160,8 +184,8 @@ EXAMPLES = '''
name: "default_name_8"
parameters:
-
data-type: "text"
display-name: "<your_own_value>"
data_type: "text"
display_name: "<your_own_value>"
field: "<your_own_value>"
id: "13"
policy: "14"
@ -228,14 +252,16 @@ version:
'''
from ansible.module_utils.basic import AnsibleModule
fos = None
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
def login(data):
def login(data, fos):
host = data['host']
username = data['username']
password = data['password']
ssl_verify = data['ssl_verify']
fos.debug('on')
if 'https' in data and not data['https']:
@ -243,7 +269,7 @@ def login(data):
else:
fos.https('on')
fos.login(host, username, password)
fos.login(host, username, password, verify=ssl_verify)
def filter_report_dataset_data(json):
@ -258,61 +284,66 @@ def filter_report_dataset_data(json):
return dictionary
def flatten_multilists_attributes(data):
multilist_attrs = []
for attr in multilist_attrs:
try:
path = "data['" + "']['".join(elem for elem in attr) + "']"
current_val = eval(path)
flattened_val = ' '.join(elem for elem in current_val)
exec(path + '= flattened_val')
except BaseException:
pass
def underscore_to_hyphen(data):
if isinstance(data, list):
for elem in data:
elem = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def report_dataset(data, fos):
vdom = data['vdom']
state = data['state']
report_dataset_data = data['report_dataset']
flattened_data = flatten_multilists_attributes(report_dataset_data)
filtered_data = filter_report_dataset_data(flattened_data)
if report_dataset_data['state'] == "present":
filtered_data = underscore_to_hyphen(filter_report_dataset_data(report_dataset_data))
if state == "present":
return fos.set('report',
'dataset',
data=filtered_data,
vdom=vdom)
elif report_dataset_data['state'] == "absent":
elif state == "absent":
return fos.delete('report',
'dataset',
mkey=filtered_data['name'],
vdom=vdom)
def is_successful_status(status):
return status['status'] == "success" or \
status['http_method'] == "DELETE" and status['http_status'] == 404
def fortios_report(data, fos):
login(data)
if data['report_dataset']:
resp = report_dataset(data, fos)
fos.logout()
return not resp['status'] == "success", resp['status'] == "success", resp
return not is_successful_status(resp), \
resp['status'] == "success", \
resp
def main():
fields = {
"host": {"required": True, "type": "str"},
"username": {"required": True, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"report_dataset": {
"required": False, "type": "dict",
"required": False, "type": "dict", "default": None,
"options": {
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"field": {"required": False, "type": "list",
"options": {
"displayname": {"required": False, "type": "str"},
@ -324,10 +355,10 @@ def main():
"name": {"required": True, "type": "str"},
"parameters": {"required": False, "type": "list",
"options": {
"data-type": {"required": False, "type": "str",
"data_type": {"required": False, "type": "str",
"choices": ["text", "integer", "double",
"long-integer", "date-time"]},
"display-name": {"required": False, "type": "str"},
"display_name": {"required": False, "type": "str"},
"field": {"required": False, "type": "str"},
"id": {"required": True, "type": "int"}
}},
@ -340,15 +371,31 @@ def main():
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
global fos
fos = FortiOSAPI()
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_report(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
is_error, has_changed, result = fortios_report(module.params, fos)
login(module.params, fos)
is_error, has_changed, result = fortios_report(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)

37
test/sanity/ignore.txt
Unescape Escape View File

@ -3694,44 +3694,7 @@ lib/ansible/modules/network/fortios/fortios_firewall_policy.py validate-modules:
lib/ansible/modules/network/fortios/fortios_firewall_sniffer.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_ipv4_policy.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_ipv4_policy.py validate-modules:E338
lib/ansible/modules/network/fortios/fortios_log_memory_global_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_memory_global_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_memory_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_null_device_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_null_device_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_null_device_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_syslogd2_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_syslogd2_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_syslogd2_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_syslogd2_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_syslogd3_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_syslogd3_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_syslogd3_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_syslogd3_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_syslogd4_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_syslogd4_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_syslogd4_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_syslogd4_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_syslogd_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_syslogd_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_syslogd_override_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_syslogd_override_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_syslogd_override_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_syslogd_override_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_syslogd_setting.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_syslogd_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_threat_weight.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_threat_weight.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_webtrends_filter.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_log_webtrends_filter.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_log_webtrends_setting.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_report_chart.py validate-modules:E326
lib/ansible/modules/network/fortios/fortios_report_chart.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_report_chart.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_report_dataset.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_report_dataset.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_report_layout.py validate-modules:E336
lib/ansible/modules/network/fortios/fortios_report_layout.py validate-modules:E337
lib/ansible/modules/network/fortios/fortios_report_setting.py validate-modules:E336

