def fmgr_fwpol_package_install(fmgr, paramgram):
"""
This method/function installs FMGR FW Policy Packages to the scope members defined in the playbook.
:param fmgr: The fmgr object instance from fmgr_utils.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
# INIT BLANK MEMBERS LIST
members_list = []
# USE THE PARSE CSV FUNCTION TO GET A LIST FORMAT OF THE MEMBERS
members = FMGRCommon.split_comma_strings_into_lists(
paramgram["scope_members"])
# USE THAT LIST TO BUILD THE DICTIONARIES NEEDED, AND ADD TO THE BLANK MEMBERS LIST
for member in members:
scope_dict = {
"name": member,
"vdom": paramgram["scope_members_vdom"],
}
members_list.append(scope_dict)
# THEN FOR THE DATAGRAM, USING THE MEMBERS LIST CREATED ABOVE
datagram = {
"adom": paramgram["adom"],
"pkg": paramgram["name"],
"scope": members_list
}
# EXECUTE THE INSTALL REQUEST
url = '/securityconsole/install/package'
response = fmgr.process_request(url, datagram, FMGRMethods.EXEC)
return response
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
startip=dict(required=False, type="str"),
name=dict(required=False, type="str"),
endip=dict(required=False, type="str"),
comments=dict(required=False, type="str"),
dynamic_mapping=dict(required=False, type="list"),
dynamic_mapping_comments=dict(required=False, type="str"),
dynamic_mapping_endip=dict(required=False, type="str"),
dynamic_mapping_startip=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"startip": module.params["startip"],
"name": module.params["name"],
"endip": module.params["endip"],
"comments": module.params["comments"],
"dynamic_mapping": {
"comments": module.params["dynamic_mapping_comments"],
"endip": module.params["dynamic_mapping_endip"],
"startip": module.params["dynamic_mapping_startip"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['dynamic_mapping']
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_fwobj_ippool6_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
transparent=dict(required=False,
type="str",
choices=["disable", "enable"]),
name=dict(required=False, type="str"),
comments=dict(required=False, type="str"),
auth_group=dict(required=False, type="str"),
cifs=dict(required=False, type="dict"),
cifs_byte_caching=dict(required=False,
type="str",
choices=["disable", "enable"]),
cifs_log_traffic=dict(required=False,
type="str",
choices=["disable", "enable"]),
cifs_port=dict(required=False, type="str"),
cifs_prefer_chunking=dict(required=False,
type="str",
choices=["dynamic", "fix"]),
cifs_secure_tunnel=dict(required=False,
type="str",
choices=["disable", "enable"]),
cifs_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
cifs_tunnel_sharing=dict(
required=False,
type="str",
choices=["private", "shared", "express-shared"]),
ftp=dict(required=False, type="dict"),
ftp_byte_caching=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftp_log_traffic=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftp_port=dict(required=False, type="str"),
ftp_prefer_chunking=dict(required=False,
type="str",
choices=["dynamic", "fix"]),
ftp_secure_tunnel=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftp_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftp_tunnel_sharing=dict(
required=False,
type="str",
choices=["private", "shared", "express-shared"]),
http=dict(required=False, type="dict"),
http_byte_caching=dict(required=False,
type="str",
choices=["disable", "enable"]),
http_log_traffic=dict(required=False,
type="str",
choices=["disable", "enable"]),
http_port=dict(required=False, type="str"),
http_prefer_chunking=dict(required=False,
type="str",
choices=["dynamic", "fix"]),
http_secure_tunnel=dict(required=False,
type="str",
choices=["disable", "enable"]),
http_ssl=dict(required=False,
type="str",
choices=["disable", "enable"]),
http_ssl_port=dict(required=False, type="str"),
http_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
http_tunnel_non_http=dict(required=False,
type="str",
choices=["disable", "enable"]),
http_tunnel_sharing=dict(
required=False,
type="str",
choices=["private", "shared", "express-shared"]),
http_unknown_http_version=dict(
required=False,
type="str",
choices=["best-effort", "reject", "tunnel"]),
mapi=dict(required=False, type="dict"),
mapi_byte_caching=dict(required=False,
type="str",
choices=["disable", "enable"]),
mapi_log_traffic=dict(required=False,
type="str",
choices=["disable", "enable"]),
mapi_port=dict(required=False, type="str"),
mapi_secure_tunnel=dict(required=False,
type="str",
choices=["disable", "enable"]),
mapi_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
mapi_tunnel_sharing=dict(
required=False,
type="str",
choices=["private", "shared", "express-shared"]),
tcp=dict(required=False, type="dict"),
tcp_byte_caching=dict(required=False,
type="str",
choices=["disable", "enable"]),
tcp_byte_caching_opt=dict(required=False,
type="str",
choices=["mem-only", "mem-disk"]),
tcp_log_traffic=dict(required=False,
type="str",
choices=["disable", "enable"]),
tcp_port=dict(required=False, type="str"),
tcp_secure_tunnel=dict(required=False,
type="str",
choices=["disable", "enable"]),
tcp_ssl=dict(required=False, type="str", choices=["disable",
"enable"]),
tcp_ssl_port=dict(required=False, type="str"),
tcp_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
tcp_tunnel_sharing=dict(
required=False,
type="str",
choices=["private", "shared", "express-shared"]),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"transparent": module.params["transparent"],
"name": module.params["name"],
"comments": module.params["comments"],
