def get_locked_adom_list(self): """ Gets the list of locked adoms """ try: locked_list = list() locked_by_user_list = list() for adom in self._adom_list: adom_lock_info = self.get_lock_info(adom=adom) try: if adom_lock_info[1]["status"]["message"] == "OK": continue except BaseException: pass try: if adom_lock_info[1][0]["lock_user"]: locked_list.append(str(adom)) if adom_lock_info[1][0]["lock_user"] == self._logged_in_user: locked_by_user_list.append({"adom": str(adom), "user": str(adom_lock_info[1][0]["lock_user"])}) except BaseException as err: raise FAZBaseException(err) self._locked_adom_list = locked_list self._locked_adoms_by_user = locked_by_user_list except BaseException as err: raise FAZBaseException(msg=("An error occurred while trying to get the locked adom list. Error: " + str(err)))
def check_mode(self): """ Checks FortiAnalyzer for the use of Workspace mode """ url = "/cli/global/system/global" code, resp_obj = self.send_request(FAZMethods.GET, self._tools.format_request(FAZMethods.GET, url, fields=["workspace-mode", "adom-status"])) try: if resp_obj["workspace-mode"] == "workflow": self.uses_workspace = True elif resp_obj["workspace-mode"] == "disabled": self.uses_workspace = False except KeyError: self.uses_workspace = False except BaseException: raise FAZBaseException(msg="Couldn't determine workspace-mode in the plugin") try: if resp_obj["adom-status"] in [1, "enable"]: self.uses_adoms = True else: self.uses_adoms = False except KeyError: self.uses_adoms = False except BaseException: raise FAZBaseException(msg="Couldn't determine adom-status in the plugin")
def return_connected_faz(self): """ Returns the data stored under self._connected_faz :return: dict """ try: if self._connected_faz: return self._connected_faz except BaseException: raise FAZBaseException("Couldn't Retrieve Connected FAZ Stats")
def send_request(self, method, params): """ Responsible for actual sending of data to the connection httpapi base plugin. Does some formatting as well. :param params: A formatted dictionary that was returned by self.common_datagram_params() before being called here. :param method: The preferred API Request method (GET, ADD, POST, etc....) :type method: basestring :return: Dictionary of status, if it logged in or not. """ try: if self.sid is None and params[0]["url"] != "sys/login/user": raise FAZBaseException("An attempt was made to login with the SID None and URL != login url.") except IndexError: raise FAZBaseException("An attempt was made at communicating with a FAZ with " "no valid session and an incorrectly formatted request.") except Exception: raise FAZBaseException("An attempt was made at communicating with a FAZ with " "no valid session and an unexpected error was discovered.") self._update_request_id() json_request = { "method": method, "params": params, "session": self.sid, "id": self.req_id, "verbose": 1 } data = json.dumps(json_request, ensure_ascii=False).replace('\\\\', '\\') try: # Sending URL and Data in Unicode, per Ansible Specifications for Connection Plugins response, response_data = self.connection.send(path=to_text(self._url), data=to_text(data), headers=BASE_HEADERS) # Get Unicode Response - Must convert from StringIO to unicode first so we can do a replace function below result = json.loads(to_text(response_data.getvalue())) self._update_self_from_response(result, self._url, data) return self._handle_response(result) except Exception as err: raise FAZBaseException(err)
def login(self, username, password): """ This function will log the plugin into FortiAnalyzer, and return the results. :param username: Username of FortiAnalyzer Admin :param password: Password of FortiAnalyzer Admin :return: Dictionary of status, if it logged in or not. """ self._logged_in_user = username self.send_request(FAZMethods.EXEC, self._tools.format_request(FAZMethods.EXEC, "sys/login/user", passwd=password, user=username,)) if "FortiAnalyzer object connected to FortiAnalyzer" in self.__str__(): # If Login worked, then inspect the FortiAnalyzer for Workspace Mode, and it's system information. self.inspect_faz() return else: raise FAZBaseException(msg="Unknown error while logging in...connection was lost during login operation...." " Exiting")