175
test/units/modules/network/fortios/test_fortios_log_memory_global_setting.py
Unescape Escape View File

@ -0,0 +1,175 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_memory_global_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_memory_global_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_memory_global_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_memory_global_setting': {
'full_final_warning_threshold': '3',
'full_first_warning_threshold': '4',
'full_second_warning_threshold': '5',
'max_size': '6'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_memory_global_setting.fortios_log_memory(input_data, fos_instance)
expected_data = {
'full-final-warning-threshold': '3',
'full-first-warning-threshold': '4',
'full-second-warning-threshold': '5',
'max-size': '6'
}
set_method_mock.assert_called_with('log.memory', 'global-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_memory_global_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_memory_global_setting': {
'full_final_warning_threshold': '3',
'full_first_warning_threshold': '4',
'full_second_warning_threshold': '5',
'max_size': '6'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_memory_global_setting.fortios_log_memory(input_data, fos_instance)
expected_data = {
'full-final-warning-threshold': '3',
'full-first-warning-threshold': '4',
'full-second-warning-threshold': '5',
'max-size': '6'
}
set_method_mock.assert_called_with('log.memory', 'global-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_memory_global_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_memory_global_setting': {
'full_final_warning_threshold': '3',
'full_first_warning_threshold': '4',
'full_second_warning_threshold': '5',
'max_size': '6'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_memory_global_setting.fortios_log_memory(input_data, fos_instance)
expected_data = {
'full-final-warning-threshold': '3',
'full-first-warning-threshold': '4',
'full-second-warning-threshold': '5',
'max-size': '6'
}
set_method_mock.assert_called_with('log.memory', 'global-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_memory_global_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_memory_global_setting': {
'random_attribute_not_valid': 'tag',
'full_final_warning_threshold': '3',
'full_first_warning_threshold': '4',
'full_second_warning_threshold': '5',
'max_size': '6'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_memory_global_setting.fortios_log_memory(input_data, fos_instance)
expected_data = {
'full-final-warning-threshold': '3',
'full-first-warning-threshold': '4',
'full-second-warning-threshold': '5',
'max-size': '6'
}
set_method_mock.assert_called_with('log.memory', 'global-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

159
test/units/modules/network/fortios/test_fortios_log_memory_setting.py
Unescape Escape View File

@ -0,0 +1,159 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_memory_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_memory_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_memory_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_memory_setting': {
'diskfull': 'overwrite',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_memory_setting.fortios_log_memory(input_data, fos_instance)
expected_data = {
'diskfull': 'overwrite',
'status': 'enable'
}
set_method_mock.assert_called_with('log.memory', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_memory_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_memory_setting': {
'diskfull': 'overwrite',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_memory_setting.fortios_log_memory(input_data, fos_instance)
expected_data = {
'diskfull': 'overwrite',
'status': 'enable'
}
set_method_mock.assert_called_with('log.memory', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_memory_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_memory_setting': {
'diskfull': 'overwrite',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_memory_setting.fortios_log_memory(input_data, fos_instance)
expected_data = {
'diskfull': 'overwrite',
'status': 'enable'
}
set_method_mock.assert_called_with('log.memory', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_memory_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_memory_setting': {
'random_attribute_not_valid': 'tag',
'diskfull': 'overwrite',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_memory_setting.fortios_log_memory(input_data, fos_instance)
expected_data = {
'diskfull': 'overwrite',
'status': 'enable'
}
set_method_mock.assert_called_with('log.memory', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

255
test/units/modules/network/fortios/test_fortios_log_null_device_filter.py
Unescape Escape View File

@ -0,0 +1,255 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_null_device_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_null_device_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_null_device_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_null_device_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_null_device_filter.fortios_log_null_device(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.null-device', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_null_device_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_null_device_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_null_device_filter.fortios_log_null_device(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.null-device', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_null_device_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_null_device_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_null_device_filter.fortios_log_null_device(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.null-device', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_null_device_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_null_device_filter': {
'random_attribute_not_valid': 'tag',
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_null_device_filter.fortios_log_null_device(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.null-device', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

151
test/units/modules/network/fortios/test_fortios_log_null_device_setting.py
Unescape Escape View File

@ -0,0 +1,151 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_null_device_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_null_device_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_null_device_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_null_device_setting': {
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_null_device_setting.fortios_log_null_device(input_data, fos_instance)
expected_data = {
'status': 'enable'
}
set_method_mock.assert_called_with('log.null-device', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_null_device_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_null_device_setting': {
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_null_device_setting.fortios_log_null_device(input_data, fos_instance)
expected_data = {
'status': 'enable'
}
set_method_mock.assert_called_with('log.null-device', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_null_device_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_null_device_setting': {
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_null_device_setting.fortios_log_null_device(input_data, fos_instance)
expected_data = {
'status': 'enable'
}
set_method_mock.assert_called_with('log.null-device', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_null_device_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_null_device_setting': {
'random_attribute_not_valid': 'tag',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_null_device_setting.fortios_log_null_device(input_data, fos_instance)
expected_data = {
'status': 'enable'
}
set_method_mock.assert_called_with('log.null-device', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

