def run(self, tmp=None, task_vars=None):
del tmp # tmp no longer has any effect
if self._play_context.connection != 'local':
return dict(
failed=True,
msg='invalid connection specified, expected connection=local, '
'got %s' % self._play_context.connection
)
provider = load_provider(ce_provider_spec, self._task.args)
transport = provider['transport'] or 'cli'
display.vvvv('connection transport is %s' % transport, self._play_context.remote_addr)
if transport == 'cli':
pc = copy.deepcopy(self._play_context)
pc.connection = 'network_cli'
pc.network_os = 'ce'
pc.remote_addr = provider['host'] or self._play_context.remote_addr
pc.port = int(provider['port'] or self._play_context.port or 22)
pc.remote_user = provider['username'] or self._play_context.connection_user
pc.password = provider['password'] or self._play_context.password
pc.timeout = int(provider['timeout'] or C.PERSISTENT_COMMAND_TIMEOUT)
self._task.args['provider'] = provider.update(
host=pc.remote_addr,
port=pc.port,
username=pc.remote_user,
password=pc.password
)
display.vvv('using connection plugin %s (was local)' % pc.connection, pc.remote_addr)
connection = self._shared_loader_obj.connection_loader.get('persistent', pc, sys.stdin)
socket_path = connection.run()
display.vvvv('socket_path: %s' % socket_path, pc.remote_addr)
if not socket_path:
return {'failed': True,
'msg': 'unable to open shell. Please see: ' +
'https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell'}
# make sure we are in the right cli context which should be
# enable mode and not config module
conn = Connection(socket_path)
out = conn.get_prompt()
while to_text(out, errors='surrogate_then_replace').strip().endswith(']'):
display.vvvv('wrong context, sending exit to device', self._play_context.remote_addr)
conn.send_command('exit')
out = conn.get_prompt()
task_vars['ansible_socket'] = socket_path
# make sure a transport value is set in args
self._task.args['transport'] = transport
self._task.args['provider'] = provider
result = super(ActionModule, self).run(task_vars=task_vars)
return result
def run(self, tmp=None, task_vars=None):
del tmp # tmp no longer has any effect
socket_path = None
if self._play_context.connection == 'network_cli':
provider = self._task.args.get('provider', {})
if any(provider.values()):
display.warning('provider is unnecessary when using network_cli and will be ignored')
del self._task.args['provider']
elif self._play_context.connection == 'local':
provider = load_provider(ios_provider_spec, self._task.args)
pc = copy.deepcopy(self._play_context)
pc.connection = 'network_cli'
pc.network_os = 'ios'
pc.remote_addr = provider['host'] or self._play_context.remote_addr
pc.port = int(provider['port'] or self._play_context.port or 22)
pc.remote_user = provider['username'] or self._play_context.connection_user
pc.password = provider['password'] or self._play_context.password
pc.private_key_file = provider['ssh_keyfile'] or self._play_context.private_key_file
pc.timeout = int(provider['timeout'] or C.PERSISTENT_COMMAND_TIMEOUT)
pc.become = provider['authorize'] or False
if pc.become:
pc.become_method = 'enable'
pc.become_pass = provider['auth_pass']
display.vvv('using connection plugin %s (was local)' % pc.connection, pc.remote_addr)
connection = self._shared_loader_obj.connection_loader.get('persistent', pc, sys.stdin)
socket_path = connection.run()
display.vvvv('socket_path: %s' % socket_path, pc.remote_addr)
if not socket_path:
return {'failed': True,
'msg': 'unable to open shell. Please see: ' +
'https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell'}
task_vars['ansible_socket'] = socket_path
else:
return {'failed': True, 'msg': 'Connection type %s is not valid for this module' % self._play_context.connection}
# make sure we are in the right cli context which should be
# enable mode and not config module
if socket_path is None:
socket_path = self._connection.socket_path
conn = Connection(socket_path)
out = conn.get_prompt()
while to_text(out, errors='surrogate_then_replace').strip().endswith(')#'):
display.vvvv('wrong context, sending exit to device', self._play_context.remote_addr)
conn.send_command('exit')
out = conn.get_prompt()
result = super(ActionModule, self).run(task_vars=task_vars)
return result
def run(self, tmp=None, task_vars=None):
socket_path = None
transport = 'rest'
if self._play_context.connection == 'network_cli':
provider = self._task.args.get('provider', {})
if any(provider.values()):
display.warning("'provider' is unnecessary when using 'network_cli' and will be ignored")
elif self._play_context.connection == 'local':
provider = load_provider(f5_provider_spec, self._task.args)
transport = provider['transport'] or transport
display.vvvv('connection transport is %s' % transport, self._play_context.remote_addr)
if transport == 'cli':
pc = copy.deepcopy(self._play_context)
pc.connection = 'network_cli'
pc.network_os = 'bigip'
pc.remote_addr = provider.get('server', self._play_context.remote_addr)
pc.port = int(provider['server_port'] or self._play_context.port or 22)
pc.remote_user = provider.get('user', self._play_context.connection_user)
pc.password = provider.get('password', self._play_context.password)
pc.private_key_file = provider['ssh_keyfile'] or self._play_context.private_key_file
pc.timeout = int(provider['timeout'] or C.PERSISTENT_COMMAND_TIMEOUT)
display.vvv('using connection plugin %s' % pc.connection, pc.remote_addr)
connection = self._shared_loader_obj.connection_loader.get('persistent', pc, sys.stdin)
socket_path = connection.run()
display.vvvv('socket_path: %s' % socket_path, pc.remote_addr)
if not socket_path:
return {'failed': True,
'msg': 'Unable to open shell. Please see: ' +
'https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell'}
task_vars['ansible_socket'] = socket_path
else:
return {'failed': True, 'msg': 'Connection type %s is not valid for this module' % self._play_context.connection}
if (self._play_context.connection == 'local' and transport == 'cli') or self._play_context.connection == 'network_cli':
# make sure we are in the right cli context which should be
# enable mode and not config module
if socket_path is None:
socket_path = self._connection.socket_path
conn = Connection(socket_path)
out = conn.get_prompt()
while '(config' in to_text(out, errors='surrogate_then_replace').strip():
display.vvvv('wrong context, sending exit to device', self._play_context.remote_addr)
conn.send_command('exit')
out = conn.get_prompt()
result = super(ActionModule, self).run(tmp, task_vars)
return result
def get_connection(module):
global _CONNECTION
if _CONNECTION:
return _CONNECTION
_CONNECTION = Connection(module)
context = module.params['context']
if context:
if context == 'system':
command = 'changeto system'
else:
command = 'changeto context %s' % context
_CONNECTION.get(command)
return _CONNECTION
def get_connection(module):
global _CONNECTION
if _CONNECTION:
return _CONNECTION
_CONNECTION = Connection(module._socket_path)
context = None
try:
context = module.params['context']
except KeyError:
context = None
if context:
if context == 'system':
command = 'changeto system'
else:
command = 'changeto context %s' % context
_CONNECTION.get(command)
return _CONNECTION
def _get_connection(self):
if self._connection:
return self._connection
self._connection = Connection(self._module._socket_path)
return self._connection
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"extender_controller_extender": {
"required": False,
"type": "dict",
"default": None,
"options": {
"aaa_shared_secret": {
"required": False,
"type": "str"
},
"access_point_name": {
"required": False,
"type": "str"
},
"admin": {
"required": False,
"type": "str",
"choices": ["disable", "discovered", "enable"]
},
"at_dial_script": {
"required": False,
"type": "str"
},
"billing_start_day": {
"required": False,
"type": "int"
},
"cdma_aaa_spi": {
"required": False,
"type": "str"
},
"cdma_ha_spi": {
"required": False,
"type": "str"
},
"cdma_nai": {
"required": False,
"type": "str"
},
"conn_status": {
"required": False,
"type": "int"
},
"description": {
"required": False,
"type": "str"
},
"dial_mode": {
"required": False,
"type": "str",
"choices": ["dial-on-demand", "always-connect"]
},
"dial_status": {
"required": False,
"type": "int"
},
"ext_name": {
"required": False,
"type": "str"
},
"ha_shared_secret": {
"required": False,
"type": "str"
},
"id": {
"required": True,
"type": "str"
},
"ifname": {
"required": False,
"type": "str"
},
"initiated_update": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"mode": {
"required": False,
"type": "str",
"choices": ["standalone", "redundant"]
},
"modem_passwd": {
"required": False,
"type": "str"
},
"modem_type": {
"required": False,
"type": "str",
"choices": ["cdma", "gsm/lte", "wimax"]
},
"multi_mode": {
"required":
False,
"type":
"str",
"choices":
["auto", "auto-3g", "force-lte", "force-3g", "force-2g"]
},
"ppp_auth_protocol": {
"required": False,
"type": "str",
"choices": ["auto", "pap", "chap"]
},
"ppp_echo_request": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"ppp_password": {
"required": False,
"type": "str"
},
"ppp_username": {
"required": False,
"type": "str"
},
"primary_ha": {
"required": False,
"type": "str"
},
"quota_limit_mb": {
"required": False,
"type": "int"
},
"redial": {
"required":
False,
"type":
"str",
"choices": [
"none", "1", "2", "3", "4", "5", "6", "7", "8", "9",
"10"
]
},
"redundant_intf": {
"required": False,
"type": "str"
},
"roaming": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"role": {
"required": False,
"type": "str",
"choices": ["none", "primary", "secondary"]
},
"secondary_ha": {
"required": False,
"type": "str"
},
"sim_pin": {
"required": False,
"type": "str"
},
"vdom": {
"required": False,
"type": "int"
},
"wimax_auth_protocol": {
"required": False,
"type": "str",
"choices": ["tls", "ttls"]
},
"wimax_carrier": {
"required": False,
"type": "str"
},
"wimax_realm": {
"required": False,
"type": "str"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_extender_controller(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_extender_controller(
module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def _connection(self):
if not self._connection_obj:
self._connection_obj = Connection(self._module._socket_path)
