def construct_ansible_facts(self, response, ansible_params, paramgram, *args, **kwargs):
"""
Constructs a dictionary to return to ansible facts, containing various information about the execution.
:param response: Contains the response from the FortiManager.
:type response: dict
:param ansible_params: Contains the parameters Ansible was called with.
:type ansible_params: dict
:param paramgram: Contains the paramgram passed to the modules' local modify function.
:type paramgram: dict
:param args: Free-form arguments that could be added.
:param kwargs: Free-form keyword arguments that could be added.
:return: A dictionary containing lots of information to append to Ansible Facts.
:rtype: dict
"""
facts = {
"response": response,
"ansible_params": scrub_dict(ansible_params),
"paramgram": scrub_dict(paramgram),
"connected_fmgr": self._conn.return_connected_fmgr()
}
if args:
facts["custom_args"] = args
if kwargs:
facts.update(kwargs)
return facts
def fmgr_web_proxy_profile_modify(fmgr, paramgram):
"""
:param fmgr: The fmgr object instance from fortimanager.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
mode = paramgram["mode"]
adom = paramgram["adom"]
response = DEFAULT_RESULT_OBJ
url = ""
datagram = {}
# EVAL THE MODE PARAMETER FOR SET OR ADD
if mode in ['set', 'add', 'update']:
url = '/pm/config/adom/{adom}/obj/web-proxy/profile'.format(adom=adom)
datagram = scrub_dict(prepare_dict(paramgram))
# EVAL THE MODE PARAMETER FOR DELETE
elif mode == "delete":
# SET THE CORRECT URL FOR DELETE
url = '/pm/config/adom/{adom}/obj/web-proxy/profile/{name}'.format(
adom=adom, name=paramgram["name"])
datagram = {}
response = fmgr.process_request(url, datagram, paramgram["mode"])
return response
def fmgr_application_list_modify(fmgr, paramgram):
"""
fmgr_application_list -- Modifies Application Control Profiles on FortiManager
:param fmgr: The fmgr object instance from fmgr_utils.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
# INIT A BASIC OBJECTS
response = DEFAULT_RESULT_OBJ
url = ""
datagram = {}
# EVAL THE MODE PARAMETER FOR SET OR ADD
if paramgram["mode"] in ['set', 'add', 'update']:
url = '/pm/config/adom/{adom}/obj/application/list'.format(
adom=paramgram["adom"])
datagram = scrub_dict(prepare_dict(paramgram))
# EVAL THE MODE PARAMETER FOR DELETE
elif paramgram["mode"] == "delete":
# SET THE CORRECT URL FOR DELETE
url = '/pm/config/adom/{adom}/obj/application/list/{name}'.format(
adom=paramgram["adom"], name=paramgram["name"])
datagram = {}
response = fmgr.process_request(url, datagram, paramgram["mode"])
return response
def fmgr_fwobj_service_category(fmgr, paramgram):
"""
:param fmgr: The fmgr object instance from fortimanager.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
response = DEFAULT_RESULT_OBJ
if paramgram["mode"] in ['set', 'add']:
url = '/pm/config/adom/{adom}/obj/firewall/service/category'.format(adom=paramgram["adom"])
# GET RID OF ANY WHITESPACE
category = paramgram["category"]
category = category.strip()
datagram = {
"name": paramgram["category"],
"comment": "Created by Ansible"
}
# IF MODE = DELETE
if paramgram["mode"] == "delete":
datagram = {
"name": paramgram["name"]
}
# SET DELETE URL
url = '/pm/config/adom/{adom}/obj/firewall/service/category' \
'/{name}'.format(adom=paramgram["adom"], name=paramgram["category"])
datagram = scrub_dict(datagram)
response = fmgr.process_request(url, datagram, paramgram["mode"])
return response
def fmgr_fwobj_service_group(fmgr, paramgram):
"""
:param fmgr: The fmgr object instance from fortimanager.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
response = DEFAULT_RESULT_OBJ
if paramgram["mode"] in ['set', 'add']:
url = '/pm/config/adom/{adom}/obj/firewall/service/group'.format(adom=paramgram["adom"])
datagram = {
"name": paramgram["group-name"],
"comment": paramgram["comment"],
"proxy": paramgram["explicit-proxy"],
"color": paramgram["color"]
}
members = paramgram["group-member"]
member = []
for obj in members.split(","):
member.append(obj.strip())
datagram["member"] = member
if paramgram["mode"] == "delete":
datagram = {
"name": paramgram["name"]
}
# SET DELETE URL
url = '/pm/config/adom/{adom}/obj/firewall/service/group' \
'/{name}'.format(adom=paramgram["adom"], name=paramgram["group-name"])
datagram = scrub_dict(datagram)
response = fmgr.process_request(url, datagram, paramgram["mode"])
return response
def fmgr_webfilter_profile_modify(fmgr, paramgram):
mode = paramgram["mode"]
adom = paramgram["adom"]
response = DEFAULT_RESULT_OBJ
url = ""
datagram = {}
# EVAL THE MODE PARAMETER FOR SET OR ADD
if mode in ['set', 'add', 'update']:
url = '/pm/config/adom/{adom}/obj/webfilter/profile'.format(adom=adom)
datagram = scrub_dict(prepare_dict(paramgram))
# EVAL THE MODE PARAMETER FOR DELETE
elif mode == "delete":
# SET THE CORRECT URL FOR DELETE
url = '/pm/config/adom/{adom}/obj/webfilter/profile/{name}'.format(
adom=adom, name=paramgram["name"])
datagram = {}
response = fmgr.process_request(url, datagram, paramgram["mode"])
return response
def fmgr_fwobj_service_custom(fmgr, paramgram):
"""
description:
- the tcp and udp-portrange parameters are in a list when there are multiple. they are not in a list when they
singular or by themselves (only 1 was listed)
- the syntax for this is (destPort:sourcePort). Ranges are (xxxx-xxxx) i.e. 443:443, or 443:1000-2000.
