def main(): mkeyname = 'seq-num' fields = { "access_token": { "required": False, "type": "str", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "state": { "required": False, "type": "str", "choices": ["present", "absent"] }, "router_policy6": { "required": False, "type": "dict", "default": None, "options": { "state": { "required": False, "type": "str", "choices": ["present", "absent"] }, "comments": { "required": False, "type": "str" }, "dst": { "required": False, "type": "str" }, "end_port": { "required": False, "type": "int" }, "gateway": { "required": False, "type": "str" }, "input_device": { "required": False, "type": "str" }, "output_device": { "required": False, "type": "str" }, "protocol": { "required": False, "type": "int" }, "seq_num": { "required": False, "type": "int" }, "src": { "required": False, "type": "str" }, "start_port": { "required": False, "type": "int" }, "status": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "tos": { "required": False, "type": "str" }, "tos_mask": { "required": False, "type": "str" } } } } check_legacy_fortiosapi() module = AnsibleModule(argument_spec=fields, supports_check_mode=False) versions_check_result = None if module._socket_path: connection = Connection(module._socket_path) if 'access_token' in module.params: connection.set_option('access_token', module.params['access_token']) fos = FortiOSHandler(connection, module, mkeyname) is_error, has_changed, result = fortios_router(module.params, fos) versions_check_result = connection.get_system_version() else: module.fail_json(**FAIL_SOCKET_MSG) if versions_check_result and versions_check_result['matched'] is False: module.warn( "Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv" ) if not is_error: if versions_check_result and versions_check_result['matched'] is False: module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) else: module.exit_json(changed=has_changed, meta=result) else: if versions_check_result and versions_check_result['matched'] is False: module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def run(self, tmp=None, task_vars=None): del tmp # tmp no longer has any effect module_name = self._task.action.split('.')[-1] self._config_module = True if module_name == 'os6_config' else False socket_path = None persistent_connection = self._play_context.connection.split('.')[-1] if persistent_connection == 'network_cli': provider = self._task.args.get('provider', {}) if any(provider.values()): display.warning( 'provider is unnecessary when using network_cli and will be ignored' ) del self._task.args['provider'] elif self._play_context.connection == 'local': provider = load_provider(os6_provider_spec, self._task.args) pc = copy.deepcopy(self._play_context) pc.connection = 'network_cli' pc.network_os = 'dellemc.os6.os6' pc.remote_addr = provider['host'] or self._play_context.remote_addr pc.port = int(provider['port'] or self._play_context.port or 22) pc.remote_user = provider[ 'username'] or self._play_context.connection_user pc.password = provider['password'] or self._play_context.password pc.private_key_file = provider[ 'ssh_keyfile'] or self._play_context.private_key_file command_timeout = int(provider['timeout'] or C.PERSISTENT_COMMAND_TIMEOUT) pc.become = provider['authorize'] or False if pc.become: pc.become_method = 'enable' pc.become_pass = provider['auth_pass'] display.vvv('using connection plugin %s' % pc.connection, pc.remote_addr) connection = self._shared_loader_obj.connection_loader.get( 'persistent', pc, sys.stdin) connection.set_options( direct={'persistent_command_timeout': command_timeout}) socket_path = connection.run() display.vvvv('socket_path: %s' % socket_path, pc.remote_addr) if not socket_path: return { 'failed': True, 'msg': 'unable to open shell. Please see: ' + 'https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell' } task_vars['ansible_socket'] = socket_path # make sure we are in the right cli context which should be # enable mode and not config module if socket_path is None: socket_path = self._connection.socket_path conn = Connection(socket_path) out = conn.get_prompt() while to_text(out, errors='surrogate_then_replace').strip().endswith(')#'): display.vvvv('wrong context, sending exit to device', self._play_context.remote_addr) conn.send_command('exit') out = conn.get_prompt() result = super(ActionModule, self).run(task_vars=task_vars) return result
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "default": "", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "state": { "required": True, "type": "str", "choices": ["present", "absent"] }, "wireless_controller_ble_profile": { "required": False, "type": "dict", "default": None, "options": { "advertising": { "required": False, "type": "str", "choices": ["ibeacon", "eddystone-uid", "eddystone-url"] }, "beacon_interval": { "required": False, "type": "int" }, "ble_scanning": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "comment": { "required": False, "type": "str" }, "eddystone_instance": { "required": False, "type": "str" }, "eddystone_namespace": { "required": False, "type": "str" }, "eddystone_url": { "required": False, "type": "str" }, "eddystone_url_encode_hex": { "required": False, "type": "str" }, "ibeacon_uuid": { "required": False, "type": "str" }, "major_id": { "required": False, "type": "int" }, "minor_id": { "required": False, "type": "int" }, "name": { "required": True, "type": "str" }, "txpower": { "required": False, "type": "str", "choices": [ "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12" ] } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_wireless_controller( module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_wireless_controller( module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): jrpc_urls = [ '/pm/config/adom/{adom}/obj/firewall/vip/{vip}/ssl-server-cipher-suites', '/pm/config/global/obj/firewall/vip/{vip}/ssl-server-cipher-suites' ] perobject_jrpc_urls = [ '/pm/config/adom/{adom}/obj/firewall/vip/{vip}/ssl-server-cipher-suites/{ssl-server-cipher-suites}', '/pm/config/global/obj/firewall/vip/{vip}/ssl-server-cipher-suites/{ssl-server-cipher-suites}' ] url_params = ['adom', 'vip'] module_primary_key = 'priority' module_arg_spec = { 'enable_log': { 'type': 'bool', 'required': False, 'default': False }, 'proposed_method': { 'type': 'str', 'required': False, 'choices': ['set', 'update', 'add'] }, 'bypass_validation': { 'type': 'bool', 'required': False, 'default': False }, 'workspace_locking_adom': { 'type': 'str', 'required': False }, 'workspace_locking_timeout': { 'type': 'int', 'required': False, 'default': 300 }, 'rc_succeeded': { 'required': False, 'type': 'list' }, 'rc_failed': { 'required': False, 'type': 'list' }, 'state': { 'type': 'str', 'required': True, 'choices': ['present', 'absent'] }, 'adom': { 'required': True, 'type': 'str' }, 'vip': { 'required': True, 'type': 'str' }, 'firewall_vip_sslserverciphersuites': { 'required': False, 'type': 'dict', 'revision': { '6.0.0': True, '6.2.1': True, '6.2.3': True, '6.2.5': True, '6.4.0': True, '6.4.2': True, '6.4.5': True, '7.0.0': True }, 'options': { 'cipher': { 'required': False, 'revision': { '6.0.0': True, '6.2.1': True, '6.2.3': True, '6.2.5': True, '6.4.0': True, '6.4.2': True, '6.4.5': True, '7.0.0': True }, 'choices': [ 'TLS-RSA-WITH-RC4-128-MD5', 'TLS-RSA-WITH-RC4-128-SHA', 'TLS-RSA-WITH-DES-CBC-SHA', 'TLS-RSA-WITH-3DES-EDE-CBC-SHA', 'TLS-RSA-WITH-AES-128-CBC-SHA', 'TLS-RSA-WITH-AES-256-CBC-SHA', 'TLS-RSA-WITH-AES-128-CBC-SHA256', 'TLS-RSA-WITH-AES-256-CBC-SHA256', 'TLS-RSA-WITH-CAMELLIA-128-CBC-SHA', 'TLS-RSA-WITH-CAMELLIA-256-CBC-SHA', 'TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256', 'TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256', 'TLS-RSA-WITH-SEED-CBC-SHA', 'TLS-RSA-WITH-ARIA-128-CBC-SHA256', 'TLS-RSA-WITH-ARIA-256-CBC-SHA384', 'TLS-DHE-RSA-WITH-DES-CBC-SHA', 'TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA', 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA', 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA', 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA256', 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA256', 'TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA', 'TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA', 'TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256', 'TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256', 'TLS-DHE-RSA-WITH-SEED-CBC-SHA', 'TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256', 'TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384', 'TLS-ECDHE-RSA-WITH-RC4-128-SHA', 'TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA', 'TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA', 'TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA', 'TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256', 'TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256', 'TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256', 'TLS-DHE-RSA-WITH-AES-128-GCM-SHA256', 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384', 'TLS-DHE-DSS-WITH-AES-128-CBC-SHA', 'TLS-DHE-DSS-WITH-AES-256-CBC-SHA', 'TLS-DHE-DSS-WITH-AES-128-CBC-SHA256', 'TLS-DHE-DSS-WITH-AES-128-GCM-SHA256', 'TLS-DHE-DSS-WITH-AES-256-CBC-SHA256', 'TLS-DHE-DSS-WITH-AES-256-GCM-SHA384', 'TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256', 'TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256', 'TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384', 'TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384', 'TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA', 'TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256', 'TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256', 'TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384', 'TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384', 'TLS-RSA-WITH-AES-128-GCM-SHA256', 'TLS-RSA-WITH-AES-256-GCM-SHA384', 'TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA', 'TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA', 'TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256', 'TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256', 'TLS-DHE-DSS-WITH-SEED-CBC-SHA', 'TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256', 'TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384', 'TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256', 'TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384', 'TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256', 'TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384', 'TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA', 'TLS-DHE-DSS-WITH-DES-CBC-SHA', 'TLS-AES-128-GCM-SHA256', 'TLS-AES-256-GCM-SHA384', 'TLS-CHACHA20-POLY1305-SHA256' ], 'type': 'str' }, 'priority': { 'required': True, 'revision': { '6.0.0': True, '6.2.1': True, '6.2.3': True, '6.2.5': True, '6.4.0': True, '6.4.2': True, '6.4.5': True, '7.0.0': True }, 'type': 'int' }, 'versions': { 'required': False, 'revision': { '6.0.0': True, '6.2.1': True, '6.2.3': True, '6.2.5': True, '6.4.0': True, '6.4.2': True, '6.4.5': True, '7.0.0': True }, 'type': 'list', 'choices': ['ssl-3.0', 'tls-1.0', 'tls-1.1', 'tls-1.2', 'tls-1.3'] } } } } params_validation_blob = [] check_galaxy_version(module_arg_spec) module = AnsibleModule(argument_spec=check_parameter_bypass( module_arg_spec, 'firewall_vip_sslserverciphersuites'), supports_check_mode=False) fmgr = None if module._socket_path: connection = Connection(module._socket_path) connection.set_option( 'enable_log', module.params['enable_log'] if 'enable_log' in module.params else False) fmgr = NAPIManager(jrpc_urls, perobject_jrpc_urls, module_primary_key, url_params, module, connection, top_level_schema_name='data') fmgr.validate_parameters(params_validation_blob) fmgr.process_curd(argument_specs=module_arg_spec) else: module.fail_json(msg='MUST RUN IN HTTPAPI MODE') module.exit_json(meta=module.params)
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "default": "", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "wireless_controller_global": { "required": False, "type": "dict", "default": None, "options": { "ap_log_server": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "ap_log_server_ip": { "required": False, "type": "str" }, "ap_log_server_port": { "required": False, "type": "int" }, "control_message_offload": { "required": False, "type": "str", "choices": [ "ebp-frame", "aeroscout-tag", "ap-list", "sta-list", "sta-cap-list", "stats", "aeroscout-mu" ] }, "data_ethernet_II": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "discovery_mc_addr": { "required": False, "type": "str" }, "fiapp_eth_type": { "required": False, "type": "int" }, "image_download": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "ipsec_base_ip": { "required": False, "type": "str" }, "link_aggregation": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "location": { "required": False, "type": "str" }, "max_clients": { "required": False, "type": "int" }, "max_retransmit": { "required": False, "type": "int" }, "mesh_eth_type": { "required": False, "type": "int" }, "name": { "required": False, "type": "str" }, "rogue_scan_mac_adjacency": { "required": False, "type": "int" }, "wtp_share": { "required": False, "type": "str", "choices": ["enable", "disable"] } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_wireless_controller( module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_wireless_controller( module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): fields = { "host": {"required": False, "type": "str"}, "username": {"required": False, "type": "str"}, "password": {"required": False, "type": "str", "default": "", "no_log": True}, "vdom": {"required": False, "type": "str", "default": "root"}, "https": {"required": False, "type": "bool", "default": True}, "ssl_verify": {"required": False, "type": "bool", "default": True}, "wanopt_webcache": { "required": False, "type": "dict", "default": None, "options": { "always_revalidate": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "cache_by_default": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "cache_cookie": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "cache_expired": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "default_ttl": {"required": False, "type": "int"}, "external": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "fresh_factor": {"required": False, "type": "int"}, "host_validate": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "ignore_conditional": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "ignore_ie_reload": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "ignore_ims": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "ignore_pnc": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "max_object_size": {"required": False, "type": "int"}, "max_ttl": {"required": False, "type": "int"}, "min_ttl": {"required": False, "type": "int"}, "neg_resp_time": {"required": False, "type": "int"}, "reval_pnc": {"required": False, "type": "str", "choices": ["enable", "disable"]} } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_wanopt(module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_wanopt(module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "system_netflow": { "required": False, "type": "dict", "default": None, "options": { "active_flow_timeout": { "required": False, "type": "int" }, "collector_ip": { "required": False, "type": "str" }, "collector_port": { "required": False, "type": "int" }, "inactive_flow_timeout": { "required": False, "type": "int" }, "source_ip": { "required": False, "type": "str" }, "template_tx_counter": { "required": False, "type": "int" }, "template_tx_timeout": { "required": False, "type": "int" } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_system(module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_system(module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): jrpc_urls = [ '/pm/config/adom/{adom}/wanprof/{wanprof}/system/sdwan/health-check/{health-check}/sla' ] perobject_jrpc_urls = [ '/pm/config/adom/{adom}/wanprof/{wanprof}/system/sdwan/health-check/{health-check}/sla/{sla}' ] url_params = ['adom', 'wanprof', 'health-check'] module_primary_key = 'id' module_arg_spec = { 'enable_log': { 'type': 'bool', 'required': False, 'default': False }, 'proposed_method': { 'type': 'str', 'required': False, 'choices': [ 'set', 'update', 'add' ] }, 'bypass_validation': { 'type': 'bool', 'required': False, 'default': False }, 'workspace_locking_adom': { 'type': 'str', 'required': False }, 'workspace_locking_timeout': { 'type': 'int', 'required': False, 'default': 300 }, 'rc_succeeded': { 'required': False, 'type': 'list' }, 'rc_failed': { 'required': False, 'type': 'list' }, 'state': { 'type': 'str', 'required': True, 'choices': [ 'present', 'absent' ] }, 'adom': { 'required': True, 'type': 'str' }, 'wanprof': { 'required': True, 'type': 'str' }, 'health-check': { 'required': True, 'type': 'str' }, 'wanprof_system_sdwan_healthcheck_sla': { 'required': False, 'type': 'dict', 'revision': { '6.4.2': True, '6.4.5': True, '7.0.0': True }, 'options': { 'id': { 'required': True, 'revision': { '6.4.2': True, '6.4.5': True, '7.0.0': True }, 'type': 'int' }, 'jitter-threshold': { 'required': False, 'revision': { '6.4.2': True, '6.4.5': True, '7.0.0': True }, 'type': 'int' }, 'latency-threshold': { 'required': False, 'revision': { '6.4.2': True, '6.4.5': True, '7.0.0': True }, 'type': 'int' }, 'link-cost-factor': { 'required': False, 'revision': { '6.4.2': True, '6.4.5': True, '7.0.0': True }, 'type': 'list', 'choices': [ 'latency', 'jitter', 'packet-loss' ] }, 'packetloss-threshold': { 'required': False, 'revision': { '6.4.2': True, '6.4.5': True, '7.0.0': True }, 'type': 'int' } } } } params_validation_blob = [] check_galaxy_version(module_arg_spec) module = AnsibleModule(argument_spec=check_parameter_bypass(module_arg_spec, 'wanprof_system_sdwan_healthcheck_sla'), supports_check_mode=False) fmgr = None if module._socket_path: connection = Connection(module._socket_path) connection.set_option('enable_log', module.params['enable_log'] if 'enable_log' in module.params else False) fmgr = NAPIManager(jrpc_urls, perobject_jrpc_urls, module_primary_key, url_params, module, connection, top_level_schema_name='data') fmgr.validate_parameters(params_validation_blob) fmgr.process_curd(argument_specs=module_arg_spec) else: module.fail_json(msg='MUST RUN IN HTTPAPI MODE') module.exit_json(meta=module.params)
def main(): module = AnsibleModule( argument_spec=dict( adom=dict(required=True, type='str'), device_unique_name=dict(required=True, type='str'), network_domain_name=dict(required=True, type='str'), vdom=dict(required=True, type='str') ), supports_check_mode=True ) module.paramgram = { 'adom': module.params['adom'], 'device_unique_name': module.params['device_unique_name'], } if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: # fail with an un-helpful and error-masking generic response, thanks forti! module.fail_json(**FAIL_SOCKET_MSG) # only pick vlan interfaces with the correct vdom interfaces = [i for i in get_interfaces(module, fmgr) if module.params['vdom'] in i.get('vdom', []) and i['type'] == 'vlan'] dyn_interfaces = get_dynamic_interfaces(module, fmgr) networks = [] zones = {} for zone in dyn_interfaces: dynamic_maps = zone.get('dynamic_mapping', []) if not dynamic_maps: continue scope_id = (module.params['device_unique_name'], module.params['vdom']) for dm in dynamic_maps: if scope_id in [(s['name'], s['vdom']) for s in dm.get('_scope', [])]: local_intf = dm.get('local-intf', []) if isinstance(local_intf, str): local_intf = [local_intf] for ifname in local_intf: if not zones.get(module.params['vdom']): zones[module.params['vdom']] = {} zones[module.params['vdom']][ifname] = zone['name'] for interface in interfaces: if 'vlanid' not in interface or interface['vlanid'] == 0 or interface['ip'][0] == '0.0.0.0': continue ip_interface_str = ipaddress.ip_interface('/'.join(interface['ip'])) # crappy py3/py2 compat fix, remove whenever py2 is gone ip_interface = ipaddress.ip_interface(u'{0}'.format(ip_interface_str)) network_str = '{0}'.format(ip_interface.network.network_address) networks.append({ 'vrf': 0, 'network': network_str, 'length': ip_interface.network.prefixlen, 'domains': { module.params['network_domain_name']: { 'vlan_id': interface['vlanid'], 'name': interface['name'], 'data': { 'zone': zones.get(interface['vdom'][0], {}).get(interface['name']), 'vdom': interface['vdom'][0], 'description': interface.get('description') } } }, }) module.exit_json(msg='networks collected', changed=False, networks=networks)
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "default": "", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "state": { "required": True, "type": "str", "choices": ["present", "absent"] }, "system_vdom_property": { "required": False, "type": "dict", "default": None, "options": { "custom_service": { "required": False, "type": "str" }, "description": { "required": False, "type": "str" }, "dialup_tunnel": { "required": False, "type": "str" }, "firewall_address": { "required": False, "type": "str" }, "firewall_addrgrp": { "required": False, "type": "str" }, "firewall_policy": { "required": False, "type": "str" }, "ipsec_phase1": { "required": False, "type": "str" }, "ipsec_phase1_interface": { "required": False, "type": "str" }, "ipsec_phase2": { "required": False, "type": "str" }, "ipsec_phase2_interface": { "required": False, "type": "str" }, "log_disk_quota": { "required": False, "type": "str" }, "name": { "required": True, "type": "str" }, "onetime_schedule": { "required": False, "type": "str" }, "proxy": { "required": False, "type": "str" }, "recurring_schedule": { "required": False, "type": "str" }, "service_group": { "required": False, "type": "str" }, "session": { "required": False, "type": "str" }, "snmp_index": { "required": False, "type": "int" }, "sslvpn": { "required": False, "type": "str" }, "user": { "required": False, "type": "str" }, "user_group": { "required": False, "type": "str" } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_system(module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_system(module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): jrpc_urls = ['/cli/global/system/sql/custom-index'] perobject_jrpc_urls = [ '/cli/global/system/sql/custom-index/{custom-index}' ] url_params = [] module_primary_key = 'id' module_arg_spec = { 'bypass_validation': { 'type': 'bool', 'required': False, 'default': False }, 'workspace_locking_adom': { 'type': 'str', 'required': False }, 'workspace_locking_timeout': { 'type': 'int', 'required': False, 'default': 300 }, 'rc_succeeded': { 'required': False, 'type': 'list' }, 'rc_failed': { 'required': False, 'type': 'list' }, 'state': { 'type': 'str', 'required': True, 'choices': ['present', 'absent'] }, 'system_sql_customindex': { 'required': False, 'type': 'dict', 'options': { 'case-sensitive': { 'required': False, 'choices': ['disable', 'enable'], 'type': 'str' }, 'device-type': { 'required': False, 'choices': [ 'FortiGate', 'FortiManager', 'FortiClient', 'FortiMail', 'FortiWeb', 'FortiCache', 'FortiSandbox', 'FortiDDoS', 'FortiAuthenticator', 'FortiProxy' ], 'type': 'str' }, 'id': { 'required': True, 'type': 'int' }, 'index-field': { 'required': False, 'type': 'str' }, 'log-type': { 'required': False, 'choices': [ 'none', 'app-ctrl', 'attack', 'content', 'dlp', 'emailfilter', 'event', 'generic', 'history', 'traffic', 'virus', 'voip', 'webfilter', 'netscan', 'fct-event', 'fct-traffic', 'fct-netscan', 'waf', 'gtp', 'dns', 'ssh', 'ssl' ], 'type': 'str' } } } } params_validation_blob = [] check_galaxy_version(module_arg_spec) module = AnsibleModule(argument_spec=check_parameter_bypass( module_arg_spec, 'system_sql_customindex'), supports_check_mode=False) fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = NAPIManager(jrpc_urls, perobject_jrpc_urls, module_primary_key, url_params, module, connection, top_level_schema_name='data') fmgr.validate_parameters(params_validation_blob) fmgr.process_curd() else: module.fail_json(msg='MUST RUN IN HTTPAPI MODE') module.exit_json(meta=module.params)