return self._connection_obj
def main():
fields = {
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"system_sms_server": {
"required": False, "type": "dict", "default": None,
"options": {
"mail_server": {"required": False, "type": "str"},
"name": {"required": True, "type": "str"}
}
}
}
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
versions_check_result = None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_system(module.params, fos)
versions_check_result = connection.get_system_version()
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_system(module.params, fos)
fos.logout()
if versions_check_result and versions_check_result['matched'] is False:
module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv")
if not is_error:
if versions_check_result and versions_check_result['matched'] is False:
module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result)
else:
module.exit_json(changed=has_changed, meta=result)
else:
if versions_check_result and versions_check_result['matched'] is False:
module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"wireless_controller_utm_profile": {
"required": False,
"type": "dict",
"default": None,
"options": {
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"antivirus_profile": {
"required": False,
"type": "str"
},
"application_list": {
"required": False,
"type": "str"
},
"comment": {
"required": False,
"type": "str"
},
"ips_sensor": {
"required": False,
"type": "str"
},
"name": {
"required": True,
"type": "str"
},
"scan_botnet_connections": {
"required": False,
"type": "str",
"choices": ["disable", "monitor", "block"]
},
"utm_log": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"webfilter_profile": {
"required": False,
"type": "str"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_wireless_controller(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_wireless_controller(
module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
jrpc_urls = [
'/pm/config/adom/{adom}/obj/firewall/vip6/{vip6}/ssl-cipher-suites',
'/pm/config/global/obj/firewall/vip6/{vip6}/ssl-cipher-suites'
]
perobject_jrpc_urls = [
'/pm/config/adom/{adom}/obj/firewall/vip6/{vip6}/ssl-cipher-suites/{ssl-cipher-suites}',
'/pm/config/global/obj/firewall/vip6/{vip6}/ssl-cipher-suites/{ssl-cipher-suites}'
]
url_params = ['adom', 'vip6']
module_primary_key = 'priority'
module_arg_spec = {
'bypass_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'rc_succeeded': {
'required': False,
'type': 'list'
},
'rc_failed': {
'required': False,
'type': 'list'
},
'state': {
'type': 'str',
'required': True,
'choices': [
'present',
'absent'
]
},
'adom': {
'required': True,
'type': 'str'
},
'vip6': {
'required': True,
'type': 'str'
},
'firewall_vip6_sslciphersuites': {
'required': False,
'type': 'dict',
'options': {
'cipher': {
'required': False,
'choices': [
'TLS-RSA-WITH-RC4-128-MD5',
'TLS-RSA-WITH-RC4-128-SHA',
'TLS-RSA-WITH-DES-CBC-SHA',
'TLS-RSA-WITH-3DES-EDE-CBC-SHA',
'TLS-RSA-WITH-AES-128-CBC-SHA',
'TLS-RSA-WITH-AES-256-CBC-SHA',
'TLS-RSA-WITH-AES-128-CBC-SHA256',
'TLS-RSA-WITH-AES-256-CBC-SHA256',
'TLS-RSA-WITH-CAMELLIA-128-CBC-SHA',
'TLS-RSA-WITH-CAMELLIA-256-CBC-SHA',
'TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256',
'TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256',
'TLS-RSA-WITH-SEED-CBC-SHA',
'TLS-RSA-WITH-ARIA-128-CBC-SHA256',
'TLS-RSA-WITH-ARIA-256-CBC-SHA384',
'TLS-DHE-RSA-WITH-DES-CBC-SHA',
'TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA',
'TLS-DHE-RSA-WITH-AES-128-CBC-SHA',
'TLS-DHE-RSA-WITH-AES-256-CBC-SHA',
'TLS-DHE-RSA-WITH-AES-128-CBC-SHA256',
'TLS-DHE-RSA-WITH-AES-256-CBC-SHA256',
'TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA',
'TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA',
'TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256',
'TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256',
'TLS-DHE-RSA-WITH-SEED-CBC-SHA',
'TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256',
'TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384',
'TLS-ECDHE-RSA-WITH-RC4-128-SHA',
'TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA',
'TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA',
'TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA',
'TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256',
'TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256',
'TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256',
'TLS-DHE-RSA-WITH-AES-128-GCM-SHA256',
'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384',
'TLS-DHE-DSS-WITH-AES-128-CBC-SHA',
'TLS-DHE-DSS-WITH-AES-256-CBC-SHA',
'TLS-DHE-DSS-WITH-AES-128-CBC-SHA256',
'TLS-DHE-DSS-WITH-AES-128-GCM-SHA256',
'TLS-DHE-DSS-WITH-AES-256-CBC-SHA256',
'TLS-DHE-DSS-WITH-AES-256-GCM-SHA384',
'TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256',
'TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256',
'TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384',
'TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384',
'TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA',
'TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256',
'TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256',
'TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384',
'TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384',
'TLS-RSA-WITH-AES-128-GCM-SHA256',
'TLS-RSA-WITH-AES-256-GCM-SHA384',
'TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA',
'TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA',
'TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256',
'TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256',
'TLS-DHE-DSS-WITH-SEED-CBC-SHA',
'TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256',
'TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384',
'TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256',
'TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384',
'TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256',
'TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384',
'TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA',
'TLS-DHE-DSS-WITH-DES-CBC-SHA'
],
'type': 'str'
},
'priority': {
'required': True,
'type': 'int'
},
'versions': {
'required': False,
'type': 'list',
'choices': [
'ssl-3.0',
'tls-1.0',
'tls-1.1',
'tls-1.2'
]
}
}
}
}
params_validation_blob = []
check_galaxy_version(module_arg_spec)
module = AnsibleModule(argument_spec=check_parameter_bypass(module_arg_spec, 'firewall_vip6_sslciphersuites'),
supports_check_mode=False)
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = NAPIManager(jrpc_urls, perobject_jrpc_urls, module_primary_key, url_params, module, connection, top_level_schema_name='data')
fmgr.validate_parameters(params_validation_blob)
fmgr.process_curd()
else:
module.fail_json(msg='MUST RUN IN HTTPAPI MODE')
module.exit_json(meta=module.params)
def main():
jrpc_urls = [
'/pm/config/adom/{adom}/obj/firewall/gtp/{gtp}/message-rate-limit-v0',
'/pm/config/global/obj/firewall/gtp/{gtp}/message-rate-limit-v0'
]
perobject_jrpc_urls = [
'/pm/config/adom/{adom}/obj/firewall/gtp/{gtp}/message-rate-limit-v0/{message-rate-limit-v0}',
'/pm/config/global/obj/firewall/gtp/{gtp}/message-rate-limit-v0/{message-rate-limit-v0}'
]
url_params = ['adom', 'gtp']
module_primary_key = None
module_arg_spec = {
'enable_log': {
'type': 'bool',
'required': False,
'default': False
},
'proposed_method': {
'type': 'str',
'required': False,
'choices': [
'set',
'update',
'add'
]
},
'bypass_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'rc_succeeded': {
'required': False,
'type': 'list'
},
'rc_failed': {
'required': False,
'type': 'list'
},
'adom': {
'required': True,
'type': 'str'
},
'gtp': {
'required': True,
'type': 'str'
},
'firewall_gtp_messageratelimitv0': {
'required': False,
'type': 'dict',
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'options': {
'create-pdp-request': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'int'
},
'delete-pdp-request': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'int'
},
'echo-request': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'int'
}
}
}
}
params_validation_blob = []
check_galaxy_version(module_arg_spec)
module = AnsibleModule(argument_spec=check_parameter_bypass(module_arg_spec, 'firewall_gtp_messageratelimitv0'),
supports_check_mode=False)
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
connection.set_option('enable_log', module.params['enable_log'] if 'enable_log' in module.params else False)
fmgr = NAPIManager(jrpc_urls, perobject_jrpc_urls, module_primary_key, url_params, module, connection, top_level_schema_name='data')
fmgr.validate_parameters(params_validation_blob)
fmgr.process_partial_curd(argument_specs=module_arg_spec)
else:
module.fail_json(msg='MUST RUN IN HTTPAPI MODE')
module.exit_json(meta=module.params)
def main():
mkeyname = None
fields = {
"access_token": {"required": False, "type": "str", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"system_modem": {
"required": False, "type": "dict", "default": None,
"options": {
"action": {"required": False, "type": "str",
"choices": ["dial",
"stop",
"none"]},
"altmode": {"required": False, "type": "str",
"choices": ["enable",
"disable"]},
"authtype1": {"required": False, "type": "str",
"choices": ["pap",
"chap",
"mschap",
"mschapv2"]},
"authtype2": {"required": False, "type": "str",
"choices": ["pap",
"chap",
"mschap",
"mschapv2"]},
"authtype3": {"required": False, "type": "str",
"choices": ["pap",
"chap",
"mschap",
"mschapv2"]},
"auto_dial": {"required": False, "type": "str",
"choices": ["enable",
"disable"]},
"connect_timeout": {"required": False, "type": "int"},
"dial_cmd1": {"required": False, "type": "str"},
"dial_cmd2": {"required": False, "type": "str"},
"dial_cmd3": {"required": False, "type": "str"},
"dial_on_demand": {"required": False, "type": "str",
"choices": ["enable",
"disable"]},
"distance": {"required": False, "type": "int"},
"dont_send_CR1": {"required": False, "type": "str",
"choices": ["enable",
"disable"]},
"dont_send_CR2": {"required": False, "type": "str",
"choices": ["enable",
"disable"]},
"dont_send_CR3": {"required": False, "type": "str",
"choices": ["enable",
"disable"]},
"extra_init1": {"required": False, "type": "str"},
"extra_init2": {"required": False, "type": "str"},
"extra_init3": {"required": False, "type": "str"},
