def main():
argument_spec = dict(
adom=dict(required=False, type="str"),
host=dict(required=True, type="str"),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]),
no_log=True),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]),
no_log=True),
action=dict(required=False, type="str"),
resource=dict(required=False, type="str"),
target=dict(required=False, type="str"),
payload=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec,
supports_check_mode=True,
)
action = module.params["action"]
resource = module.params["resource"]
target = module.params["target"]
payload = module.params["payload"]
# check if params are set
if module.params["host"] is None or module.params["username"] is None:
module.fail_json(msg="Host and username are required for connection")
# check if login failed
fmg = AnsibleFortiManager(module, module.params["host"],
module.params["username"],
module.params["password"])
response = fmg.login()
if response[1]['status']['code'] != 0:
module.fail_json(msg="Connection to FortiManager Failed")
else:
if module.params["adom"] is None:
module.params["adom"] = 'root'
status, result = fos_request(fmg, action, resource, target, payload,
module.params["adom"])
if not status == 0:
module.fail_json(msg="Failure showing upgrade path", **result)
fmg.logout()
# results is returned as a tuple
return module.exit_json(changed=True, **result)
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
host=dict(required=True, type="str"),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]),
no_log=True,
required=True),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]),
no_log=True,
required=True),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
whitelist=dict(required=False,
type="str",
choices=["disable", "enable"]),
use_ssl_server=dict(required=False,
type="str",
choices=["disable", "enable"]),
untrusted_caname=dict(required=False, type="str"),
ssl_exemptions_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
ssl_anomalies_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
server_cert_mode=dict(required=False,
type="str",
choices=["re-sign", "replace"]),
server_cert=dict(required=False, type="str"),
rpc_over_https=dict(required=False,
type="str",
choices=["disable", "enable"]),
name=dict(required=False, type="str"),
mapi_over_https=dict(required=False,
type="str",
choices=["disable", "enable"]),
comment=dict(required=False, type="str"),
caname=dict(required=False, type="str"),
ftps=dict(required=False, type="list"),
ftps_allow_invalid_server_cert=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftps_client_cert_request=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
ftps_ports=dict(required=False, type="str"),
ftps_status=dict(required=False,
type="str",
choices=["disable", "deep-inspection"]),
ftps_unsupported_ssl=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
ftps_untrusted_cert=dict(required=False,
type="str",
choices=["allow", "block", "ignore"]),
https=dict(required=False, type="list"),
https_allow_invalid_server_cert=dict(required=False,
type="str",
choices=["disable", "enable"]),
https_client_cert_request=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
https_ports=dict(required=False, type="str"),
https_status=dict(
required=False,
type="str",
choices=["disable", "certificate-inspection", "deep-inspection"]),
https_unsupported_ssl=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
https_untrusted_cert=dict(required=False,
type="str",
choices=["allow", "block", "ignore"]),
imaps=dict(required=False, type="list"),
imaps_allow_invalid_server_cert=dict(required=False,
type="str",
choices=["disable", "enable"]),
imaps_client_cert_request=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
imaps_ports=dict(required=False, type="str"),
imaps_status=dict(required=False,
type="str",
choices=["disable", "deep-inspection"]),
imaps_unsupported_ssl=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
imaps_untrusted_cert=dict(required=False,
type="str",
choices=["allow", "block", "ignore"]),
pop3s=dict(required=False, type="list"),
pop3s_allow_invalid_server_cert=dict(required=False,
type="str",
choices=["disable", "enable"]),
pop3s_client_cert_request=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
pop3s_ports=dict(required=False, type="str"),
pop3s_status=dict(required=False,
type="str",
choices=["disable", "deep-inspection"]),
pop3s_unsupported_ssl=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
pop3s_untrusted_cert=dict(required=False,
type="str",
choices=["allow", "block", "ignore"]),
smtps=dict(required=False, type="list"),
smtps_allow_invalid_server_cert=dict(required=False,
type="str",
choices=["disable", "enable"]),
smtps_client_cert_request=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
smtps_ports=dict(required=False, type="str"),
smtps_status=dict(required=False,
type="str",
choices=["disable", "deep-inspection"]),
smtps_unsupported_ssl=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
smtps_untrusted_cert=dict(required=False,
type="str",
choices=["allow", "block", "ignore"]),
ssh=dict(required=False, type="list"),
ssh_inspect_all=dict(required=False,
type="str",
choices=["disable", "deep-inspection"]),
ssh_ports=dict(required=False, type="str"),
ssh_ssh_algorithm=dict(required=False,
type="str",
choices=["compatible", "high-encryption"]),
ssh_ssh_policy_check=dict(required=False,
type="str",
choices=["disable", "enable"]),
ssh_ssh_tun_policy_check=dict(required=False,
type="str",
choices=["disable", "enable"]),
ssh_status=dict(required=False,
type="str",
choices=["disable", "deep-inspection"]),
ssh_unsupported_version=dict(required=False,
type="str",
choices=["block", "bypass"]),
ssl=dict(required=False, type="list"),
ssl_allow_invalid_server_cert=dict(required=False,
type="str",
choices=["disable", "enable"]),
ssl_client_cert_request=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
ssl_inspect_all=dict(
required=False,
type="str",
choices=["disable", "certificate-inspection", "deep-inspection"]),
ssl_unsupported_ssl=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
ssl_untrusted_cert=dict(required=False,
type="str",
choices=["allow", "block", "ignore"]),
ssl_exempt=dict(required=False, type="list"),
ssl_exempt_address=dict(required=False, type="str"),
ssl_exempt_address6=dict(required=False, type="str"),
ssl_exempt_fortiguard_category=dict(required=False, type="str"),
ssl_exempt_regex=dict(required=False, type="str"),
ssl_exempt_type=dict(required=False,
type="str",
choices=[
"fortiguard-category", "address", "address6",
"wildcard-fqdn", "regex"
]),
ssl_exempt_wildcard_fqdn=dict(required=False, type="str"),
ssl_server=dict(required=False, type="list"),
ssl_server_ftps_client_cert_request=dict(
required=False, type="str", choices=["bypass", "inspect",
"block"]),
ssl_server_https_client_cert_request=dict(
required=False, type="str", choices=["bypass", "inspect",
"block"]),
ssl_server_imaps_client_cert_request=dict(
required=False, type="str", choices=["bypass", "inspect",
"block"]),
ssl_server_ip=dict(required=False, type="str"),
ssl_server_pop3s_client_cert_request=dict(
required=False, type="str", choices=["bypass", "inspect",
"block"]),
ssl_server_smtps_client_cert_request=dict(
required=False, type="str", choices=["bypass", "inspect",
"block"]),
ssl_server_ssl_other_client_cert_request=dict(
required=False, type="str", choices=["bypass", "inspect",
"block"]),
)
module = AnsibleModule(argument_spec, supports_check_mode=False)
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"whitelist": module.params["whitelist"],
"use-ssl-server": module.params["use_ssl_server"],