def inspect_faz(self): # CHECK FOR WORKSPACE MODE TO SEE IF WE HAVE TO ENABLE ADOM LOCKS status = self.get_system_status() if status[0] == -11: # THE CONNECTION GOT LOST SOMEHOW, REMOVE THE SID AND REPORT BAD LOGIN self.logout() raise FAZBaseException(msg="Error -11 -- the Session ID was likely malformed somehow. Contact authors." " Exiting") elif status[0] == 0: try: self.check_mode() if self._uses_adoms: self.get_adom_list() if self._uses_workspace: self.get_locked_adom_list() self._connected_faz = status[1] self._host = self._connected_faz["Hostname"] except BaseException: pass return
def main(): argument_spec = dict( adom=dict(required=False, type="str", default="root"), mode=dict(choices=["add", "delete", "promote"], type="str", default="add"), device_ip=dict(required=False, type="str"), device_username=dict(required=False, type="str"), device_password=dict(required=False, type="str", no_log=True), device_unique_name=dict(required=False, type="str"), device_serial=dict(required=False, type="str"), os_type=dict(required=False, type="str", choices=[ "unknown", "fos", "fsw", "foc", "fml", "faz", "fwb", "fch", "fct", "log", "fmg", "fsa", "fdd", "fac" ]), mgmt_mode=dict(required=False, type="str", choices=["unreg", "fmg", "faz", "fmgfaz"]), os_minor_vers=dict(required=False, type="str"), os_ver=dict(required=False, type="str", choices=[ "unknown", "0.0", "1.0", "2.0", "3.0", "4.0", "5.0", "6.0" ]), platform_str=dict(required=False, type="str"), faz_quota=dict(required=False, type="str")) required_if = [['mode', 'delete', ['device_unique_name']], [ 'mode', 'add', [ 'device_serial', 'device_username', 'device_password', 'device_unique_name', 'device_ip', 'mgmt_mode', 'platform_str' ] ]] module = AnsibleModule( argument_spec, supports_check_mode=True, required_if=required_if, ) # START SESSION LOGIC paramgram = { "adom": module.params["adom"], "mode": module.params["mode"], "ip": module.params["device_ip"], "device_username": module.params["device_username"], "device_password": module.params["device_password"], "device_unique_name": module.params["device_unique_name"], "sn": module.params["device_serial"], "os_type": module.params["os_type"], "mgmt_mode": module.params["mgmt_mode"], "os_minor_vers": module.params["os_minor_vers"], "os_ver": module.params["os_ver"], "platform_str": module.params["platform_str"], "faz.quota": module.params["faz_quota"], "device_action": None } # INSERT THE PARAMGRAM INTO THE MODULE SO WHEN WE PASS IT TO MOD_UTILS.FortiManagerHandler IT HAS THAT INFO if paramgram["mode"] == "add": paramgram["device_action"] = "add_model" elif paramgram["mode"] == "promote": paramgram["device_action"] = "promote_unreg" module.paramgram = paramgram # TRY TO INIT THE CONNECTION SOCKET PATH AND FortiManagerHandler OBJECT AND TOOLS faz = None if module._socket_path: connection = Connection(module._socket_path) faz = FortiAnalyzerHandler(connection, module) faz.tools = FAZCommon() else: module.fail_json(**FAIL_SOCKET_MSG) # BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION results = DEFAULT_RESULT_OBJ try: if paramgram["mode"] == "add": results = faz_add_device(faz, paramgram) except BaseException as err: raise FAZBaseException( msg="An error occurred trying to add the device. Error: " + str(err)) try: if paramgram["mode"] == "promote": if paramgram["ip"] is not None: results = faz_approve_unregistered_device_by_ip(faz, paramgram) elif paramgram["device_unique_name"] is not None: results = faz_approve_unregistered_device_by_name( faz, paramgram) except BaseException as err: raise FAZBaseException( msg="An error occurred trying to promote the device. Error: " + str(err)) try: if paramgram["mode"] == "delete": results = faz_delete_device(faz, paramgram) except BaseException as err: raise FAZBaseException( msg="An error occurred trying to delete the device. Error: " + str(err)) # PROCESS RESULTS try: faz.govern_response(module=module, results=results, ansible_facts=faz.construct_ansible_facts( results, module.params, paramgram)) except BaseException as err: raise FAZBaseException( msg="An error occurred with govern_response(). Error: " + str(err)) # This should only be hit if faz.govern_response is missed or failed somehow. In fact. It should never be hit. # But it's here JIC. return module.exit_json(**results[1])