FortiManager Plugin Module Conversion: fmgr_fwobj_vip (#52774)

* Auto Commit for: fmgr_fwobj_vip * Auto Commit for: fmgr_fwobj_vip * Auto Commit for: fmgr_fwobj_vip * Auto Commit for: fmgr_fwobj_vip
5 years ago · c37f6bed1c
parent 79eeea8ea6
commit c37f6bed1c
3 changed files with 1984 additions and 1790 deletions
--- a/lib/ansible/modules/network/fortimanager/fmgr_fwobj_vip.py
+++ b/lib/ansible/modules/network/fortimanager/fmgr_fwobj_vip.py
@ -28,6 +28,8 @@ DOCUMENTATION = '''
 ---
 module: fmgr_fwobj_vip
 version_added: "2.8"
+notes:
+    - Full Documentation at U(https://ftnt-ansible-docs.readthedocs.io/en/latest/).
 author:
    - Luke Weighall (@lweighall)
    - Andrew Welsh (@Ghilli3)
@ -43,21 +45,6 @@ options:
    required: false
    default: root

-  host:
-    description:
-      - The FortiManager's Address.
-    required: true
-
-  username:
-    description:
-      - The username associated with the account.
-    required: true
-
-  password:
-    description:
-      - The password associated with the username account.
-    required: true
-
  mode:
    description:
      - Sets one of three modes for managing the object.
@ -325,7 +312,7 @@ options:
      - choice | high | High encryption. Allow only AES and ChaCha.
      - choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
      - choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
-      - choice | custom | Custom encryption. Use config ssl-cipher-suites to select the cipher suites that are allow
+      - choice | custom | Custom encryption. Use config ssl-cipher-suites to select the cipher suites that are allowed.
    required: false
    choices: ["high", "medium", "low", "custom"]

@ -1703,9 +1690,6 @@ EXAMPLES = '''
 # BASIC FULL STATIC NAT MAPPING
 - name: EDIT FMGR_FIREWALL_VIP SNAT
  fmgr_fwobj_vip:
-    host: "{{ inventory_hostname }}"
-    username: "{{ username }}"
-    password: "{{ password }}"
    name: "Basic StaticNAT Map"
    mode: "set"
    adom: "ansible"
@ -1719,9 +1703,6 @@ EXAMPLES = '''
 # BASIC PORT PNAT MAPPING
 - name: EDIT FMGR_FIREWALL_VIP PNAT
  fmgr_fwobj_vip:
-    host: "{{ inventory_hostname }}"
-    username: "{{ username }}"
-    password: "{{ password }}"
    name: "Basic PNAT Map Port 10443"
    mode: "set"
    adom: "ansible"
@ -1739,9 +1720,6 @@ EXAMPLES = '''
 # BASIC DNS TRANSLATION NAT
 - name: EDIT FMGR_FIREWALL_DNST
  fmgr_fwobj_vip:
-    host: "{{ inventory_hostname }}"
-    username: "{{ username }}"
-    password: "{{ password }}"
    name: "Basic DNS Translation"
    mode: "set"
    adom: "ansible"
@ -1755,9 +1733,6 @@ EXAMPLES = '''
 # BASIC FQDN NAT
 - name: EDIT FMGR_FIREWALL_FQDN
  fmgr_fwobj_vip:
-    host: "{{ inventory_hostname }}"
-    username: "{{ username }}"
-    password: "{{ password }}"
    name: "Basic FQDN Translation"
    mode: "set"
    adom: "ansible"
@ -1769,9 +1744,6 @@ EXAMPLES = '''
 # DELETE AN ENTRY
 - name: DELETE FMGR_FIREWALL_VIP PNAT
  fmgr_fwobj_vip:
-    host: "{{ inventory_hostname }}"
-    username: "{{ username }}"
-    password: "{{ password }}"
    name: "Basic PNAT Map Port 10443"
    mode: "delete"
    adom: "ansible"
@ -1785,38 +1757,38 @@ api_result:
 """