def main(): jrpc_urls = ['/cli/global/system/admin/user/{user}/dashboard-tabs'] perobject_jrpc_urls = [ '/cli/global/system/admin/user/{user}/dashboard-tabs/{dashboard-tabs}' ] url_params = ['user'] module_primary_key = 'name' module_arg_spec = { 'enable_log': { 'type': 'bool', 'required': False, 'default': False }, 'proposed_method': { 'type': 'str', 'required': False, 'choices': ['set', 'update', 'add'] }, 'bypass_validation': { 'type': 'bool', 'required': False, 'default': False }, 'workspace_locking_adom': { 'type': 'str', 'required': False }, 'workspace_locking_timeout': { 'type': 'int', 'required': False, 'default': 300 }, 'rc_succeeded': { 'required': False, 'type': 'list' }, 'rc_failed': { 'required': False, 'type': 'list' }, 'state': { 'type': 'str', 'required': True, 'choices': ['present', 'absent'] }, 'user': { 'required': True, 'type': 'str' }, 'system_admin_user_dashboardtabs': { 'required': False, 'type': 'dict', 'revision': { '6.0.0': True, '6.2.1': True, '6.2.3': True, '6.2.5': True, '6.4.0': True, '6.4.2': True, '6.4.5': True, '7.0.0': True }, 'options': { 'name': { 'required': True, 'revision': { '6.0.0': True, '6.2.1': True, '6.2.3': True, '6.2.5': True, '6.4.0': True, '6.4.2': True, '6.4.5': True, '7.0.0': True }, 'type': 'str' }, 'tabid': { 'required': False, 'revision': { '6.0.0': True, '6.2.1': True, '6.2.3': True, '6.2.5': True, '6.4.0': True, '6.4.2': True, '6.4.5': True, '7.0.0': True }, 'type': 'int' } } } } params_validation_blob = [] check_galaxy_version(module_arg_spec) module = AnsibleModule(argument_spec=check_parameter_bypass( module_arg_spec, 'system_admin_user_dashboardtabs'), supports_check_mode=False) fmgr = None if module._socket_path: connection = Connection(module._socket_path) connection.set_option( 'enable_log', module.params['enable_log'] if 'enable_log' in module.params else False) fmgr = NAPIManager(jrpc_urls, perobject_jrpc_urls, module_primary_key, url_params, module, connection, top_level_schema_name='data') fmgr.validate_parameters(params_validation_blob) fmgr.process_curd(argument_specs=module_arg_spec) else: module.fail_json(msg='MUST RUN IN HTTPAPI MODE') module.exit_json(meta=module.params)
def main(): mkeyname = 'name' fields = { "access_token": { "required": False, "type": "str", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "state": { "required": False, "type": "str", "choices": ["present", "absent"] }, "report_style": { "required": False, "type": "dict", "default": None, "options": { "state": { "required": False, "type": "str", "choices": ["present", "absent"] }, "align": { "required": False, "type": "str", "choices": ["left", "center", "right", "justify"] }, "bg_color": { "required": False, "type": "str" }, "border_bottom": { "required": False, "type": "str" }, "border_left": { "required": False, "type": "str" }, "border_right": { "required": False, "type": "str" }, "border_top": { "required": False, "type": "str" }, "column_gap": { "required": False, "type": "str" }, "column_span": { "required": False, "type": "str", "choices": ["none", "all"] }, "fg_color": { "required": False, "type": "str" }, "font_family": { "required": False, "type": "str", "choices": ["Verdana", "Arial", "Helvetica", "Courier", "Times"] }, "font_size": { "required": False, "type": "str" }, "font_style": { "required": False, "type": "str", "choices": ["normal", "italic"] }, "font_weight": { "required": False, "type": "str", "choices": ["normal", "bold"] }, "height": { "required": False, "type": "str" }, "line_height": { "required": False, "type": "str" }, "margin_bottom": { "required": False, "type": "str" }, "margin_left": { "required": False, "type": "str" }, "margin_right": { "required": False, "type": "str" }, "margin_top": { "required": False, "type": "str" }, "name": { "required": True, "type": "str" }, "options": { "required": False, "type": "str", "choices": [ "font", "text", "color", "align", "size", "margin", "border", "padding", "column" ] }, "padding_bottom": { "required": False, "type": "str" }, "padding_left": { "required": False, "type": "str" }, "padding_right": { "required": False, "type": "str" }, "padding_top": { "required": False, "type": "str" }, "width": { "required": False, "type": "str" } } } } check_legacy_fortiosapi() module = AnsibleModule(argument_spec=fields, supports_check_mode=False) versions_check_result = None if module._socket_path: connection = Connection(module._socket_path) if 'access_token' in module.params: connection.set_option('access_token', module.params['access_token']) fos = FortiOSHandler(connection, module, mkeyname) is_error, has_changed, result = fortios_report(module.params, fos) versions_check_result = connection.get_system_version() else: module.fail_json(**FAIL_SOCKET_MSG) if versions_check_result and versions_check_result['matched'] is False: module.warn( "Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv" ) if not is_error: if versions_check_result and versions_check_result['matched'] is False: module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) else: module.exit_json(changed=has_changed, meta=result) else: if versions_check_result and versions_check_result['matched'] is False: module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): fields = { "host": {"required": False, "type": "str"}, "username": {"required": False, "type": "str"}, "password": {"required": False, "type": "str", "default": "", "no_log": True}, "vdom": {"required": False, "type": "str", "default": "root"}, "https": {"required": False, "type": "bool", "default": True}, "ssl_verify": {"required": False, "type": "bool", "default": True}, "log_fortiguard_setting": { "required": False, "type": "dict", "default": None, "options": { "enc_algorithm": {"required": False, "type": "str", "choices": ["high-medium", "high", "low"]}, "source_ip": {"required": False, "type": "str"}, "ssl_min_proto_version": {"required": False, "type": "str", "choices": ["default", "SSLv3", "TLSv1", "TLSv1-1", "TLSv1-2"]}, "status": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "upload_day": {"required": False, "type": "str"}, "upload_interval": {"required": False, "type": "str", "choices": ["daily", "weekly", "monthly"]}, "upload_option": {"required": False, "type": "str", "choices": ["store-and-upload", "realtime", "1-minute", "5-minute"]}, "upload_time": {"required": False, "type": "str"} } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_log_fortiguard(module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_log_fortiguard(module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def _get_connection(self): if not self._connection: self._connection = Connection(self._module._socket_path) return self._connection