279
test/units/modules/network/fortios/test_fortios_log_setting.py
Unescape Escape View File

@ -0,0 +1,279 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_setting': {
'brief_traffic_format': 'enable',
'daemon_log': 'enable',
'expolicy_implicit_log': 'enable',
'fwpolicy_implicit_log': 'enable',
'fwpolicy6_implicit_log': 'enable',
'local_in_allow': 'enable',
'local_in_deny_broadcast': 'enable',
'local_in_deny_unicast': 'enable',
'local_out': 'enable',
'log_invalid_packet': 'enable',
'log_policy_comment': 'enable',
'log_policy_name': 'enable',
'log_user_in_upper': 'enable',
'neighbor_event': 'enable',
'resolve_ip': 'enable',
'resolve_port': 'enable',
'user_anonymize': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_setting.fortios_log(input_data, fos_instance)
expected_data = {
'brief-traffic-format': 'enable',
'daemon-log': 'enable',
'expolicy-implicit-log': 'enable',
'fwpolicy-implicit-log': 'enable',
'fwpolicy6-implicit-log': 'enable',
'local-in-allow': 'enable',
'local-in-deny-broadcast': 'enable',
'local-in-deny-unicast': 'enable',
'local-out': 'enable',
'log-invalid-packet': 'enable',
'log-policy-comment': 'enable',
'log-policy-name': 'enable',
'log-user-in-upper': 'enable',
'neighbor-event': 'enable',
'resolve-ip': 'enable',
'resolve-port': 'enable',
'user-anonymize': 'enable'
}
set_method_mock.assert_called_with('log', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_setting': {
'brief_traffic_format': 'enable',
'daemon_log': 'enable',
'expolicy_implicit_log': 'enable',
'fwpolicy_implicit_log': 'enable',
'fwpolicy6_implicit_log': 'enable',
'local_in_allow': 'enable',
'local_in_deny_broadcast': 'enable',
'local_in_deny_unicast': 'enable',
'local_out': 'enable',
'log_invalid_packet': 'enable',
'log_policy_comment': 'enable',
'log_policy_name': 'enable',
'log_user_in_upper': 'enable',
'neighbor_event': 'enable',
'resolve_ip': 'enable',
'resolve_port': 'enable',
'user_anonymize': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_setting.fortios_log(input_data, fos_instance)
expected_data = {
'brief-traffic-format': 'enable',
'daemon-log': 'enable',
'expolicy-implicit-log': 'enable',
'fwpolicy-implicit-log': 'enable',
'fwpolicy6-implicit-log': 'enable',
'local-in-allow': 'enable',
'local-in-deny-broadcast': 'enable',
'local-in-deny-unicast': 'enable',
'local-out': 'enable',
'log-invalid-packet': 'enable',
'log-policy-comment': 'enable',
'log-policy-name': 'enable',
'log-user-in-upper': 'enable',
'neighbor-event': 'enable',
'resolve-ip': 'enable',
'resolve-port': 'enable',
'user-anonymize': 'enable'
}
set_method_mock.assert_called_with('log', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_setting': {
'brief_traffic_format': 'enable',
'daemon_log': 'enable',
'expolicy_implicit_log': 'enable',
'fwpolicy_implicit_log': 'enable',
'fwpolicy6_implicit_log': 'enable',
'local_in_allow': 'enable',
'local_in_deny_broadcast': 'enable',
'local_in_deny_unicast': 'enable',
'local_out': 'enable',
'log_invalid_packet': 'enable',
'log_policy_comment': 'enable',
'log_policy_name': 'enable',
'log_user_in_upper': 'enable',
'neighbor_event': 'enable',
'resolve_ip': 'enable',
'resolve_port': 'enable',
'user_anonymize': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_setting.fortios_log(input_data, fos_instance)
expected_data = {
'brief-traffic-format': 'enable',
'daemon-log': 'enable',
'expolicy-implicit-log': 'enable',
'fwpolicy-implicit-log': 'enable',
'fwpolicy6-implicit-log': 'enable',
'local-in-allow': 'enable',
'local-in-deny-broadcast': 'enable',
'local-in-deny-unicast': 'enable',
'local-out': 'enable',
'log-invalid-packet': 'enable',
'log-policy-comment': 'enable',
'log-policy-name': 'enable',
'log-user-in-upper': 'enable',
'neighbor-event': 'enable',
'resolve-ip': 'enable',
'resolve-port': 'enable',
'user-anonymize': 'enable'
}
set_method_mock.assert_called_with('log', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_setting': {
'random_attribute_not_valid': 'tag',
'brief_traffic_format': 'enable',
'daemon_log': 'enable',
'expolicy_implicit_log': 'enable',
'fwpolicy_implicit_log': 'enable',
'fwpolicy6_implicit_log': 'enable',
'local_in_allow': 'enable',
'local_in_deny_broadcast': 'enable',
'local_in_deny_unicast': 'enable',
'local_out': 'enable',
'log_invalid_packet': 'enable',
'log_policy_comment': 'enable',
'log_policy_name': 'enable',
'log_user_in_upper': 'enable',
'neighbor_event': 'enable',
'resolve_ip': 'enable',
'resolve_port': 'enable',
'user_anonymize': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_setting.fortios_log(input_data, fos_instance)
expected_data = {
'brief-traffic-format': 'enable',
'daemon-log': 'enable',
'expolicy-implicit-log': 'enable',
'fwpolicy-implicit-log': 'enable',
'fwpolicy6-implicit-log': 'enable',
'local-in-allow': 'enable',
'local-in-deny-broadcast': 'enable',
'local-in-deny-unicast': 'enable',
'local-out': 'enable',
'log-invalid-packet': 'enable',
'log-policy-comment': 'enable',
'log-policy-name': 'enable',
'log-user-in-upper': 'enable',
'neighbor-event': 'enable',
'resolve-ip': 'enable',
'resolve-port': 'enable',
'user-anonymize': 'enable'
}
set_method_mock.assert_called_with('log', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