 from ansible.module_utils.basic import AnsibleModule, env_fallback
-from ansible.module_utils.network.fortimanager.fortimanager import AnsibleFortiManager
-
-# check for pyFMG lib
-try:
-    from pyFMG.fortimgr import FortiManager
-
-    HAS_PYFMGR = True
-except ImportError:
-    HAS_PYFMGR = False
-
-
-###############
-# START METHODS
-###############
-
-
-def fmgr_firewall_vip_addsetdelete(fmg, paramgram):
+from ansible.module_utils.connection import Connection
+from ansible.module_utils.network.fortimanager.fortimanager import FortiManagerHandler
+from ansible.module_utils.network.fortimanager.common import FMGBaseException
+from ansible.module_utils.network.fortimanager.common import FMGRCommon
+from ansible.module_utils.network.fortimanager.common import FMGRMethods
+from ansible.module_utils.network.fortimanager.common import DEFAULT_RESULT_OBJ
+from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
+from ansible.module_utils.network.fortimanager.common import prepare_dict
+from ansible.module_utils.network.fortimanager.common import scrub_dict
+
+
+def fmgr_firewall_vip_modify(fmgr, paramgram):
    """
-    fmgr_firewall_vip -- Add/Set/Deletes Firewall Virtual IP Objects
+    :param fmgr: The fmgr object instance from fortimanager.py
+    :type fmgr: class object
+    :param paramgram: The formatted dictionary of options to process
+    :type paramgram: dict
+    :return: The response from the FortiManager
+    :rtype: dict
    """

    mode = paramgram["mode"]
    adom = paramgram["adom"]
    # INIT A BASIC OBJECTS
-    response = (-100000, {"msg": "Illegal or malformed paramgram discovered. System Exception"})
+    response = DEFAULT_RESULT_OBJ
    url = ""
    datagram = {}

    # EVAL THE MODE PARAMETER FOR SET OR ADD
    if mode in ['set', 'add', 'update']:
        url = '/pm/config/adom/{adom}/obj/firewall/vip'.format(adom=adom)
-        datagram = fmgr_del_none(fmgr_prepare_dict(paramgram))
+        datagram = scrub_dict(prepare_dict(paramgram))

    # EVAL THE MODE PARAMETER FOR DELETE
    elif mode == "delete":
@ -1824,124 +1796,10 @@ def fmgr_firewall_vip_addsetdelete(fmg, paramgram):
        url = '/pm/config/adom/{adom}/obj/firewall/vip/{name}'.format(adom=adom, name=paramgram["name"])
        datagram = {}

-    # IF MODE = SET -- USE THE 'SET' API CALL MODE
-    if mode == "set":
-        response = fmg.set(url, datagram)
-    # IF MODE = UPDATE -- USER THE 'UPDATE' API CALL MODE
-    elif mode == "update":
-        response = fmg.update(url, datagram)
-    # IF MODE = ADD  -- USE THE 'ADD' API CALL MODE
-    elif mode == "add":
-        response = fmg.add(url, datagram)
-    # IF MODE = DELETE  -- USE THE DELETE URL AND API CALL MODE
-    elif mode == "delete":
-        response = fmg.delete(url, datagram)
-
+    response = fmgr.process_request(url, datagram, paramgram["mode"])
    return response