"untrusted-caname": module.params["untrusted_caname"],
"ssl-exemptions-log": module.params["ssl_exemptions_log"],
"ssl-anomalies-log": module.params["ssl_anomalies_log"],
"server-cert-mode": module.params["server_cert_mode"],
"server-cert": module.params["server_cert"],
"rpc-over-https": module.params["rpc_over_https"],
"name": module.params["name"],
"mapi-over-https": module.params["mapi_over_https"],
"comment": module.params["comment"],
"caname": module.params["caname"],
"ftps": {
"allow-invalid-server-cert":
module.params["ftps_allow_invalid_server_cert"],
"client-cert-request":
module.params["ftps_client_cert_request"],
"ports":
module.params["ftps_ports"],
"status":
module.params["ftps_status"],
"unsupported-ssl":
module.params["ftps_unsupported_ssl"],
"untrusted-cert":
module.params["ftps_untrusted_cert"],
},
"https": {
"allow-invalid-server-cert":
module.params["https_allow_invalid_server_cert"],
"client-cert-request":
module.params["https_client_cert_request"],
"ports":
module.params["https_ports"],
"status":
module.params["https_status"],
"unsupported-ssl":
module.params["https_unsupported_ssl"],
"untrusted-cert":
module.params["https_untrusted_cert"],
},
"imaps": {
"allow-invalid-server-cert":
module.params["imaps_allow_invalid_server_cert"],
"client-cert-request":
module.params["imaps_client_cert_request"],
"ports":
module.params["imaps_ports"],
"status":
module.params["imaps_status"],
"unsupported-ssl":
module.params["imaps_unsupported_ssl"],
"untrusted-cert":
module.params["imaps_untrusted_cert"],
},
"pop3s": {
"allow-invalid-server-cert":
module.params["pop3s_allow_invalid_server_cert"],
"client-cert-request":
module.params["pop3s_client_cert_request"],
"ports":
module.params["pop3s_ports"],
"status":
module.params["pop3s_status"],
"unsupported-ssl":
module.params["pop3s_unsupported_ssl"],
"untrusted-cert":
module.params["pop3s_untrusted_cert"],
},
"smtps": {
"allow-invalid-server-cert":
module.params["smtps_allow_invalid_server_cert"],
"client-cert-request":
module.params["smtps_client_cert_request"],
"ports":
module.params["smtps_ports"],
"status":
module.params["smtps_status"],
"unsupported-ssl":
module.params["smtps_unsupported_ssl"],
"untrusted-cert":
module.params["smtps_untrusted_cert"],
},
"ssh": {
"inspect-all": module.params["ssh_inspect_all"],
"ports": module.params["ssh_ports"],
"ssh-algorithm": module.params["ssh_ssh_algorithm"],
"ssh-policy-check": module.params["ssh_ssh_policy_check"],
"ssh-tun-policy-check": module.params["ssh_ssh_tun_policy_check"],
"status": module.params["ssh_status"],
"unsupported-version": module.params["ssh_unsupported_version"],
},
"ssl": {
"allow-invalid-server-cert":
module.params["ssl_allow_invalid_server_cert"],
"client-cert-request":
module.params["ssl_client_cert_request"],
"inspect-all":
module.params["ssl_inspect_all"],
"unsupported-ssl":
module.params["ssl_unsupported_ssl"],
"untrusted-cert":
module.params["ssl_untrusted_cert"],
},
"ssl-exempt": {
"address": module.params["ssl_exempt_address"],
"address6": module.params["ssl_exempt_address6"],
"fortiguard-category":
module.params["ssl_exempt_fortiguard_category"],
"regex": module.params["ssl_exempt_regex"],
"type": module.params["ssl_exempt_type"],
"wildcard-fqdn": module.params["ssl_exempt_wildcard_fqdn"],
},
"ssl-server": {
"ftps-client-cert-request":
module.params["ssl_server_ftps_client_cert_request"],
"https-client-cert-request":
module.params["ssl_server_https_client_cert_request"],
"imaps-client-cert-request":
module.params["ssl_server_imaps_client_cert_request"],
"ip":
module.params["ssl_server_ip"],
"pop3s-client-cert-request":
module.params["ssl_server_pop3s_client_cert_request"],
"smtps-client-cert-request":
module.params["ssl_server_smtps_client_cert_request"],
"ssl-other-client-cert-request":
module.params["ssl_server_ssl_other_client_cert_request"],
}
}
list_overrides = [
'ftps', 'https', 'imaps', 'pop3s', 'smtps', 'ssh', 'ssl', 'ssl-exempt',
'ssl-server'
]
for list_variable in list_overrides:
override_data = list()
try:
override_data = module.params[list_variable]
except Exception:
pass
try:
if override_data:
del paramgram[list_variable]
paramgram[list_variable] = override_data
except Exception:
pass
# CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN.
host = module.params["host"]
password = module.params["password"]
username = module.params["username"]
if host is None or username is None or password is None:
module.fail_json(msg="Host and username and password are required")
# CHECK IF LOGIN FAILED
fmg = AnsibleFortiManager(module, module.params["host"],
module.params["username"],
module.params["password"])
response = fmg.login()
if response[1]['status']['code'] != 0:
module.fail_json(msg="Connection to FortiManager Failed")
results = fmgr_firewall_ssl_ssh_profile_addsetdelete(fmg, paramgram)
if results[0] != 0:
fmgr_logout(fmg, module, results=results, good_codes=[0])
fmg.logout()
if results is not None:
return module.exit_json(**results[1])
else:
return module.exit_json(
msg="No results were returned from the API call.")
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
vdom=dict(required=False, type="str", default="root"),
host=dict(required=True, type="str"),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"])),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]),
no_log=True),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
grp_desc=dict(required=False, type="str"),
grp_name=dict(required=True, type="str"),
grp_members=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec,
supports_check_mode=True,
)
# handle params passed via provider and insure they are represented as the data type expected by fortimanager
paramgram = {
"mode": module.params["mode"],
"grp_name": module.params["grp_name"],
"grp_desc": module.params["grp_desc"],
"grp_members": module.params["grp_members"],
"adom": module.params["adom"],
"vdom": module.params["vdom"]
}
# validate required arguments are passed; not used in argument_spec to allow params to be called from provider
# check if params are set
if module.params["host"] is None or module.params[
"username"] is None or module.params["password"] is None:
module.fail_json(msg="Host and username are required for connection")
# CHECK IF LOGIN FAILED
fmg = AnsibleFortiManager(module, module.params["host"],
module.params["username"],
module.params["password"])
response = fmg.login()
if response[1]['status']['code'] != 0:
module.fail_json(msg="Connection to FortiManager Failed")
else:
# START SESSION LOGIC
# PROCESS THE GROUP ADDS FIRST
if paramgram["grp_name"] is not None and paramgram["mode"] in [
"add", "set", "update"
]:
# add device group
results = add_device_group(fmg, paramgram)
if results[0] != 0 and results[0] != -2:
fmgr_logout(fmg,
module,
msg="Failed to Add Device Group",
results=results,
good_codes=[0])
# PROCESS THE GROUP MEMBER ADDS
if paramgram["grp_members"] is not None and paramgram["mode"] in [
"add", "set", "update"
]:
# assign devices to device group
results = add_group_member(fmg, paramgram)
if results[0] != 0 and results[0] != -2:
fmgr_logout(fmg,
module,
msg="Failed to Add Group Member(s)",
results=results,
good_codes=[0])
# PROCESS THE GROUP MEMBER DELETES
if paramgram["grp_members"] is not None and paramgram[
"mode"] == "delete":
# remove devices grom a group
results = delete_group_member(fmg, paramgram)
if results[0] != 0:
fmgr_logout(fmg,
module,
msg="Failed to Delete Group Member(s)",
results=results,
good_codes=[0])
# PROCESS THE GROUP DELETES, ONLY IF GRP_MEMBERS IS NOT NULL TOO
if paramgram["grp_name"] is not None and paramgram[
"mode"] == "delete" and paramgram["grp_members"] is None:
