def main():
mkeyname = 'seq-num'
fields = {
"access_token": {
"required": False,
"type": "str",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"router_policy6": {
"required": False,
"type": "dict",
"default": None,
"options": {
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"comments": {
"required": False,
"type": "str"
},
"dst": {
"required": False,
"type": "str"
},
"end_port": {
"required": False,
"type": "int"
},
"gateway": {
"required": False,
"type": "str"
},
"input_device": {
"required": False,
"type": "str"
},
"output_device": {
"required": False,
"type": "str"
},
"protocol": {
"required": False,
"type": "int"
},
"seq_num": {
"required": False,
"type": "int"
},
"src": {
"required": False,
"type": "str"
},
"start_port": {
"required": False,
"type": "int"
},
"status": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"tos": {
"required": False,
"type": "str"
},
"tos_mask": {
"required": False,
"type": "str"
}
}
}
}
check_legacy_fortiosapi()
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
versions_check_result = None
if module._socket_path:
connection = Connection(module._socket_path)
if 'access_token' in module.params:
connection.set_option('access_token',
module.params['access_token'])
fos = FortiOSHandler(connection, module, mkeyname)
is_error, has_changed, result = fortios_router(module.params, fos)
versions_check_result = connection.get_system_version()
else:
module.fail_json(**FAIL_SOCKET_MSG)
if versions_check_result and versions_check_result['matched'] is False:
module.warn(
"Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv"
)
if not is_error:
if versions_check_result and versions_check_result['matched'] is False:
module.exit_json(changed=has_changed,
version_check_warning=versions_check_result,
meta=result)
else:
module.exit_json(changed=has_changed, meta=result)
else:
if versions_check_result and versions_check_result['matched'] is False:
module.fail_json(msg="Error in repo",
version_check_warning=versions_check_result,
meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def run(self, tmp=None, task_vars=None):
del tmp # tmp no longer has any effect
module_name = self._task.action.split('.')[-1]
self._config_module = True if module_name == 'os6_config' else False
socket_path = None
persistent_connection = self._play_context.connection.split('.')[-1]
if persistent_connection == 'network_cli':
provider = self._task.args.get('provider', {})
if any(provider.values()):
display.warning(
'provider is unnecessary when using network_cli and will be ignored'
)
del self._task.args['provider']
elif self._play_context.connection == 'local':
provider = load_provider(os6_provider_spec, self._task.args)
pc = copy.deepcopy(self._play_context)
pc.connection = 'network_cli'
pc.network_os = 'dellemc.os6.os6'
pc.remote_addr = provider['host'] or self._play_context.remote_addr
pc.port = int(provider['port'] or self._play_context.port or 22)
pc.remote_user = provider[
'username'] or self._play_context.connection_user
pc.password = provider['password'] or self._play_context.password
pc.private_key_file = provider[
'ssh_keyfile'] or self._play_context.private_key_file
command_timeout = int(provider['timeout']
or C.PERSISTENT_COMMAND_TIMEOUT)
pc.become = provider['authorize'] or False
if pc.become:
pc.become_method = 'enable'
pc.become_pass = provider['auth_pass']
display.vvv('using connection plugin %s' % pc.connection,
pc.remote_addr)
connection = self._shared_loader_obj.connection_loader.get(
'persistent', pc, sys.stdin)
connection.set_options(
direct={'persistent_command_timeout': command_timeout})
socket_path = connection.run()
display.vvvv('socket_path: %s' % socket_path, pc.remote_addr)
if not socket_path:
return {
'failed':
True,
'msg':
'unable to open shell. Please see: ' +
'https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell'
}
task_vars['ansible_socket'] = socket_path
# make sure we are in the right cli context which should be
# enable mode and not config module
if socket_path is None:
socket_path = self._connection.socket_path
conn = Connection(socket_path)
out = conn.get_prompt()
while to_text(out,
errors='surrogate_then_replace').strip().endswith(')#'):
display.vvvv('wrong context, sending exit to device',
self._play_context.remote_addr)
conn.send_command('exit')
out = conn.get_prompt()
result = super(ActionModule, self).run(task_vars=task_vars)
return result
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"wireless_controller_ble_profile": {
"required": False,
"type": "dict",
"default": None,
"options": {
"advertising": {
"required": False,
"type": "str",
"choices": ["ibeacon", "eddystone-uid", "eddystone-url"]
},
"beacon_interval": {
"required": False,
"type": "int"
},
"ble_scanning": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"comment": {
"required": False,
"type": "str"
},
"eddystone_instance": {
"required": False,
"type": "str"
},
"eddystone_namespace": {
"required": False,
"type": "str"
},
"eddystone_url": {
"required": False,
"type": "str"
},
"eddystone_url_encode_hex": {
"required": False,
"type": "str"
},
"ibeacon_uuid": {
"required": False,
"type": "str"
},
"major_id": {
"required": False,
"type": "int"
},
"minor_id": {
"required": False,
"type": "int"
},
"name": {
"required": True,
"type": "str"
},
"txpower": {
"required":
False,
"type":
"str",
"choices": [
"0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
"11", "12"
]
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_wireless_controller(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_wireless_controller(
module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
jrpc_urls = [
'/pm/config/adom/{adom}/obj/firewall/vip/{vip}/ssl-server-cipher-suites',
'/pm/config/global/obj/firewall/vip/{vip}/ssl-server-cipher-suites'
]
perobject_jrpc_urls = [
'/pm/config/adom/{adom}/obj/firewall/vip/{vip}/ssl-server-cipher-suites/{ssl-server-cipher-suites}',
'/pm/config/global/obj/firewall/vip/{vip}/ssl-server-cipher-suites/{ssl-server-cipher-suites}'
]
url_params = ['adom', 'vip']
module_primary_key = 'priority'
module_arg_spec = {
'enable_log': {
'type': 'bool',
'required': False,
'default': False
},
'proposed_method': {
'type': 'str',
'required': False,
'choices': ['set', 'update', 'add']
},
'bypass_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'rc_succeeded': {
'required': False,
'type': 'list'
},
'rc_failed': {
'required': False,
'type': 'list'
},
'state': {
'type': 'str',
'required': True,
'choices': ['present', 'absent']
},
'adom': {
'required': True,
'type': 'str'
},
'vip': {
'required': True,
'type': 'str'
},
'firewall_vip_sslserverciphersuites': {
'required': False,
'type': 'dict',
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'options': {
'cipher': {
'required':
False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'TLS-RSA-WITH-RC4-128-MD5', 'TLS-RSA-WITH-RC4-128-SHA',
'TLS-RSA-WITH-DES-CBC-SHA',
'TLS-RSA-WITH-3DES-EDE-CBC-SHA',
'TLS-RSA-WITH-AES-128-CBC-SHA',
'TLS-RSA-WITH-AES-256-CBC-SHA',