"auth-group": module.params["auth_group"],
"cifs": {
"byte-caching": module.params["cifs_byte_caching"],
"log-traffic": module.params["cifs_log_traffic"],
"port": module.params["cifs_port"],
"prefer-chunking": module.params["cifs_prefer_chunking"],
"secure-tunnel": module.params["cifs_secure_tunnel"],
"status": module.params["cifs_status"],
"tunnel-sharing": module.params["cifs_tunnel_sharing"],
},
"ftp": {
"byte-caching": module.params["ftp_byte_caching"],
"log-traffic": module.params["ftp_log_traffic"],
"port": module.params["ftp_port"],
"prefer-chunking": module.params["ftp_prefer_chunking"],
"secure-tunnel": module.params["ftp_secure_tunnel"],
"status": module.params["ftp_status"],
"tunnel-sharing": module.params["ftp_tunnel_sharing"],
},
"http": {
"byte-caching": module.params["http_byte_caching"],
"log-traffic": module.params["http_log_traffic"],
"port": module.params["http_port"],
"prefer-chunking": module.params["http_prefer_chunking"],
"secure-tunnel": module.params["http_secure_tunnel"],
"ssl": module.params["http_ssl"],
"ssl-port": module.params["http_ssl_port"],
"status": module.params["http_status"],
"tunnel-non-http": module.params["http_tunnel_non_http"],
"tunnel-sharing": module.params["http_tunnel_sharing"],
"unknown-http-version": module.params["http_unknown_http_version"],
},
"mapi": {
"byte-caching": module.params["mapi_byte_caching"],
"log-traffic": module.params["mapi_log_traffic"],
"port": module.params["mapi_port"],
"secure-tunnel": module.params["mapi_secure_tunnel"],
"status": module.params["mapi_status"],
"tunnel-sharing": module.params["mapi_tunnel_sharing"],
},
"tcp": {
"byte-caching": module.params["tcp_byte_caching"],
"byte-caching-opt": module.params["tcp_byte_caching_opt"],
"log-traffic": module.params["tcp_log_traffic"],
"port": module.params["tcp_port"],
"secure-tunnel": module.params["tcp_secure_tunnel"],
"ssl": module.params["tcp_ssl"],
"ssl-port": module.params["tcp_ssl_port"],
"status": module.params["tcp_status"],
"tunnel-sharing": module.params["tcp_tunnel_sharing"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['cifs', 'ftp', 'http', 'mapi', 'tcp']
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_wanopt_profile_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
mode=dict(required=False,
type="str",
choices=['add', 'set', 'delete'],
default="add"),
app_category=dict(required=False, type="str"),
app_service_type=dict(required=False, type="str"),
application=dict(required=False, type="str"),
category=dict(required=False, type="str"),
check_reset_range=dict(required=False, type="str"),
color=dict(required=False, type="int", default=22),
comment=dict(required=False, type="str"),
custom_type=dict(required=False,
type="str",
choices=[
'tcp_udp_sctp', 'icmp', 'icmp6', 'ip', 'http',
'ftp', 'connect', 'socks_tcp', 'socks_udp', 'all'
],
default="all"),
explicit_proxy=dict(required=False,
type="str",
choices=['enable', 'disable'],
default="disable"),
fqdn=dict(required=False, type="str", default=""),
group_name=dict(required=False, type="str"),
group_member=dict(required=False, type="str"),
icmp_code=dict(required=False, type="int"),
icmp_type=dict(required=False, type="int"),
iprange=dict(required=False, type="str", default="0.0.0.0"),
name=dict(required=False, type="str"),
protocol=dict(required=False, type="str"),
protocol_number=dict(required=False, type="int"),
sctp_portrange=dict(required=False, type="str"),
session_ttl=dict(required=False, type="int", default=0),
object_type=dict(required=False,
type="str",
choices=['custom', 'group', 'category']),
tcp_halfclose_timer=dict(required=False, type="int", default=0),
tcp_halfopen_timer=dict(required=False, type="int", default=0),
tcp_portrange=dict(required=False, type="str"),
tcp_timewait_timer=dict(required=False, type="int", default=0),
udp_idle_timer=dict(required=False, type="int", default=0),
udp_portrange=dict(required=False, type="str"),
visibility=dict(required=False,
type="str",
default="enable",
choices=["enable", "disable"]),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE DATAGRAM
paramgram = {
"adom": module.params["adom"],
"app-category": module.params["app_category"],
"app-service-type": module.params["app_service_type"],
"application": module.params["application"],
"category": module.params["category"],
"check-reset-range": module.params["check_reset_range"],
"color": module.params["color"],
"comment": module.params["comment"],
"custom_type": module.params["custom_type"],
"explicit-proxy": module.params["explicit_proxy"],
"fqdn": module.params["fqdn"],
"group-name": module.params["group_name"],
"group-member": module.params["group_member"],
"icmp_code": module.params["icmp_code"],
"icmp_type": module.params["icmp_type"],
"iprange": module.params["iprange"],
"name": module.params["name"],
"mode": module.params["mode"],
"protocol": module.params["protocol"],
"protocol-number": module.params["protocol_number"],
"sctp-portrange": module.params["sctp_portrange"],
"object_type": module.params["object_type"],
"session-ttl": module.params["session_ttl"],
"tcp-halfclose-timer": module.params["tcp_halfclose_timer"],
"tcp-halfopen-timer": module.params["tcp_halfopen_timer"],
"tcp-portrange": module.params["tcp_portrange"],
"tcp-timewait-timer": module.params["tcp_timewait_timer"],
"udp-idle-timer": module.params["udp_idle_timer"],
"udp-portrange": module.params["udp_portrange"],
"visibility": module.params["visibility"],
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
results = DEFAULT_RESULT_OBJ
try:
# CHECK FOR CATEGORIES TO ADD
# THIS IS ONLY WHEN OBJECT_TYPE ISN'T SPECIFICALLY ADDING A CATEGORY!
# WE NEED TO ADD THE CATEGORY BEFORE ADDING THE OBJECT
# IF ANY category ARE DEFINED AND MODE IS ADD OR SET LETS ADD THOSE
# THIS IS A "BLIND ADD" AND THE EXIT CODE FOR OBJECT ALREADY EXISTS IS TREATED AS A PASS
if paramgram["category"] is not None and paramgram["mode"] in ['add', 'set'] \
and paramgram["object_type"] != "category":
category_add = fmgr_fwobj_service_category(fmgr, paramgram)
fmgr.govern_response(module=module,
results=category_add,
ansible_facts=fmgr.construct_ansible_facts(
category_add, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
try:
# IF OBJECT_TYPE IS CATEGORY...
if paramgram["object_type"] == 'category':
results = fmgr_fwobj_service_category(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
good_codes=[0, -2, -3],
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
try:
# IF OBJECT_TYPE IS CUSTOM...
if paramgram["object_type"] == 'custom':
results = fmgr_fwobj_service_custom(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
good_codes=[0, -2, -3],
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
try:
# IF OBJECT_TYPE IS GROUP...
if paramgram["object_type"] == 'group':
results = fmgr_fwobj_service_group(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
good_codes=[0, -2, -3],
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
webfilter_profile=dict(required=False, type="str"),
waf_profile=dict(required=False, type="str"),
voip_profile=dict(required=False, type="str"),
ssl_ssh_profile=dict(required=False, type="str"),
ssh_filter_profile=dict(required=False, type="str"),
spamfilter_profile=dict(required=False, type="str"),
profile_protocol_options=dict(required=False, type="str"),
name=dict(required=False, type="str"),
mms_profile=dict(required=False, type="str"),
ips_sensor=dict(required=False, type="str"),
icap_profile=dict(required=False, type="str"),
dnsfilter_profile=dict(required=False, type="str"),
dlp_sensor=dict(required=False, type="str"),
av_profile=dict(required=False, type="str"),
application_list=dict(required=False, type="str"),
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"webfilter-profile": module.params["webfilter_profile"],
"waf-profile": module.params["waf_profile"],
"voip-profile": module.params["voip_profile"],
"ssl-ssh-profile": module.params["ssl_ssh_profile"],
"ssh-filter-profile": module.params["ssh_filter_profile"],
"spamfilter-profile": module.params["spamfilter_profile"],
"profile-protocol-options": module.params["profile_protocol_options"],
"name": module.params["name"],
"mms-profile": module.params["mms_profile"],
"ips-sensor": module.params["ips_sensor"],
"icap-profile": module.params["icap_profile"],
"dnsfilter-profile": module.params["dnsfilter_profile"],
"dlp-sensor": module.params["dlp_sensor"],
"av-profile": module.params["av_profile"],
"application-list": module.params["application_list"],
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_firewall_profile_group_modify(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
device_unique_name=dict(required=True, type="str"),
device_hostname=dict(required=False, type="str"),
interface=dict(required=False, type="str"),
interface_ip=dict(required=False, type="str"),
interface_allow_access=dict(required=False, type="str"),
install_config=dict(required=False, type="str", default="disable"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
paramgram = {
"device_unique_name": module.params["device_unique_name"],
"device_hostname": module.params["device_hostname"],
"interface": module.params["interface"],
"interface_ip": module.params["interface_ip"],
"interface_allow_access": module.params["interface_allow_access"],
"install_config": module.params["install_config"],
"adom": module.params["adom"]
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
# BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION
results = DEFAULT_RESULT_OBJ
try:
if paramgram["device_hostname"] is not None:
results = update_device_hostname(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
if paramgram["interface_ip"] is not None or paramgram[
"interface_allow_access"] is not None:
results = update_device_interface(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
if paramgram["install_config"] == "enable":
results = exec_config(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
vdom=dict(required=False, type="str", default="root"),
mode=dict(choices=["add", "execute", "set", "delete"],
type="str",
default="add"),
script_name=dict(required=True, type="str"),
script_type=dict(required=False, type="str"),
script_target=dict(required=False, type="str"),
script_description=dict(required=False, type="str"),
script_content=dict(required=False, type="str"),
script_scope=dict(required=False, type="str"),
script_package=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
paramgram = {
"script_name": module.params["script_name"],
"script_type": module.params["script_type"],