# delete device group
results = delete_device_group(fmg, paramgram)
if results[0] != 0:
fmgr_logout(fmg,
module,
msg="Failed to Delete Device Group",
results=results,
good_codes=[0])
# RETURN THE RESULTS
return module.exit_json(**results[1])
def main():
argument_spec = dict(
host=dict(required=True, type="str"),
adom=dict(required=False, type="str", default="root"),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]),
no_log=True),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"])),
device_unique_name=dict(required=True, type="str"),
device_hostname=dict(required=False, type="str"),
interface=dict(required=False, type="str"),
interface_ip=dict(required=False, type="str"),
interface_allow_access=dict(required=False, type="str"),
install_config=dict(required=False, type="str", default="disable"),
)
module = AnsibleModule(
argument_spec,
supports_check_mode=True,
)
# handle params passed via provider and insure they are represented as the data type expected by fortimanager
paramgram = {
"device_unique_name": module.params["device_unique_name"],
"device_hostname": module.params["device_hostname"],
"interface": module.params["interface"],
"interface_ip": module.params["interface_ip"],
"interface_allow_access": module.params["interface_allow_access"],
"install_config": module.params["install_config"],
"adom": module.params["adom"]
}
# check if params are set
if module.params["host"] is None or module.params[
"username"] is None or module.params["password"] is None:
module.fail_json(msg="Host and username are required for connection")
# CHECK IF LOGIN FAILED
fmg = AnsibleFortiManager(module, module.params["host"],
module.params["username"],
module.params["password"])
response = fmg.login()
if response[1]['status']['code'] != 0:
module.fail_json(msg="Connection to FortiManager Failed")
else:
# START SESSION LOGIC
# if the device_hostname isn't null, then attempt the api call via method call, store results in variable
if paramgram["device_hostname"] is not None:
# add device
results = update_device_hostname(fmg, paramgram)
if results[0] != 0:
fmgr_logout(fmg,
module,
msg="Failed to set Hostname",
results=results,
good_codes=[0])
if paramgram["interface_ip"] is not None or paramgram[
"interface_allow_access"] is not None:
results = update_device_interface(fmg, paramgram)
if results[0] != 0:
fmgr_logout(fmg,
module,
msg="Failed to Update Device Interface",
results=results,
good_codes=[0])
if paramgram["install_config"] == "enable":
# attempt to install the config
results = exec_config(fmg, paramgram)
if results[0] != 0:
fmgr_logout(fmg,
module,
msg="Failed to Update Device Interface",
results=results,
good_codes=[0])
# logout, build in check for future logging capabilities
fmg.logout()
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
host=dict(required=True, type="str"),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]),
no_log=True,
required=True),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]),
no_log=True,
required=True),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
youtube_channel_status=dict(
required=False,
type="str",
choices=["disable", "blacklist", "whitelist"]),
wisp_servers=dict(required=False, type="str"),
wisp_algorithm=dict(
required=False,
type="str",
choices=["auto-learning", "primary-secondary", "round-robin"]),
wisp=dict(required=False, type="str", choices=["disable", "enable"]),
web_url_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_invalid_domain_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_ftgd_quota_usage=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_ftgd_err_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_vbs_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_unknown_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_referer_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_jscript_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_js_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_cookie_removal_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_cookie_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_command_block_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_applet_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_activex_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_extended_all_action_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_content_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
replacemsg_group=dict(required=False, type="str"),
post_action=dict(required=False,
type="str",
choices=["normal", "block"]),
ovrd_perm=dict(required=False,
type="list",
choices=[
"bannedword-override", "urlfilter-override",
"fortiguard-wf-override",
"contenttype-check-override"
]),
options=dict(required=False,
type="list",
choices=[
"block-invalid-url", "jscript", "js", "vbs",
"unknown", "wf-referer", "intrinsic", "wf-cookie",
"per-user-bwl", "activexfilter", "cookiefilter",
"javafilter"
]),
name=dict(required=False, type="str"),
log_all_url=dict(required=False,
type="str",
choices=["disable", "enable"]),
inspection_mode=dict(required=False,
type="str",
choices=["proxy", "flow-based"]),
https_replacemsg=dict(required=False,
type="str",
choices=["disable", "enable"]),
extended_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
comment=dict(required=False, type="str"),
ftgd_wf=dict(required=False, type="list"),
ftgd_wf_exempt_quota=dict(required=False, type="str"),
ftgd_wf_max_quota_timeout=dict(required=False, type="int"),
ftgd_wf_options=dict(required=False,
type="str",
choices=[
"error-allow", "rate-server-ip",
"connect-request-bypass", "ftgd-disable"
]),
ftgd_wf_ovrd=dict(required=False, type="str"),
ftgd_wf_rate_crl_urls=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_rate_css_urls=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_rate_image_urls=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_rate_javascript_urls=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_filters_action=dict(
required=False,
type="str",
choices=["block", "monitor", "warning", "authenticate"]),
ftgd_wf_filters_auth_usr_grp=dict(required=False, type="str"),
ftgd_wf_filters_category=dict(required=False, type="str"),
ftgd_wf_filters_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_filters_override_replacemsg=dict(required=False, type="str"),
ftgd_wf_filters_warn_duration=dict(required=False, type="str"),
ftgd_wf_filters_warning_duration_type=dict(
required=False, type="str", choices=["session", "timeout"]),
ftgd_wf_filters_warning_prompt=dict(
required=False, type="str", choices=["per-domain",
"per-category"]),
ftgd_wf_quota_category=dict(required=False, type="str"),
ftgd_wf_quota_duration=dict(required=False, type="str"),
ftgd_wf_quota_override_replacemsg=dict(required=False, type="str"),
ftgd_wf_quota_type=dict(required=False,
type="str",
choices=["time", "traffic"]),
ftgd_wf_quota_unit=dict(required=False,
type="str",
choices=["B", "KB", "MB", "GB"]),
ftgd_wf_quota_value=dict(required=False, type="int"),
override=dict(required=False, type="list"),
override_ovrd_cookie=dict(required=False,
type="str",
choices=["deny", "allow"]),
override_ovrd_dur=dict(required=False, type="str"),
override_ovrd_dur_mode=dict(required=False,
type="str",
choices=["constant", "ask"]),
override_ovrd_scope=dict(
required=False,
type="str",
choices=["user", "user-group", "ip", "ask", "browser"]),
override_ovrd_user_group=dict(required=False, type="str"),
override_profile=dict(required=False, type="str"),
override_profile_attribute=dict(
required=False,
type="list",
choices=[
"User-Name", "NAS-IP-Address", "Framed-IP-Address",
"Framed-IP-Netmask", "Filter-Id", "Login-IP-Host",