255
test/units/modules/network/fortios/test_fortios_log_syslogd2_filter.py
Unescape Escape View File

@ -0,0 +1,255 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_syslogd2_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd2_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_syslogd2_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd2_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd2_filter.fortios_log_syslogd2(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd2', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_syslogd2_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd2_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd2_filter.fortios_log_syslogd2(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd2', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_syslogd2_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd2_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd2_filter.fortios_log_syslogd2(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd2', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_syslogd2_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd2_filter': {
'random_attribute_not_valid': 'tag',
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd2_filter.fortios_log_syslogd2(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd2', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

223
test/units/modules/network/fortios/test_fortios_log_syslogd2_setting.py
Unescape Escape View File

@ -0,0 +1,223 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_syslogd2_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd2_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_syslogd2_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd2_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd2_setting.fortios_log_syslogd2(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd2', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_syslogd2_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd2_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd2_setting.fortios_log_syslogd2(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd2', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_syslogd2_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd2_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd2_setting.fortios_log_syslogd2(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd2', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_syslogd2_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd2_setting': {
'random_attribute_not_valid': 'tag',
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd2_setting.fortios_log_syslogd2(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd2', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

255
test/units/modules/network/fortios/test_fortios_log_syslogd3_filter.py
Unescape Escape View File

@ -0,0 +1,255 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_syslogd3_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd3_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_syslogd3_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd3_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd3_filter.fortios_log_syslogd3(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd3', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_syslogd3_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd3_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd3_filter.fortios_log_syslogd3(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd3', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_syslogd3_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd3_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd3_filter.fortios_log_syslogd3(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd3', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_syslogd3_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd3_filter': {
'random_attribute_not_valid': 'tag',
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd3_filter.fortios_log_syslogd3(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd3', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

223
test/units/modules/network/fortios/test_fortios_log_syslogd3_setting.py
Unescape Escape View File

@ -0,0 +1,223 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_syslogd3_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd3_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_syslogd3_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd3_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd3_setting.fortios_log_syslogd3(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd3', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_syslogd3_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd3_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd3_setting.fortios_log_syslogd3(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd3', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_syslogd3_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd3_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd3_setting.fortios_log_syslogd3(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd3', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_syslogd3_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd3_setting': {
'random_attribute_not_valid': 'tag',
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd3_setting.fortios_log_syslogd3(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd3', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

255
test/units/modules/network/fortios/test_fortios_log_syslogd4_filter.py
Unescape Escape View File

@ -0,0 +1,255 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_syslogd4_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd4_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_syslogd4_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd4_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd4_filter.fortios_log_syslogd4(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd4', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_syslogd4_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd4_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd4_filter.fortios_log_syslogd4(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd4', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_syslogd4_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd4_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd4_filter.fortios_log_syslogd4(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd4', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_syslogd4_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd4_filter': {
'random_attribute_not_valid': 'tag',
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd4_filter.fortios_log_syslogd4(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd4', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

223
test/units/modules/network/fortios/test_fortios_log_syslogd4_setting.py
Unescape Escape View File