"holddown_timer": {"required": False, "type": "int"},
"idle_timer": {"required": False, "type": "int"},
"interface": {"required": False, "type": "str"},
"lockdown_lac": {"required": False, "type": "str"},
"mode": {"required": False, "type": "str",
"choices": ["standalone",
"redundant"]},
"network_init": {"required": False, "type": "str"},
"passwd1": {"required": False, "type": "str"},
"passwd2": {"required": False, "type": "str"},
"passwd3": {"required": False, "type": "str"},
"peer_modem1": {"required": False, "type": "str",
"choices": ["generic",
"actiontec",
"ascend_TNT"]},
"peer_modem2": {"required": False, "type": "str",
"choices": ["generic",
"actiontec",
"ascend_TNT"]},
"peer_modem3": {"required": False, "type": "str",
"choices": ["generic",
"actiontec",
"ascend_TNT"]},
"phone1": {"required": False, "type": "str"},
"phone2": {"required": False, "type": "str"},
"phone3": {"required": False, "type": "str"},
"pin_init": {"required": False, "type": "str"},
"ppp_echo_request1": {"required": False, "type": "str",
"choices": ["enable",
"disable"]},
"ppp_echo_request2": {"required": False, "type": "str",
"choices": ["enable",
"disable"]},
"ppp_echo_request3": {"required": False, "type": "str",
"choices": ["enable",
"disable"]},
"priority": {"required": False, "type": "int"},
"redial": {"required": False, "type": "str",
"choices": ["none",
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10"]},
"reset": {"required": False, "type": "int"},
"status": {"required": False, "type": "str",
"choices": ["enable",
"disable"]},
"traffic_check": {"required": False, "type": "str",
"choices": ["enable",
"disable"]},
"username1": {"required": False, "type": "str"},
"username2": {"required": False, "type": "str"},
"username3": {"required": False, "type": "str"},
"wireless_port": {"required": False, "type": "int"}
}
}
}
check_legacy_fortiosapi()
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
versions_check_result = None
if module._socket_path:
connection = Connection(module._socket_path)
if 'access_token' in module.params:
connection.set_option('access_token', module.params['access_token'])
fos = FortiOSHandler(connection, module, mkeyname)
is_error, has_changed, result = fortios_system(module.params, fos)
versions_check_result = connection.get_system_version()
else:
module.fail_json(**FAIL_SOCKET_MSG)
if versions_check_result and versions_check_result['matched'] is False:
module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv")
if not is_error:
if versions_check_result and versions_check_result['matched'] is False:
module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result)
else:
module.exit_json(changed=has_changed, meta=result)
else:
if versions_check_result and versions_check_result['matched'] is False:
module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortianalyzer_override_filter": {
"required": False, "type": "dict", "default": None,
"options": {
"anomaly": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dlp_archive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dns": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"filter": {"required": False, "type": "str"},
"filter_type": {"required": False, "type": "str",
"choices": ["include", "exclude"]},
"forward_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"gtp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"local_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"multicast_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"netscan_discovery": {"required": False, "type": "str"},
"netscan_vulnerability": {"required": False, "type": "str"},
"severity": {"required": False, "type": "str",
"choices": ["emergency", "alert", "critical",
"error", "warning", "notification",
"information", "debug"]},
"sniffer_traffic": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ssh": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"voip": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
}
}
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
mkeyname = 'name'
fields = {
"access_token": {"required": False, "type": "str", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"vpn_ssl_web_user_group_bookmark": {
"required": False, "type": "dict", "default": None,
"options": {
"bookmarks": {"required": False, "type": "list",
"options": {
"additional_params": {"required": False, "type": "str"},
"apptype": {"required": False, "type": "str",
"choices": ["citrix",
"ftp",
"portforward",
"rdp",
"smb",
"ssh",
"telnet",
"vnc",
"web"]},
"description": {"required": False, "type": "str"},
"folder": {"required": False, "type": "str"},
"form_data": {"required": False, "type": "list",
"options": {
"name": {"required": True, "type": "str"},
"value": {"required": False, "type": "str"}
}},
"host": {"required": False, "type": "str"},
"listening_port": {"required": False, "type": "int"},
"logon_password": {"required": False, "type": "str"},
"logon_user": {"required": False, "type": "str"},
"name": {"required": True, "type": "str"},
"port": {"required": False, "type": "int"},
"remote_port": {"required": False, "type": "int"},
"security": {"required": False, "type": "str",
"choices": ["rdp",
"nla",
"tls",
"any"]},
"server_layout": {"required": False, "type": "str",
"choices": ["en-us-qwerty",
"de-de-qwertz",
"fr-fr-azerty",
"it-it-qwerty",
"sv-se-qwerty",
"failsafe"]},
"show_status_window": {"required": False, "type": "str",
"choices": ["enable",
"disable"]},
"sso": {"required": False, "type": "str",
"choices": ["disable",
"static",
"auto"]},
"sso_credential": {"required": False, "type": "str",
"choices": ["sslvpn-login",
"alternative"]},
"sso_credential_sent_once": {"required": False, "type": "str",
"choices": ["enable",
"disable"]},
"sso_password": {"required": False, "type": "str"},
"sso_username": {"required": False, "type": "str"},
"url": {"required": False, "type": "str"}
}},
"name": {"required": True, "type": "str"}
}
}
}
check_legacy_fortiosapi()
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
versions_check_result = None
if module._socket_path:
connection = Connection(module._socket_path)
if 'access_token' in module.params:
connection.set_option('access_token', module.params['access_token'])
fos = FortiOSHandler(connection, module, mkeyname)
is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos)
versions_check_result = connection.get_system_version()
else:
module.fail_json(**FAIL_SOCKET_MSG)
if versions_check_result and versions_check_result['matched'] is False:
module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv")
if not is_error:
if versions_check_result and versions_check_result['matched'] is False:
module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result)
else:
module.exit_json(changed=has_changed, meta=result)
else:
if versions_check_result and versions_check_result['matched'] is False:
module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
jrpc_urls = [
'/dvm/cmd/reload/dev-list'
]
perobject_jrpc_urls = [
'/dvm/cmd/reload/dev-list/{dev-list}'
]
url_params = []
module_arg_spec = {
'enable_log': {
'type': 'bool',
'required': False,
'default': False
},
'bypass_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'rc_succeeded': {
'required': False,
'type': 'list'
},
'rc_failed': {
'required': False,
'type': 'list'
},
'dvm_cmd_reload_devlist': {
'required': False,
'type': 'dict',
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'options': {
'adom': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'flags': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'list',
'choices': [
'none',
'create_task',
'nonblocking',
'log_dev'
]
},
'from': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'um',
'fgfm',
'apache',
'dvm',
'fwm',
'xml',
'json'
],
'type': 'str'
},
'reload-dev-member-list': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'list',
'options': {
'name': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'vdom': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
}
}
},
'tag': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
}
}
}
}
params_validation_blob = []
check_galaxy_version(module_arg_spec)
module = AnsibleModule(argument_spec=check_parameter_bypass(module_arg_spec, 'dvm_cmd_reload_devlist'),
supports_check_mode=False)
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
connection.set_option('enable_log', module.params['enable_log'] if 'enable_log' in module.params else False)
fmgr = NAPIManager(jrpc_urls, perobject_jrpc_urls, None, url_params, module, connection, top_level_schema_name='data')
fmgr.validate_parameters(params_validation_blob)
fmgr.process_exec(argument_specs=module_arg_spec)
else:
module.fail_json(msg='MUST RUN IN HTTPAPI MODE')
module.exit_json(meta=module.params)
def main():
mkeyname = 'msg-type'
fields = {
"access_token": {
"required": False,
"type": "str",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"system_replacemsg_nntp": {
"required": False,
"type": "dict",
"default": None,
"options": {
"buffer": {
"required": False,
"type": "str"
},
"format": {
"required": False,
"type": "str",
"choices": ["none", "text", "html", "wml"]
},
"header": {
"required": False,
"type": "str",
"choices": ["none", "http", "8bit"]
},
"msg_type": {
"required": False,
"type": "str"
}
}
}
}
check_legacy_fortiosapi()
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
versions_check_result = None
if module._socket_path:
connection = Connection(module._socket_path)
if 'access_token' in module.params:
connection.set_option('access_token',
module.params['access_token'])
fos = FortiOSHandler(connection, module, mkeyname)
is_error, has_changed, result = fortios_system_replacemsg(
module.params, fos)
versions_check_result = connection.get_system_version()
else:
module.fail_json(**FAIL_SOCKET_MSG)
if versions_check_result and versions_check_result['matched'] is False:
module.warn(
"Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv"
)
if not is_error:
if versions_check_result and versions_check_result['matched'] is False:
module.exit_json(changed=has_changed,
version_check_warning=versions_check_result,
meta=result)
else:
module.exit_json(changed=has_changed, meta=result)
else:
if versions_check_result and versions_check_result['matched'] is False:
module.fail_json(msg="Error in repo",
version_check_warning=versions_check_result,
meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
"""entry point for module execution
"""
argument_spec = dict(
commands=dict(type='list'),
rpcs=dict(type='list'),
display=dict(choices=['text', 'json', 'xml', 'set'], aliases=['format', 'output']),
wait_for=dict(type='list', aliases=['waitfor']),
match=dict(default='all', choices=['all', 'any']),
retries=dict(default=10, type='int'),
interval=dict(default=1, type='int')
)
argument_spec.update(junos_argument_spec)
required_one_of = [('commands', 'rpcs')]
module = AnsibleModule(argument_spec=argument_spec,
required_one_of=required_one_of,
supports_check_mode=True)
warnings = list()
check_args(module, warnings)
if module.params['provider'] and module.params['provider']['transport'] == 'cli':
if any((module.params['wait_for'], module.params['match'], module.params['rpcs'])):
module.warn('arguments wait_for, match, rpcs are not supported when using transport=cli')
commands = module.params['commands']
conn = Connection(module)
output = list()
for cmd in commands:
output.append(conn.get(cmd))
lines = [out.split('\n') for out in output]
result = {'changed': False, 'stdout': output, 'stdout_lines': lines}
module.exit_json(**result)
items = list()
items.extend(parse_commands(module, warnings))
items.extend(parse_rpcs(module))
wait_for = module.params['wait_for'] or list()
conditionals = [Conditional(c) for c in wait_for]
retries = module.params['retries']
interval = module.params['interval']
match = module.params['match']
while retries > 0:
responses = rpc(module, items)
transformed = list()
output = list()
for item, resp in zip(items, responses):
if item['xattrs']['format'] == 'xml':
if not HAS_JXMLEASE:
module.fail_json(msg='jxmlease is required but does not appear to be installed. '
'It can be installed using `pip install jxmlease`')
try:
json_resp = jxmlease.parse(resp)
transformed.append(json_resp)
output.append(json_resp)
except:
raise ValueError(resp)
else:
transformed.append(resp)
for item in list(conditionals):
try:
if item(transformed):
if match == 'any':
conditionals = list()
break
conditionals.remove(item)
except FailedConditionalError:
pass
if not conditionals:
break
time.sleep(interval)
retries -= 1
if conditionals:
failed_conditions = [item.raw for item in conditionals]
msg = 'One or more conditional statements have not be satisfied'
module.fail_json(msg=msg, failed_conditions=failed_conditions)
result = {
'changed': False,
'warnings': warnings,
'stdout': responses,
'stdout_lines': to_lines(responses)
}
if output:
result['output'] = output
module.exit_json(**result)
def run(self, tmp=None, task_vars=None):
''' handler for cli operations '''
if task_vars is None:
task_vars = dict()
result = super(ActionModule, self).run(tmp, task_vars)
del tmp # tmp no longer has any effect
try:
command = self._task.args['command']
parser = self._task.args.get('parser')
engine = self._task.args.get('engine', 'command_parser')
except KeyError as exc:
raise AnsibleError(to_text(exc))
socket_path = getattr(self._connection, 'socket_path') or task_vars.get('ansible_socket')
connection = Connection(socket_path)
try:
output = connection.get(command)
except ConnectionError as exc:
raise AnsibleError(to_text(exc))
result['stdout'] = output
# try to convert the cli output to native json
try:
json_data = json.loads(output)
except:
json_data = None
result['json'] = json_data
if parser:
if engine not in ('command_parser', 'textfsm_parser', 'text_parser', 'textfsm'):
raise AnsibleError('missing or invalid value for argument engine')
if engine == 'text_parser':
display.deprecated(msg='the `text_parser` module has been deprecated, please use `command_parser` instead',
version='2.6',
removed=False)
if engine == 'textfsm':
display.deprecated(msg='the `textfsm` module has been deprecated, please use `textfsm_parser` instead',
version='2.6',
removed=False)
new_task = self._task.copy()
new_task.args = {
'file': parser,
'content': (json_data or output)
}
kwargs = {
'task': new_task,
'connection': self._connection,
'play_context': self._play_context,
'loader': self._loader,
'templar': self._templar,
'shared_loader_obj': self._shared_loader_obj
}
task_parser = self._shared_loader_obj.action_loader.get(engine, **kwargs)
result.update(task_parser.run(task_vars=task_vars))
self._remove_tmp_path(self._connection._shell.tmpdir)
# this is needed so the strategy plugin can identify the connection as
# a persistent connection and track it, otherwise the connection will
# not be closed at the end of the play
socket_path = getattr(self._connection, 'socket_path') or task_vars.get('ansible_socket')
self._task.args['_ansible_socket'] = socket_path
return result
def main():
mkeyname = None
fields = {
"access_token": {
"required": False,
"type": "str",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"wanopt_remote_storage": {
"required": False,
"type": "dict",
"default": None,
"options": {
"local_cache_id": {
"required": False,
"type": "str"
},
"remote_cache_id": {
"required": False,
"type": "str"
},
"remote_cache_ip": {
"required": False,
"type": "str"
},
"status": {
"required": False,
"type": "str",
"choices": ["disable", "enable"]
}
}
}
}
check_legacy_fortiosapi()
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
versions_check_result = None
if module._socket_path:
connection = Connection(module._socket_path)
if 'access_token' in module.params:
connection.set_option('access_token',
module.params['access_token'])
fos = FortiOSHandler(connection, module, mkeyname)
is_error, has_changed, result = fortios_wanopt(module.params, fos)
versions_check_result = connection.get_system_version()
else:
module.fail_json(**FAIL_SOCKET_MSG)
if versions_check_result and versions_check_result['matched'] is False:
module.warn(
"Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv"
)
if not is_error:
if versions_check_result and versions_check_result['matched'] is False:
module.exit_json(changed=has_changed,
version_check_warning=versions_check_result,
meta=result)
else:
module.exit_json(changed=has_changed, meta=result)
else:
if versions_check_result and versions_check_result['matched'] is False:
module.fail_json(msg="Error in repo",
version_check_warning=versions_check_result,
meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def run(self, tmp=None, task_vars=None):
del tmp # tmp no longer has any effect
self._config_module = True if self._task.action == 'dellos10_config' else False
socket_path = None
if self._play_context.connection == 'network_cli':
provider = self._task.args.get('provider', {})
if any(provider.values()):
display.warning(
'provider is unnecessary when using network_cli and will be ignored'
)
del self._task.args['provider']
elif self._play_context.connection == 'local':
provider = load_provider(dellos10_provider_spec, self._task.args)
pc = copy.deepcopy(self._play_context)
pc.connection = 'network_cli'
pc.network_os = 'dellos10'
pc.remote_addr = provider['host'] or self._play_context.remote_addr
pc.port = int(provider['port'] or self._play_context.port or 22)
pc.remote_user = provider[
'username'] or self._play_context.connection_user
pc.password = provider['password'] or self._play_context.password
pc.private_key_file = provider[
'ssh_keyfile'] or self._play_context.private_key_file
command_timeout = int(provider['timeout']
or C.PERSISTENT_COMMAND_TIMEOUT)
pc.become = provider['authorize'] or False
if pc.become:
pc.become_method = 'enable'
pc.become_pass = provider['auth_pass']
display.vvv('using connection plugin %s' % pc.connection,
pc.remote_addr)
connection = self._shared_loader_obj.connection_loader.get(
'persistent', pc, sys.stdin)
connection.set_options(
direct={'persistent_command_timeout': command_timeout})
socket_path = connection.run()
display.vvvv('socket_path: %s' % socket_path, pc.remote_addr)
if not socket_path:
return {
'failed':
True,
'msg':
'unable to open shell. Please see: ' +
'https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell'
}
task_vars['ansible_socket'] = socket_path
# make sure we are in the right cli context which should be
# enable mode and not config module
if socket_path is None:
socket_path = self._connection.socket_path
conn = Connection(socket_path)
out = conn.get_prompt()
while to_text(out,
errors='surrogate_then_replace').strip().endswith(')#'):
display.vvvv('wrong context, sending exit to device',
self._play_context.remote_addr)
conn.send_command('exit')
out = conn.get_prompt()
result = super(ActionModule, self).run(task_vars=task_vars)
return result
def main():
jrpc_urls = [
'/pm/config/adom/{adom}/obj/waf/profile/{profile}',
'/pm/config/global/obj/waf/profile/{profile}'
]
url_schema = [
{
'name': 'adom',
'type': 'string'
},
{
'name': 'profile',
'type': 'string'
}
]
body_schema = {
'schema_objects': {
'object0': [
{
'name': 'data',
'type': 'dict',
'dict': {
'comment': {
'type': 'string'
},
'extended-log': {
'type': 'string',
'enum': [
'disable',
'enable'
]
},
'external': {
'type': 'string',
'enum': [
'disable',
'enable'
]
},
'name': {
'type': 'string'
},
'url-access': {
'type': 'array',
'items': {
'access-pattern': {
'type': 'array',
'items': {
'id': {
'type': 'integer'
},
'negate': {
'type': 'string',
'enum': [
'disable',
'enable'
]
},
'pattern': {
'type': 'string'
},
'regex': {
'type': 'string',
'enum': [
'disable',
'enable'
]
},
'srcaddr': {
'type': 'string'
}
}
},
'action': {
'type': 'string',
'enum': [
'bypass',
'permit',
'block'
]
},
'address': {
'type': 'string'
},
'id': {
'type': 'integer'
},
'log': {
'type': 'string',
'enum': [
'disable',
'enable'
]
},
'severity': {
'type': 'string',
'enum': [
'low',
'medium',
'high'
]
}
}
}
},
'api_tag': 0
},
{
'type': 'string',
'name': 'url',
'api_tag': 0
}
],
'object1': [
{
'type': 'string',
'name': 'url',
'api_tag': 0
}
],
'object2': [
{
'name': 'option',
'type': 'dict',
'dict': {
'type': 'string',
'enum': [
'object member',
'chksum',
'datasrc'
]
},
'api_tag': 0
},
{
'type': 'string',
'name': 'url',
'api_tag': 0
}
]
},
'method_mapping': {
'clone': 'object0',
'delete': 'object1',
'get': 'object2',
'set': 'object0',
'update': 'object0'
}
}
module_arg_spec = {
'loose_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'params': {
'type': 'list',
'required': False
},
'method': {
'type': 'str',
'required': True,
'choices': [
'clone',
'delete',