'TLS-RSA-WITH-AES-128-CBC-SHA256',
'TLS-RSA-WITH-AES-256-CBC-SHA256',
'TLS-RSA-WITH-CAMELLIA-128-CBC-SHA',
'TLS-RSA-WITH-CAMELLIA-256-CBC-SHA',
'TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256',
'TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256',
'TLS-RSA-WITH-SEED-CBC-SHA',
'TLS-RSA-WITH-ARIA-128-CBC-SHA256',
'TLS-RSA-WITH-ARIA-256-CBC-SHA384',
'TLS-DHE-RSA-WITH-DES-CBC-SHA',
'TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA',
'TLS-DHE-RSA-WITH-AES-128-CBC-SHA',
'TLS-DHE-RSA-WITH-AES-256-CBC-SHA',
'TLS-DHE-RSA-WITH-AES-128-CBC-SHA256',
'TLS-DHE-RSA-WITH-AES-256-CBC-SHA256',
'TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA',
'TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA',
'TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256',
'TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256',
'TLS-DHE-RSA-WITH-SEED-CBC-SHA',
'TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256',
'TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384',
'TLS-ECDHE-RSA-WITH-RC4-128-SHA',
'TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA',
'TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA',
'TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA',
'TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256',
'TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256',
'TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256',
'TLS-DHE-RSA-WITH-AES-128-GCM-SHA256',
'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384',
'TLS-DHE-DSS-WITH-AES-128-CBC-SHA',
'TLS-DHE-DSS-WITH-AES-256-CBC-SHA',
'TLS-DHE-DSS-WITH-AES-128-CBC-SHA256',
'TLS-DHE-DSS-WITH-AES-128-GCM-SHA256',
'TLS-DHE-DSS-WITH-AES-256-CBC-SHA256',
'TLS-DHE-DSS-WITH-AES-256-GCM-SHA384',
'TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256',
'TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256',
'TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384',
'TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384',
'TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA',
'TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256',
'TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256',
'TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384',
'TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384',
'TLS-RSA-WITH-AES-128-GCM-SHA256',
'TLS-RSA-WITH-AES-256-GCM-SHA384',
'TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA',
'TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA',
'TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256',
'TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256',
'TLS-DHE-DSS-WITH-SEED-CBC-SHA',
'TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256',
'TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384',
'TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256',
'TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384',
'TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256',
'TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384',
'TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA',
'TLS-DHE-DSS-WITH-DES-CBC-SHA',
'TLS-AES-128-GCM-SHA256', 'TLS-AES-256-GCM-SHA384',
'TLS-CHACHA20-POLY1305-SHA256'
],
'type':
'str'
},
'priority': {
'required': True,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'int'
},
'versions': {
'required':
False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type':
'list',
'choices':
['ssl-3.0', 'tls-1.0', 'tls-1.1', 'tls-1.2', 'tls-1.3']
}
}
}
}
params_validation_blob = []
check_galaxy_version(module_arg_spec)
module = AnsibleModule(argument_spec=check_parameter_bypass(
module_arg_spec, 'firewall_vip_sslserverciphersuites'),
supports_check_mode=False)
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
connection.set_option(
'enable_log', module.params['enable_log']
if 'enable_log' in module.params else False)
fmgr = NAPIManager(jrpc_urls,
perobject_jrpc_urls,
module_primary_key,
url_params,
module,
connection,
top_level_schema_name='data')
fmgr.validate_parameters(params_validation_blob)
fmgr.process_curd(argument_specs=module_arg_spec)
else:
module.fail_json(msg='MUST RUN IN HTTPAPI MODE')
module.exit_json(meta=module.params)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"wireless_controller_global": {
"required": False,
"type": "dict",
"default": None,
"options": {
"ap_log_server": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"ap_log_server_ip": {
"required": False,
"type": "str"
},
"ap_log_server_port": {
"required": False,
"type": "int"
},
"control_message_offload": {
"required":
False,
"type":
"str",
"choices": [
"ebp-frame", "aeroscout-tag", "ap-list", "sta-list",
"sta-cap-list", "stats", "aeroscout-mu"
]
},
"data_ethernet_II": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"discovery_mc_addr": {
"required": False,
"type": "str"
},
"fiapp_eth_type": {
"required": False,
"type": "int"
},
"image_download": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"ipsec_base_ip": {
"required": False,
"type": "str"
},
"link_aggregation": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"location": {
"required": False,
"type": "str"
},
"max_clients": {
"required": False,
"type": "int"
},
"max_retransmit": {
"required": False,
"type": "int"
},
"mesh_eth_type": {
"required": False,
"type": "int"
},
"name": {
"required": False,
"type": "str"
},
"rogue_scan_mac_adjacency": {
"required": False,
"type": "int"
},
"wtp_share": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_wireless_controller(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_wireless_controller(
module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"wanopt_webcache": {
"required": False, "type": "dict", "default": None,
"options": {
"always_revalidate": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"cache_by_default": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"cache_cookie": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"cache_expired": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"default_ttl": {"required": False, "type": "int"},
"external": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"fresh_factor": {"required": False, "type": "int"},
"host_validate": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ignore_conditional": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ignore_ie_reload": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ignore_ims": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ignore_pnc": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"max_object_size": {"required": False, "type": "int"},
"max_ttl": {"required": False, "type": "int"},
"min_ttl": {"required": False, "type": "int"},
"neg_resp_time": {"required": False, "type": "int"},
"reval_pnc": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
}
}
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_wanopt(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_wanopt(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"system_netflow": {
"required": False,
"type": "dict",
"default": None,
"options": {