"Reply-Message", "Callback-Number", "Callback-Id",
"Framed-Route", "Framed-IPX-Network", "Class",
"Called-Station-Id", "Calling-Station-Id", "NAS-Identifier",
"Proxy-State", "Login-LAT-Service", "Login-LAT-Node",
"Login-LAT-Group", "Framed-AppleTalk-Zone", "Acct-Session-Id",
"Acct-Multi-Session-Id"
]),
override_profile_type=dict(required=False,
type="str",
choices=["list", "radius"]),
url_extraction=dict(required=False, type="list"),
url_extraction_redirect_header=dict(required=False, type="str"),
url_extraction_redirect_no_content=dict(required=False,
type="str",
choices=["disable", "enable"]),
url_extraction_redirect_url=dict(required=False, type="str"),
url_extraction_server_fqdn=dict(required=False, type="str"),
url_extraction_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
web=dict(required=False, type="list"),
web_blacklist=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_bword_table=dict(required=False, type="str"),
web_bword_threshold=dict(required=False, type="int"),
web_content_header_list=dict(required=False, type="str"),
web_keyword_match=dict(required=False, type="str"),
web_log_search=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_safe_search=dict(required=False,
type="str",
choices=["url", "header"]),
web_urlfilter_table=dict(required=False, type="str"),
web_whitelist=dict(required=False,
type="list",
choices=[
"exempt-av", "exempt-webcontent",
"exempt-activex-java-cookie", "exempt-dlp",
"exempt-rangeblock", "extended-log-others"
]),
web_youtube_restrict=dict(required=False,
type="str",
choices=["strict", "none", "moderate"]),
youtube_channel_filter=dict(required=False, type="list"),
youtube_channel_filter_channel_id=dict(required=False, type="str"),
youtube_channel_filter_comment=dict(required=False, type="str"),
)
module = AnsibleModule(argument_spec, supports_check_mode=False)
# MODULE PARAMGRAM
paramgram = {
"mode":
module.params["mode"],
"adom":
module.params["adom"],
"youtube-channel-status":
module.params["youtube_channel_status"],
"wisp-servers":
module.params["wisp_servers"],
"wisp-algorithm":
module.params["wisp_algorithm"],
"wisp":
module.params["wisp"],
"web-url-log":
module.params["web_url_log"],
"web-invalid-domain-log":
module.params["web_invalid_domain_log"],
"web-ftgd-quota-usage":
module.params["web_ftgd_quota_usage"],
"web-ftgd-err-log":
module.params["web_ftgd_err_log"],
"web-filter-vbs-log":
module.params["web_filter_vbs_log"],
"web-filter-unknown-log":
module.params["web_filter_unknown_log"],
"web-filter-referer-log":
module.params["web_filter_referer_log"],
"web-filter-jscript-log":
module.params["web_filter_jscript_log"],
"web-filter-js-log":
module.params["web_filter_js_log"],
"web-filter-cookie-removal-log":
module.params["web_filter_cookie_removal_log"],
"web-filter-cookie-log":
module.params["web_filter_cookie_log"],
"web-filter-command-block-log":
module.params["web_filter_command_block_log"],
"web-filter-applet-log":
module.params["web_filter_applet_log"],
"web-filter-activex-log":
module.params["web_filter_activex_log"],
"web-extended-all-action-log":
module.params["web_extended_all_action_log"],
"web-content-log":
module.params["web_content_log"],
"replacemsg-group":
module.params["replacemsg_group"],
"post-action":
module.params["post_action"],
"ovrd-perm":
module.params["ovrd_perm"],
"options":
module.params["options"],
"name":
module.params["name"],
"log-all-url":
module.params["log_all_url"],
"inspection-mode":
module.params["inspection_mode"],
"https-replacemsg":
module.params["https_replacemsg"],
"extended-log":
module.params["extended_log"],
"comment":
module.params["comment"],
"ftgd-wf": {
"exempt-quota": module.params["ftgd_wf_exempt_quota"],
"max-quota-timeout": module.params["ftgd_wf_max_quota_timeout"],
"options": module.params["ftgd_wf_options"],
"ovrd": module.params["ftgd_wf_ovrd"],
"rate-crl-urls": module.params["ftgd_wf_rate_crl_urls"],
"rate-css-urls": module.params["ftgd_wf_rate_css_urls"],
"rate-image-urls": module.params["ftgd_wf_rate_image_urls"],
"rate-javascript-urls":
module.params["ftgd_wf_rate_javascript_urls"],
"filters": {
"action":
module.params["ftgd_wf_filters_action"],
"auth-usr-grp":
module.params["ftgd_wf_filters_auth_usr_grp"],
"category":
module.params["ftgd_wf_filters_category"],
"log":
module.params["ftgd_wf_filters_log"],
"override-replacemsg":
module.params["ftgd_wf_filters_override_replacemsg"],
"warn-duration":
module.params["ftgd_wf_filters_warn_duration"],
"warning-duration-type":
module.params["ftgd_wf_filters_warning_duration_type"],
"warning-prompt":
module.params["ftgd_wf_filters_warning_prompt"],
},
"quota": {
"category":
module.params["ftgd_wf_quota_category"],
"duration":
module.params["ftgd_wf_quota_duration"],
"override-replacemsg":
module.params["ftgd_wf_quota_override_replacemsg"],
"type":
module.params["ftgd_wf_quota_type"],
"unit":
module.params["ftgd_wf_quota_unit"],
"value":
module.params["ftgd_wf_quota_value"],
},
},
"override": {
"ovrd-cookie": module.params["override_ovrd_cookie"],
"ovrd-dur": module.params["override_ovrd_dur"],
"ovrd-dur-mode": module.params["override_ovrd_dur_mode"],
"ovrd-scope": module.params["override_ovrd_scope"],
"ovrd-user-group": module.params["override_ovrd_user_group"],
"profile": module.params["override_profile"],
"profile-attribute": module.params["override_profile_attribute"],
"profile-type": module.params["override_profile_type"],
},
"url-extraction": {
"redirect-header":
module.params["url_extraction_redirect_header"],
"redirect-no-content":
module.params["url_extraction_redirect_no_content"],
"redirect-url":
module.params["url_extraction_redirect_url"],
"server-fqdn":
module.params["url_extraction_server_fqdn"],
"status":
module.params["url_extraction_status"],
},
"web": {
"blacklist": module.params["web_blacklist"],
"bword-table": module.params["web_bword_table"],
"bword-threshold": module.params["web_bword_threshold"],
"content-header-list": module.params["web_content_header_list"],
"keyword-match": module.params["web_keyword_match"],
"log-search": module.params["web_log_search"],
"safe-search": module.params["web_safe_search"],
"urlfilter-table": module.params["web_urlfilter_table"],
"whitelist": module.params["web_whitelist"],
"youtube-restrict": module.params["web_youtube_restrict"],
},
"youtube-channel-filter": {
"channel-id": module.params["youtube_channel_filter_channel_id"],
"comment": module.params["youtube_channel_filter_comment"],
}
}
list_overrides = [
'ftgd-wf', 'override', 'url-extraction', 'web',
'youtube-channel-filter'
]
for list_variable in list_overrides:
override_data = list()
try:
override_data = module.params[list_variable]
except Exception:
pass
try:
if override_data:
del paramgram[list_variable]
paramgram[list_variable] = override_data
except Exception:
pass
# CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN.
host = module.params["host"]
password = module.params["password"]
username = module.params["username"]
if host is None or username is None or password is None:
module.fail_json(msg="Host and username and password are required")
# CHECK IF LOGIN FAILED
fmg = AnsibleFortiManager(module, module.params["host"],
module.params["username"],
module.params["password"])
response = fmg.login()
if response[1]['status']['code'] != 0:
module.fail_json(msg="Connection to FortiManager Failed")
results = fmgr_webfilter_profile_addsetdelete(fmg, paramgram)
if results[0] != 0:
fmgr_logout(fmg, module, results=results, good_codes=[0])
fmg.logout()
if results is not None:
return module.exit_json(**results[1])
else:
return module.exit_json(
msg="No results were returned from the API call.")