-# ADDITIONAL COMMON FUNCTIONS
-def fmgr_logout(fmg, module, msg="NULL", results=(), good_codes=(0,), logout_on_fail=True, logout_on_success=False):
-    """
-    THIS METHOD CONTROLS THE LOGOUT AND ERROR REPORTING AFTER AN METHOD OR FUNCTION RUNS
-    """
-    # VALIDATION ERROR (NO RESULTS, JUST AN EXIT)
-    if msg != "NULL" and len(results) == 0:
-        try:
-            fmg.logout()
-        except Exception:
-            pass
-        module.fail_json(msg=msg)
-
-    # SUBMISSION ERROR
-    if len(results) > 0:
-        if msg == "NULL":
-            try:
-                msg = results[1]['status']['message']
-            except Exception:
-                msg = "No status message returned from pyFMG. Possible that this was a GET with a tuple result."
-
-        if results[0] not in good_codes:
-            if logout_on_fail:
-                fmg.logout()
-                module.fail_json(msg=msg, **results[1])
-        else:
-            if logout_on_success:
-                fmg.logout()
-                module.exit_json(msg="API Called worked, but logout handler has been asked to logout on success",
-                                 **results[1])
-    return msg
-
-
-# FUNCTION/METHOD FOR CONVERTING CIDR TO A NETMASK
-# DID NOT USE IP ADDRESS MODULE TO KEEP INCLUDES TO A MINIMUM
-def fmgr_cidr_to_netmask(cidr):
-    cidr = int(cidr)
-    mask = (0xffffffff >> (32 - cidr)) << (32 - cidr)
-    return (str((0xff000000 & mask) >> 24) + '.' +
-            str((0x00ff0000 & mask) >> 16) + '.' +
-            str((0x0000ff00 & mask) >> 8) + '.' +
-            str((0x000000ff & mask)))
-
-
-# utility function: removing keys wih value of None, nothing in playbook for that key
-def fmgr_del_none(obj):
-    if isinstance(obj, dict):
-        return type(obj)((fmgr_del_none(k), fmgr_del_none(v))
-                         for k, v in obj.items() if k is not None and (v is not None and not fmgr_is_empty_dict(v)))
-    else:
-        return obj
-
-
-# utility function: remove keys that are need for the logic but the FMG API won't accept them
-def fmgr_prepare_dict(obj):
-    list_of_elems = ["mode", "adom", "host", "username", "password"]
-    if isinstance(obj, dict):
-        obj = dict((key, fmgr_prepare_dict(value)) for (key, value) in obj.items() if key not in list_of_elems)
-    return obj
-
-
-def fmgr_is_empty_dict(obj):
-    return_val = False
-    if isinstance(obj, dict):
-        if len(obj) > 0:
-            for k, v in obj.items():
-                if isinstance(v, dict):
-                    if len(v) == 0:
-                        return_val = True
-                    elif len(v) > 0:
-                        for k1, v1 in v.items():
-                            if v1 is None:
-                                return_val = True
-                            elif v1 is not None:
-                                return_val = False
-                                return return_val
-                elif v is None:
-                    return_val = True
-                elif v is not None:
-                    return_val = False
-                    return return_val
-        elif len(obj) == 0:
-            return_val = True
-
-    return return_val
-
-
-def fmgr_split_comma_strings_into_lists(obj):
-    if isinstance(obj, dict):
-        if len(obj) > 0:
-            for k, v in obj.items():
-                if isinstance(v, str):
-                    new_list = list()
-                    if "," in v:
-                        new_items = v.split(",")
-                        for item in new_items:
-                            new_list.append(item.strip())
-                        obj[k] = new_list
-
-    return obj
-
-
 #############
 # END METHODS
 #############
@ -1950,9 +1808,6 @@ def fmgr_split_comma_strings_into_lists(obj):
 def main():
    argument_spec = dict(
        adom=dict(type="str", default="root"),
-        host=dict(required=True, type="str"),
-        password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]), no_log=True, required=True),
-        username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]), no_log=True, required=True),
        mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),

        websphere_server=dict(required=False, type="str", choices=["disable", "enable"]),
@ -2361,8 +2216,7 @@ def main():

    )

-    module = AnsibleModule(argument_spec, supports_check_mode=False)
-
+    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
    # MODULE PARAMGRAM
    paramgram = {
        "mode": module.params["mode"],
@ -2546,45 +2400,29 @@ def main():
            "versions": module.params["ssl_server_cipher_suites_versions"],
        }
    }
+    module.paramgram = paramgram
+    fmgr = None
+    if module._socket_path:
+        connection = Connection(module._socket_path)
+        fmgr = FortiManagerHandler(connection, module)
+        fmgr.tools = FMGRCommon()
+    else:
+        module.fail_json(**FAIL_SOCKET_MSG)