"active_flow_timeout": {
"required": False,
"type": "int"
},
"collector_ip": {
"required": False,
"type": "str"
},
"collector_port": {
"required": False,
"type": "int"
},
"inactive_flow_timeout": {
"required": False,
"type": "int"
},
"source_ip": {
"required": False,
"type": "str"
},
"template_tx_counter": {
"required": False,
"type": "int"
},
"template_tx_timeout": {
"required": False,
"type": "int"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_system(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_system(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
jrpc_urls = [
'/pm/config/adom/{adom}/wanprof/{wanprof}/system/sdwan/health-check/{health-check}/sla'
]
perobject_jrpc_urls = [
'/pm/config/adom/{adom}/wanprof/{wanprof}/system/sdwan/health-check/{health-check}/sla/{sla}'
]
url_params = ['adom', 'wanprof', 'health-check']
module_primary_key = 'id'
module_arg_spec = {
'enable_log': {
'type': 'bool',
'required': False,
'default': False
},
'proposed_method': {
'type': 'str',
'required': False,
'choices': [
'set',
'update',
'add'
]
},
'bypass_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'rc_succeeded': {
'required': False,
'type': 'list'
},
'rc_failed': {
'required': False,
'type': 'list'
},
'state': {
'type': 'str',
'required': True,
'choices': [
'present',
'absent'
]
},
'adom': {
'required': True,
'type': 'str'
},
'wanprof': {
'required': True,
'type': 'str'
},
'health-check': {
'required': True,
'type': 'str'
},
'wanprof_system_sdwan_healthcheck_sla': {
'required': False,
'type': 'dict',
'revision': {
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'options': {
'id': {
'required': True,
'revision': {
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'int'
},
'jitter-threshold': {
'required': False,
'revision': {
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'int'
},
'latency-threshold': {
'required': False,
'revision': {
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'int'
},
'link-cost-factor': {
'required': False,
'revision': {
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'list',
'choices': [
'latency',
'jitter',
'packet-loss'
]
},
'packetloss-threshold': {
'required': False,
'revision': {
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'int'
}
}
}
}
params_validation_blob = []
check_galaxy_version(module_arg_spec)
module = AnsibleModule(argument_spec=check_parameter_bypass(module_arg_spec, 'wanprof_system_sdwan_healthcheck_sla'),
supports_check_mode=False)
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
connection.set_option('enable_log', module.params['enable_log'] if 'enable_log' in module.params else False)
fmgr = NAPIManager(jrpc_urls, perobject_jrpc_urls, module_primary_key, url_params, module, connection, top_level_schema_name='data')
fmgr.validate_parameters(params_validation_blob)
fmgr.process_curd(argument_specs=module_arg_spec)
else:
module.fail_json(msg='MUST RUN IN HTTPAPI MODE')
module.exit_json(meta=module.params)
def main():
module = AnsibleModule(
argument_spec=dict(
adom=dict(required=True, type='str'),
device_unique_name=dict(required=True, type='str'),
network_domain_name=dict(required=True, type='str'),
vdom=dict(required=True, type='str')
),
supports_check_mode=True
)
module.paramgram = {
'adom': module.params['adom'],
'device_unique_name': module.params['device_unique_name'],
}
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
# fail with an un-helpful and error-masking generic response, thanks forti!
module.fail_json(**FAIL_SOCKET_MSG)
# only pick vlan interfaces with the correct vdom
interfaces = [i for i in get_interfaces(module, fmgr) if module.params['vdom'] in i.get('vdom', []) and i['type'] == 'vlan']
dyn_interfaces = get_dynamic_interfaces(module, fmgr)
networks = []
zones = {}
for zone in dyn_interfaces:
dynamic_maps = zone.get('dynamic_mapping', [])
if not dynamic_maps:
continue
scope_id = (module.params['device_unique_name'], module.params['vdom'])
for dm in dynamic_maps:
if scope_id in [(s['name'], s['vdom']) for s in dm.get('_scope', [])]:
local_intf = dm.get('local-intf', [])
if isinstance(local_intf, str):
local_intf = [local_intf]
for ifname in local_intf:
if not zones.get(module.params['vdom']):
zones[module.params['vdom']] = {}
zones[module.params['vdom']][ifname] = zone['name']
for interface in interfaces:
if 'vlanid' not in interface or interface['vlanid'] == 0 or interface['ip'][0] == '0.0.0.0':
continue
ip_interface_str = ipaddress.ip_interface('/'.join(interface['ip'])) # crappy py3/py2 compat fix, remove whenever py2 is gone
ip_interface = ipaddress.ip_interface(u'{0}'.format(ip_interface_str))
network_str = '{0}'.format(ip_interface.network.network_address)
networks.append({
'vrf': 0,
'network': network_str,
'length': ip_interface.network.prefixlen,
'domains': {
module.params['network_domain_name']: {
'vlan_id': interface['vlanid'],
'name': interface['name'],
'data': {
'zone': zones.get(interface['vdom'][0], {}).get(interface['name']),
'vdom': interface['vdom'][0],
'description': interface.get('description')
}
}
},
})
module.exit_json(msg='networks collected', changed=False, networks=networks)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"system_vdom_property": {
"required": False,
"type": "dict",
"default": None,
"options": {
"custom_service": {
"required": False,
"type": "str"
},
"description": {
"required": False,
"type": "str"
},
"dialup_tunnel": {
"required": False,
"type": "str"
},
"firewall_address": {
"required": False,
"type": "str"
},
"firewall_addrgrp": {
"required": False,
"type": "str"
},
"firewall_policy": {
"required": False,
"type": "str"
},
"ipsec_phase1": {
"required": False,
"type": "str"
},
"ipsec_phase1_interface": {
"required": False,
"type": "str"
},
"ipsec_phase2": {
"required": False,
"type": "str"
},
"ipsec_phase2_interface": {
"required": False,
"type": "str"
},
"log_disk_quota": {
"required": False,
"type": "str"
},
"name": {
"required": True,
"type": "str"
},
"onetime_schedule": {
"required": False,
"type": "str"
},
"proxy": {
"required": False,
"type": "str"
},
"recurring_schedule": {
"required": False,
"type": "str"
},
"service_group": {
"required": False,
"type": "str"
},
"session": {
"required": False,
"type": "str"
},
"snmp_index": {
"required": False,
"type": "int"
},
"sslvpn": {
"required": False,
"type": "str"
},
"user": {
"required": False,
"type": "str"
},
"user_group": {
"required": False,
"type": "str"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_system(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_system(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
jrpc_urls = ['/cli/global/system/sql/custom-index']
perobject_jrpc_urls = [
'/cli/global/system/sql/custom-index/{custom-index}'
]
url_params = []
module_primary_key = 'id'
module_arg_spec = {
'bypass_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'rc_succeeded': {
'required': False,
'type': 'list'
},
'rc_failed': {
'required': False,
'type': 'list'
},
'state': {
'type': 'str',
'required': True,