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "default": "", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "state": { "required": True, "type": "str", "choices": ["present", "absent"] }, "switch_controller_vlan": { "required": False, "type": "dict", "default": None, "options": { "auth": { "required": False, "type": "str", "choices": ["radius", "usergroup"] }, "color": { "required": False, "type": "int" }, "comments": { "required": False, "type": "str" }, "name": { "required": True, "type": "str" }, "portal_message_override_group": { "required": False, "type": "str" }, "portal_message_overrides": { "required": False, "type": "dict", "options": { "auth_disclaimer_page": { "required": False, "type": "str" }, "auth_login_failed_page": { "required": False, "type": "str" }, "auth_login_page": { "required": False, "type": "str" }, "auth_reject_page": { "required": False, "type": "str" } } }, "radius_server": { "required": False, "type": "str" }, "security": { "required": False, "type": "str", "choices": ["open", "captive-portal", "8021x"] }, "selected_usergroups": { "required": False, "type": "list", "options": { "name": { "required": True, "type": "str" } } }, "usergroup": { "required": False, "type": "str" }, "vdom": { "required": False, "type": "str" }, "vlanid": { "required": False, "type": "int" } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_switch_controller( module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_switch_controller( module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): fields = { "host": {"required": False, "type": "str"}, "username": {"required": False, "type": "str"}, "password": {"required": False, "type": "str", "default": "", "no_log": True}, "vdom": {"required": False, "type": "str", "default": "root"}, "https": {"required": False, "type": "bool", "default": True}, "ssl_verify": {"required": False, "type": "bool", "default": True}, "state": {"required": True, "type": "str", "choices": ["present", "absent"]}, "system_automation_action": { "required": False, "type": "dict", "default": None, "options": { "action_type": {"required": False, "type": "str", "choices": ["email", "ios-notification", "alert", "disable-ssid", "quarantine", "quarantine-forticlient", "ban-ip", "aws-lambda", "webhook"]}, "aws_api_id": {"required": False, "type": "str"}, "aws_api_key": {"required": False, "type": "str"}, "aws_api_path": {"required": False, "type": "str"}, "aws_api_stage": {"required": False, "type": "str"}, "aws_domain": {"required": False, "type": "str"}, "aws_region": {"required": False, "type": "str"}, "delay": {"required": False, "type": "int"}, "email_subject": {"required": False, "type": "str"}, "email_to": {"required": False, "type": "list", "options": { "name": {"required": True, "type": "str"} }}, "headers": {"required": False, "type": "list", "options": { "header": {"required": True, "type": "str"} }}, "http_body": {"required": False, "type": "str"}, "method": {"required": False, "type": "str", "choices": ["post", "put", "get"]}, "minimum_interval": {"required": False, "type": "int"}, "name": {"required": True, "type": "str"}, "port": {"required": False, "type": "int"}, "protocol": {"required": False, "type": "str", "choices": ["http", "https"]}, "required": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "uri": {"required": False, "type": "str"} } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_system(module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_system(module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): jrpc_urls = [ '/pm/config/adom/{adom}/obj/antivirus/profile/{profile}', '/pm/config/global/obj/antivirus/profile/{profile}' ] url_schema = [{ 'name': 'adom', 'type': 'string' }, { 'name': 'profile', 'type': 'string' }] body_schema = { 'schema_objects': { 'object0': [{ 'name': 'data', 'type': 'dict', 'dict': { 'analytics-bl-filetype': { 'type': 'string' }, 'analytics-db': { 'type': 'string', 'enum': ['disable', 'enable'] }, 'analytics-max-upload': { 'type': 'integer' }, 'analytics-wl-filetype': { 'type': 'string' }, 'av-block-log': { 'type': 'string', 'enum': ['disable', 'enable'] }, 'av-virus-log': { 'type': 'string', 'enum': ['disable', 'enable'] }, 'comment': { 'type': 'string' }, 'extended-log': { 'type': 'string', 'enum': ['disable', 'enable'] }, 'ftgd-analytics': { 'type': 'string', 'enum': ['disable', 'suspicious', 'everything'] }, 'inspection-mode': { 'type': 'string', 'enum': ['proxy', 'flow-based'] }, 'mobile-malware-db': { 'type': 'string', 'enum': ['disable', 'enable'] }, 'name': { 'type': 'string' }, 'replacemsg-group': { 'type': 'string' }, 'scan-mode': { 'type': 'string', 'enum': ['quick', 'full'] } }, 'api_tag': 0 }, { 'type': 'string', 'name': 'url', 'api_tag': 0 }], 'object1': [{ 'type': 'string', 'name': 'url', 'api_tag': 0 }], 'object2': [{ 'name': 'option', 'type': 'dict', 'dict': { 'type': 'string', 'enum': ['object member', 'chksum', 'datasrc'] }, 'api_tag': 0 }, { 'type': 'string', 'name': 'url', 'api_tag': 0 }] }, 'method_mapping': { 'clone': 'object0', 'delete': 'object1', 'get': 'object2', 'set': 'object0', 'update': 'object0' } } module_arg_spec = { 'loose_validation': { 'type': 'bool', 'required': False, 'default': False }, 'workspace_locking_adom': { 'type': 'str', 'required': False }, 'workspace_locking_timeout': { 'type': 'int', 'required': False, 'default': 300 }, 'params': { 'type': 'list', 'required': False }, 'method': { 'type': 'str', 'required': True, 'choices': ['clone', 'delete', 'get', 'set', 'update'] }, 'url_params': { 'type': 'dict', 'required': False } } module = AnsibleModule(argument_spec=module_arg_spec, supports_check_mode=False) method = module.params['method'] loose_validation = module.params['loose_validation'] fmgr = None payload = None response = DEFAULT_RESULT_OBJ if module._socket_path: connection = Connection(module._socket_path) tools = FMGRCommon() if loose_validation is False: tools.validate_module_params(module, body_schema) tools.validate_module_url_params(module, jrpc_urls, url_schema) full_url = tools.get_full_url_path(module, jrpc_urls) payload = tools.get_full_payload(module, full_url) fmgr = FortiManagerHandler(connection, module) fmgr.tools = tools else: module.fail_json(**FAIL_SOCKET_MSG) try: response = fmgr._conn.send_request(method, payload) fmgr.govern_response(module=module, results=response, msg='Operation Finished', ansible_facts=fmgr.construct_ansible_facts( response, module.params, module.params)) except Exception as e: raise FMGBaseException(e) module.exit_json(meta=response[1])