@ -0,0 +1,223 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_syslogd4_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd4_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_syslogd4_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd4_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd4_setting.fortios_log_syslogd4(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd4', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_syslogd4_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd4_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd4_setting.fortios_log_syslogd4(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd4', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_syslogd4_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd4_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd4_setting.fortios_log_syslogd4(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd4', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_syslogd4_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd4_setting': {
'random_attribute_not_valid': 'tag',
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd4_setting.fortios_log_syslogd4(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd4', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

255
test/units/modules/network/fortios/test_fortios_log_syslogd_filter.py
Unescape Escape View File

@ -0,0 +1,255 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_syslogd_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_syslogd_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_filter.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_syslogd_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_filter.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_syslogd_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_filter.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_syslogd_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_filter': {
'random_attribute_not_valid': 'tag',
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_filter.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

255
test/units/modules/network/fortios/test_fortios_log_syslogd_override_filter.py
Unescape Escape View File

@ -0,0 +1,255 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_syslogd_override_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd_override_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_syslogd_override_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_override_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_override_filter.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'override-filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_syslogd_override_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_override_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_override_filter.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'override-filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_syslogd_override_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_override_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_override_filter.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'override-filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_syslogd_override_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_override_filter': {
'random_attribute_not_valid': 'tag',
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_override_filter.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'override-filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

231
test/units/modules/network/fortios/test_fortios_log_syslogd_override_setting.py
Unescape Escape View File

@ -0,0 +1,231 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_syslogd_override_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd_override_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_syslogd_override_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_override_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'override': 'enable',
'port': '9',
'server': '192.168.100.10',
'source_ip': '84.230.14.11',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_override_setting.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'override': 'enable',
'port': '9',
'server': '192.168.100.10',
'source-ip': '84.230.14.11',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'override-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_syslogd_override_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_override_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'override': 'enable',
'port': '9',
'server': '192.168.100.10',
'source_ip': '84.230.14.11',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_override_setting.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'override': 'enable',
'port': '9',
'server': '192.168.100.10',
'source-ip': '84.230.14.11',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'override-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_syslogd_override_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_override_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'override': 'enable',
'port': '9',
'server': '192.168.100.10',
'source_ip': '84.230.14.11',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_override_setting.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'override': 'enable',
'port': '9',
'server': '192.168.100.10',
'source-ip': '84.230.14.11',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'override-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_syslogd_override_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_override_setting': {
'random_attribute_not_valid': 'tag',
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'override': 'enable',
'port': '9',
'server': '192.168.100.10',
'source_ip': '84.230.14.11',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_override_setting.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'override': 'enable',
'port': '9',
'server': '192.168.100.10',
'source-ip': '84.230.14.11',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'override-setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

223
test/units/modules/network/fortios/test_fortios_log_syslogd_setting.py
Unescape Escape View File

@ -0,0 +1,223 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_syslogd_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_syslogd_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_setting.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_syslogd_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_setting.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_syslogd_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_setting': {
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_setting.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_syslogd_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_syslogd_setting': {
'random_attribute_not_valid': 'tag',
'certificate': 'test_value_3',
'enc_algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source_ip': '84.230.14.10',
'ssl_min_proto_version': 'default',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_syslogd_setting.fortios_log_syslogd(input_data, fos_instance)
expected_data = {
'certificate': 'test_value_3',
'enc-algorithm': 'high-medium',
'facility': 'kernel',
'format': 'default',
'mode': 'udp',
'port': '8',
'server': '192.168.100.9',
'source-ip': '84.230.14.10',
'ssl-min-proto-version': 'default',
'status': 'enable'
}
set_method_mock.assert_called_with('log.syslogd', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

175
test/units/modules/network/fortios/test_fortios_log_threat_weight.py
Unescape Escape View File