"script_target": module.params["script_target"],
"script_description": module.params["script_description"],
"script_content": module.params["script_content"],
"script_scope": module.params["script_scope"],
"script_package": module.params["script_package"],
"adom": module.params["adom"],
"vdom": module.params["vdom"],
"mode": module.params["mode"],
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
results = DEFAULT_RESULT_OBJ
try:
if paramgram["mode"] in ['add', 'set']:
results = set_script(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
msg="Operation Finished",
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, module.params))
except Exception as err:
raise FMGBaseException(err)
try:
if paramgram["mode"] == "execute":
results = execute_script(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
msg="Operation Finished",
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, module.params))
except Exception as err:
raise FMGBaseException(err)
try:
if paramgram["mode"] == "delete":
results = delete_script(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
msg="Operation Finished",
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, module.params))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
fmgr_ha_mode=dict(required=False,
type="str",
choices=["standalone", "master", "slave"]),
fmgr_ha_cluster_pw=dict(required=False, type="str", no_log=True),
fmgr_ha_peer_status=dict(required=False,
type="str",
choices=["enable", "disable"]),
fmgr_ha_peer_sn=dict(required=False, type="str"),
fmgr_ha_peer_ipv4=dict(required=False, type="str"),
fmgr_ha_peer_ipv6=dict(required=False, type="str"),
fmgr_ha_hb_threshold=dict(required=False, type="int", default=3),
fmgr_ha_hb_interval=dict(required=False, type="int", default=5),
fmgr_ha_file_quota=dict(required=False, type="int", default=4096),
fmgr_ha_cluster_id=dict(required=False, type="int", default=1))
required_if = [
[
'fmgr_ha_peer_ipv4', 'present',
['fmgr_ha_peer_sn', 'fmgr_ha_peer_status']
],
[
'fmgr_ha_peer_ipv6', 'present',
['fmgr_ha_peer_sn', 'fmgr_ha_peer_status']
],
[
'fmgr_ha_mode', 'master',
['fmgr_ha_cluster_pw', 'fmgr_ha_cluster_id']
],
[
'fmgr_ha_mode', 'slave',
['fmgr_ha_cluster_pw', 'fmgr_ha_cluster_id']
],
]
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False,
required_if=required_if)
paramgram = {
"fmgr_ha_mode": module.params["fmgr_ha_mode"],
"fmgr_ha_cluster_pw": module.params["fmgr_ha_cluster_pw"],
"fmgr_ha_peer_status": module.params["fmgr_ha_peer_status"],
"fmgr_ha_peer_sn": module.params["fmgr_ha_peer_sn"],
"fmgr_ha_peer_ipv4": module.params["fmgr_ha_peer_ipv4"],
"fmgr_ha_peer_ipv6": module.params["fmgr_ha_peer_ipv6"],
"fmgr_ha_hb_threshold": module.params["fmgr_ha_hb_threshold"],
"fmgr_ha_hb_interval": module.params["fmgr_ha_hb_interval"],
"fmgr_ha_file_quota": module.params["fmgr_ha_file_quota"],
"fmgr_ha_cluster_id": module.params["fmgr_ha_cluster_id"],
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
# INIT FLAGS AND COUNTERS
get_ha_peers = 0
results = DEFAULT_RESULT_OBJ
try:
if any(v is not None for v in (paramgram["fmgr_ha_peer_sn"],
paramgram["fmgr_ha_peer_ipv4"],
paramgram["fmgr_ha_peer_ipv6"],
paramgram["fmgr_ha_peer_status"])):
get_ha_peers = 1
except Exception as err:
raise FMGBaseException(err)
try:
# IF HA MODE IS NOT NULL, SWITCH THAT
if paramgram["fmgr_ha_mode"] is not None:
if (str.lower(paramgram["fmgr_ha_mode"]) != "standalone" and paramgram["fmgr_ha_cluster_pw"] is not None)\
or str.lower(paramgram["fmgr_ha_mode"]) == "standalone":
results = fmgr_set_ha_mode(fmgr, paramgram)
fmgr.govern_response(
module=module,
results=results,
stop_on_success=False,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
elif str.lower(paramgram["fmgr_ha_mode"]) != "standalone" and\
paramgram["fmgr_ha_mode"] is not None and\
paramgram["fmgr_ha_cluster_pw"] is None:
module.exit_json(
msg=
"If setting HA Mode of MASTER or SLAVE, you must specify a cluster password"
)
except Exception as err:
raise FMGBaseException(err)
# IF GET_HA_PEERS IS ENABLED, LETS PROCESS THE PEERS
try:
if get_ha_peers == 1:
# GET THE CURRENT LIST OF PEERS FROM THE NODE
peers = fmgr_get_ha_peer_list(fmgr)
# GET LENGTH OF RETURNED PEERS LIST AND ADD ONE FOR THE NEXT ID
paramgram["next_peer_id"] = len(peers[1]) + 1
# SET THE ACTUAL NUMBER OF PEERS
num_of_peers = len(peers[1])
# SET THE PEER ID FOR DISABLE METHOD
paramgram["peer_id"] = len(peers) - 1
# SET THE PEER LOOPCOUNT TO 1 TO START THE LOOP
peer_loopcount = 1
# LOOP THROUGH PEERS TO FIND THE SERIAL NUMBER MATCH TO GET THE RIGHT PEER ID
# IDEA BEING WE DON'T WANT TO SUBMIT A BAD peer_id THAT DOESN'T JIVE WITH CURRENT DB ON FMG
# SO LETS SEARCH FOR IT, AND IF WE FIND IT, WE WILL CHANGE THE PEER ID VARIABLES TO MATCH
# IF NOT FOUND, LIFE GOES ON AND WE ASSUME THAT WE'RE ADDING A PEER
# AT WHICH POINT THE next_peer_id VARIABLE WILL HAVE THE RIGHT PRIMARY KEY
if paramgram["fmgr_ha_peer_sn"] is not None:
while peer_loopcount <= num_of_peers:
# GET THE SERIAL NUMBER FOR CURRENT PEER IN LOOP TO COMPARE TO SN IN PLAYBOOK
try:
sn_compare = peers[1][peer_loopcount -
1]["serial-number"]
# IF THE SN IN THE PEERS MATCHES THE PLAYBOOK SN, SET THE IDS
if sn_compare == paramgram["fmgr_ha_peer_sn"]:
paramgram["peer_id"] = peer_loopcount
paramgram["next_peer_id"] = paramgram["peer_id"]
except Exception as err:
raise FMGBaseException(err)
# ADVANCE THE LOOP AND REPEAT UNTIL DONE
peer_loopcount += 1
# IF THE PEER STATUS ISN'T IN THE PLAYBOOK, ASSUME ITS ENABLE
if paramgram["fmgr_ha_peer_status"] is None:
paramgram["fmgr_ha_peer_status"] = "enable"
# IF THE PEER STATUS IS ENABLE, USE THE next_peer_id IN THE API CALL FOR THE ID
if paramgram["fmgr_ha_peer_status"] == "enable":
results = fmgr_set_ha_peer(fmgr, paramgram)
fmgr.govern_response(
module=module,
results=results,
stop_on_success=True,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
# IF THE PEER STATUS IS DISABLE, WE HAVE TO HANDLE THAT A BIT DIFFERENTLY
# JUST USING TWO DIFFERENT peer_id 's HERE
if paramgram["fmgr_ha_peer_status"] == "disable":
results = fmgr_set_ha_peer(fmgr, paramgram)
fmgr.govern_response(
module=module,
results=results,
stop_on_success=True,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
whitelist=dict(required=False,
type="str",
choices=["disable", "enable"]),
use_ssl_server=dict(required=False,
type="str",
choices=["disable", "enable"]),
untrusted_caname=dict(required=False, type="str"),
ssl_exemptions_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
ssl_anomalies_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
server_cert_mode=dict(required=False,
type="str",
choices=["re-sign", "replace"]),
server_cert=dict(required=False, type="str"),
rpc_over_https=dict(required=False,
type="str",
choices=["disable", "enable"]),
name=dict(required=False, type="str"),
mapi_over_https=dict(required=False,
type="str",
choices=["disable", "enable"]),
comment=dict(required=False, type="str"),
caname=dict(required=False, type="str"),
ftps=dict(required=False, type="list"),
ftps_allow_invalid_server_cert=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftps_client_cert_request=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
ftps_ports=dict(required=False, type="str"),
ftps_status=dict(required=False,
type="str",
choices=["disable", "deep-inspection"]),
ftps_unsupported_ssl=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
ftps_untrusted_cert=dict(required=False,
type="str",
choices=["allow", "block", "ignore"]),
https=dict(required=False, type="list"),
https_allow_invalid_server_cert=dict(required=False,
type="str",
choices=["disable", "enable"]),
https_client_cert_request=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
https_ports=dict(required=False, type="str"),
https_status=dict(
required=False,
type="str",
choices=["disable", "certificate-inspection", "deep-inspection"]),
https_unsupported_ssl=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
https_untrusted_cert=dict(required=False,
type="str",
choices=["allow", "block", "ignore"]),
imaps=dict(required=False, type="list"),
imaps_allow_invalid_server_cert=dict(required=False,
type="str",
choices=["disable", "enable"]),
imaps_client_cert_request=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
imaps_ports=dict(required=False, type="str"),
imaps_status=dict(required=False,
type="str",
choices=["disable", "deep-inspection"]),
imaps_unsupported_ssl=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
imaps_untrusted_cert=dict(required=False,
type="str",
choices=["allow", "block", "ignore"]),
pop3s=dict(required=False, type="list"),
pop3s_allow_invalid_server_cert=dict(required=False,
type="str",
choices=["disable", "enable"]),
pop3s_client_cert_request=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
pop3s_ports=dict(required=False, type="str"),
pop3s_status=dict(required=False,
type="str",
choices=["disable", "deep-inspection"]),
pop3s_unsupported_ssl=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
pop3s_untrusted_cert=dict(required=False,
type="str",
choices=["allow", "block", "ignore"]),
smtps=dict(required=False, type="list"),
smtps_allow_invalid_server_cert=dict(required=False,
type="str",
choices=["disable", "enable"]),
smtps_client_cert_request=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
smtps_ports=dict(required=False, type="str"),
smtps_status=dict(required=False,
type="str",
choices=["disable", "deep-inspection"]),
smtps_unsupported_ssl=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
smtps_untrusted_cert=dict(required=False,
type="str",
choices=["allow", "block", "ignore"]),
ssh=dict(required=False, type="list"),
ssh_inspect_all=dict(required=False,
type="str",
choices=["disable", "deep-inspection"]),
ssh_ports=dict(required=False, type="str"),
ssh_ssh_algorithm=dict(required=False,
type="str",
choices=["compatible", "high-encryption"]),
ssh_ssh_policy_check=dict(required=False,
type="str",
choices=["disable", "enable"]),
ssh_ssh_tun_policy_check=dict(required=False,