    list_overrides = ['dynamic_mapping', 'realservers', 'ssl-cipher-suites', 'ssl-server-cipher-suites']
-    for list_variable in list_overrides:
-        override_data = list()
-        try:
-            override_data = module.params[list_variable]
-        except Exception:
-            pass
-        try:
-            if override_data:
-                del paramgram[list_variable]
-                paramgram[list_variable] = override_data
-        except Exception:
-            pass
-
-    # CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN.
-    host = module.params["host"]
-    password = module.params["password"]
-    username = module.params["username"]
-    if host is None or username is None or password is None:
-        module.fail_json(msg="Host and username and password are required")
-
-    # CHECK IF LOGIN FAILED
-    fmg = AnsibleFortiManager(module, module.params["host"], module.params["username"], module.params["password"])
-
-    response = fmg.login()
-    if response[1]['status']['code'] != 0:
-        module.fail_json(msg="Connection to FortiManager Failed")
-
-    results = fmgr_firewall_vip_addsetdelete(fmg, paramgram)
-    if results[0] != 0:
-        fmgr_logout(fmg, module, results=results, good_codes=[0, -3])
-
-    fmg.logout()
-
-    if results is not None:
-        return module.exit_json(**results[1])
-    else:
-        return module.exit_json(msg="No results were returned from the API call.")
+    paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
+                                                         paramgram=paramgram, module=module)
+
+    results = DEFAULT_RESULT_OBJ
+    try:
+        results = fmgr_firewall_vip_modify(fmgr, paramgram)
+        fmgr.govern_response(module=module, results=results,
+                             ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
+
+    except Exception as err:
+        raise FMGBaseException(err)
+
+    return module.exit_json(**results[1])


 if __name__ == "__main__":
--- a/test/units/modules/network/fortimanager/fixtures/test_fmgr_fwobj_vip.json
+++ b/test/units/modules/network/fortimanager/fixtures/test_fmgr_fwobj_vip.json
--- a/test/units/modules/network/fortimanager/test_fmgr_fwobj_vip.py
+++ b/test/units/modules/network/fortimanager/test_fmgr_fwobj_vip.py
@ -19,7 +19,7 @@ __metaclass__ = type

 import os
 import json
-from pyFMG.fortimgr import FortiManager
+from ansible.module_utils.network.fortimanager.fortimanager import FortiManagerHandler
 import pytest

 try:
@ -27,8 +27,6 @@ try:
 except ImportError:
    pytest.skip("Could not load required modules for testing", allow_module_level=True)

-fmg_instance = FortiManager("1.1.1.1", "admin", "")
-

 def load_fixtures():
    fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures') + "/{filename}.json".format(
@ -41,16 +39,109 @@ def load_fixtures():
    return [fixture_data]


+@pytest.fixture(autouse=True)
+def module_mock(mocker):
+    connection_class_mock = mocker.patch('ansible.module_utils.basic.AnsibleModule')
+    return connection_class_mock
+
+
+@pytest.fixture(autouse=True)
+def connection_mock(mocker):
+    connection_class_mock = mocker.patch('ansible.modules.network.fortimanager.fmgr_fwobj_vip.Connection')
+    return connection_class_mock
+
+
@pytest.fixture(scope="function", params=load_fixtures())
 def fixture_data(request):
    func_name = request.function.__name__.replace("test_", "")
    return request.param.get(func_name, None)


-def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
-    mocker.patch("pyFMG.fortimgr.FortiManager._post_request", side_effect=fixture_data)
+fmg_instance = FortiManagerHandler(connection_mock, module_mock)
+
+
+def test_fmgr_firewall_vip_modify(fixture_data, mocker):
+    mocker.patch("ansible.module_utils.network.fortimanager.fortimanager.FortiManagerHandler.process_request",
+                 side_effect=fixture_data)
    #  Fixture sets used:###########################