'get',
'set',
'update'
]
},
'url_params': {
'type': 'dict',
'required': False
}
}
module = AnsibleModule(argument_spec=module_arg_spec,
supports_check_mode=False)
method = module.params['method']
loose_validation = module.params['loose_validation']
fmgr = None
payload = None
response = DEFAULT_RESULT_OBJ
if module._socket_path:
connection = Connection(module._socket_path)
tools = FMGRCommon()
if loose_validation is False:
tools.validate_module_params(module, body_schema)
tools.validate_module_url_params(module, jrpc_urls, url_schema)
full_url = tools.get_full_url_path(module, jrpc_urls)
payload = tools.get_full_payload(module, full_url)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = tools
else:
module.fail_json(**FAIL_SOCKET_MSG)
try:
response = fmgr._conn.send_request(method, payload)
fmgr.govern_response(module=module, results=response,
msg='Operation Finished',
ansible_facts=fmgr.construct_ansible_facts(response, module.params, module.params))
except Exception as e:
raise FMGBaseException(e)
module.exit_json(meta=response[1])
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"system_ha": {
"required": False,
"type": "dict",
"default": None,
"options": {
"arps": {
"required": False,
"type": "int"
},
"arps_interval": {
"required": False,
"type": "int"
},
"authentication": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"cpu_threshold": {
"required": False,
"type": "str"
},
"encryption": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"ftp_proxy_threshold": {
"required": False,
"type": "str"
},
"gratuitous_arps": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"group_id": {
"required": False,
"type": "int"
},
"group_name": {
"required": False,
"type": "str"
},
"ha_direct": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"ha_eth_type": {
"required": False,
"type": "str"
},
"ha_mgmt_interfaces": {
"required": False,
"type": "list",
"options": {
"dst": {
"required": False,
"type": "str"
},
"gateway": {
"required": False,
"type": "str"
},
"gateway6": {
"required": False,
"type": "str"
},
"id": {
"required": True,
"type": "int"
},
"interface": {
"required": False,
"type": "str"
}
}
},
"ha_mgmt_status": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"ha_uptime_diff_margin": {
"required": False,
"type": "int"
},
"hb_interval": {
"required": False,
"type": "int"
},
"hb_lost_threshold": {
"required": False,
"type": "int"
},
"hbdev": {
"required": False,
"type": "str"
},
"hc_eth_type": {
"required": False,
"type": "str"
},
"hello_holddown": {
"required": False,
"type": "int"
},
"http_proxy_threshold": {
"required": False,
"type": "str"
},
"imap_proxy_threshold": {
"required": False,
"type": "str"
},
"inter_cluster_session_sync": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"key": {
"required": False,
"type": "str"
},
"l2ep_eth_type": {
"required": False,
"type": "str"
},
"link_failed_signal": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"load_balance_all": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"memory_compatible_mode": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"memory_threshold": {
"required": False,
"type": "str"
},
"mode": {
"required": False,
"type": "str",
"choices": ["standalone", "a-a", "a-p"]
},
"monitor": {
"required": False,
"type": "str"
},
"multicast_ttl": {
"required": False,
"type": "int"
},
"nntp_proxy_threshold": {
"required": False,
"type": "str"
},
"override": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"override_wait_time": {
"required": False,
"type": "int"
},
"password": {
"required": False,
"type": "str"
},
"pingserver_failover_threshold": {
"required": False,
"type": "int"
},
"pingserver_flip_timeout": {
"required": False,
"type": "int"
},
"pingserver_monitor_interface": {
"required": False,
"type": "str"
},
"pingserver_slave_force_reset": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"pop3_proxy_threshold": {
"required": False,
"type": "str"
},
"priority": {
"required": False,
"type": "int"
},
"route_hold": {
"required": False,
"type": "int"
},
"route_ttl": {
"required": False,
"type": "int"
},
"route_wait": {
"required": False,
"type": "int"
},
"schedule": {
"required":
False,
"type":
"str",
"choices": [
"none", "hub", "leastconnection", "round-robin",
"weight-round-robin", "random", "ip", "ipport"
]
},
"secondary_vcluster": {
"required": False,
"type": "dict",
"options": {
"monitor": {
"required": False,
"type": "str"
},
"override": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"override_wait_time": {
"required": False,
"type": "int"
},
"pingserver_failover_threshold": {
"required": False,
"type": "int"
},
"pingserver_monitor_interface": {
"required": False,
"type": "str"
},
"pingserver_slave_force_reset": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"priority": {
"required": False,
"type": "int"
},
"vcluster_id": {
"required": False,
"type": "int"
},
"vdom": {
"required": False,
"type": "str"
}
}
},
"session_pickup": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"session_pickup_connectionless": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"session_pickup_delay": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"session_pickup_expectation": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"session_pickup_nat": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"session_sync_dev": {
"required": False,
"type": "str"
},
"smtp_proxy_threshold": {
"required": False,
"type": "str"
},
"standalone_config_sync": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"standalone_mgmt_vdom": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"sync_config": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"sync_packet_balance": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"unicast_hb": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"unicast_hb_netmask": {
"required": False,
"type": "str"
},
"unicast_hb_peerip": {
"required": False,
"type": "str"
},
"uninterruptible_upgrade": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"vcluster_id": {
"required": False,
"type": "int"
},
"vcluster2": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"vdom": {
"required": False,
"type": "str"
},
"weight": {
"required": False,
"type": "str"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_system(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_system(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
mkeyname = 'name'
fields = {
"access_token": {
"required": False,
"type": "str",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"system_automation_trigger": {
"required": False,
"type": "dict",
"default": None,
"options": {
"event_type": {
"required":
False,
"type":
"str",
"choices": [
"ioc", "event-log", "reboot", "low-memory", "high-cpu",
"license-near-expiry", "ha-failover", "config-change"
]
},
"ioc_level": {
"required": False,
"type": "str",
"choices": ["medium", "high"]
},
"license_type": {
"required":
False,
"type":
"str",
"choices": [
"forticare-support", "fortiguard-webfilter",
"fortiguard-antispam", "fortiguard-antivirus",
"fortiguard-ips", "fortiguard-management", "forticloud"
]
},
"logid": {
"required": False,
"type": "int"
},
"name": {
"required": True,
"type": "str"
},
"trigger_day": {
"required": False,
"type": "int"
},
"trigger_frequency": {
"required": False,
"type": "str",
"choices": ["hourly", "daily", "weekly", "monthly"]
},
"trigger_hour": {
"required": False,
"type": "int"
},
"trigger_minute": {
"required": False,
"type": "int"
},
"trigger_type": {
"required": False,
"type": "str",
"choices": ["event-based", "scheduled"]
},
"trigger_weekday": {
"required":
False,
"type":
"str",
"choices": [
"sunday", "monday", "tuesday", "wednesday", "thursday",
"friday", "saturday"
]
}
}
}
}
check_legacy_fortiosapi()
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
versions_check_result = None
if module._socket_path:
connection = Connection(module._socket_path)
if 'access_token' in module.params:
connection.set_option('access_token',
module.params['access_token'])
fos = FortiOSHandler(connection, module, mkeyname)
is_error, has_changed, result = fortios_system(module.params, fos)
versions_check_result = connection.get_system_version()
else:
module.fail_json(**FAIL_SOCKET_MSG)
if versions_check_result and versions_check_result['matched'] is False:
module.warn(
"Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv"
)
if not is_error:
if versions_check_result and versions_check_result['matched'] is False:
module.exit_json(changed=has_changed,
version_check_warning=versions_check_result,
meta=result)
else:
module.exit_json(changed=has_changed, meta=result)
else:
if versions_check_result and versions_check_result['matched'] is False:
module.fail_json(msg="Error in repo",
version_check_warning=versions_check_result,
meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"system_geoip_override": {
"required": False,
"type": "dict",
"default": None,
"options": {
"country_id": {
"required": False,
"type": "str"
},
"description": {
"required": False,
"type": "str"
},
"ip_range": {
"required": False,
"type": "list",
"options": {
"end_ip": {
"required": False,
"type": "str"
},
"id": {
"required": True,
"type": "int"
},
"start_ip": {
"required": False,
"type": "str"
}
}
},
"name": {
"required": True,
"type": "str"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_system(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_system(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
jrpc_urls = [
'/cli/global/system/snmp/user'
]
perobject_jrpc_urls = [
'/cli/global/system/snmp/user/{user}'
]
url_params = []
module_primary_key = 'name'
module_arg_spec = {
'enable_log': {
'type': 'bool',
'required': False,
'default': False
},
'proposed_method': {
'type': 'str',
'required': False,
'choices': [
'set',
'update',
'add'
]
},
'bypass_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'rc_succeeded': {
'required': False,
'type': 'list'
},
'rc_failed': {
'required': False,
'type': 'list'
},
'state': {
'type': 'str',
'required': True,
'choices': [
'present',
'absent'
]
},
'system_snmp_user': {
'required': False,
'type': 'dict',
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'options': {
'auth-proto': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'md5',
'sha'
],
'type': 'str'
},