@ -0,0 +1,175 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_threat_weight
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_threat_weight.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_threat_weight_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_threat_weight': {'blocked_connection': 'disable',
'failed_connection': 'disable',
'status': 'enable',
'url_block_detected': 'disable',
},
'vdom': 'root'}
is_error, changed, response = fortios_log_threat_weight.fortios_log(input_data, fos_instance)
expected_data = {'blocked-connection': 'disable',
'failed-connection': 'disable',
'status': 'enable',
'url-block-detected': 'disable',
}
set_method_mock.assert_called_with('log', 'threat-weight', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_threat_weight_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_threat_weight': {'blocked_connection': 'disable',
'failed_connection': 'disable',
'status': 'enable',
'url_block_detected': 'disable',
},
'vdom': 'root'}
is_error, changed, response = fortios_log_threat_weight.fortios_log(input_data, fos_instance)
expected_data = {'blocked-connection': 'disable',
'failed-connection': 'disable',
'status': 'enable',
'url-block-detected': 'disable',
}
set_method_mock.assert_called_with('log', 'threat-weight', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_threat_weight_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_threat_weight': {'blocked_connection': 'disable',
'failed_connection': 'disable',
'status': 'enable',
'url_block_detected': 'disable',
},
'vdom': 'root'}
is_error, changed, response = fortios_log_threat_weight.fortios_log(input_data, fos_instance)
expected_data = {'blocked-connection': 'disable',
'failed-connection': 'disable',
'status': 'enable',
'url-block-detected': 'disable',
}
set_method_mock.assert_called_with('log', 'threat-weight', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_threat_weight_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_threat_weight': {
'random_attribute_not_valid': 'tag', 'blocked_connection': 'disable',
'failed_connection': 'disable',
'status': 'enable',
'url_block_detected': 'disable',
},
'vdom': 'root'}
is_error, changed, response = fortios_log_threat_weight.fortios_log(input_data, fos_instance)
expected_data = {'blocked-connection': 'disable',
'failed-connection': 'disable',
'status': 'enable',
'url-block-detected': 'disable',
}
set_method_mock.assert_called_with('log', 'threat-weight', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

255
test/units/modules/network/fortios/test_fortios_log_webtrends_filter.py
Unescape Escape View File

@ -0,0 +1,255 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_webtrends_filter
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_webtrends_filter.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_webtrends_filter_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_webtrends_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_webtrends_filter.fortios_log_webtrends(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.webtrends', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_webtrends_filter_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_webtrends_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_webtrends_filter.fortios_log_webtrends(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.webtrends', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_webtrends_filter_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_webtrends_filter': {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_webtrends_filter.fortios_log_webtrends(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.webtrends', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_webtrends_filter_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_webtrends_filter': {
'random_attribute_not_valid': 'tag',
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter_type': 'include',
'forward_traffic': 'enable',
'gtp': 'enable',
'local_traffic': 'enable',
'multicast_traffic': 'enable',
'netscan_discovery': 'test_value_11,',
'netscan_vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer_traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_webtrends_filter.fortios_log_webtrends(input_data, fos_instance)
expected_data = {
'anomaly': 'enable',
'dns': 'enable',
'filter': 'test_value_5',
'filter-type': 'include',
'forward-traffic': 'enable',
'gtp': 'enable',
'local-traffic': 'enable',
'multicast-traffic': 'enable',
'netscan-discovery': 'test_value_11,',
'netscan-vulnerability': 'test_value_12,',
'severity': 'emergency',
'sniffer-traffic': 'enable',
'ssh': 'enable',
'voip': 'enable'
}
set_method_mock.assert_called_with('log.webtrends', 'filter', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

159
test/units/modules/network/fortios/test_fortios_log_webtrends_setting.py
Unescape Escape View File

@ -0,0 +1,159 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_log_webtrends_setting
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_webtrends_setting.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_log_webtrends_setting_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_webtrends_setting': {
'server': '192.168.100.3',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_webtrends_setting.fortios_log_webtrends(input_data, fos_instance)
expected_data = {
'server': '192.168.100.3',
'status': 'enable'
}
set_method_mock.assert_called_with('log.webtrends', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_log_webtrends_setting_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_webtrends_setting': {
'server': '192.168.100.3',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_webtrends_setting.fortios_log_webtrends(input_data, fos_instance)
expected_data = {
'server': '192.168.100.3',
'status': 'enable'
}
set_method_mock.assert_called_with('log.webtrends', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_log_webtrends_setting_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_webtrends_setting': {
'server': '192.168.100.3',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_webtrends_setting.fortios_log_webtrends(input_data, fos_instance)
expected_data = {
'server': '192.168.100.3',
'status': 'enable'
}
set_method_mock.assert_called_with('log.webtrends', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_log_webtrends_setting_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'log_webtrends_setting': {
'random_attribute_not_valid': 'tag',
'server': '192.168.100.3',
'status': 'enable'
},
'vdom': 'root'}
is_error, changed, response = fortios_log_webtrends_setting.fortios_log_webtrends(input_data, fos_instance)
expected_data = {
'server': '192.168.100.3',
'status': 'enable'
}
set_method_mock.assert_called_with('log.webtrends', 'setting', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

369
test/units/modules/network/fortios/test_fortios_report_chart.py
Unescape Escape View File