+    ##################################################
+    # comment: Created by Ansible
+    # ssl-send-empty-frags: None
+    # srcintf-filter: None
+    # ssl-max-version: None
+    # ssl-server-session-state-max: None
+    # ssl-hpkp: None
+    # mapped-addr: None
+    # ssl-client-session-state-timeout: None
+    # src-filter: None
+    # server-type: None
+    # ssl-hpkp-include-subdomains: None
+    # ssl-http-location-conversion: None
+    # https-cookie-secure: None
+    # mappedip: 10.7.220.25
+    # ssl-server-cipher-suites: {'priority': None, 'cipher': None, 'versions': None}
+    # protocol: tcp
+    # ssl-hpkp-backup: None
+    # ssl-dh-bits: None
+    # dns-mapping-ttl: None
+    # ssl-hsts-age: None
+    # extaddr: None
+    # ssl-client-renegotiation: None
+    # monitor: None
+    # service: None
+    # ssl-hpkp-age: None
+    # http-cookie-age: None
+    # weblogic-server: None
+    # http-cookie-share: None
+    # color: 17
+    # ssl-mode: None
+    # portforward: enable
+    # http-multiplex: None
+    # http-cookie-generation: None
+    # ssl-client-fallback: None
+    # extip: 82.72.192.185
+    # extintf: any
+    # persistence: None
+    # websphere-server: None
+    # nat-source-vip: None
+    # portmapping-type: None
+
+    # adom: ansible
+    # ssl-client-session-state-max: None
+    # http-ip-header: None
+    # http-ip-header-name: None
+    # ssl-certificate: None
+    # ssl-hsts: None
+    # arp-reply: None
+    # ssl-hsts-include-subdomains: None
+    # ssl-min-version: None
+    # ldb-method: None
+    # ssl-server-session-state-timeout: None
+    # ssl-server-min-version: None
+    # http-cookie-domain: None
+    # mappedport: 443
+    # name: Basic PNAT Map Port 10443
+    # ssl-cipher-suites: {'cipher': None, 'versions': None}
+    # ssl-hpkp-primary: None
+    # outlook-web-access: None
+    # ssl-server-session-state-type: None
+    # ssl-client-session-state-type: None
+
+    # ssl-http-match-host: None
+
+    # ssl-server-max-version: None
+    # ssl-hpkp-report-uri: None
+    # http-cookie-domain-from-host: None
+    # ssl-algorithm: None
+    # gratuitous-arp-interval: None
+    # extport: 10443
+    # max-embryonic-connections: None
+    # mode: set
+    # http-cookie-path: None
+    # ssl-pfs: None
+    # ssl-server-algorithm: None
+    ##################################################
    ##################################################
    # comment: Created by Ansible
    # ssl-send-empty-frags: None
@ -98,6 +189,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # weblogic-server: None
    # ssl-client-session-state-max: None
    # http-ip-header: None
+
    # ssl-hsts: None
    # arp-reply: None
    # extaddr: None
@ -113,8 +205,9 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # name: Basic DNS Translation
    # ssl-server-session-state-type: None
    # ssl-client-session-state-type: None
-    # # type: "dns-translation"
+
    # ssl-http-match-host: None
+
    # ssl-pfs: None
    # ssl-server-max-version: None
    # ssl-client-session-state-timeout: None
@ -133,7 +226,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # ssl-max-version: None
    # ssl-server-session-state-max: None
    # ssl-hpkp: None
-    # mapped-addr: None
+    # mapped-addr: google-play
    # ssl-client-session-state-timeout: None
    # src-filter: None
    # ldb-method: None
@ -142,7 +235,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # ssl-client-renegotiation: None
    # ssl-http-location-conversion: None
    # https-cookie-secure: None
-    # mappedip: 10.7.220.25
+    # mappedip: None
    # ssl-server-cipher-suites: {'priority': None, 'cipher': None, 'versions': None}
    # protocol: None
    # ssl-hpkp-backup: None
@ -156,17 +249,18 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # http-cookie-age: None
    # weblogic-server: None
    # http-cookie-share: None
-    # color: 17
+    # color: 5
    # ssl-mode: None
    # portforward: None
    # http-cookie-generation: None
    # ssl-client-fallback: None
-    # extip: 82.72.192.185
-    # extintf: any
+    # extip: None
+    # extintf: None
    # persistence: None
    # websphere-server: None
    # nat-source-vip: None
    # portmapping-type: None
+
    # adom: ansible
    # ssl-client-session-state-max: None
    # http-ip-header: None
@ -181,14 +275,15 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # ssl-server-min-version: None
    # http-cookie-domain: None
    # mappedport: None
-    # name: Basic StaticNAT Map
+    # name: Basic FQDN Translation
    # ssl-cipher-suites: {'cipher': None, 'versions': None}
    # ssl-hpkp-primary: None
    # outlook-web-access: None
    # ssl-server-session-state-type: None
    # ssl-client-session-state-type: None
-    # # type: static-nat
+
    # ssl-http-match-host: None
+
    # ssl-server-max-version: None
    # ssl-hpkp-report-uri: None
    # http-cookie-domain-from-host: None
@ -213,12 +308,12 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # server-type: None
    # mode: set
    # ssl-hpkp-include-subdomains: None
-    # extport: 10443
+    # extport: None
    # ssl-http-location-conversion: None
    # https-cookie-secure: None
    # mappedip: 10.7.220.25
    # ssl-server-cipher-suites: {'priority': None, 'cipher': None, 'versions': None}
-    # protocol: tcp
+    # protocol: None
    # ssl-hpkp-backup: None
    # ssl-dh-bits: None
    # dns-mapping-ttl: None
@ -234,7 +329,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # ssl-server-session-state-timeout: None
    # color: 17
    # ssl-mode: None
-    # portforward: enable
+    # portforward: None
    # http-cookie-generation: None
    # max-embryonic-connections: None