'auth-pwd': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'events': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'list',
'choices': [
'disk_low',
'ha_switch',
'intf_ip_chg',
'sys_reboot',
'cpu_high',
'mem_low',
'log-alert',
'log-rate',
'log-data-rate',
'lic-gbday',
'lic-dev-quota',
'cpu-high-exclude-nice'
]
},
'name': {
'required': True,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'notify-hosts': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'notify-hosts6': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'priv-proto': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'aes',
'des'
],
'type': 'str'
},
'priv-pwd': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'queries': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'disable',
'enable'
],
'type': 'str'
},
'query-port': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'int'
},
'security-level': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'no-auth-no-priv',
'auth-no-priv',
'auth-priv'
],
'type': 'str'
}
}
}
}
params_validation_blob = []
check_galaxy_version(module_arg_spec)
module = AnsibleModule(argument_spec=check_parameter_bypass(module_arg_spec, 'system_snmp_user'),
supports_check_mode=False)
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
connection.set_option('enable_log', module.params['enable_log'] if 'enable_log' in module.params else False)
fmgr = NAPIManager(jrpc_urls, perobject_jrpc_urls, module_primary_key, url_params, module, connection, top_level_schema_name='data')
fmgr.validate_parameters(params_validation_blob)
fmgr.process_curd(argument_specs=module_arg_spec)
else:
module.fail_json(msg='MUST RUN IN HTTPAPI MODE')
module.exit_json(meta=module.params)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"firewall_policy6": {
"required": False,
"type": "dict",
"default": None,
"options": {
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"action": {
"required": False,
"type": "str",
"choices": ["accept", "deny", "ipsec"]
},
"app_category": {
"required": False,
"type": "list",
"options": {
"id": {
"required": True,
"type": "int"
}
}
},
"app_group": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"application": {
"required": False,
"type": "list",
"options": {
"id": {
"required": True,
"type": "int"
}
}
},
"application_list": {
"required": False,
"type": "str"
},
"av_profile": {
"required": False,
"type": "str"
},
"comments": {
"required": False,
"type": "str"
},
"custom_log_fields": {
"required": False,
"type": "list",
"options": {
"field_id": {
"required": False,
"type": "str"
}
}
},
"devices": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"diffserv_forward": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"diffserv_reverse": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"diffservcode_forward": {
"required": False,
"type": "str"
},
"diffservcode_rev": {
"required": False,
"type": "str"
},
"dlp_sensor": {
"required": False,
"type": "str"
},
"dscp_match": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"dscp_negate": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"dscp_value": {
"required": False,
"type": "str"
},
"dsri": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"dstaddr": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"dstaddr_negate": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"dstintf": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"firewall_session_dirty": {
"required": False,
"type": "str",
"choices": ["check-all", "check-new"]
},
"fixedport": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"global_label": {
"required": False,
"type": "str"
},
"groups": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"icap_profile": {
"required": False,
"type": "str"
},
"inbound": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"ippool": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"ips_sensor": {
"required": False,
"type": "str"
},
"label": {
"required": False,
"type": "str"
},
"logtraffic": {
"required": False,
"type": "str",
"choices": ["all", "utm", "disable"]
},
"logtraffic_start": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"name": {
"required": False,
"type": "str"
},
"nat": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"natinbound": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"natoutbound": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"outbound": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"per_ip_shaper": {
"required": False,
"type": "str"
},
"policyid": {
"required": True,
"type": "int"
},
"poolname": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"profile_group": {
"required": False,
"type": "str"
},
"profile_protocol_options": {
"required": False,
"type": "str"
},
"profile_type": {
"required": False,
"type": "str",
"choices": ["single", "group"]
},
"replacemsg_override_group": {
"required": False,
"type": "str"
},
"rsso": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"schedule": {
"required": False,
"type": "str"
},
"send_deny_packet": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"service": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"service_negate": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"session_ttl": {
"required": False,
"type": "int"
},
"spamfilter_profile": {
"required": False,
"type": "str"
},
"srcaddr": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"srcaddr_negate": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"srcintf": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"ssh_filter_profile": {
"required": False,
"type": "str"
},
"ssl_mirror": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"ssl_mirror_intf": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"ssl_ssh_profile": {
"required": False,
"type": "str"
},
"status": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"tcp_mss_receiver": {
"required": False,
"type": "int"
},
"tcp_mss_sender": {
"required": False,
"type": "int"
},
"tcp_session_without_syn": {
"required": False,
"type": "str",
"choices": ["all", "data-only", "disable"]
},
"timeout_send_rst": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"traffic_shaper": {
"required": False,
"type": "str"
},
"traffic_shaper_reverse": {
"required": False,
"type": "str"
},
"url_category": {
"required": False,
"type": "list",
"options": {
"id": {
"required": True,
"type": "int"
}
}
},
"users": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"utm_status": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"uuid": {
"required": False,
"type": "str"
},
"vlan_cos_fwd": {
"required": False,
"type": "int"
},
"vlan_cos_rev": {
"required": False,
"type": "int"
},
"vlan_filter": {
"required": False,
"type": "str"
},
"voip_profile": {
"required": False,
"type": "str"
},
"vpntunnel": {
"required": False,
"type": "str"
},
"webfilter_profile": {
"required": False,
"type": "str"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_firewall(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_firewall(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"vpn_certificate_ca": {
"required": False,
"type": "dict",
"default": None,
"options": {
"auto_update_days": {
"required": False,
"type": "int"
},
"auto_update_days_warning": {
"required": False,
"type": "int"
},
"ca": {
"required": False,
"type": "str"
},
"last_updated": {
"required": False,
"type": "int"
},
"name": {
"required": True,
"type": "str"
},
"range": {
"required": False,
"type": "str",
"choices": ["global", "vdom"]
},
"scep_url": {
"required": False,
"type": "str"
},
"source": {
"required": False,
"type": "str",
"choices": ["factory", "user", "bundle"]
},
"source_ip": {
"required": False,
"type": "str"
},
"trusted": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_vpn_certificate(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_vpn_certificate(
module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"system_password_policy_guest_admin": {
"required": False, "type": "dict", "default": None,
"options": {
"apply_to": {"required": False, "type": "str",
"choices": ["guest-admin-password"]},
"change_4_characters": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"expire_day": {"required": False, "type": "int"},
"expire_status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"min_lower_case_letter": {"required": False, "type": "int"},
"min_non_alphanumeric": {"required": False, "type": "int"},
"min_number": {"required": False, "type": "int"},
"min_upper_case_letter": {"required": False, "type": "int"},
"minimum_length": {"required": False, "type": "int"},
"reuse_password": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
}
}
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_system(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_system(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"webfilter_urlfilter": {
"required": False,
"type": "dict",
"default": None,
"options": {
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"comment": {
"required": False,
"type": "str"
},
"entries": {
"required": False,
"type": "list",
"options": {
"action": {
"required": False,
"type": "str",
"choices": ["exempt", "block", "allow", "monitor"]
},
"dns_address_family": {
"required": False,
"type": "str",
"choices": ["ipv4", "ipv6", "both"]
},
"exempt": {
"required":
False,
"type":
"str",
"choices": [
"av", "web-content", "activex-java-cookie",
"dlp", "fortiguard", "range-block", "pass",
"all"
]
},
"id": {
"required": True,
"type": "int"
},
"referrer_host": {
"required": False,
"type": "str"
},
"status": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"type": {
"required": False,
"type": "str",
"choices": ["simple", "regex", "wildcard"]
},
"url": {
"required": False,
"type": "str"
},
"web_proxy_profile": {
"required": False,
"type": "str"
}
}
},
"id": {
"required": True,
"type": "int"
},
"ip_addr_block": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"name": {
"required": False,
"type": "str"
},
"one_arm_ips_urlfilter": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_webfilter(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_webfilter(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def run(self, tmp=None, task_vars=None):
del tmp # tmp no longer has any effect
socket_path = None
play_context = copy.deepcopy(self._play_context)
play_context.network_os = self._get_network_os(task_vars)
if play_context.connection == 'local':