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
host=dict(required=True, type="str"),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"])),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]), no_log=True),
object=dict(required=True, type="str", choices=["device", "cluster_nodes", "task", "custom"]),
custom_endpoint=dict(required=False, type="str"),
custom_dict=dict(required=False, type="dict"),
device_ip=dict(required=False, type="str"),
device_unique_name=dict(required=False, type="str"),
device_serial=dict(required=False, type="str"),
nodes=dict(required=False, type="list"),
task_id=dict(required=False, type="str")
)
module = AnsibleModule(argument_spec, supports_check_mode=True, )
# CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN.
host = module.params["host"]
username = module.params["username"]
if host is None or username is None:
module.fail_json(msg="Host and username are required")
# CHECK IF LOGIN FAILED
fmg = AnsibleFortiManager(module, module.params["host"], module.params["username"], module.params["password"])
response = fmg.login()
if response[1]['status']['code'] != 0:
module.fail_json(msg="Connection to FortiManager Failed")
# START SESSION LOGIC
# MODULE PARAMGRAM
paramgram = {
"adom": module.params["adom"],
"object": module.params["object"],
"device_ip": module.params["device_ip"],
"device_unique_name": module.params["device_unique_name"],
"device_serial": module.params["device_serial"],
"nodes": module.params["nodes"],
"task_id": module.params["task_id"],
"custom_endpoint": module.params["custom_endpoint"],
"custom_dict": module.params["custom_dict"]
}
# IF OBJECT IS DEVICE
if paramgram["object"] == "device" and any(v is not None for v in [paramgram["device_unique_name"],
paramgram["device_serial"], paramgram["device_ip"]]):
results = fmgr_get_device(fmg, paramgram)
if results[0] not in [0]:
module.fail_json(msg="Device query failed!")
elif len(results[1]) == 0:
module.exit_json(msg="Device NOT FOUND!")
else:
module.exit_json(msg="Device Found", **results[1][0])
# IF OBJECT IS CLUSTER_NODES
if paramgram["object"] == "cluster_nodes" and paramgram["nodes"] is not None:
results = fmgr_get_cluster_nodes(fmg, paramgram)
if results["cluster_status"] == "MISSING":
module.exit_json(msg="No cluster device found!", **results)
elif results["query_status"] == "good":
module.exit_json(msg="Cluster Found - Showing Nodes", **results)
elif results is None:
module.fail_json(msg="Query FAILED -- Check module or playbook syntax")
# IF OBJECT IS TASK
if paramgram["object"] == "task":
results = fmgr_get_task_status(fmg, paramgram)
if results[0] != 0:
module.fail_json(msg="QUERY FAILED -- Is FMGR online? Good Creds?")
if results[0] == 0:
module.exit_json(msg="Task Found", **results[1])
# IF OBJECT IS CUSTOM
if paramgram["object"] == "custom":
results = fmgr_get_custom(fmg, paramgram)
if results[0] != 0:
module.fail_json(msg="QUERY FAILED -- Please check syntax check JSON guide if needed.")
if results[0] == 0:
results_len = len(results[1])
if results_len > 0:
results_combine = dict()
if isinstance(results[1], dict):
results_combine["results"] = results[1]
if isinstance(results[1], list):
results_combine["results"] = results[1][0:results_len]
module.exit_json(msg="Custom Query Success", **results_combine)
else:
module.exit_json(msg="NO RESULTS")
# logout
fmg.logout()
return module.fail_json(msg="Parameters weren't right, logic tree didn't validate. Check playbook.")
def main():
argument_spec = dict(
adom=dict(required=False, type="str"),
vdom=dict(required=False, type="str"),
host=dict(required=True, type="str"),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]),
no_log=True),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"])),
state=dict(choices=["execute", "delete", "present"], type="str"),
script_name=dict(required=True, type="str"),
script_type=dict(required=False, type="str"),
script_target=dict(required=False, type="str"),
script_description=dict(required=False, type="str"),
script_content=dict(required=False, type="str"),
script_scope=dict(required=False, type="str"),
script_package=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec,
supports_check_mode=True,
)
# check if params are set
if module.params["host"] is None or module.params["username"] is None:
module.fail_json(msg="Host and username are required for connection")
# check if login failed
fmg = AnsibleFortiManager(module, module.params["host"],
module.params["username"],
module.params["password"])
response = fmg.login()
if "FortiManager instance connnected" not in str(response):
module.fail_json(msg="Connection to FortiManager Failed")
else:
adom = module.params["adom"]
if adom is None:
adom = "root"
vdom = module.params["vdom"]
if vdom is None:
vdom = "root"
state = module.params["state"]
if state is None:
state = "present"
script_name = module.params["script_name"]
script_type = module.params["script_type"]
script_target = module.params["script_target"]
script_description = module.params["script_description"]
script_content = module.params["script_content"]
script_scope = module.params["script_scope"]
script_package = module.params["script_package"]
# if state is present (default), then add the script
if state == "present":
results = set_script(fmg, script_name, script_type, script_content,
script_description, script_target, adom)
if not results[0] == 0:
if isinstance(results[1], list):
module.fail_json(msg="Adding Script Failed", **results)
else:
module.fail_json(msg="Adding Script Failed")
elif state == "execute":
results = execute_script(fmg, script_name, script_scope,
script_package, adom, vdom)
if not results[0] == 0:
module.fail_json(msg="Script Execution Failed", **results)
elif state == "delete":
results = delete_script(fmg, script_name, adom)
if not results[0] == 0:
module.fail_json(msg="Script Deletion Failed", **results)
fmg.logout()
# results is returned as a tuple
return module.exit_json(**results[1])
def main():
argument_spec = dict(
host=dict(required=True, type="str"),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]),
no_log=True),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]),
no_log=True),
fmgr_ha_mode=dict(required=False,
type="str",
choices=["standalone", "master", "slave"]),
fmgr_ha_cluster_pw=dict(required=False, type="str", no_log=True),
fmgr_ha_peer_status=dict(required=False,
type="str",
choices=["enable", "disable"]),
fmgr_ha_peer_sn=dict(required=False, type="str"),
fmgr_ha_peer_ipv4=dict(required=False, type="str"),
fmgr_ha_peer_ipv6=dict(required=False, type="str"),
fmgr_ha_hb_threshold=dict(required=False, type="int", default=3),
fmgr_ha_hb_interval=dict(required=False, type="int", default=5),
fmgr_ha_file_quota=dict(required=False, type="int", default=4096),
fmgr_ha_cluster_id=dict(required=False, type="int", default=1))
module = AnsibleModule(
argument_spec,
supports_check_mode=True,
)
# VALIDATE PARAMS BEFORE ATTEMPTING TO CONNECT
paramgram = {
"fmgr_ha_mode": module.params["fmgr_ha_mode"],
"fmgr_ha_cluster_pw": module.params["fmgr_ha_cluster_pw"],
"fmgr_ha_peer_status": module.params["fmgr_ha_peer_status"],
"fmgr_ha_peer_sn": module.params["fmgr_ha_peer_sn"],
"fmgr_ha_peer_ipv4": module.params["fmgr_ha_peer_ipv4"],
"fmgr_ha_peer_ipv6": module.params["fmgr_ha_peer_ipv6"],
"fmgr_ha_hb_threshold": module.params["fmgr_ha_hb_threshold"],
"fmgr_ha_hb_interval": module.params["fmgr_ha_hb_interval"],
"fmgr_ha_file_quota": module.params["fmgr_ha_file_quota"],
"fmgr_ha_cluster_id": module.params["fmgr_ha_cluster_id"],
}
# INIT FLAGS AND COUNTERS
get_ha_peers = 0
# validate required arguments are passed; not used in argument_spec to allow params to be called from provider
# check if params are set
if module.params["host"] is None or module.params["username"] is None:
module.fail_json(msg="Host and username are required for connection")
# CHECK IF LOGIN FAILED
fmg = AnsibleFortiManager(
module,
module.params["host"],
module.params["username"],
module.params["password"],
)
response = fmg.login()
if response[1]['status']['code'] != 0:
module.fail_json(msg="Connection to FortiManager Failed")
else:
# START SESSION LOGIC
# IF THE PEER SN DEFINED, BUT THE IPS ARE NOT, THEN QUIT
if paramgram["fmgr_ha_peer_sn"] is not None:
# CHANGE GET_HA_PEERS TO SHOW INTENT TO EDIT PEERS
get_ha_peers = 1
# DOUBLE CHECK THAT THE REST OF THE NEEDED PARAMETERS ARE THERE
if paramgram["fmgr_ha_peer_ipv4"] is None and paramgram[
"fmgr_ha_peer_ipv6"] is None:
fmgr_logout(
fmg,
module,
msg="HA Peer Serial Number is defined but the "
"IPv4 and IPv6 fields are empty."