    # ssl-client-fallback: None
@ -249,6 +344,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # weblogic-server: None
    # ssl-client-session-state-max: None
    # http-ip-header: None
+
    # ssl-hsts: None
    # arp-reply: None
    # ssl-client-renegotiation: None
@ -257,15 +353,16 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # ssl-certificate: None
    # ssl-server-min-version: None
    # http-cookie-domain: None
-    # mappedport: 443
+    # mappedport: None
    # outlook-web-access: None
    # ssl-cipher-suites: {'cipher': None, 'versions': None}
    # ssl-hpkp-primary: None
-    # name: Basic PNAT Map Port 10443
+    # name: Basic StaticNAT Map
    # ssl-server-session-state-type: None
    # ssl-client-session-state-type: None
-    # # type: static-nat
+
    # ssl-http-match-host: None
+
    # ssl-pfs: None
    # ssl-client-session-state-timeout: None
    # http-cookie-domain-from-host: None
@ -283,7 +380,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # ssl-max-version: None
    # ssl-server-session-state-max: None
    # ssl-hpkp: None
-    # mapped-addr: google-play
+    # mapped-addr: None
    # ssl-client-session-state-timeout: None
    # src-filter: None
    # server-type: None
@ -291,9 +388,9 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # ssl-client-renegotiation: None
    # ssl-http-location-conversion: None
    # https-cookie-secure: None
-    # mappedip: None
+    # mappedip: 10.7.220.25
    # ssl-server-cipher-suites: {'priority': None, 'cipher': None, 'versions': None}
-    # protocol: None
+    # protocol: tcp
    # ssl-hpkp-backup: None
    # ssl-dh-bits: None
    # dns-mapping-ttl: None
@ -305,17 +402,18 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # http-cookie-age: None
    # weblogic-server: None
    # http-cookie-share: None
-    # color: 5
+    # color: 17
    # ssl-mode: None
-    # portforward: None
+    # portforward: enable
    # http-cookie-generation: None
    # ssl-client-fallback: None
-    # extip: None
-    # extintf: None
+    # extip: 82.72.192.185
+    # extintf: any
    # persistence: None
    # websphere-server: None
    # nat-source-vip: None
    # portmapping-type: None
+
    # adom: ansible
    # ssl-client-session-state-max: None
    # http-ip-header: None
@ -330,21 +428,22 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # ssl-server-session-state-timeout: None
    # ssl-server-min-version: None
    # http-cookie-domain: None
-    # mappedport: None
-    # name: Basic FQDN Translation
+    # mappedport: 443
+    # name: Basic PNAT Map Port 10443
    # ssl-cipher-suites: {'cipher': None, 'versions': None}
    # ssl-hpkp-primary: None
    # outlook-web-access: None
    # ssl-server-session-state-type: None
    # ssl-client-session-state-type: None
-    # # type: fqdn
+
    # ssl-http-match-host: None
+
    # ssl-server-max-version: None
    # ssl-hpkp-report-uri: None
    # http-cookie-domain-from-host: None
    # ssl-algorithm: None
    # gratuitous-arp-interval: None
-    # extport: None
+    # extport: 10443
    # max-embryonic-connections: None
    # mode: set
    # http-cookie-path: None
@ -398,6 +497,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # weblogic-server: None
    # ssl-client-session-state-max: None
    # http-ip-header: None
+
    # ssl-hsts: None
    # arp-reply: None
    # ssl-client-renegotiation: None
@ -413,8 +513,9 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # name: Basic PNAT Map Port 10443
    # ssl-server-session-state-type: None
    # ssl-client-session-state-type: None
-    # # type: None
+
    # ssl-http-match-host: None
+
    # ssl-pfs: None
    # ssl-server-max-version: None
    # ssl-client-session-state-timeout: None
@ -467,6 +568,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # websphere-server: None
    # nat-source-vip: None
    # portmapping-type: None
+
    # adom: ansible
    # ssl-client-session-state-max: None
    # http-ip-header: None
@ -487,8 +589,9 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # outlook-web-access: None
    # ssl-server-session-state-type: None
    # ssl-client-session-state-type: None
-    # # type: None
+
    # ssl-http-match-host: None
+
    # ssl-server-max-version: None
    # ssl-hpkp-report-uri: None
    # http-cookie-domain-from-host: None
@ -549,7 +652,8 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # http-ip-header-name: None
    # weblogic-server: None
    # ssl-client-session-state-max: None
-    # http-ip-header: None # ssl-hsts: None
+    # http-ip-header: None
+    # ssl-hsts: None
    # arp-reply: None
    # extaddr: None
    # ssl-hpkp-primary: None
@ -563,7 +667,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # ssl-client-session-state-type: None
    # name: Basic DNS Translation
    # ssl-server-session-state-type: None
-    # # type: None
+
    # ssl-http-match-host: None
    # ssl-pfs: None
    # ssl-client-session-state-timeout: None
@ -612,7 +716,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # portforward: None
    # http-cookie-generation: None
    # ssl-client-fallback: None
-    # # type: None
+
    # http-ip-header: None
    # persistence: None
    # websphere-server: None
@ -637,6 +741,8 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    # ssl-cipher-suites: {'cipher': None, 'versions': None}
    # ssl-client-session-state-type: None
    # ssl-http-match-host: None
+
+    # ssl-client-session-state-timeout: None
    # comment: None
    # ssl-hpkp-report-uri: None
    # http-cookie-domain-from-host: None
@ -651,26 +757,29 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
    ##################################################