# we should be able to stream line this a bit by creating a common
# provider argument spec in module_utils/network/common/utils.py or another
# option is that there isn't a need to push provider into the module
# since the connection is started in the action handler.
module_name = 'ansible.module_utils.network.{0}.{0}'.format(play_context.network_os)
f, p, d = find_module('ansible')
for package in module_name.split('.')[1:]:
f, p, d = find_module(package, [p])
module = load_module(module_name, f, p, d)
self.provider = load_provider(module.get_provider_argspec(), self._task.args)
if self.provider.get('transport') == 'netconf' and play_context.network_os in _NETCONF_SUPPORTED_PLATFORMS \
and self._task.action not in _CLI_ONLY_MODULES:
play_context.connection = 'netconf'
play_context.port = int(self.provider['port'] or self._play_context.port or 830)
elif self.provider.get('transport') in ('nxapi', 'eapi') and play_context.network_os in ('nxos', 'eos'):
play_context.connection = play_context.connection
play_context.port = int(self.provider['port'] or self._play_context.port or 22)
else:
play_context.connection = 'network_cli'
play_context.port = int(self.provider['port'] or self._play_context.port or 22)
play_context.remote_addr = self.provider['host'] or self._play_context.remote_addr
play_context.remote_user = self.provider['username'] or self._play_context.connection_user
play_context.password = self.provider['password'] or self._play_context.password
play_context.private_key_file = self.provider['ssh_keyfile'] or self._play_context.private_key_file
play_context.timeout = int(self.provider['timeout'] or C.PERSISTENT_COMMAND_TIMEOUT)
if 'authorize' in self.provider.keys():
play_context.become = self.provider['authorize'] or False
play_context.become_pass = self.provider['auth_pass']
play_context.become_method = 'enable'
if self._play_context.connection == 'local':
if self.provider.get('transport') == 'nxapi' and play_context.network_os == 'nxos':
self._task.args['provider'] = _NxosActionModule.nxapi_implementation(self.provider, self._play_context)
elif self.provider.get('transport') == 'eapi' and play_context.network_os == 'eos':
self._task.args['provider'] = _EosActionModule.eapi_implementation(self.provider, self._play_context)
else:
socket_path = self._start_connection(play_context)
task_vars['ansible_socket'] = socket_path
else:
provider = self._task.args.get('provider', {})
if any(provider.values()):
display.warning('provider is unnecessary when using %s and will be ignored' % play_context.connection)
del self._task.args['provider']
if play_context.connection == 'network_cli':
# make sure we are in the right cli context which should be
# enable mode and not config module
if socket_path is None:
socket_path = self._connection.socket_path
conn = Connection(socket_path)
out = conn.get_prompt()
if to_text(out, errors='surrogate_then_replace').strip().endswith(')#'):
display.vvvv('wrong context, sending exit to device', self._play_context.remote_addr)
conn.send_command('exit')
if 'fail_on_missing_module' not in self._task.args:
self._task.args['fail_on_missing_module'] = False
result = super(ActionModule, self).run(task_vars=task_vars)
module = self._get_implementation_module(play_context.network_os, self._task.action)
if not module:
if self._task.args['fail_on_missing_module']:
result['failed'] = True
else:
result['failed'] = False
result['msg'] = ('Could not find implementation module %s for %s' %
(self._task.action, play_context.network_os))
else:
new_module_args = self._task.args.copy()
# perhaps delete the provider argument here as well since the
# module code doesn't need the information, the connection is
# already started
if 'network_os' in new_module_args:
del new_module_args['network_os']
del new_module_args['fail_on_missing_module']
display.vvvv('Running implementation module %s' % module)
result.update(self._execute_module(module_name=module,
module_args=new_module_args, task_vars=task_vars,
wrap_async=self._task.async_val))
display.vvvv('Caching network OS %s in facts' % play_context.network_os)
result['ansible_facts'] = {'network_os': play_context.network_os}
return result
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"system_gre_tunnel": {
"required": False,
"type": "dict",
"default": None,
"options": {
"checksum_reception": {
"required": False,
"type": "str",
"choices": ["disable", "enable"]
},
"checksum_transmission": {
"required": False,
"type": "str",
"choices": ["disable", "enable"]
},
"dscp_copying": {
"required": False,
"type": "str",
"choices": ["disable", "enable"]
},
"interface": {
"required": False,
"type": "str"
},
"ip_version": {
"required": False,
"type": "str",
"choices": ["4", "6"]
},
"keepalive_failtimes": {
"required": False,
"type": "int"
},
"keepalive_interval": {
"required": False,
"type": "int"
},
"key_inbound": {
"required": False,
"type": "int"
},
"key_outbound": {
"required": False,
"type": "int"
},
"local_gw": {
"required": False,
"type": "str"
},
"local_gw6": {
"required": False,
"type": "str"
},
"name": {
"required": True,
"type": "str"
},
"remote_gw": {
"required": False,
"type": "str"
},
"remote_gw6": {
"required": False,
"type": "str"
},
"sequence_number_reception": {
"required": False,
"type": "str",
"choices": ["disable", "enable"]
},
"sequence_number_transmission": {
"required": False,
"type": "str",
"choices": ["disable", "enable"]
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_system(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_system(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def run(self, tmp=None, task_vars=None):
del tmp # tmp no longer has any effect
module = module_loader._load_module_source(self._task.action, module_loader.find_plugin(self._task.action))
if not getattr(module, 'USE_PERSISTENT_CONNECTION', False):
return super(ActionModule, self).run(task_vars=task_vars)
socket_path = None
if self._play_context.connection == 'local':
provider = load_provider(junos_provider_spec, self._task.args)
pc = copy.deepcopy(self._play_context)
pc.network_os = 'junos'
pc.remote_addr = provider['host'] or self._play_context.remote_addr
if provider['transport'] == 'cli' and self._task.action not in CLI_SUPPORTED_MODULES:
return {'failed': True, 'msg': "Transport type '%s' is not valid for '%s' module. "
"Please see https://docs.ansible.com/ansible/latest/network/user_guide/platform_junos.html"
% (provider['transport'], self._task.action)}
if self._task.action == 'junos_netconf' or (provider['transport'] == 'cli' and self._task.action == 'junos_command'):
pc.connection = 'network_cli'
pc.port = int(provider['port'] or self._play_context.port or 22)
else:
pc.connection = 'netconf'
pc.port = int(provider['port'] or self._play_context.port or 830)
pc.remote_user = provider['username'] or self._play_context.connection_user
pc.password = provider['password'] or self._play_context.password
pc.private_key_file = provider['ssh_keyfile'] or self._play_context.private_key_file
pc.timeout = int(provider['timeout'] or C.PERSISTENT_COMMAND_TIMEOUT)
display.vvv('using connection plugin %s (was local)' % pc.connection, pc.remote_addr)
connection = self._shared_loader_obj.connection_loader.get('persistent', pc, sys.stdin)
socket_path = connection.run()
display.vvvv('socket_path: %s' % socket_path, pc.remote_addr)
if not socket_path:
return {'failed': True,
'msg': 'unable to open shell. Please see: ' +
'https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell'}
task_vars['ansible_socket'] = socket_path
elif self._play_context.connection in ('netconf', 'network_cli'):
provider = self._task.args.get('provider', {})
if any(provider.values()):
display.warning('provider is unnecessary when using %s and will be ignored' % self._play_context.connection)
del self._task.args['provider']
if (self._play_context.connection == 'network_cli' and self._task.action not in CLI_SUPPORTED_MODULES) or \
(self._play_context.connection == 'netconf' and self._task.action == 'junos_netconf'):
return {'failed': True, 'msg': "Connection type '%s' is not valid for '%s' module. "
"Please see https://docs.ansible.com/ansible/latest/network/user_guide/platform_junos.html"
% (self._play_context.connection, self._task.action)}
if (self._play_context.connection == 'local' and pc.connection == 'network_cli') or self._play_context.connection == 'network_cli':
# make sure we are in the right cli context which should be
# enable mode and not config module
if socket_path is None:
socket_path = self._connection.socket_path
conn = Connection(socket_path)
out = conn.get_prompt()
while to_text(out, errors='surrogate_then_replace').strip().endswith('#'):
display.vvvv('wrong context, sending exit to device', self._play_context.remote_addr)
conn.send_command('exit')
out = conn.get_prompt()
result = super(ActionModule, self).run(None, task_vars)
return result
def main():
mkeyname = 'id'
fields = {
"access_token": {
"required": False,
"type": "str",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"firewall_internet_service": {
"required": False,
"type": "dict",
"default": None,
"options": {
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"database": {