" Fill in the IPv4 or v6 parameters in the playbook")
# IF THE PEER IPS ARE DEFINED, BUT NOT THE SERIAL NUMBER, THEN QUIT
if paramgram["fmgr_ha_peer_ipv4"] is not None or paramgram[
"fmgr_ha_peer_ipv6"] is not None:
# CHANGE GET_HA_PEERS TO SHOW INTENT TO EDIT PEERS
get_ha_peers = 1
# DOUBLE CHECK THAT THE REST OF THE NEEDED PARAMETERS ARE THERE
if paramgram["fmgr_ha_peer_sn"] is None:
fmgr_logout(
fmg,
module,
msg=
"HA Peer IP Address is defined, but not the Peer Serial Number. "
"Fill in the SN parameter in the playbook.")
# IF THE PEER STATUS IS SET, BUT THE SERIAL NUMBER OR IP FIELDS AREN'T THERE, THEN EXIT
if paramgram["fmgr_ha_peer_status"] is not None:
# CHANGE GET_HA_PEERS TO SHOW INTENT TO EDIT PEERS
get_ha_peers = 1
# DOUBLE CHECK THAT THE REST OF THE NEEDED PARAMETERS ARE THERE
if paramgram["fmgr_ha_peer_ipv4"] is None and paramgram[
"fmgr_ha_peer_sn"] is None:
if paramgram["fmgr_ha_peer_sn"] is None and paramgram[
"fmgr_ha_peer_ipv6"] is None:
fmgr_logout(
fmg,
module,
msg="HA Peer Status was defined, but nothing "
"to identify the peer was set. "
"Fill in one of"
" three parameters peer_ipv4 or v6 or serial_num")
# IF HA MODE IS NOT NULL, SWITCH THAT
if paramgram["fmgr_ha_mode"] is not None:
if (str.lower(paramgram["fmgr_ha_mode"]) != "standalone" and paramgram["fmgr_ha_cluster_pw"] is not None)\
or str.lower(paramgram["fmgr_ha_mode"]) == "standalone":
results = fmgr_set_ha_mode(fmg, paramgram)
if results[0] != 0:
fmgr_logout(
fmg,
module,
results=results,
good_codes=[0],
msg="Failed to edit HA configuration the HA Peer")
elif str.lower(paramgram["fmgr_ha_mode"]) != "standalone" and \
paramgram["fmgr_ha_mode"] is not None and paramgram["fmgr_ha_cluster_pw"] is None:
fmgr_logout(fmg,
module,
msg="If setting HA Mode of MASTER or SLAVE, "
"you must specify a cluster password")
# IF GET_HA_PEERS IS ENABLED, LETS PROCESS THE PEERS
if get_ha_peers == 1:
# GET THE CURRENT LIST OF PEERS FROM THE NODE
peers = fmgr_get_ha_peer_list(fmg)
# GET LENGTH OF RETURNED PEERS LIST AND ADD ONE FOR THE NEXT ID
paramgram["next_peer_id"] = len(peers[1]) + 1
# SET THE ACTUAL NUMBER OF PEERS
num_of_peers = len(peers[1])
# SET THE PEER ID FOR DISABLE METHOD
paramgram["peer_id"] = len(peers) - 1
# SET THE PEER LOOPCOUNT TO 1 TO START THE LOOP
peer_loopcount = 1
# LOOP THROUGH PEERS TO FIND THE SERIAL NUMBER MATCH TO GET THE RIGHT PEER ID
# IDEA BEING WE DON'T WANT TO SUBMIT A BAD peer_id THAT DOESN'T JIVE WITH CURRENT DB ON FMG
# SO LETS SEARCH FOR IT, AND IF WE FIND IT, WE WILL CHANGE THE PEER ID VARIABLES TO MATCH
# IF NOT FOUND, LIFE GOES ON AND WE ASSUME THAT WE'RE ADDING A PEER
# AT WHICH POINT THE next_peer_id VARIABLE WILL HAVE THE RIGHT PRIMARY KEY
if paramgram["fmgr_ha_peer_sn"] is not None:
while peer_loopcount <= num_of_peers:
# GET THE SERIAL NUMBER FOR CURRENT PEER IN LOOP TO COMPARE TO SN IN PLAYBOOK
try:
sn_compare = peers[1][peer_loopcount -
1]["serial-number"]
# IF THE SN IN THE PEERS MATCHES THE PLAYBOOK SN, SET THE IDS
if sn_compare == paramgram["fmgr_ha_peer_sn"]:
paramgram["peer_id"] = peer_loopcount
paramgram["next_peer_id"] = paramgram["peer_id"]
except:
pass
# ADVANCE THE LOOP AND REPEAT UNTIL DONE
peer_loopcount += 1
# IF THE PEER STATUS ISN'T IN THE PLAYBOOK, ASSUME ITS ENABLE
if paramgram["fmgr_ha_peer_status"] is None:
paramgram["fmgr_ha_peer_status"] = "enable"
# IF THE PEER STATUS IS ENABLE, USE THE next_peer_id IN THE API CALL FOR THE ID
if paramgram["fmgr_ha_peer_status"] == "enable":
results = fmgr_set_ha_peer(fmg, paramgram)
if results[0] != 0:
fmgr_logout(fmg,
module,
results=results,
good_codes=[0],
msg="Failed to Enable the HA Peer")
# IF THE PEER STATUS IS DISABLE, WE HAVE TO HANDLE THAT A BIT DIFFERENTLY
# JUST USING TWO DIFFERENT peer_id 's HERE
if paramgram["fmgr_ha_peer_status"] == "disable":
results = fmgr_set_ha_peer(fmg, paramgram)
if results[0] != 0:
fmgr_logout(fmg,
module,
results=results,
good_codes=[0],
msg="Failed to Disable the HA Peer")
fmg.logout()
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
host=dict(required=True, type="str"),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]),
no_log=True,
required=True),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]),
no_log=True,
required=True),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
youtube_restrict=dict(required=False,
type="str",
choices=["strict", "moderate"]),
sdns_ftgd_err_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
sdns_domain_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
safe_search=dict(required=False,
type="str",
choices=["disable", "enable"]),
redirect_portal=dict(required=False, type="str"),
name=dict(required=False, type="str"),
log_all_domain=dict(required=False,
type="str",
choices=["disable", "enable"]),
external_ip_blocklist=dict(required=False, type="str"),
comment=dict(required=False, type="str"),
block_botnet=dict(required=False,
type="str",
choices=["disable", "enable"]),
block_action=dict(required=False,
type="str",
choices=["block", "redirect"]),
domain_filter_domain_filter_table=dict(required=False, type="str"),
ftgd_dns_options=dict(required=False,
type="str",
choices=["error-allow", "ftgd-disable"]),
ftgd_dns_filters_action=dict(required=False,
type="str",
choices=["monitor", "block"]),
ftgd_dns_filters_category=dict(required=False, type="str"),
ftgd_dns_filters_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
)
module = AnsibleModule(argument_spec, supports_check_mode=False)
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"youtube-restrict": module.params["youtube_restrict"],
"sdns-ftgd-err-log": module.params["sdns_ftgd_err_log"],
"sdns-domain-log": module.params["sdns_domain_log"],
"safe-search": module.params["safe_search"],
"redirect-portal": module.params["redirect_portal"],
"name": module.params["name"],
"log-all-domain": module.params["log_all_domain"],
"external-ip-blocklist": module.params["external_ip_blocklist"],
"comment": module.params["comment"],
"block-botnet": module.params["block_botnet"],
"block-action": module.params["block_action"],
"domain-filter": {
"domain-filter-table":