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "default": "", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "state": { "required": True, "type": "str", "choices": ["present", "absent"] }, "vpn_certificate_ca": { "required": False, "type": "dict", "default": None, "options": { "auto_update_days": { "required": False, "type": "int" }, "auto_update_days_warning": { "required": False, "type": "int" }, "ca": { "required": False, "type": "str" }, "last_updated": { "required": False, "type": "int" }, "name": { "required": True, "type": "str" }, "range": { "required": False, "type": "str", "choices": ["global", "vdom"] }, "scep_url": { "required": False, "type": "str" }, "source": { "required": False, "type": "str", "choices": ["factory", "user", "bundle"] }, "source_ip": { "required": False, "type": "str" }, "trusted": { "required": False, "type": "str", "choices": ["enable", "disable"] } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_vpn_certificate( module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_vpn_certificate( module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "state": { "required": True, "type": "str", "choices": ["present", "absent"] }, "firewall_internet_service": { "required": False, "type": "dict", "default": None, "options": { "database": { "required": False, "type": "str", "choices": ["isdb", "irdb"] }, "direction": { "required": False, "type": "str", "choices": ["src", "dst", "both"] }, "entry": { "required": False, "type": "list", "options": { "id": { "required": True, "type": "int" }, "ip_number": { "required": False, "type": "int" }, "ip_range_number": { "required": False, "type": "int" }, "port": { "required": False, "type": "int" }, "protocol": { "required": False, "type": "int" } } }, "icon_id": { "required": False, "type": "int" }, "id": { "required": True, "type": "int" }, "name": { "required": False, "type": "str" }, "offset": { "required": False, "type": "int" }, "reputation": { "required": False, "type": "int" }, "sld_id": { "required": False, "type": "int" } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_firewall( module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_firewall(module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): fields = { "host": {"required": False, "type": "str"}, "username": {"required": False, "type": "str"}, "password": {"required": False, "type": "str", "default": "", "no_log": True}, "vdom": {"required": False, "type": "str", "default": "root"}, "https": {"required": False, "type": "bool", "default": True}, "ssl_verify": {"required": False, "type": "bool", "default": True}, "router_ospf": { "required": False, "type": "dict", "default": None, "options": { "abr_type": {"required": False, "type": "str", "choices": ["cisco", "ibm", "shortcut", "standard"]}, "area": {"required": False, "type": "list", "options": { "authentication": {"required": False, "type": "str", "choices": ["none", "text", "md5"]}, "default_cost": {"required": False, "type": "int"}, "filter_list": {"required": False, "type": "list", "options": { "direction": {"required": False, "type": "str", "choices": ["in", "out"]}, "id": {"required": True, "type": "int"}, "list": {"required": False, "type": "str"} }}, "id": {"required": True, "type": "str"}, "nssa_default_information_originate": {"required": False, "type": "str", "choices": ["enable", "always", "disable"]}, "nssa_default_information_originate_metric": {"required": False, "type": "int"}, "nssa_default_information_originate_metric_type": {"required": False, "type": "str", "choices": ["1", "2"]}, "nssa_redistribution": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "nssa_translator_role": {"required": False, "type": "str", "choices": ["candidate", "never", "always"]}, "range": {"required": False, "type": "list", "options": { "advertise": {"required": False, "type": "str", "choices": ["disable", "enable"]}, "id": {"required": True, "type": "int"}, "prefix": {"required": False, "type": "str"}, "substitute": {"required": False, "type": "str"}, "substitute_status": {"required": False, "type": "str", "choices": ["enable", "disable"]} }}, "shortcut": {"required": False, "type": "str", "choices": ["disable", "enable", "default"]}, "stub_type": {"required": False, "type": "str", "choices": ["no-summary", "summary"]}, "type": {"required": False, "type": "str", "choices": ["regular", "nssa", "stub"]}, "virtual_link": {"required": False, "type": "list", "options": { "authentication": {"required": False, "type": "str", "choices": ["none", "text", "md5"]}, "authentication_key": {"required": False, "type": "str"}, "dead_interval": {"required": False, "type": "int"}, "hello_interval": {"required": False, "type": "int"}, "md5_key": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, "peer": {"required": False, "type": "str"}, "retransmit_interval": {"required": False, "type": "int"}, "transmit_delay": {"required": False, "type": "int"} }} }}, "auto_cost_ref_bandwidth": {"required": False, "type": "int"}, "bfd": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "database_overflow": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "database_overflow_max_lsas": {"required": False, "type": "int"}, "database_overflow_time_to_recover": {"required": False, "type": "int"}, "default_information_metric": {"required": False, "type": "int"}, "default_information_metric_type": {"required": False, "type": "str", "choices": ["1", "2"]}, "default_information_originate": {"required": False, "type": "str", "choices": ["enable", "always", "disable"]}, "default_information_route_map": {"required": False, "type": "str"}, "default_metric": {"required": False, "type": "int"}, "distance": {"required": False, "type": "int"}, "distance_external": {"required": False, "type": "int"}, "distance_inter_area": {"required": False, "type": "int"}, "distance_intra_area": {"required": False, "type": "int"}, "distribute_list": {"required": False, "type": "list", "options": { "access_list": {"required": False, "type": "str"}, "id": {"required": True, "type": "int"}, "protocol": {"required": False, "type": "str", "choices": ["connected", "static", "rip"]} }}, "distribute_list_in": {"required": False, "type": "str"}, "distribute_route_map_in": {"required": False, "type": "str"}, "log_neighbour_changes": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "neighbor": {"required": False, "type": "list", "options": { "cost": {"required": False, "type": "int"}, "id": {"required": True, "type": "int"}, "ip": {"required": False, "type": "str"}, "poll_interval": {"required": False, "type": "int"}, "priority": {"required": False, "type": "int"} }}, "network": {"required": False, "type": "list", "options": { "area": {"required": False, "type": "str"}, "id": {"required": True, "type": "int"}, "prefix": {"required": False, "type": "str"} }}, "ospf_interface": {"required": False, "type": "list", "options": { "authentication": {"required": False, "type": "str", "choices": ["none", "text", "md5"]}, "authentication_key": {"required": False, "type": "str"}, "bfd": {"required": False, "type": "str", "choices": ["global", "enable", "disable"]}, "cost": {"required": False, "type": "int"}, "database_filter_out": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "dead_interval": {"required": False, "type": "int"}, "hello_interval": {"required": False, "type": "int"}, "hello_multiplier": {"required": False, "type": "int"}, "interface": {"required": False, "type": "str"}, "ip": {"required": False, "type": "str"}, "md5_key": {"required": False, "type": "str"}, "mtu": {"required": False, "type": "int"}, "mtu_ignore": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "name": {"required": True, "type": "str"}, "network_type": {"required": False, "type": "str", "choices": ["broadcast", "non-broadcast", "point-to-point", "point-to-multipoint", "point-to-multipoint-non-broadcast"]}, "prefix_length": {"required": False, "type": "int"}, "priority": {"required": False, "type": "int"}, "resync_timeout": {"required": False, "type": "int"}, "retransmit_interval": {"required": False, "type": "int"}, "status": {"required": False, "type": "str", "choices": ["disable", "enable"]}, "transmit_delay": {"required": False, "type": "int"} }}, "passive_interface": {"required": False, "type": "list", "options": { "name": {"required": True, "type": "str"} }}, "redistribute": {"required": False, "type": "list", "options": { "metric": {"required": False, "type": "int"}, "metric_type": {"required": False, "type": "str", "choices": ["1", "2"]}, "name": {"required": True, "type": "str"}, "routemap": {"required": False, "type": "str"}, "status": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "tag": {"required": False, "type": "int"} }}, "restart_mode": {"required": False, "type": "str", "choices": ["none", "lls", "graceful-restart"]}, "restart_period": {"required": False, "type": "int"}, "rfc1583_compatible": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "router_id": {"required": False, "type": "str"}, "spf_timers": {"required": False, "type": "str"}, "summary_address": {"required": False, "type": "list", "options": { "advertise": {"required": False, "type": "str", "choices": ["disable", "enable"]}, "id": {"required": True, "type": "int"}, "prefix": {"required": False, "type": "str"}, "tag": {"required": False, "type": "int"} }} } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_router(module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_router(module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): jrpc_urls = [ '/dvmdb/adom/{adom}/group', '/dvmdb/group' ] url_schema = [ { 'name': 'adom', 'type': 'string' } ] body_schema = { 'schema_objects': { 'object0': [ { 'name': 'data', 'api_tag': 0, 'type': 'array', 'items': { 'desc': { 'type': 'string' }, 'meta fields': { 'type': 'string' }, 'name': { 'type': 'string' }, 'os_type': { 'type': 'string', 'enum': [ 'unknown', 'fos', 'fsw', 'foc', 'fml', 'faz', 'fwb', 'fch', 'fct', 'log', 'fmg', 'fsa', 'fdd', 'fac', 'fpx' ] }, 'type': { 'type': 'string', 'enum': [ 'normal', 'default', 'auto' ] } } }, { 'type': 'string', 'name': 'url', 'api_tag': 0 } ], 'object1': [ { 'type': 'string', 'name': 'expand member', 'api_tag': 0 }, { 'name': 'fields', 'api_tag': 0, 'type': 'array', 'items': { 'type': 'array', 'items': { 'type': 'string', 'enum': [ 'desc', 'name', 'os_type', 'type' ] } } }, { 'name': 'filter', 'type': 'dict', 'dict': { 'type': 'array', 'items': { 'type': 'string', 'example': [ '<attr>', '==', 'test' ] } }, 'api_tag': 0 }, { 'type': 'integer', 'name': 'loadsub', 'api_tag': 0 }, { 'name': 'meta fields', 'api_tag': 0, 'type': 'array', 'items': { 'type': 'string' } }, { 'name': 'option', 'type': 'dict', 'dict': { 'type': 'string', 'enum': [ 'count', 'object member', 'syntax' ] }, 'api_tag': 0 }, { 'name': 'range', 'type': 'dict', 'dict': { 'type': 'array', 'items': { 'type': 'integer', 'example': [ 2, 5 ] } }, 'api_tag': 0 }, { 'name': 'sortings', 'type': 'dict', 'dict': { 'type': 'array', 'items': { '{attr_name}': { 'type': 'integer', 'enum': [ 1, -1 ] } } }, 'api_tag': 0 }, { 'type': 'string', 'name': 'url', 'api_tag': 0 } ] }, 'method_mapping': { 'add': 'object0', 'get': 'object1', 'set': 'object0', 'update': 'object0' } } module_arg_spec = { 'loose_validation': { 'type': 'bool', 'required': False, 'default': False }, 'workspace_locking_adom': { 'type': 'str', 'required': False }, 'workspace_locking_timeout': { 'type': 'int', 'required': False, 'default': 300 }, 'params': { 'type': 'list', 'required': False }, 'method': { 'type': 'str', 'required': True, 'choices': [ 'add', 'get', 'set', 'update' ] }, 'url_params': { 'type': 'dict', 'required': False } } module = AnsibleModule(argument_spec=module_arg_spec, supports_check_mode=False) method = module.params['method'] loose_validation = module.params['loose_validation'] fmgr = None payload = None response = DEFAULT_RESULT_OBJ if module._socket_path: connection = Connection(module._socket_path) tools = FMGRCommon() if loose_validation is False: tools.validate_module_params(module, body_schema) tools.validate_module_url_params(module, jrpc_urls, url_schema) full_url = tools.get_full_url_path(module, jrpc_urls) payload = tools.get_full_payload(module, full_url) fmgr = FortiManagerHandler(connection, module) fmgr.tools = tools else: module.fail_json(**FAIL_SOCKET_MSG) try: response = fmgr._conn.send_request(method, payload) fmgr.govern_response(module=module, results=response, msg='Operation Finished', ansible_facts=fmgr.construct_ansible_facts(response, module.params, module.params)) except Exception as e: raise FMGBaseException(e) module.exit_json(meta=response[1])
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "default": "", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "system_email_server": { "required": False, "type": "dict", "default": None, "options": { "authenticate": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "password": { "required": False, "type": "str" }, "port": { "required": False, "type": "int" }, "reply_to": { "required": False, "type": "str" }, "security": { "required": False, "type": "str", "choices": ["none", "starttls", "smtps"] }, "server": { "required": False, "type": "str" }, "source_ip": { "required": False, "type": "str" }, "source_ip6": { "required": False, "type": "str" }, "type": { "required": False, "type": "str", "choices": ["custom"] }, "username": { "required": False, "type": "str" }, "validate_server": { "required": False, "type": "str", "choices": ["enable", "disable"] } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None versions_check_result = None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_system(module.params, fos) versions_check_result = connection.get_system_version() else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_system(module.params, fos) fos.logout() if versions_check_result and versions_check_result['matched'] is False: module.warn( "Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv" ) if not is_error: if versions_check_result and versions_check_result['matched'] is False: module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) else: module.exit_json(changed=has_changed, meta=result) else: if versions_check_result and versions_check_result['matched'] is False: module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "default": "", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "system_autoupdate_schedule": { "required": False, "type": "dict", "default": None, "options": { "day": { "required": False, "type": "str", "choices": [ "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday" ] }, "frequency": { "required": False, "type": "str", "choices": ["every", "daily", "weekly"] }, "status": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "time": { "required": False, "type": "str" } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_system_autoupdate( module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_system_autoupdate( module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): jrpc_urls = [ '/dvmdb/adom/{adom}/workspace/unlock/obj/{object_url_name}', '/dvmdb/global/workspace/unlock/obj/{object_url_name}' ] perobject_jrpc_urls = [ '/dvmdb/adom/{adom}/workspace/unlock/obj/{object_url_name}', '/dvmdb/global/workspace/unlock/obj/{object_url_name}' ] url_params = ['adom', 'object_url_name'] module_arg_spec = { 'enable_log': { 'type': 'bool', 'required': False, 'default': False }, 'bypass_validation': { 'type': 'bool', 'required': False, 'default': False }, 'workspace_locking_adom': { 'type': 'str', 'required': False }, 'workspace_locking_timeout': { 'type': 'int', 'required': False, 'default': 300 }, 'rc_succeeded': { 'required': False, 'type': 'list' }, 'rc_failed': { 'required': False, 'type': 'list' }, 'adom': { 'required': True, 'type': 'str' }, 'object_url_name': { 'required': True, 'type': 'str' } } params_validation_blob = [] check_galaxy_version(module_arg_spec) module = AnsibleModule(argument_spec=check_parameter_bypass( module_arg_spec, 'dvmdb_workspace_unlock_obj'), supports_check_mode=False) fmgr = None if module._socket_path: connection = Connection(module._socket_path) connection.set_option( 'enable_log', module.params['enable_log'] if 'enable_log' in module.params else False) fmgr = NAPIManager(jrpc_urls, perobject_jrpc_urls, None, url_params, module, connection, top_level_schema_name=None) fmgr.validate_parameters(params_validation_blob) fmgr.process_exec(argument_specs=module_arg_spec) else: module.fail_json(msg='MUST RUN IN HTTPAPI MODE') module.exit_json(meta=module.params)
