def fmgr_fwpol_package_install(fmgr, paramgram):
"""
This method/function installs FMGR FW Policy Packages to the scope members defined in the playbook.
:param fmgr: The fmgr object instance from fmgr_utils.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
# INIT BLANK MEMBERS LIST
members_list = []
# USE THE PARSE CSV FUNCTION TO GET A LIST FORMAT OF THE MEMBERS
members = FMGRCommon.split_comma_strings_into_lists(
paramgram["scope_members"])
# USE THAT LIST TO BUILD THE DICTIONARIES NEEDED, AND ADD TO THE BLANK MEMBERS LIST
for member in members:
scope_dict = {
"name": member,
"vdom": paramgram["scope_members_vdom"],
}
members_list.append(scope_dict)
# THEN FOR THE DATAGRAM, USING THE MEMBERS LIST CREATED ABOVE
datagram = {
"adom": paramgram["adom"],
"pkg": paramgram["name"],
"scope": members_list
}
# EXECUTE THE INSTALL REQUEST
url = '/securityconsole/install/package'
response = fmgr.process_request(url, datagram, FMGRMethods.EXEC)
return response
def fmgr_fwpol_package(fmgr, paramgram):
"""
This function will create FMGR Firewall Policy Packages, or delete them. It is also capable of assigning packages.
This function DOES NOT install the package. See the function fmgr_fwpol_package_install()
:param fmgr: The fmgr object instance from fmgr_utils.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
if paramgram["mode"] in ['set', 'add']:
url = '/pm/pkg/adom/{adom}'.format(adom=paramgram["adom"])
members_list = []
# CHECK FOR SCOPE MEMBERS AND CREATE THAT DICT
if paramgram["scope_members"] is not None:
members = FMGRCommon.split_comma_strings_into_lists(
paramgram["scope_members"])
for member in members:
scope_dict = {
"name": member,
"vdom": paramgram["scope_members_vdom"],
}
members_list.append(scope_dict)
# IF PARENT FOLDER IS NOT DEFINED
if paramgram["parent_folder"] is None:
datagram = {
"type": paramgram["object_type"],
"name": paramgram["name"],
"scope member": members_list,
"package settings": {
"central-nat": paramgram["central-nat"],
"fwpolicy-implicit-log":
paramgram["fwpolicy-implicit-log"],
"fwpolicy6-implicit-log":
paramgram["fwpolicy6-implicit-log"],
"inspection-mode": paramgram["inspection-mode"],
"ngfw-mode": paramgram["ngfw-mode"],
}
}
if paramgram["ngfw-mode"] == "policy-based" and paramgram[
"ssl-ssh-profile"] is not None:
datagram["package settings"]["ssl-ssh-profile"] = paramgram[
"ssl-ssh-profile"]
# IF PARENT FOLDER IS DEFINED
if paramgram["parent_folder"] is not None:
datagram = {
"type":
"folder",
"name":
paramgram["parent_folder"],
"subobj": [{
"name": paramgram["name"],
"scope member": members_list,
"type": "pkg",
"package settings": {
"central-nat":
paramgram["central-nat"],
"fwpolicy-implicit-log":
paramgram["fwpolicy-implicit-log"],
"fwpolicy6-implicit-log":
paramgram["fwpolicy6-implicit-log"],
"inspection-mode":
paramgram["inspection-mode"],
"ngfw-mode":
paramgram["ngfw-mode"],
}
}]
}
# NORMAL DELETE NO PARENT
if paramgram["mode"] == "delete" and paramgram["parent_folder"] is None:
datagram = {"name": paramgram["name"]}
# SET DELETE URL
url = '/pm/pkg/adom/{adom}/{name}'.format(adom=paramgram["adom"],
name=paramgram["name"])
# DELETE WITH PARENT
if paramgram["mode"] == "delete" and paramgram["parent_folder"] is not None:
datagram = {"name": paramgram["name"]}
# SET DELETE URL
url = '/pm/pkg/adom/{adom}/{parent_folder}/{name}'.format(
adom=paramgram["adom"],
name=paramgram["name"],
parent_folder=paramgram["parent_folder"])
response = fmgr.process_request(url, datagram, paramgram["mode"])
return response
def fmgr_fwpol_package_get_details(fmgr, paramgram):
"""
This method/function will attempt to get existing package details, and append findings to the paramgram.
If nothing is found, the paramgram additions are simply empty.
:param fmgr: The fmgr object instance from fmgr_utils.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
# CHECK FOR SCOPE MEMBERS AND CREATE THAT MEMBERS LIST
# WE MUST PROPERLY FORMAT THE JSON FOR SCOPE MEMBERS WITH VDOMS
members_list = list()
if paramgram["scope_members"] is not None and paramgram["mode"] in [
'add', 'set', 'add_targets', 'delete_targets'
]:
if isinstance(paramgram["scope_members"], list):
members = paramgram["scope_members"]
if isinstance(paramgram["scope_members"], str):
members = FMGRCommon.split_comma_strings_into_lists(
paramgram["scope_members"])
for member in members:
scope_dict = {
"name": member,
"vdom": paramgram["scope_members_vdom"],
}
members_list.append(scope_dict)
# CHECK FOR SCOPE GROUPS AND ADD THAT TO THE MEMBERS LIST
# WE MUST PROPERLY FORMAT THE JSON FOR SCOPE GROUPS
if paramgram["scope_groups"] is not None and paramgram["mode"] in [
'add', 'set', 'add_targets', 'delete_targets'
]:
if isinstance(paramgram["scope_groups"], list):
members = paramgram["scope_groups"]
if isinstance(paramgram["scope_groups"], str):
members = FMGRCommon.split_comma_strings_into_lists(
paramgram["scope_groups"])
for member in members:
scope_dict = {"name": member}
members_list.append(scope_dict)
# CHECK FOR AN EXISTING POLICY PACKAGE, AND GET ITS MEMBERS SO WE DON'T OVERWRITE THEM WITH NOTHING
pol_datagram = {
"type": paramgram["object_type"],
"name": paramgram["name"]
}
if paramgram["parent_folder"]:
pol_package_url = '/pm/pkg/adom/{adom}/{folder}/{pkg_name}'.format(
adom=paramgram["adom"],
pkg_name=paramgram["name"],
folder=paramgram["parent_folder"])
else:
pol_package_url = '/pm/pkg/adom/{adom}/{pkg_name}'.format(
adom=paramgram["adom"], pkg_name=paramgram["name"])
pol_package = fmgr.process_request(pol_package_url, pol_datagram,
FMGRMethods.GET)
existing_members = None
package_exists = None
if len(pol_package) == 2:
package_exists = True
try:
existing_members = pol_package[1]["scope member"]
except Exception as err:
existing_members = list()
else:
package_exists = False
# ADD COLLECTED DATA TO PARAMGRAM FOR USE IN METHODS
paramgram["existing_members_list"] = existing_members
paramgram["append_members_list"] = members_list
paramgram["package_exists"] = package_exists
return paramgram