'choices': ['present', 'absent']
},
'system_sql_customindex': {
'required': False,
'type': 'dict',
'options': {
'case-sensitive': {
'required': False,
'choices': ['disable', 'enable'],
'type': 'str'
},
'device-type': {
'required':
False,
'choices': [
'FortiGate', 'FortiManager', 'FortiClient',
'FortiMail', 'FortiWeb', 'FortiCache', 'FortiSandbox',
'FortiDDoS', 'FortiAuthenticator', 'FortiProxy'
],
'type':
'str'
},
'id': {
'required': True,
'type': 'int'
},
'index-field': {
'required': False,
'type': 'str'
},
'log-type': {
'required':
False,
'choices': [
'none', 'app-ctrl', 'attack', 'content', 'dlp',
'emailfilter', 'event', 'generic', 'history',
'traffic', 'virus', 'voip', 'webfilter', 'netscan',
'fct-event', 'fct-traffic', 'fct-netscan', 'waf',
'gtp', 'dns', 'ssh', 'ssl'
],
'type':
'str'
}
}
}
}
params_validation_blob = []
check_galaxy_version(module_arg_spec)
module = AnsibleModule(argument_spec=check_parameter_bypass(
module_arg_spec, 'system_sql_customindex'),
supports_check_mode=False)
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = NAPIManager(jrpc_urls,
perobject_jrpc_urls,
module_primary_key,
url_params,
module,
connection,
top_level_schema_name='data')
fmgr.validate_parameters(params_validation_blob)
fmgr.process_curd()
else:
module.fail_json(msg='MUST RUN IN HTTPAPI MODE')
module.exit_json(meta=module.params)
def main():
jrpc_urls = ['/cli/global/system/admin/user/{user}/dashboard-tabs']
perobject_jrpc_urls = [
'/cli/global/system/admin/user/{user}/dashboard-tabs/{dashboard-tabs}'
]
url_params = ['user']
module_primary_key = 'name'
module_arg_spec = {
'enable_log': {
'type': 'bool',
'required': False,
'default': False
},
'proposed_method': {
'type': 'str',
'required': False,
'choices': ['set', 'update', 'add']
},
'bypass_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'rc_succeeded': {
'required': False,
'type': 'list'
},
'rc_failed': {
'required': False,
'type': 'list'
},
'state': {
'type': 'str',
'required': True,
'choices': ['present', 'absent']
},
'user': {
'required': True,
'type': 'str'
},
'system_admin_user_dashboardtabs': {
'required': False,
'type': 'dict',
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'options': {
'name': {
'required': True,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'tabid': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'int'
}
}
}
}
params_validation_blob = []
check_galaxy_version(module_arg_spec)
module = AnsibleModule(argument_spec=check_parameter_bypass(
module_arg_spec, 'system_admin_user_dashboardtabs'),
supports_check_mode=False)
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
connection.set_option(
'enable_log', module.params['enable_log']
if 'enable_log' in module.params else False)
fmgr = NAPIManager(jrpc_urls,
perobject_jrpc_urls,
module_primary_key,
url_params,
module,
connection,
top_level_schema_name='data')
fmgr.validate_parameters(params_validation_blob)
fmgr.process_curd(argument_specs=module_arg_spec)
else:
module.fail_json(msg='MUST RUN IN HTTPAPI MODE')
module.exit_json(meta=module.params)
def main():
mkeyname = 'name'
fields = {
"access_token": {
"required": False,
"type": "str",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"report_style": {
"required": False,
"type": "dict",
"default": None,
"options": {
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"align": {
"required": False,
"type": "str",
"choices": ["left", "center", "right", "justify"]
},
"bg_color": {
"required": False,
"type": "str"
},
"border_bottom": {
"required": False,
"type": "str"
},
"border_left": {
"required": False,
"type": "str"
},
"border_right": {
"required": False,
"type": "str"
},
"border_top": {
"required": False,
"type": "str"
},
"column_gap": {
"required": False,
"type": "str"
},
"column_span": {
"required": False,
"type": "str",
"choices": ["none", "all"]
},
"fg_color": {
"required": False,
"type": "str"
},
"font_family": {
"required":
False,
"type":
"str",
"choices":
["Verdana", "Arial", "Helvetica", "Courier", "Times"]
},
"font_size": {
"required": False,
"type": "str"
},
"font_style": {
"required": False,
"type": "str",
"choices": ["normal", "italic"]
},
"font_weight": {
"required": False,
"type": "str",
"choices": ["normal", "bold"]
},
"height": {
"required": False,
"type": "str"
},
"line_height": {
"required": False,
"type": "str"
},
"margin_bottom": {
"required": False,
"type": "str"
},
"margin_left": {
"required": False,
"type": "str"
},
"margin_right": {
"required": False,
"type": "str"
},
"margin_top": {
"required": False,
"type": "str"
},
"name": {
"required": True,
"type": "str"
},
"options": {
"required":
False,
"type":
"str",
"choices": [
"font", "text", "color", "align", "size", "margin",
"border", "padding", "column"
]
},
"padding_bottom": {
"required": False,
"type": "str"
},
"padding_left": {
"required": False,
"type": "str"
},
"padding_right": {
"required": False,
"type": "str"
},
"padding_top": {
"required": False,
"type": "str"
},
"width": {
"required": False,
"type": "str"
}
}
}
}
check_legacy_fortiosapi()
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
versions_check_result = None
if module._socket_path:
connection = Connection(module._socket_path)
if 'access_token' in module.params:
connection.set_option('access_token',
module.params['access_token'])
fos = FortiOSHandler(connection, module, mkeyname)
is_error, has_changed, result = fortios_report(module.params, fos)
versions_check_result = connection.get_system_version()
else:
module.fail_json(**FAIL_SOCKET_MSG)
if versions_check_result and versions_check_result['matched'] is False:
module.warn(
"Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv"
)
if not is_error:
if versions_check_result and versions_check_result['matched'] is False:
module.exit_json(changed=has_changed,
version_check_warning=versions_check_result,
meta=result)
else:
module.exit_json(changed=has_changed, meta=result)
else:
if versions_check_result and versions_check_result['matched'] is False:
module.fail_json(msg="Error in repo",
version_check_warning=versions_check_result,
meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"log_fortiguard_setting": {
"required": False, "type": "dict", "default": None,
"options": {
"enc_algorithm": {"required": False, "type": "str",
"choices": ["high-medium", "high", "low"]},
"source_ip": {"required": False, "type": "str"},
"ssl_min_proto_version": {"required": False, "type": "str",
"choices": ["default", "SSLv3", "TLSv1",
"TLSv1-1", "TLSv1-2"]},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"upload_day": {"required": False, "type": "str"},
"upload_interval": {"required": False, "type": "str",
"choices": ["daily", "weekly", "monthly"]},
"upload_option": {"required": False, "type": "str",
"choices": ["store-and-upload", "realtime", "1-minute",
"5-minute"]},
"upload_time": {"required": False, "type": "str"}
}
}
}
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_log_fortiguard(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def _get_connection(self):
if not self._connection:
self._connection = Connection(self._module._socket_path)
return self._connection
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"switch_controller_vlan": {
"required": False,
"type": "dict",
"default": None,
"options": {
"auth": {
"required": False,
"type": "str",
"choices": ["radius", "usergroup"]
},
"color": {
"required": False,
"type": "int"
},
"comments": {
"required": False,
"type": "str"
},
"name": {
"required": True,
"type": "str"
},
"portal_message_override_group": {
"required": False,
"type": "str"
},
"portal_message_overrides": {
"required": False,
"type": "dict",
"options": {
"auth_disclaimer_page": {
"required": False,
"type": "str"
},
"auth_login_failed_page": {
"required": False,
"type": "str"
},
"auth_login_page": {
"required": False,
"type": "str"
},
"auth_reject_page": {
"required": False,
"type": "str"
}
}
},
"radius_server": {
"required": False,
"type": "str"
},
"security": {
"required": False,
"type": "str",
"choices": ["open", "captive-portal", "8021x"]
},
"selected_usergroups": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"usergroup": {
"required": False,
"type": "str"
},
"vdom": {
"required": False,
"type": "str"
},
"vlanid": {
"required": False,
"type": "int"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_switch_controller(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_switch_controller(
module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"system_automation_action": {
"required": False, "type": "dict", "default": None,
"options": {
"action_type": {"required": False, "type": "str",
"choices": ["email", "ios-notification", "alert",
"disable-ssid", "quarantine", "quarantine-forticlient",
"ban-ip", "aws-lambda", "webhook"]},
"aws_api_id": {"required": False, "type": "str"},
"aws_api_key": {"required": False, "type": "str"},
"aws_api_path": {"required": False, "type": "str"},
"aws_api_stage": {"required": False, "type": "str"},
"aws_domain": {"required": False, "type": "str"},
"aws_region": {"required": False, "type": "str"},
"delay": {"required": False, "type": "int"},
"email_subject": {"required": False, "type": "str"},
"email_to": {"required": False, "type": "list",
"options": {
"name": {"required": True, "type": "str"}
}},
"headers": {"required": False, "type": "list",
"options": {
"header": {"required": True, "type": "str"}
}},
"http_body": {"required": False, "type": "str"},
"method": {"required": False, "type": "str",
"choices": ["post", "put", "get"]},
"minimum_interval": {"required": False, "type": "int"},
"name": {"required": True, "type": "str"},
"port": {"required": False, "type": "int"},
"protocol": {"required": False, "type": "str",
"choices": ["http", "https"]},
"required": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"uri": {"required": False, "type": "str"}
}
}
}
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_system(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_system(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
jrpc_urls = [
'/pm/config/adom/{adom}/obj/antivirus/profile/{profile}',
'/pm/config/global/obj/antivirus/profile/{profile}'
]
url_schema = [{
'name': 'adom',
'type': 'string'
}, {
'name': 'profile',
'type': 'string'
}]
body_schema = {
'schema_objects': {
'object0': [{
'name': 'data',
'type': 'dict',
'dict': {
'analytics-bl-filetype': {
'type': 'string'
},
'analytics-db': {
'type': 'string',
'enum': ['disable', 'enable']
},
'analytics-max-upload': {
'type': 'integer'
},
'analytics-wl-filetype': {
'type': 'string'
},
'av-block-log': {
'type': 'string',
'enum': ['disable', 'enable']
},
'av-virus-log': {
'type': 'string',
'enum': ['disable', 'enable']
},
'comment': {
'type': 'string'
},
'extended-log': {
'type': 'string',
'enum': ['disable', 'enable']
},
'ftgd-analytics': {
'type': 'string',
'enum': ['disable', 'suspicious', 'everything']
},
'inspection-mode': {
'type': 'string',
'enum': ['proxy', 'flow-based']
},
'mobile-malware-db': {
'type': 'string',
'enum': ['disable', 'enable']
},
'name': {
'type': 'string'
},
'replacemsg-group': {
'type': 'string'
},
'scan-mode': {
'type': 'string',
'enum': ['quick', 'full']
}
},
'api_tag': 0
}, {
'type': 'string',
'name': 'url',
'api_tag': 0
}],
'object1': [{
'type': 'string',
'name': 'url',
'api_tag': 0
}],
'object2': [{
'name': 'option',
'type': 'dict',
'dict': {
'type': 'string',
'enum': ['object member', 'chksum', 'datasrc']
},
'api_tag': 0
}, {
'type': 'string',
'name': 'url',
'api_tag': 0
}]
},
'method_mapping': {
'clone': 'object0',
'delete': 'object1',
'get': 'object2',
'set': 'object0',
'update': 'object0'
}
}
module_arg_spec = {
'loose_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'params': {
'type': 'list',
'required': False
},
'method': {
'type': 'str',
'required': True,
'choices': ['clone', 'delete', 'get', 'set', 'update']
},
'url_params': {
'type': 'dict',
'required': False
}
}
module = AnsibleModule(argument_spec=module_arg_spec,
supports_check_mode=False)
method = module.params['method']
loose_validation = module.params['loose_validation']
fmgr = None
payload = None
response = DEFAULT_RESULT_OBJ
if module._socket_path:
connection = Connection(module._socket_path)
tools = FMGRCommon()
if loose_validation is False:
tools.validate_module_params(module, body_schema)
tools.validate_module_url_params(module, jrpc_urls, url_schema)
full_url = tools.get_full_url_path(module, jrpc_urls)
payload = tools.get_full_payload(module, full_url)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = tools
else:
module.fail_json(**FAIL_SOCKET_MSG)
try:
response = fmgr._conn.send_request(method, payload)
fmgr.govern_response(module=module,
results=response,
msg='Operation Finished',
ansible_facts=fmgr.construct_ansible_facts(
response, module.params, module.params))
except Exception as e:
raise FMGBaseException(e)
module.exit_json(meta=response[1])
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"vpn_certificate_ca": {
"required": False,
"type": "dict",
"default": None,
"options": {
"auto_update_days": {
"required": False,
"type": "int"
},
"auto_update_days_warning": {
"required": False,
"type": "int"
},
"ca": {
"required": False,
"type": "str"
},
"last_updated": {
"required": False,
"type": "int"
},
"name": {
"required": True,
"type": "str"
},
"range": {
"required": False,
"type": "str",
"choices": ["global", "vdom"]
},
"scep_url": {
"required": False,
"type": "str"
},
"source": {
"required": False,
"type": "str",
"choices": ["factory", "user", "bundle"]
},
"source_ip": {
"required": False,
"type": "str"
},
"trusted": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_vpn_certificate(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_vpn_certificate(
module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"firewall_internet_service": {
"required": False,
"type": "dict",
"default": None,
"options": {
"database": {
"required": False,
"type": "str",
"choices": ["isdb", "irdb"]
},
"direction": {
"required": False,
"type": "str",
"choices": ["src", "dst", "both"]
},
"entry": {