def main(): jrpc_urls = ['/cli/global/system/locallog/syslogd2/setting'] perobject_jrpc_urls = [ '/cli/global/system/locallog/syslogd2/setting/{setting}' ] url_params = [] module_primary_key = None module_arg_spec = { 'bypass_validation': { 'type': 'bool', 'required': False, 'default': False }, 'workspace_locking_adom': { 'type': 'str', 'required': False }, 'workspace_locking_timeout': { 'type': 'int', 'required': False, 'default': 300 }, 'rc_succeeded': { 'required': False, 'type': 'list' }, 'rc_failed': { 'required': False, 'type': 'list' }, 'system_locallog_syslogd2_setting': { 'required': False, 'type': 'dict', 'options': { 'csv': { 'required': False, 'choices': ['disable', 'enable'], 'type': 'str' }, 'facility': { 'required': False, 'choices': [ 'kernel', 'user', 'ntp', 'audit', 'alert', 'clock', 'mail', 'daemon', 'auth', 'syslog', 'lpr', 'news', 'uucp', 'cron', 'authpriv', 'ftp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7' ], 'type': 'str' }, 'severity': { 'required': False, 'choices': [ 'emergency', 'alert', 'critical', 'error', 'warning', 'notification', 'information', 'debug' ], 'type': 'str' }, 'status': { 'required': False, 'choices': ['disable', 'enable'], 'type': 'str' }, 'syslog-name': { 'required': False, 'type': 'str' } } } } params_validation_blob = [] check_galaxy_version(module_arg_spec) module = AnsibleModule(argument_spec=check_parameter_bypass( module_arg_spec, 'system_locallog_syslogd2_setting'), supports_check_mode=False) fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = NAPIManager(jrpc_urls, perobject_jrpc_urls, module_primary_key, url_params, module, connection, top_level_schema_name='data') fmgr.validate_parameters(params_validation_blob) fmgr.process_partial_curd() else: module.fail_json(msg='MUST RUN IN HTTPAPI MODE') module.exit_json(meta=module.params)
def main(): fields = { "host": {"required": False, "type": "str"}, "username": {"required": False, "type": "str"}, "password": {"required": False, "type": "str", "default": "", "no_log": True}, "vdom": {"required": False, "type": "str", "default": "root"}, "https": {"required": False, "type": "bool", "default": True}, "ssl_verify": {"required": False, "type": "bool", "default": True}, "state": {"required": False, "type": "str", "choices": ["present", "absent"]}, "firewall_proxy_addrgrp": { "required": False, "type": "dict", "default": None, "options": { "state": {"required": False, "type": "str", "choices": ["present", "absent"]}, "color": {"required": False, "type": "int"}, "comment": {"required": False, "type": "str"}, "member": {"required": False, "type": "list", "options": { "name": {"required": True, "type": "str"} }}, "name": {"required": True, "type": "str"}, "tagging": {"required": False, "type": "list", "options": { "category": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, "tags": {"required": False, "type": "list", "options": { "name": {"required": True, "type": "str"} }} }}, "type": {"required": False, "type": "str", "choices": ["src", "dst"]}, "uuid": {"required": False, "type": "str"}, "visibility": {"required": False, "type": "str", "choices": ["enable", "disable"]} } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_firewall(module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_firewall(module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def _connection(self): if not self._connection_obj: self._connection_obj = Connection(self._module._socket_path) return self._connection_obj
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "default": "", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "router_bfd6": { "required": False, "type": "dict", "default": None, "options": { "neighbor": { "required": False, "type": "list", "options": { "interface": { "required": False, "type": "str" }, "ip6_address": { "required": False, "type": "str" } } } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_router(module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_router(module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "default": "", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "state": { "required": False, "type": "str", "choices": ["present", "absent"] }, "vpn_ipsec_phase2_interface": { "required": False, "type": "dict", "default": None, "options": { "state": { "required": False, "type": "str", "choices": ["present", "absent"] }, "add_route": { "required": False, "type": "str", "choices": ["phase1", "enable", "disable"] }, "auto_discovery_forwarder": { "required": False, "type": "str", "choices": ["phase1", "enable", "disable"] }, "auto_discovery_sender": { "required": False, "type": "str", "choices": ["phase1", "enable", "disable"] }, "auto_negotiate": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "comments": { "required": False, "type": "str" }, "dhcp_ipsec": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "dhgrp": { "required": False, "type": "str", "choices": [ "1", "2", "5", "14", "15", "16", "17", "18", "19", "20", "21", "27", "28", "29", "30", "31" ] }, "dst_addr_type": { "required": False, "type": "str", "choices": [ "subnet", "range", "ip", "name", "subnet6", "range6", "ip6", "name6" ] }, "dst_end_ip": { "required": False, "type": "str" }, "dst_end_ip6": { "required": False, "type": "str" }, "dst_name": { "required": False, "type": "str" }, "dst_name6": { "required": False, "type": "str" }, "dst_port": { "required": False, "type": "int" }, "dst_start_ip": { "required": False, "type": "str" }, "dst_start_ip6": { "required": False, "type": "str" }, "dst_subnet": { "required": False, "type": "str" }, "dst_subnet6": { "required": False, "type": "str" }, "encapsulation": { "required": False, "type": "str", "choices": ["tunnel-mode", "transport-mode"] }, "keepalive": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "keylife_type": { "required": False, "type": "str", "choices": ["seconds", "kbs", "both"] }, "keylifekbs": { "required": False, "type": "int" }, "keylifeseconds": { "required": False, "type": "int" }, "l2tp": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "name": { "required": True, "type": "str" }, "pfs": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "phase1name": { "required": False, "type": "str" }, "proposal": { "required": False, "type": "str", "choices": [ "null-md5", "null-sha1", "null-sha256", "null-sha384", "null-sha512", "des-null", "des-md5", "des-sha1", "des-sha256", "des-sha384", "des-sha512" ] }, "protocol": { "required": False, "type": "int" }, "replay": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "route_overlap": { "required": False, "type": "str", "choices": ["use-old", "use-new", "allow"] }, "single_source": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "src_addr_type": { "required": False, "type": "str", "choices": [ "subnet", "range", "ip", "name", "subnet6", "range6", "ip6", "name6" ] }, "src_end_ip": { "required": False, "type": "str" }, "src_end_ip6": { "required": False, "type": "str" }, "src_name": { "required": False, "type": "str" }, "src_name6": { "required": False, "type": "str" }, "src_port": { "required": False, "type": "int" }, "src_start_ip": { "required": False, "type": "str" }, "src_start_ip6": { "required": False, "type": "str" }, "src_subnet": { "required": False, "type": "str" }, "src_subnet6": { "required": False, "type": "str" } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_vpn_ipsec( module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)