module.params["domain_filter_domain_filter_table"],
},
"ftgd-dns": {
"options": module.params["ftgd_dns_options"],
"filters": {
"action": module.params["ftgd_dns_filters_action"],
"category": module.params["ftgd_dns_filters_category"],
"log": module.params["ftgd_dns_filters_log"],
}
}
}
# CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN.
host = module.params["host"]
password = module.params["password"]
username = module.params["username"]
if host is None or username is None or password is None:
module.fail_json(msg="Host and username and password are required")
# CHECK IF LOGIN FAILED
fmg = AnsibleFortiManager(module, module.params["host"],
module.params["username"],
module.params["password"])
response = fmg.login()
if response[1]['status']['code'] != 0:
module.fail_json(msg="Connection to FortiManager Failed")
results = fmgr_dnsfilter_profile_addsetdelete(fmg, paramgram)
if results[0] != 0:
fmgr_logout(fmg, module, results=results, good_codes=[0])
fmg.logout()
if results is not None:
return module.exit_json(**results[1])
else:
return module.exit_json(
msg="No results were returned from the API call.")
def main():
argument_spec = dict(
adom=dict(required=False, type="str"),
host=dict(required=True, type="str"),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]),
no_log=True),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]),
no_log=True),
mode=dict(choices=["add", "set", "delete"], type="str", default="add"),
allow_routing=dict(required=False,
type="str",
choices=['enable', 'disable']),
associated_interface=dict(required=False, type="str"),
cache_ttl=dict(required=False, type="str"),
color=dict(required=False, type="str"),
comment=dict(required=False, type="str"),
country=dict(required=False, type="str"),
fqdn=dict(required=False, type="str"),
name=dict(required=False, type="str"),
start_ip=dict(required=False, type="str"),
end_ip=dict(required=False, type="str"),
ipv4=dict(required=False,
type="str",
choices=[
'ipmask', 'iprange', 'fqdn', 'wildcard', 'geography',
'wildcard-fqdn', 'group'
]),
visibility=dict(required=False,
type="str",
choices=['enable', 'disable']),
wildcard=dict(required=False, type="str"),
wildcard_fqdn=dict(required=False, type="str"),
ipv6=dict(required=False,
type="str",
choices=['ip', 'iprange', 'group']),
group_members=dict(required=False, type="str"),
group_name=dict(required=False, type="str"),
ipv4addr=dict(required=False, type="str"),
ipv6addr=dict(required=False, type="str"),
multicast=dict(required=False,
type="str",
choices=['multicastrange', 'broadcastmask', 'ip6']),
obj_id=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec,
supports_check_mode=False,
)
# CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN.
host = module.params["host"]
password = module.params["password"]
username = module.params["username"]
if host is None or username is None:
module.fail_json(msg="Host and username are required")
# CHECK IF LOGIN FAILED
fmg = AnsibleFortiManager(module, module.params["host"],
module.params["username"],
module.params["password"])
try:
response = fmg.login()
if response[1]['status']['code'] != 0:
module.fail_json(msg="Connection to FortiManager Failed")
except:
module.fail_json(msg="Connection to FortiManager Failed")
else:
# START SESSION LOGIC
# MODULE PARAMGRAM
paramgram = {
"adom": module.params["adom"],
"allow-routing": module.params["allow_routing"],
"associated-interface": module.params["associated_interface"],
"cache-ttl": module.params["cache_ttl"],
"color": module.params["color"],
"comment": module.params["comment"],
"country": module.params["country"],
"end-ip": module.params["end_ip"],
"fqdn": module.params["fqdn"],
"name": module.params["name"],
"start-ip": module.params["start_ip"],
"visibility": module.params["visibility"],
"wildcard": module.params["wildcard"],
"wildcard-fqdn": module.params["wildcard_fqdn"],
"ipv6": module.params["ipv6"],
"ipv4": module.params["ipv4"],
"group_members": module.params["group_members"],
"group_name": module.params["group_name"],
"ipv4addr": module.params["ipv4addr"],
"ipv6addr": module.params["ipv6addr"],
"multicast": module.params["multicast"],
"mode": module.params["mode"],
"obj-id": module.params["obj_id"],
}
if paramgram["adom"] is None:
paramgram["adom"] = "root"
if paramgram["mode"] is None:
paramgram["mode"] = "add"
if paramgram["color"] is None:
paramgram["color"] = 22
if paramgram["comment"] is None:
paramgram["comment"] = "Created by Ansible"
if paramgram["allow-routing"] is None:
paramgram["allow-routing"] = "disable"
if paramgram["visibility"] is None:
paramgram["visibility"] = "enable"
if paramgram["ipv4"] is not None and paramgram[
"ipv6"] is None and paramgram["multicast"] is None:
# PROCESS IPv4
results = fmgr_fwobj_ipv4(fmg, paramgram)
fmgr_logout(fmg, module, results=results, good_codes=[0, -2, -3])
if paramgram["ipv4"] is None and paramgram[
"ipv6"] is not None and paramgram["multicast"] is None:
# PROCESS IPv6
results = fmgr_fwobj_ipv6(fmg, paramgram)
if results[0] not in [0, -2, -3]:
module.fail_json(msg="Failed to process IPv6 Object",
**results[1])
if paramgram["ipv4"] is None and paramgram[
"ipv6"] is None and paramgram["multicast"] is not None:
# PROCESS MULTICAST
results = fmgr_fwobj_multicast(fmg, paramgram)
if results[0] not in [0, -2, -3]:
module.fail_json(msg="Failed to process Multicast Object",
**results[1])
fmg.logout()
if results is not None:
return module.exit_json(**results[1])
else:
return module.exit_json(
msg="Couldn't find a proper ipv4 or ipv6 or multicast parameter "
"to run in the logic tree. Exiting...")