"required": False,
"type": "list",
"options": {
"id": {
"required": True,
"type": "int"
},
"ip_number": {
"required": False,
"type": "int"
},
"ip_range_number": {
"required": False,
"type": "int"
},
"port": {
"required": False,
"type": "int"
},
"protocol": {
"required": False,
"type": "int"
}
}
},
"icon_id": {
"required": False,
"type": "int"
},
"id": {
"required": True,
"type": "int"
},
"name": {
"required": False,
"type": "str"
},
"offset": {
"required": False,
"type": "int"
},
"reputation": {
"required": False,
"type": "int"
},
"sld_id": {
"required": False,
"type": "int"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_firewall(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_firewall(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"router_ospf": {
"required": False, "type": "dict", "default": None,
"options": {
"abr_type": {"required": False, "type": "str",
"choices": ["cisco", "ibm", "shortcut",
"standard"]},
"area": {"required": False, "type": "list",
"options": {
"authentication": {"required": False, "type": "str",
"choices": ["none", "text", "md5"]},
"default_cost": {"required": False, "type": "int"},
"filter_list": {"required": False, "type": "list",
"options": {
"direction": {"required": False, "type": "str",
"choices": ["in", "out"]},
"id": {"required": True, "type": "int"},
"list": {"required": False, "type": "str"}
}},
"id": {"required": True, "type": "str"},
"nssa_default_information_originate": {"required": False, "type": "str",
"choices": ["enable", "always", "disable"]},
"nssa_default_information_originate_metric": {"required": False, "type": "int"},
"nssa_default_information_originate_metric_type": {"required": False, "type": "str",
"choices": ["1", "2"]},
"nssa_redistribution": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"nssa_translator_role": {"required": False, "type": "str",
"choices": ["candidate", "never", "always"]},
"range": {"required": False, "type": "list",
"options": {
"advertise": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"id": {"required": True, "type": "int"},
"prefix": {"required": False, "type": "str"},
"substitute": {"required": False, "type": "str"},
"substitute_status": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}},
"shortcut": {"required": False, "type": "str",
"choices": ["disable", "enable", "default"]},
"stub_type": {"required": False, "type": "str",
"choices": ["no-summary", "summary"]},
"type": {"required": False, "type": "str",
"choices": ["regular", "nssa", "stub"]},
"virtual_link": {"required": False, "type": "list",
"options": {
"authentication": {"required": False, "type": "str",
"choices": ["none", "text", "md5"]},
"authentication_key": {"required": False, "type": "str"},
"dead_interval": {"required": False, "type": "int"},
"hello_interval": {"required": False, "type": "int"},
"md5_key": {"required": False, "type": "str"},
"name": {"required": True, "type": "str"},
"peer": {"required": False, "type": "str"},
"retransmit_interval": {"required": False, "type": "int"},
"transmit_delay": {"required": False, "type": "int"}
}}
}},
"auto_cost_ref_bandwidth": {"required": False, "type": "int"},
"bfd": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"database_overflow": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"database_overflow_max_lsas": {"required": False, "type": "int"},
"database_overflow_time_to_recover": {"required": False, "type": "int"},
"default_information_metric": {"required": False, "type": "int"},
"default_information_metric_type": {"required": False, "type": "str",
"choices": ["1", "2"]},
"default_information_originate": {"required": False, "type": "str",
"choices": ["enable", "always", "disable"]},
"default_information_route_map": {"required": False, "type": "str"},
"default_metric": {"required": False, "type": "int"},
"distance": {"required": False, "type": "int"},
"distance_external": {"required": False, "type": "int"},
"distance_inter_area": {"required": False, "type": "int"},
"distance_intra_area": {"required": False, "type": "int"},
"distribute_list": {"required": False, "type": "list",
"options": {
"access_list": {"required": False, "type": "str"},
"id": {"required": True, "type": "int"},
"protocol": {"required": False, "type": "str",
"choices": ["connected", "static", "rip"]}
}},
"distribute_list_in": {"required": False, "type": "str"},
"distribute_route_map_in": {"required": False, "type": "str"},
"log_neighbour_changes": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"neighbor": {"required": False, "type": "list",
"options": {
"cost": {"required": False, "type": "int"},
"id": {"required": True, "type": "int"},
"ip": {"required": False, "type": "str"},
"poll_interval": {"required": False, "type": "int"},
"priority": {"required": False, "type": "int"}
}},
"network": {"required": False, "type": "list",
"options": {
"area": {"required": False, "type": "str"},
"id": {"required": True, "type": "int"},
"prefix": {"required": False, "type": "str"}
}},
"ospf_interface": {"required": False, "type": "list",
"options": {
"authentication": {"required": False, "type": "str",
"choices": ["none", "text", "md5"]},
"authentication_key": {"required": False, "type": "str"},
"bfd": {"required": False, "type": "str",
"choices": ["global", "enable", "disable"]},
"cost": {"required": False, "type": "int"},
"database_filter_out": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"dead_interval": {"required": False, "type": "int"},
"hello_interval": {"required": False, "type": "int"},
"hello_multiplier": {"required": False, "type": "int"},
"interface": {"required": False, "type": "str"},
"ip": {"required": False, "type": "str"},
"md5_key": {"required": False, "type": "str"},
"mtu": {"required": False, "type": "int"},
"mtu_ignore": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"name": {"required": True, "type": "str"},
"network_type": {"required": False, "type": "str",
"choices": ["broadcast", "non-broadcast", "point-to-point",
"point-to-multipoint", "point-to-multipoint-non-broadcast"]},
"prefix_length": {"required": False, "type": "int"},
"priority": {"required": False, "type": "int"},
"resync_timeout": {"required": False, "type": "int"},
"retransmit_interval": {"required": False, "type": "int"},
"status": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"transmit_delay": {"required": False, "type": "int"}
}},
"passive_interface": {"required": False, "type": "list",
"options": {
"name": {"required": True, "type": "str"}
}},
"redistribute": {"required": False, "type": "list",
"options": {
"metric": {"required": False, "type": "int"},
"metric_type": {"required": False, "type": "str",
"choices": ["1", "2"]},
"name": {"required": True, "type": "str"},
"routemap": {"required": False, "type": "str"},
"status": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"tag": {"required": False, "type": "int"}
}},
"restart_mode": {"required": False, "type": "str",
"choices": ["none", "lls", "graceful-restart"]},
"restart_period": {"required": False, "type": "int"},