@ -0,0 +1,369 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_report_chart
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_report_chart.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_report_chart_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'report_chart': {
'background': 'test_value_3',
'category': 'misc',
'color_palette': 'test_value_5',
'comments': 'test_value_6',
'dataset': 'test_value_7',
'dimension': '2D',
'favorite': 'no',
'graph_type': 'none',
'legend': 'enable',
'legend_font_size': '12',
'name': 'default_name_13',
'period': 'last24h',
'policy': '15',
'style': 'auto',
'title': 'test_value_17',
'title_font_size': '18',
'type': 'graph',
},
'vdom': 'root'}
is_error, changed, response = fortios_report_chart.fortios_report(input_data, fos_instance)
expected_data = {
'background': 'test_value_3',
'category': 'misc',
'color-palette': 'test_value_5',
'comments': 'test_value_6',
'dataset': 'test_value_7',
'dimension': '2D',
'favorite': 'no',
'graph-type': 'none',
'legend': 'enable',
'legend-font-size': '12',
'name': 'default_name_13',
'period': 'last24h',
'policy': '15',
'style': 'auto',
'title': 'test_value_17',
'title-font-size': '18',
'type': 'graph',
}
set_method_mock.assert_called_with('report', 'chart', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_report_chart_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'report_chart': {
'background': 'test_value_3',
'category': 'misc',
'color_palette': 'test_value_5',
'comments': 'test_value_6',
'dataset': 'test_value_7',
'dimension': '2D',
'favorite': 'no',
'graph_type': 'none',
'legend': 'enable',
'legend_font_size': '12',
'name': 'default_name_13',
'period': 'last24h',
'policy': '15',
'style': 'auto',
'title': 'test_value_17',
'title_font_size': '18',
'type': 'graph',
},
'vdom': 'root'}
is_error, changed, response = fortios_report_chart.fortios_report(input_data, fos_instance)
expected_data = {
'background': 'test_value_3',
'category': 'misc',
'color-palette': 'test_value_5',
'comments': 'test_value_6',
'dataset': 'test_value_7',
'dimension': '2D',
'favorite': 'no',
'graph-type': 'none',
'legend': 'enable',
'legend-font-size': '12',
'name': 'default_name_13',
'period': 'last24h',
'policy': '15',
'style': 'auto',
'title': 'test_value_17',
'title-font-size': '18',
'type': 'graph',
}
set_method_mock.assert_called_with('report', 'chart', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_report_chart_removal(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result)
input_data = {
'username': 'admin',
'state': 'absent',
'report_chart': {
'background': 'test_value_3',
'category': 'misc',
'color_palette': 'test_value_5',
'comments': 'test_value_6',
'dataset': 'test_value_7',
'dimension': '2D',
'favorite': 'no',
'graph_type': 'none',
'legend': 'enable',
'legend_font_size': '12',
'name': 'default_name_13',
'period': 'last24h',
'policy': '15',
'style': 'auto',
'title': 'test_value_17',
'title_font_size': '18',
'type': 'graph',
},
'vdom': 'root'}
is_error, changed, response = fortios_report_chart.fortios_report(input_data, fos_instance)
delete_method_mock.assert_called_with('report', 'chart', mkey=ANY, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_report_chart_deletion_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result)
input_data = {
'username': 'admin',
'state': 'absent',
'report_chart': {
'background': 'test_value_3',
'category': 'misc',
'color_palette': 'test_value_5',
'comments': 'test_value_6',
'dataset': 'test_value_7',
'dimension': '2D',
'favorite': 'no',
'graph_type': 'none',
'legend': 'enable',
'legend_font_size': '12',
'name': 'default_name_13',
'period': 'last24h',
'policy': '15',
'style': 'auto',
'title': 'test_value_17',
'title_font_size': '18',
'type': 'graph',
},
'vdom': 'root'}
is_error, changed, response = fortios_report_chart.fortios_report(input_data, fos_instance)
delete_method_mock.assert_called_with('report', 'chart', mkey=ANY, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_report_chart_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'report_chart': {
'background': 'test_value_3',
'category': 'misc',
'color_palette': 'test_value_5',
'comments': 'test_value_6',
'dataset': 'test_value_7',
'dimension': '2D',
'favorite': 'no',
'graph_type': 'none',
'legend': 'enable',
'legend_font_size': '12',
'name': 'default_name_13',
'period': 'last24h',
'policy': '15',
'style': 'auto',
'title': 'test_value_17',
'title_font_size': '18',
'type': 'graph',
},
'vdom': 'root'}
is_error, changed, response = fortios_report_chart.fortios_report(input_data, fos_instance)
expected_data = {
'background': 'test_value_3',
'category': 'misc',
'color-palette': 'test_value_5',
'comments': 'test_value_6',
'dataset': 'test_value_7',
'dimension': '2D',
'favorite': 'no',
'graph-type': 'none',
'legend': 'enable',
'legend-font-size': '12',
'name': 'default_name_13',
'period': 'last24h',
'policy': '15',
'style': 'auto',
'title': 'test_value_17',
'title-font-size': '18',
'type': 'graph',
}
set_method_mock.assert_called_with('report', 'chart', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_report_chart_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'report_chart': {
'random_attribute_not_valid': 'tag',
'background': 'test_value_3',
'category': 'misc',
'color_palette': 'test_value_5',
'comments': 'test_value_6',
'dataset': 'test_value_7',
'dimension': '2D',
'favorite': 'no',
'graph_type': 'none',
'legend': 'enable',
'legend_font_size': '12',
'name': 'default_name_13',
'period': 'last24h',
'policy': '15',
'style': 'auto',
'title': 'test_value_17',
'title_font_size': '18',
'type': 'graph',
},
'vdom': 'root'}
is_error, changed, response = fortios_report_chart.fortios_report(input_data, fos_instance)
expected_data = {
'background': 'test_value_3',
'category': 'misc',
'color-palette': 'test_value_5',
'comments': 'test_value_6',
'dataset': 'test_value_7',
'dimension': '2D',
'favorite': 'no',
'graph-type': 'none',
'legend': 'enable',
'legend-font-size': '12',
'name': 'default_name_13',
'period': 'last24h',
'policy': '15',
'style': 'auto',
'title': 'test_value_17',
'title-font-size': '18',
'type': 'graph',
}
set_method_mock.assert_called_with('report', 'chart', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200