type="str",
choices=["disable", "enable"]),
ssh_status=dict(required=False,
type="str",
choices=["disable", "deep-inspection"]),
ssh_unsupported_version=dict(required=False,
type="str",
choices=["block", "bypass"]),
ssl=dict(required=False, type="list"),
ssl_allow_invalid_server_cert=dict(required=False,
type="str",
choices=["disable", "enable"]),
ssl_client_cert_request=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
ssl_inspect_all=dict(
required=False,
type="str",
choices=["disable", "certificate-inspection", "deep-inspection"]),
ssl_unsupported_ssl=dict(required=False,
type="str",
choices=["bypass", "inspect", "block"]),
ssl_untrusted_cert=dict(required=False,
type="str",
choices=["allow", "block", "ignore"]),
ssl_exempt=dict(required=False, type="list"),
ssl_exempt_address=dict(required=False, type="str"),
ssl_exempt_address6=dict(required=False, type="str"),
ssl_exempt_fortiguard_category=dict(required=False, type="str"),
ssl_exempt_regex=dict(required=False, type="str"),
ssl_exempt_type=dict(required=False,
type="str",
choices=[
"fortiguard-category", "address", "address6",
"wildcard-fqdn", "regex"
]),
ssl_exempt_wildcard_fqdn=dict(required=False, type="str"),
ssl_server=dict(required=False, type="list"),
ssl_server_ftps_client_cert_request=dict(
required=False, type="str", choices=["bypass", "inspect",
"block"]),
ssl_server_https_client_cert_request=dict(
required=False, type="str", choices=["bypass", "inspect",
"block"]),
ssl_server_imaps_client_cert_request=dict(
required=False, type="str", choices=["bypass", "inspect",
"block"]),
ssl_server_ip=dict(required=False, type="str"),
ssl_server_pop3s_client_cert_request=dict(
required=False, type="str", choices=["bypass", "inspect",
"block"]),
ssl_server_smtps_client_cert_request=dict(
required=False, type="str", choices=["bypass", "inspect",
"block"]),
ssl_server_ssl_other_client_cert_request=dict(
required=False, type="str", choices=["bypass", "inspect",
"block"]),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"whitelist": module.params["whitelist"],
"use-ssl-server": module.params["use_ssl_server"],
"untrusted-caname": module.params["untrusted_caname"],
"ssl-exemptions-log": module.params["ssl_exemptions_log"],
"ssl-anomalies-log": module.params["ssl_anomalies_log"],
"server-cert-mode": module.params["server_cert_mode"],
"server-cert": module.params["server_cert"],
"rpc-over-https": module.params["rpc_over_https"],
"name": module.params["name"],
"mapi-over-https": module.params["mapi_over_https"],
"comment": module.params["comment"],
"caname": module.params["caname"],
"ftps": {
"allow-invalid-server-cert":
module.params["ftps_allow_invalid_server_cert"],
"client-cert-request":
module.params["ftps_client_cert_request"],
"ports":
module.params["ftps_ports"],
"status":
module.params["ftps_status"],
"unsupported-ssl":
module.params["ftps_unsupported_ssl"],
"untrusted-cert":
module.params["ftps_untrusted_cert"],
},
"https": {
"allow-invalid-server-cert":
module.params["https_allow_invalid_server_cert"],
"client-cert-request":
module.params["https_client_cert_request"],
"ports":
module.params["https_ports"],
"status":
module.params["https_status"],
"unsupported-ssl":
module.params["https_unsupported_ssl"],
"untrusted-cert":
module.params["https_untrusted_cert"],
},
"imaps": {
"allow-invalid-server-cert":
module.params["imaps_allow_invalid_server_cert"],
"client-cert-request":
module.params["imaps_client_cert_request"],
"ports":
module.params["imaps_ports"],
"status":
module.params["imaps_status"],
"unsupported-ssl":
module.params["imaps_unsupported_ssl"],
"untrusted-cert":
module.params["imaps_untrusted_cert"],
},
"pop3s": {
"allow-invalid-server-cert":
module.params["pop3s_allow_invalid_server_cert"],
"client-cert-request":
module.params["pop3s_client_cert_request"],
"ports":
module.params["pop3s_ports"],
"status":
module.params["pop3s_status"],
"unsupported-ssl":
module.params["pop3s_unsupported_ssl"],
"untrusted-cert":
module.params["pop3s_untrusted_cert"],
},
"smtps": {
"allow-invalid-server-cert":
module.params["smtps_allow_invalid_server_cert"],
"client-cert-request":
module.params["smtps_client_cert_request"],
"ports":
module.params["smtps_ports"],
"status":
module.params["smtps_status"],
"unsupported-ssl":
module.params["smtps_unsupported_ssl"],
"untrusted-cert":
module.params["smtps_untrusted_cert"],
},
"ssh": {
"inspect-all": module.params["ssh_inspect_all"],
"ports": module.params["ssh_ports"],
"ssh-algorithm": module.params["ssh_ssh_algorithm"],
"ssh-policy-check": module.params["ssh_ssh_policy_check"],
"ssh-tun-policy-check": module.params["ssh_ssh_tun_policy_check"],
"status": module.params["ssh_status"],
"unsupported-version": module.params["ssh_unsupported_version"],
},
"ssl": {
"allow-invalid-server-cert":
module.params["ssl_allow_invalid_server_cert"],
"client-cert-request":
module.params["ssl_client_cert_request"],
"inspect-all":
module.params["ssl_inspect_all"],
"unsupported-ssl":
module.params["ssl_unsupported_ssl"],