"rfc1583_compatible": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"router_id": {"required": False, "type": "str"},
"spf_timers": {"required": False, "type": "str"},
"summary_address": {"required": False, "type": "list",
"options": {
"advertise": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"id": {"required": True, "type": "int"},
"prefix": {"required": False, "type": "str"},
"tag": {"required": False, "type": "int"}
}}
}
}
}
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_router(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_router(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
jrpc_urls = [
'/dvmdb/adom/{adom}/group',
'/dvmdb/group'
]
url_schema = [
{
'name': 'adom',
'type': 'string'
}
]
body_schema = {
'schema_objects': {
'object0': [
{
'name': 'data',
'api_tag': 0,
'type': 'array',
'items': {
'desc': {
'type': 'string'
},
'meta fields': {
'type': 'string'
},
'name': {
'type': 'string'
},
'os_type': {
'type': 'string',
'enum': [
'unknown',
'fos',
'fsw',
'foc',
'fml',
'faz',
'fwb',
'fch',
'fct',
'log',
'fmg',
'fsa',
'fdd',
'fac',
'fpx'
]
},
'type': {
'type': 'string',
'enum': [
'normal',
'default',
'auto'
]
}
}
},
{
'type': 'string',
'name': 'url',
'api_tag': 0
}
],
'object1': [
{
'type': 'string',
'name': 'expand member',
'api_tag': 0
},
{
'name': 'fields',
'api_tag': 0,
'type': 'array',
'items': {
'type': 'array',
'items': {
'type': 'string',
'enum': [
'desc',
'name',
'os_type',
'type'
]
}
}
},
{
'name': 'filter',
'type': 'dict',
'dict': {
'type': 'array',
'items': {
'type': 'string',
'example': [
'<attr>',
'==',
'test'
]
}
},
'api_tag': 0
},
{
'type': 'integer',
'name': 'loadsub',
'api_tag': 0
},
{
'name': 'meta fields',
'api_tag': 0,
'type': 'array',
'items': {
'type': 'string'
}
},
{
'name': 'option',
'type': 'dict',
'dict': {
'type': 'string',
'enum': [
'count',
'object member',
'syntax'
]
},
'api_tag': 0
},
{
'name': 'range',
'type': 'dict',
'dict': {
'type': 'array',
'items': {
'type': 'integer',
'example': [
2,
5
]
}
},
'api_tag': 0
},
{
'name': 'sortings',
'type': 'dict',
'dict': {
'type': 'array',
'items': {
'{attr_name}': {
'type': 'integer',
'enum': [
1,
-1
]
}
}
},
'api_tag': 0
},
{
'type': 'string',
'name': 'url',
'api_tag': 0
}
]
},
'method_mapping': {
'add': 'object0',
'get': 'object1',
'set': 'object0',
'update': 'object0'
}
}
module_arg_spec = {
'loose_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'params': {
'type': 'list',
'required': False
},
'method': {
'type': 'str',
'required': True,
'choices': [
'add',
'get',
'set',
'update'
]
},
'url_params': {
'type': 'dict',
'required': False
}
}
module = AnsibleModule(argument_spec=module_arg_spec,
supports_check_mode=False)
method = module.params['method']
loose_validation = module.params['loose_validation']
fmgr = None
payload = None
response = DEFAULT_RESULT_OBJ
if module._socket_path:
connection = Connection(module._socket_path)
tools = FMGRCommon()
if loose_validation is False:
tools.validate_module_params(module, body_schema)
tools.validate_module_url_params(module, jrpc_urls, url_schema)
full_url = tools.get_full_url_path(module, jrpc_urls)
payload = tools.get_full_payload(module, full_url)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = tools
else:
module.fail_json(**FAIL_SOCKET_MSG)
try:
response = fmgr._conn.send_request(method, payload)
fmgr.govern_response(module=module, results=response,
msg='Operation Finished',
ansible_facts=fmgr.construct_ansible_facts(response, module.params, module.params))
except Exception as e:
raise FMGBaseException(e)
module.exit_json(meta=response[1])
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"system_email_server": {
"required": False,
"type": "dict",
"default": None,
"options": {
"authenticate": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"password": {
"required": False,
"type": "str"
},
"port": {
"required": False,
"type": "int"
},
"reply_to": {
"required": False,
"type": "str"
},
"security": {
"required": False,
"type": "str",
"choices": ["none", "starttls", "smtps"]
},
"server": {
"required": False,
"type": "str"
},
"source_ip": {
"required": False,
"type": "str"
},
"source_ip6": {
"required": False,
"type": "str"
},
"type": {
"required": False,
"type": "str",
"choices": ["custom"]
},
"username": {
"required": False,
"type": "str"
},
"validate_server": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
versions_check_result = None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_system(module.params, fos)
versions_check_result = connection.get_system_version()
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_system(module.params, fos)
fos.logout()
if versions_check_result and versions_check_result['matched'] is False:
module.warn(
"Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv"
)
if not is_error:
if versions_check_result and versions_check_result['matched'] is False:
module.exit_json(changed=has_changed,
version_check_warning=versions_check_result,
meta=result)
else:
module.exit_json(changed=has_changed, meta=result)
else:
if versions_check_result and versions_check_result['matched'] is False:
module.fail_json(msg="Error in repo",
version_check_warning=versions_check_result,
meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"system_autoupdate_schedule": {
"required": False,
"type": "dict",
"default": None,
"options": {
"day": {
"required":
False,
"type":
"str",
"choices": [
"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday",
"Friday", "Saturday"
]
},
"frequency": {
"required": False,
"type": "str",
"choices": ["every", "daily", "weekly"]
},
"status": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"time": {
"required": False,
"type": "str"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_system_autoupdate(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_system_autoupdate(
module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
jrpc_urls = [
'/dvmdb/adom/{adom}/workspace/unlock/obj/{object_url_name}',
'/dvmdb/global/workspace/unlock/obj/{object_url_name}'
]
perobject_jrpc_urls = [
'/dvmdb/adom/{adom}/workspace/unlock/obj/{object_url_name}',
'/dvmdb/global/workspace/unlock/obj/{object_url_name}'
]
url_params = ['adom', 'object_url_name']
module_arg_spec = {
'enable_log': {
'type': 'bool',
'required': False,
'default': False
},
'bypass_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'rc_succeeded': {
'required': False,
'type': 'list'
},
'rc_failed': {
'required': False,
'type': 'list'
},
'adom': {
'required': True,
'type': 'str'
},
'object_url_name': {
'required': True,
'type': 'str'
}
}
params_validation_blob = []
check_galaxy_version(module_arg_spec)
module = AnsibleModule(argument_spec=check_parameter_bypass(
module_arg_spec, 'dvmdb_workspace_unlock_obj'),
supports_check_mode=False)
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
connection.set_option(
'enable_log', module.params['enable_log']
if 'enable_log' in module.params else False)
fmgr = NAPIManager(jrpc_urls,
perobject_jrpc_urls,
None,