    # Test using fixture 1 #
-    output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[0]['paramgram_used'])
+    output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[0]['paramgram_used'])
    assert output['raw_response']['status']['code'] == 0
    # Test using fixture 2 #
-    output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[1]['paramgram_used'])
-    assert output['raw_response']['status']['code'] == 0
+    output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[1]['paramgram_used'])
+    assert output['raw_response']['status']['code'] == -10131
    # Test using fixture 3 #
-    output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[2]['paramgram_used'])
+    output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[2]['paramgram_used'])
    assert output['raw_response']['status']['code'] == 0
    # Test using fixture 4 #
-    output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[3]['paramgram_used'])
+    output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[3]['paramgram_used'])
    assert output['raw_response']['status']['code'] == 0
    # Test using fixture 5 #
-    output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[4]['paramgram_used'])
+    output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[4]['paramgram_used'])
    assert output['raw_response']['status']['code'] == 0
    # Test using fixture 6 #
-    output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[5]['paramgram_used'])
+    output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[5]['paramgram_used'])
    assert output['raw_response']['status']['code'] == 0
    # Test using fixture 7 #
-    output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[6]['paramgram_used'])
+    output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[6]['paramgram_used'])
    assert output['raw_response']['status']['code'] == 0
    # Test using fixture 8 #
-    output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[7]['paramgram_used'])
+    output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[7]['paramgram_used'])
+    assert output['raw_response']['status']['code'] == -3
+    # Test using fixture 9 #
+    output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[8]['paramgram_used'])
    assert output['raw_response']['status']['code'] == 0