"untrusted-cert":
module.params["ssl_untrusted_cert"],
},
"ssl-exempt": {
"address": module.params["ssl_exempt_address"],
"address6": module.params["ssl_exempt_address6"],
"fortiguard-category":
module.params["ssl_exempt_fortiguard_category"],
"regex": module.params["ssl_exempt_regex"],
"type": module.params["ssl_exempt_type"],
"wildcard-fqdn": module.params["ssl_exempt_wildcard_fqdn"],
},
"ssl-server": {
"ftps-client-cert-request":
module.params["ssl_server_ftps_client_cert_request"],
"https-client-cert-request":
module.params["ssl_server_https_client_cert_request"],
"imaps-client-cert-request":
module.params["ssl_server_imaps_client_cert_request"],
"ip":
module.params["ssl_server_ip"],
"pop3s-client-cert-request":
module.params["ssl_server_pop3s_client_cert_request"],
"smtps-client-cert-request":
module.params["ssl_server_smtps_client_cert_request"],
"ssl-other-client-cert-request":
module.params["ssl_server_ssl_other_client_cert_request"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = [
'ftps', 'https', 'imaps', 'pop3s', 'smtps', 'ssh', 'ssl', 'ssl-exempt',
'ssl-server'
]
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_firewall_ssl_ssh_profile_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
replacemsg_group=dict(required=False, type="str"),
name=dict(required=False, type="str"),
extended_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
comment=dict(required=False, type="str"),
block_malicious_url=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries=dict(required=False, type="list"),
entries_action=dict(required=False,
type="str",
choices=["pass", "block", "reset", "default"]),
entries_application=dict(required=False, type="str"),
entries_location=dict(required=False, type="str"),
entries_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries_log_attack_context=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries_log_packet=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries_os=dict(required=False, type="str"),
entries_protocol=dict(required=False, type="str"),
entries_quarantine=dict(required=False,
type="str",
choices=["none", "attacker"]),
entries_quarantine_expiry=dict(required=False, type="str"),
entries_quarantine_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries_rate_count=dict(required=False, type="int"),
entries_rate_duration=dict(required=False, type="int"),
entries_rate_mode=dict(required=False,
type="str",
choices=["periodical", "continuous"]),
entries_rate_track=dict(required=False,
type="str",
choices=[
"none", "src-ip", "dest-ip",
"dhcp-client-mac", "dns-domain"
]),
entries_rule=dict(required=False, type="str"),
entries_severity=dict(required=False, type="str"),
entries_status=dict(required=False,
type="str",
choices=["disable", "enable", "default"]),
entries_exempt_ip_dst_ip=dict(required=False, type="str"),
entries_exempt_ip_src_ip=dict(required=False, type="str"),
filter=dict(required=False, type="list"),
filter_action=dict(required=False,
type="str",
choices=["pass", "block", "default", "reset"]),
filter_application=dict(required=False, type="str"),
filter_location=dict(required=False, type="str"),
filter_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
filter_log_packet=dict(required=False,
type="str",
choices=["disable", "enable"]),
filter_name=dict(required=False, type="str"),
filter_os=dict(required=False, type="str"),
filter_protocol=dict(required=False, type="str"),
filter_quarantine=dict(required=False,
type="str",
choices=["none", "attacker"]),
filter_quarantine_expiry=dict(required=False, type="int"),
filter_quarantine_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
filter_severity=dict(required=False, type="str"),
filter_status=dict(required=False,
type="str",
choices=["disable", "enable", "default"]),
override=dict(required=False, type="list"),
override_action=dict(required=False,
type="str",
choices=["pass", "block", "reset"]),
override_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
override_log_packet=dict(required=False,
type="str",
choices=["disable", "enable"]),
override_quarantine=dict(required=False,
type="str",
choices=["none", "attacker"]),
override_quarantine_expiry=dict(required=False, type="int"),
override_quarantine_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
override_rule_id=dict(required=False, type="str"),
override_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
override_exempt_ip_dst_ip=dict(required=False, type="str"),
override_exempt_ip_src_ip=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"replacemsg-group": module.params["replacemsg_group"],
"name": module.params["name"],
"extended-log": module.params["extended_log"],
"comment": module.params["comment"],
"block-malicious-url": module.params["block_malicious_url"],
"entries": {
"action": module.params["entries_action"],
"application": module.params["entries_application"],
"location": module.params["entries_location"],
"log": module.params["entries_log"],