url_params,
module,
connection,
top_level_schema_name=None)
fmgr.validate_parameters(params_validation_blob)
fmgr.process_exec(argument_specs=module_arg_spec)
else:
module.fail_json(msg='MUST RUN IN HTTPAPI MODE')
module.exit_json(meta=module.params)
def main():
jrpc_urls = ['/cli/global/system/locallog/syslogd2/setting']
perobject_jrpc_urls = [
'/cli/global/system/locallog/syslogd2/setting/{setting}'
]
url_params = []
module_primary_key = None
module_arg_spec = {
'bypass_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'rc_succeeded': {
'required': False,
'type': 'list'
},
'rc_failed': {
'required': False,
'type': 'list'
},
'system_locallog_syslogd2_setting': {
'required': False,
'type': 'dict',
'options': {
'csv': {
'required': False,
'choices': ['disable', 'enable'],
'type': 'str'
},
'facility': {
'required':
False,
'choices': [
'kernel', 'user', 'ntp', 'audit', 'alert', 'clock',
'mail', 'daemon', 'auth', 'syslog', 'lpr', 'news',
'uucp', 'cron', 'authpriv', 'ftp', 'local0', 'local1',
'local2', 'local3', 'local4', 'local5', 'local6',
'local7'
],
'type':
'str'
},
'severity': {
'required':
False,
'choices': [
'emergency', 'alert', 'critical', 'error', 'warning',
'notification', 'information', 'debug'
],
'type':
'str'
},
'status': {
'required': False,
'choices': ['disable', 'enable'],
'type': 'str'
},
'syslog-name': {
'required': False,
'type': 'str'
}
}
}
}
params_validation_blob = []
check_galaxy_version(module_arg_spec)
module = AnsibleModule(argument_spec=check_parameter_bypass(
module_arg_spec, 'system_locallog_syslogd2_setting'),
supports_check_mode=False)
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = NAPIManager(jrpc_urls,
perobject_jrpc_urls,
module_primary_key,
url_params,
module,
connection,
top_level_schema_name='data')
fmgr.validate_parameters(params_validation_blob)
fmgr.process_partial_curd()
else:
module.fail_json(msg='MUST RUN IN HTTPAPI MODE')
module.exit_json(meta=module.params)
def main():
fields = {
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"state": {"required": False, "type": "str",
"choices": ["present", "absent"]},
"firewall_proxy_addrgrp": {
"required": False, "type": "dict", "default": None,
"options": {
"state": {"required": False, "type": "str",
"choices": ["present", "absent"]},
"color": {"required": False, "type": "int"},
"comment": {"required": False, "type": "str"},
"member": {"required": False, "type": "list",
"options": {
"name": {"required": True, "type": "str"}
}},
"name": {"required": True, "type": "str"},
"tagging": {"required": False, "type": "list",
"options": {
"category": {"required": False, "type": "str"},
"name": {"required": True, "type": "str"},
"tags": {"required": False, "type": "list",
"options": {
"name": {"required": True, "type": "str"}
}}
}},
"type": {"required": False, "type": "str",
"choices": ["src", "dst"]},
"uuid": {"required": False, "type": "str"},
"visibility": {"required": False, "type": "str",
"choices": ["enable", "disable"]}
}
}
}
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_firewall(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_firewall(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def _connection(self):
if not self._connection_obj:
self._connection_obj = Connection(self._module._socket_path)
return self._connection_obj
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"router_bfd6": {
"required": False,
"type": "dict",
"default": None,
"options": {
"neighbor": {
"required": False,
"type": "list",
"options": {
"interface": {
"required": False,
"type": "str"
},
"ip6_address": {
"required": False,
"type": "str"
}
}
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_router(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_router(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"vpn_ipsec_phase2_interface": {
"required": False,
"type": "dict",
"default": None,
"options": {
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"add_route": {
"required": False,
"type": "str",
"choices": ["phase1", "enable", "disable"]
},
"auto_discovery_forwarder": {
"required": False,
"type": "str",
"choices": ["phase1", "enable", "disable"]
},
"auto_discovery_sender": {
"required": False,
"type": "str",
"choices": ["phase1", "enable", "disable"]
},
"auto_negotiate": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"comments": {
"required": False,
"type": "str"
},
"dhcp_ipsec": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"dhgrp": {
"required":
False,
"type":
"str",
"choices": [
"1", "2", "5", "14", "15", "16", "17", "18", "19",
"20", "21", "27", "28", "29", "30", "31"
]
},
"dst_addr_type": {
"required":
False,
"type":
"str",
"choices": [
"subnet", "range", "ip", "name", "subnet6", "range6",
"ip6", "name6"
]
},
"dst_end_ip": {
"required": False,
"type": "str"
},
"dst_end_ip6": {
"required": False,
"type": "str"
},
"dst_name": {
"required": False,
"type": "str"
},
"dst_name6": {
"required": False,
"type": "str"
},
"dst_port": {
"required": False,
"type": "int"
},
"dst_start_ip": {
"required": False,
"type": "str"
},
"dst_start_ip6": {
"required": False,
"type": "str"
},
"dst_subnet": {
"required": False,
"type": "str"
},
"dst_subnet6": {
"required": False,
"type": "str"
},
"encapsulation": {
"required": False,
"type": "str",
"choices": ["tunnel-mode", "transport-mode"]
},
"keepalive": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"keylife_type": {
"required": False,
"type": "str",
"choices": ["seconds", "kbs", "both"]
},
"keylifekbs": {
"required": False,
"type": "int"
},
"keylifeseconds": {
"required": False,
"type": "int"
},
"l2tp": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"name": {
"required": True,
"type": "str"
},
"pfs": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"phase1name": {
"required": False,
"type": "str"
},
"proposal": {
"required":
False,
"type":
"str",
"choices": [
"null-md5", "null-sha1", "null-sha256", "null-sha384",
"null-sha512", "des-null", "des-md5", "des-sha1",
"des-sha256", "des-sha384", "des-sha512"
]
},
"protocol": {
"required": False,
"type": "int"
},
"replay": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"route_overlap": {
"required": False,
"type": "str",
"choices": ["use-old", "use-new", "allow"]
},
"single_source": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"src_addr_type": {
"required":
False,
"type":
"str",
"choices": [
"subnet", "range", "ip", "name", "subnet6", "range6",
"ip6", "name6"
]
},
"src_end_ip": {
"required": False,
"type": "str"
},
"src_end_ip6": {
"required": False,
"type": "str"
},
"src_name": {
"required": False,
"type": "str"
},
"src_name6": {
"required": False,
"type": "str"
},
"src_port": {
"required": False,
"type": "int"
},
"src_start_ip": {
"required": False,
"type": "str"
},
"src_start_ip6": {
"required": False,
"type": "str"
},
"src_subnet": {
"required": False,
"type": "str"
},
"src_subnet6": {
"required": False,
"type": "str"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_vpn_ipsec(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