"required": False,
"type": "str",
"choices": ["isdb", "irdb"]
},
"direction": {
"required": False,
"type": "str",
"choices": ["src", "dst", "both"]
},
"extra_ip_range_number": {
"required": False,
"type": "int"
},
"icon_id": {
"required": False,
"type": "int"
},
"id": {
"required": True,
"type": "int"
},
"ip_number": {
"required": False,
"type": "int"
},
"ip_range_number": {
"required": False,
"type": "int"
},
"jitter_threshold": {
"required": False,
"type": "int"
},
"latency_threshold": {
"required": False,
"type": "int"
},
"name": {
"required": False,
"type": "str"
},
"obsolete": {
"required": False,
"type": "int"
},
"packetloss_threshold": {
"required": False,
"type": "int"
},
"reputation": {
"required": False,
"type": "int"
},
"singularity": {
"required": False,
"type": "int"
},
"sld_id": {
"required": False,
"type": "int"
}
}
}
}
check_legacy_fortiosapi()
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
versions_check_result = None
if module._socket_path:
connection = Connection(module._socket_path)
if 'access_token' in module.params:
connection.set_option('access_token',
module.params['access_token'])
fos = FortiOSHandler(connection, module, mkeyname)
is_error, has_changed, result = fortios_firewall(module.params, fos)
versions_check_result = connection.get_system_version()
else:
module.fail_json(**FAIL_SOCKET_MSG)
if versions_check_result and versions_check_result['matched'] is False:
module.warn(
"Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv"
)
if not is_error:
if versions_check_result and versions_check_result['matched'] is False:
module.exit_json(changed=has_changed,
version_check_warning=versions_check_result,
meta=result)
else:
module.exit_json(changed=has_changed, meta=result)
else:
if versions_check_result and versions_check_result['matched'] is False:
module.fail_json(msg="Error in repo",
version_check_warning=versions_check_result,
meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
jrpc_urls = [
'/pm/config/adom/{adom}/obj/system/sdn-connector/{sdn-connector}/route-table/{route-table}/route',
'/pm/config/global/obj/system/sdn-connector/{sdn-connector}/route-table/{route-table}/route'
]
perobject_jrpc_urls = [
'/pm/config/adom/{adom}/obj/system/sdn-connector/{sdn-connector}/route-table/{route-table}/route/{route}',
'/pm/config/global/obj/system/sdn-connector/{sdn-connector}/route-table/{route-table}/route/{route}'
]
url_params = ['adom', 'sdn-connector', 'route-table']
module_primary_key = 'name'
module_arg_spec = {
'bypass_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'rc_succeeded': {
'required': False,
'type': 'list'
},
'rc_failed': {
'required': False,
'type': 'list'
},
'state': {
'type': 'str',
'required': True,
'choices': [
'present',
'absent'
]
},
'adom': {
'required': True,
'type': 'str'
},
'sdn-connector': {
'required': True,
'type': 'str'
},
'route-table': {
'required': True,
'type': 'str'
},
'system_sdnconnector_routetable_route': {
'required': False,
'type': 'dict',
'options': {
'name': {
'required': True,
'type': 'str'
},
'next-hop': {
'required': False,
'type': 'str'
}
}
}
}
params_validation_blob = []
check_galaxy_version(module_arg_spec)
module = AnsibleModule(argument_spec=check_parameter_bypass(module_arg_spec, 'system_sdnconnector_routetable_route'),
supports_check_mode=False)
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = NAPIManager(jrpc_urls, perobject_jrpc_urls, module_primary_key, url_params, module, connection, top_level_schema_name='data')
fmgr.validate_parameters(params_validation_blob)
fmgr.process_curd()
else:
module.fail_json(msg='MUST RUN IN HTTPAPI MODE')
module.exit_json(meta=module.params)
def __init__(self, module):
self.module = module
self.connection = Connection(self.module._socket_path)
def run(self, tmp=None, task_vars=None):
del tmp # tmp no longer has any effect
socket_path = None
if (self._play_context.connection == 'httpapi' or self._task.args.get('provider', {}).get('transport') == 'nxapi') \
and self._task.action in ('nxos_file_copy', 'nxos_nxapi'):
return {'failed': True, 'msg': "Transport type 'nxapi' is not valid for '%s' module." % (self._task.action)}
if self._task.action == 'nxos_file_copy':
self._task.args['host'] = self._play_context.remote_addr
self._task.args['password'] = self._play_context.password
if self._play_context.connection == 'network_cli':
self._task.args['username'] = self._play_context.remote_user
elif self._play_context.connection == 'local':
self._task.args['username'] = self._play_context.connection_user
if self._task.action == 'nxos_install_os':
connection = self._connection
if connection.get_option('persistent_command_timeout') < 600 or connection.get_option('persistent_connect_timeout') < 600:
msg = 'PERSISTENT_COMMAND_TIMEOUT and PERSISTENT_CONNECT_TIMEOUT'
msg += ' must be set to 600 seconds or higher when using nxos_install_os module'
return {'failed': True, 'msg': msg}
if self._play_context.connection in ('network_cli', 'httpapi'):
provider = self._task.args.get('provider', {})
if any(provider.values()):
display.warning('provider is unnecessary when using %s and will be ignored' % self._play_context.connection)
del self._task.args['provider']
if self._task.args.get('transport'):
display.warning('transport is unnecessary when using %s and will be ignored' % self._play_context.connection)
del self._task.args['transport']
elif self._play_context.connection == 'local':
provider = load_provider(nxos_provider_spec, self._task.args)
transport = provider['transport'] or 'cli'
display.vvvv('connection transport is %s' % transport, self._play_context.remote_addr)
if transport == 'cli':
pc = copy.deepcopy(self._play_context)
pc.connection = 'network_cli'
pc.network_os = 'nxos'
pc.remote_addr = provider['host'] or self._play_context.remote_addr
pc.port = int(provider['port'] or self._play_context.port or 22)
pc.remote_user = provider['username'] or self._play_context.connection_user
pc.password = provider['password'] or self._play_context.password
pc.private_key_file = provider['ssh_keyfile'] or self._play_context.private_key_file
pc.become = provider['authorize'] or False
if pc.become:
pc.become_method = 'enable'
pc.become_pass = provider['auth_pass']
display.vvv('using connection plugin %s (was local)' % pc.connection, pc.remote_addr)
connection = self._shared_loader_obj.connection_loader.get('persistent', pc, sys.stdin)
command_timeout = int(provider['timeout']) if provider['timeout'] else connection.get_option('persistent_command_timeout')
connection.set_options(direct={'persistent_command_timeout': command_timeout})
socket_path = connection.run()
display.vvvv('socket_path: %s' % socket_path, pc.remote_addr)
if not socket_path:
return {'failed': True,
'msg': 'unable to open shell. Please see: ' +
'https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell'}
task_vars['ansible_socket'] = socket_path
else:
self._task.args['provider'] = ActionModule.nxapi_implementation(provider, self._play_context)
else:
return {'failed': True, 'msg': 'Connection type %s is not valid for this module' % self._play_context.connection}
if (self._play_context.connection == 'local' and transport == 'cli') or self._play_context.connection == 'network_cli':
# make sure we are in the right cli context which should be
# enable mode and not config module
if socket_path is None:
socket_path = self._connection.socket_path
conn = Connection(socket_path)
out = conn.get_prompt()
while to_text(out, errors='surrogate_then_replace').strip().endswith(')#'):
display.vvvv('wrong context, sending exit to device', self._play_context.remote_addr)
conn.send_command('exit')
out = conn.get_prompt()
result = super(ActionModule, self).run(task_vars=task_vars)
return result
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"firewall_ssh_host_key": {
"required": False,
"type": "dict",
"default": None,
"options": {
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"hostname": {
"required": False,
"type": "str"
},
"ip": {
"required": False,
"type": "str"
},
"name": {
"required": True,
"type": "str"
},
"nid": {
"required": False,
"type": "str",
"choices": ["256", "384", "521"]
},
"port": {
"required": False,
"type": "int"
},
"public_key": {
"required": False,
"type": "str"
},
"status": {
"required": False,
"type": "str",
"choices": ["trusted", "revoked"]
},
"type": {
"required":
False,
"type":
"str",
"choices": [
"RSA", "DSA", "ECDSA", "ED25519", "RSA-CA", "DSA-CA",
"ECDSA-CA", "ED25519-CA"
]
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_firewall_ssh(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_firewall_ssh(
module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def _get_connection(self):
if self._connection:
return self._connection
self._connection = Connection(self._module._socket_path) #pylint: disable=W0212
return self._connection
def exec_command(self, cmd, in_data=None, sudoable=True):
display.vvvv('exec_command(), socket_path=%s' % self.socket_path, host=self._play_context.remote_addr)
connection = SocketConnection(self.socket_path)
out = connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)
return 0, out, ''