def main():
argument_spec = dict(adom=dict(required=False, type="str", default="root"),
host=dict(required=True, type="str"),
username=dict(fallback=(env_fallback,
["ANSIBLE_NET_USERNAME"])),
password=dict(fallback=(env_fallback,
["ANSIBLE_NET_PASSWORD"]),
no_log=True),
state=dict(choices=["absent", "present"],
type="str",
default="present"),
device_ip=dict(required=False, type="str"),
device_username=dict(required=False, type="str"),
device_password=dict(required=False,
type="str",
no_log=True),
device_unique_name=dict(required=True, type="str"),
device_serial=dict(required=False, type="str"))
module = AnsibleModule(
argument_spec,
supports_check_mode=True,
)
# handle params passed via provider and insure they are represented as the data type expected by fortimanagerd
paramgram = {
"device_ip": module.params["device_ip"],
"device_username": module.params["device_username"],
"device_password": module.params["device_password"],
"device_unique_name": module.params["device_unique_name"],
"device_serial": module.params["device_serial"],
"adom": module.params["adom"],
"state": module.params["state"]
}
# validate required arguments are passed; not used in argument_spec to allow params to be called from provider
# check if params are set
if module.params["host"] is None or module.params[
"username"] is None or module.params["password"] is None:
module.fail_json(msg="Host and username are required for connection")
# CHECK IF LOGIN FAILED
fmg = AnsibleFortiManager(module, module.params["host"],
module.params["username"],
module.params["password"])
response = fmg.login()
if response[1]['status']['code'] != 0:
module.fail_json(msg="Connection to FortiManager Failed")
else:
# START SESSION LOGIC
results = (-100000, {"msg": "Nothing Happened."})
if paramgram["state"] == "present":
# add device
results = discover_device(fmg, paramgram)
if results[0] != 0:
if results[0] == -20042:
fmgr_logout(fmg,
module,
msg="Couldn't contact device on network",
results=results,
good_codes=[0])
else:
fmgr_logout(fmg,
module,
msg="Discovering Device Failed",
results=results,
good_codes=[0])
if results[0] == 0:
results = add_device(fmg, paramgram)
if results[0] != 0 and results[0] != -20010:
fmgr_logout(fmg,
module,
msg="Adding Device Failed",
results=results,
good_codes=[0])
if paramgram["state"] == "absent":
# remove device
results = delete_device(fmg, paramgram)
if results[0] != 0:
fmgr_logout(fmg,
module,
msg="Deleting Device Failed",
results=results,
good_codes=[0])
fmg.logout()
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
host=dict(required=True, type="str"),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]), no_log=True, required=True),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]), no_log=True, required=True),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
webfilter_profile=dict(required=False, type="str"),
waf_profile=dict(required=False, type="str"),
voip_profile=dict(required=False, type="str"),
ssl_ssh_profile=dict(required=False, type="str"),
ssh_filter_profile=dict(required=False, type="str"),
spamfilter_profile=dict(required=False, type="str"),
profile_protocol_options=dict(required=False, type="str"),
name=dict(required=False, type="str"),
mms_profile=dict(required=False, type="str"),
ips_sensor=dict(required=False, type="str"),
icap_profile=dict(required=False, type="str"),
dnsfilter_profile=dict(required=False, type="str"),
dlp_sensor=dict(required=False, type="str"),
av_profile=dict(required=False, type="str"),
application_list=dict(required=False, type="str"),
)
module = AnsibleModule(argument_spec, supports_check_mode=False)
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"webfilter-profile": module.params["webfilter_profile"],
"waf-profile": module.params["waf_profile"],
"voip-profile": module.params["voip_profile"],
"ssl-ssh-profile": module.params["ssl_ssh_profile"],
"ssh-filter-profile": module.params["ssh_filter_profile"],
"spamfilter-profile": module.params["spamfilter_profile"],
"profile-protocol-options": module.params["profile_protocol_options"],
"name": module.params["name"],
"mms-profile": module.params["mms_profile"],
"ips-sensor": module.params["ips_sensor"],
"icap-profile": module.params["icap_profile"],
"dnsfilter-profile": module.params["dnsfilter_profile"],
"dlp-sensor": module.params["dlp_sensor"],
"av-profile": module.params["av_profile"],
"application-list": module.params["application_list"],
}
# CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN.
host = module.params["host"]
password = module.params["password"]
username = module.params["username"]
if host is None or username is None or password is None:
module.fail_json(msg="Host and username and password are required")
# CHECK IF LOGIN FAILED
fmg = AnsibleFortiManager(module, module.params["host"], module.params["username"], module.params["password"])
response = fmg.login()
if response[1]['status']['code'] != 0:
module.fail_json(msg="Connection to FortiManager Failed")
results = fmgr_firewall_profile_group_addsetdelete(fmg, paramgram)
if results[0] != 0:
fmgr_logout(fmg, module, results=results, good_codes=[0])
fmg.logout()
if results is not None:
return module.exit_json(**results[1])
else:
return module.exit_json(msg="No results were returned from the API call.")
def main():
argument_spec = dict(
adom=dict(required=False, type="str"),
vdom=dict(required=False, type="str"),
host=dict(required=True, type="str"),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]), no_log=True),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]), no_log=True),
policy_package=dict(required=False, type="str"),
name=dict(required=False, type="str"),
group=dict(required=False, type="str"),
serial=dict(required=True, type="str"),
platform=dict(required=True, type="str"),
description=dict(required=False, type="str"),
os_version=dict(required=True, type="str"),
minor_release=dict(required=False, type="str"),
patch_release=dict(required=False, type="str"),
os_type=dict(required=False, type="str"),
)
module = AnsibleModule(argument_spec, supports_check_mode=True, )
# check if params are set
if module.params["host"] is None or module.params["username"] is None:
module.fail_json(msg="Host and username are required for connection")
# check if login failed
fmg = AnsibleFortiManager(module, module.params["host"], module.params["username"], module.params["password"])
response = fmg.login()
if "FortiManager instance connnected" not in str(response):
module.fail_json(msg="Connection to FortiManager Failed")
else:
if module.params["policy_package"] is None:
module.params["policy_package"] = 'default'
if module.params["adom"] is None:
module.params["adom"] = 'root'
if module.params["vdom"] is None:
module.params["vdom"] = 'root'
if module.params["platform"] is None:
module.params["platform"] = 'FortiGate-VM64'
if module.params["os_type"] is None:
module.params["os_type"] = 'fos'
results = create_model_device(fmg,
module.params["name"],
module.params["serial"],
module.params["group"],
module.params["platform"],
module.params["os_ver"],
module.params["os_type"],
module.params["minor_release"],
module.params["patch_release"],
module.params["adom"])
if not results[0] == 0:
module.fail_json(msg="Create model failed", **results)
results = update_flags(fmg, module.params["name"])
if not results[0] == 0:
module.fail_json(msg="Update device flags failed", **results)
# results = assign_dev_grp(fmg, 'Ansible', 'FGVM000000117992', 'root', 'root')
# if not results[0] == 0:
# module.fail_json(msg="Setting device group failed", **results)
results = update_install_target(fmg, module.params["name"], module.params["policy_package"])
if not results[0] == 0:
module.fail_json(msg="Adding device target to package failed", **results)
results = install_pp(fmg, module.params["name"], module.params["policy_package"])
if not results[0] == 0:
module.fail_json(msg="Installing policy package failed", **results)
fmg.logout()
# results is returned as a tuple
return module.exit_json(**results[1])