209
test/units/modules/network/fortios/test_fortios_report_dataset.py
Unescape Escape View File

@ -0,0 +1,209 @@
# Copyright 2019 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
from mock import ANY
from ansible.module_utils.network.fortios.fortios import FortiOSHandler
try:
from ansible.modules.network.fortios import fortios_report_dataset
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_report_dataset.Connection')
return connection_class_mock
fos_instance = FortiOSHandler(connection_mock)
def test_report_dataset_creation(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'report_dataset': {'name': 'default_name_3',
'policy': '4',
'query': 'test_value_5'
},
'vdom': 'root'}
is_error, changed, response = fortios_report_dataset.fortios_report(input_data, fos_instance)
expected_data = {'name': 'default_name_3',
'policy': '4',
'query': 'test_value_5'
}
set_method_mock.assert_called_with('report', 'dataset', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_report_dataset_creation_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'report_dataset': {'name': 'default_name_3',
'policy': '4',
'query': 'test_value_5'
},
'vdom': 'root'}
is_error, changed, response = fortios_report_dataset.fortios_report(input_data, fos_instance)
expected_data = {'name': 'default_name_3',
'policy': '4',
'query': 'test_value_5'
}
set_method_mock.assert_called_with('report', 'dataset', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_report_dataset_removal(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result)
input_data = {
'username': 'admin',
'state': 'absent',
'report_dataset': {'name': 'default_name_3',
'policy': '4',
'query': 'test_value_5'
},
'vdom': 'root'}
is_error, changed, response = fortios_report_dataset.fortios_report(input_data, fos_instance)
delete_method_mock.assert_called_with('report', 'dataset', mkey=ANY, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
def test_report_dataset_deletion_fails(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500}
delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result)
input_data = {
'username': 'admin',
'state': 'absent',
'report_dataset': {'name': 'default_name_3',
'policy': '4',
'query': 'test_value_5'
},
'vdom': 'root'}
is_error, changed, response = fortios_report_dataset.fortios_report(input_data, fos_instance)
delete_method_mock.assert_called_with('report', 'dataset', mkey=ANY, vdom='root')
schema_method_mock.assert_not_called()
assert is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 500
def test_report_dataset_idempotent(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'report_dataset': {'name': 'default_name_3',
'policy': '4',
'query': 'test_value_5'
},
'vdom': 'root'}
is_error, changed, response = fortios_report_dataset.fortios_report(input_data, fos_instance)
expected_data = {'name': 'default_name_3',
'policy': '4',
'query': 'test_value_5'
}
set_method_mock.assert_called_with('report', 'dataset', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert not changed
assert response['status'] == 'error'
assert response['http_status'] == 404
def test_report_dataset_filter_foreign_attributes(mocker):
schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema')
set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200}
set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result)
input_data = {
'username': 'admin',
'state': 'present',
'report_dataset': {
'random_attribute_not_valid': 'tag', 'name': 'default_name_3',
'policy': '4',
'query': 'test_value_5'
},
'vdom': 'root'}
is_error, changed, response = fortios_report_dataset.fortios_report(input_data, fos_instance)
expected_data = {'name': 'default_name_3',
'policy': '4',
'query': 'test_value_5'
}
set_method_mock.assert_called_with('report', 'dataset', data=expected_data, vdom='root')
schema_method_mock.assert_not_called()
assert not is_error
assert changed
assert response['status'] == 'success'
assert response['http_status'] == 200
Write Preview
Loading…
Cancel
Save