- if you leave out the second field after the colon (source port) it assumes any source port (which is usual)
- multiples would look like ['443:1000-2000','80']
- a single would look simple like "443:1000-2000" without the list around it ( a string!)
- the protocol parameter is the protocol NUMBER, not the string of it.
:param fmgr: The fmgr object instance from fortimanager.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
response = DEFAULT_RESULT_OBJ
if paramgram["mode"] in ['set', 'add']:
# SET THE URL FOR ADD / SET
url = '/pm/config/adom/{adom}/obj/firewall/service/custom'.format(adom=paramgram["adom"])
# BUILD THE DEFAULT DATAGRAM
datagram = {
# ADVANCED OPTIONS
"app-category": paramgram["app-category"],
"app-service-type": paramgram["app-service-type"],
"application": paramgram["application"],
"category": paramgram["category"],
"check-reset-range": paramgram["check-reset-range"],
"color": paramgram["color"],
"session-ttl": paramgram["session-ttl"],
"tcp-halfclose-timer": paramgram["tcp-halfclose-timer"],
"tcp-halfopen-timer": paramgram["tcp-halfopen-timer"],
"tcp-timewait-timer": paramgram["tcp-timewait-timer"],
"udp-idle-timer": paramgram["udp-idle-timer"],
"visibility": paramgram["visibility"],
"comment": paramgram["comment"],
"proxy": paramgram["explicit-proxy"],
"name": paramgram["name"]
}
if datagram["proxy"] == "disable":
#######################################
# object-type = "TCP/UDP/SCTP"
#######################################
if paramgram["custom_type"] == "tcp_udp_sctp":
datagram["protocol"] = "TCP/UDP/SCTP"
# PROCESS PORT RANGES TO PUT INTO THE PROPER SYNTAX
if paramgram["tcp-portrange"] is not None:
tcp_list = []
for tcp in paramgram["tcp-portrange"].split(","):
tcp = tcp.strip()
tcp_list.append(tcp)
datagram["tcp-portrange"] = tcp_list
if paramgram["udp-portrange"] is not None:
udp_list = []
for udp in paramgram["udp-portrange"].split(","):
udp = udp.strip()
udp_list.append(udp)
datagram["udp-portrange"] = udp_list
if paramgram["sctp-portrange"] is not None:
sctp_list = []
for sctp in paramgram["sctp-portrange"].split(","):
sctp = sctp.strip()
sctp_list.append(sctp)
datagram["sctp-portrange"] = sctp_list
#######################################
# object-type = "ICMP"
#######################################
if paramgram["custom_type"] == "icmp":
datagram["icmpcode"] = paramgram["icmp_code"]
datagram["icmptype"] = paramgram["icmp_type"]
datagram["protocol"] = "ICMP"
#######################################
# object-type = "ICMP6"
#######################################
if paramgram["custom_type"] == "icmp6":
datagram["icmpcode"] = paramgram["icmp_code"]
datagram["icmptype"] = paramgram["icmp_type"]
datagram["protocol"] = "ICMP6"
#######################################
# object-type = "IP"
#######################################
if paramgram["custom_type"] == "ip":
datagram["protocol"] = "IP"
datagram["protocol-number"] = paramgram["protocol-number"]
#######################################
# object-type in any of the explicit proxy options
#######################################
if datagram["proxy"] == "enable":
datagram["protocol"] = paramgram["custom_type"].upper()
datagram["iprange"] = paramgram["iprange"]
# PROCESS PROXY TCP PORT RANGES TO PUT INTO THE PROPER SYNTAX
if paramgram["tcp-portrange"] is not None:
tcp_list = []
for tcp in paramgram["tcp-portrange"].split(","):
tcp = tcp.strip()
tcp_list.append(tcp)
datagram["tcp-portrange"] = tcp_list
if paramgram["mode"] == "delete":
datagram = {
"name": paramgram["name"]
}
# SET DELETE URL
url = '/pm/config/adom/{adom}/obj/firewall/service/custom' \
'/{name}'.format(adom=paramgram["adom"], name=paramgram["name"])
datagram = scrub_dict(datagram)
response = fmgr.process_request(url, datagram, paramgram["mode"])
return response