"log-attack-context": module.params["entries_log_attack_context"],
"log-packet": module.params["entries_log_packet"],
"os": module.params["entries_os"],
"protocol": module.params["entries_protocol"],
"quarantine": module.params["entries_quarantine"],
"quarantine-expiry": module.params["entries_quarantine_expiry"],
"quarantine-log": module.params["entries_quarantine_log"],
"rate-count": module.params["entries_rate_count"],
"rate-duration": module.params["entries_rate_duration"],
"rate-mode": module.params["entries_rate_mode"],
"rate-track": module.params["entries_rate_track"],
"rule": module.params["entries_rule"],
"severity": module.params["entries_severity"],
"status": module.params["entries_status"],
"exempt-ip": {
"dst-ip": module.params["entries_exempt_ip_dst_ip"],
"src-ip": module.params["entries_exempt_ip_src_ip"],
},
},
"filter": {
"action": module.params["filter_action"],
"application": module.params["filter_application"],
"location": module.params["filter_location"],
"log": module.params["filter_log"],
"log-packet": module.params["filter_log_packet"],
"name": module.params["filter_name"],
"os": module.params["filter_os"],
"protocol": module.params["filter_protocol"],
"quarantine": module.params["filter_quarantine"],
"quarantine-expiry": module.params["filter_quarantine_expiry"],
"quarantine-log": module.params["filter_quarantine_log"],
"severity": module.params["filter_severity"],
"status": module.params["filter_status"],
},
"override": {
"action": module.params["override_action"],
"log": module.params["override_log"],
"log-packet": module.params["override_log_packet"],
"quarantine": module.params["override_quarantine"],
"quarantine-expiry": module.params["override_quarantine_expiry"],
"quarantine-log": module.params["override_quarantine_log"],
"rule-id": module.params["override_rule_id"],
"status": module.params["override_status"],
"exempt-ip": {
"dst-ip": module.params["override_exempt_ip_dst_ip"],
"src-ip": module.params["override_exempt_ip_src_ip"],
}
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['entries', 'filter', 'override']
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_ips_sensor_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
youtube_restrict=dict(required=False, type="str", choices=["strict", "moderate"]),
sdns_ftgd_err_log=dict(required=False, type="str", choices=["disable", "enable"]),
sdns_domain_log=dict(required=False, type="str", choices=["disable", "enable"]),
safe_search=dict(required=False, type="str", choices=["disable", "enable"]),
redirect_portal=dict(required=False, type="str"),
name=dict(required=False, type="str"),
log_all_domain=dict(required=False, type="str", choices=["disable", "enable"]),
external_ip_blocklist=dict(required=False, type="str"),
comment=dict(required=False, type="str"),
block_botnet=dict(required=False, type="str", choices=["disable", "enable"]),
block_action=dict(required=False, type="str", choices=["block", "redirect"]),
domain_filter_domain_filter_table=dict(required=False, type="str"),
ftgd_dns_options=dict(required=False, type="str", choices=["error-allow", "ftgd-disable"]),
ftgd_dns_filters_action=dict(required=False, type="str", choices=["monitor", "block"]),
ftgd_dns_filters_category=dict(required=False, type="str"),
ftgd_dns_filters_log=dict(required=False, type="str", choices=["disable", "enable"]),
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"youtube-restrict": module.params["youtube_restrict"],
"sdns-ftgd-err-log": module.params["sdns_ftgd_err_log"],
"sdns-domain-log": module.params["sdns_domain_log"],
"safe-search": module.params["safe_search"],
"redirect-portal": module.params["redirect_portal"],
"name": module.params["name"],
"log-all-domain": module.params["log_all_domain"],
"external-ip-blocklist": module.params["external_ip_blocklist"],
"comment": module.params["comment"],
"block-botnet": module.params["block_botnet"],
"block-action": module.params["block_action"],
"domain-filter": {
"domain-filter-table": module.params["domain_filter_domain_filter_table"],
},
"ftgd-dns": {
"options": module.params["ftgd_dns_options"],
"filters": {
"action": module.params["ftgd_dns_filters_action"],
"category": module.params["ftgd_dns_filters_category"],
"log": module.params["ftgd_dns_filters_log"],
}
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_dnsfilter_profile_modify(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
mode=dict(choices=["add", "set", "delete"], type="str", default="add"),
name=dict(required=False, type="str"),
object_type=dict(required=True,
type="str",
choices=['pkg', 'folder', 'install']),
package_folder=dict(required=False, type="str"),
central_nat=dict(required=False,
type="str",
default="disable",
choices=['enable', 'disable']),
fwpolicy_implicit_log=dict(required=False,
type="str",
default="disable",
choices=['enable', 'disable']),
fwpolicy6_implicit_log=dict(required=False,
type="str",
default="disable",
choices=['enable', 'disable']),
inspection_mode=dict(required=False,
type="str",
default="flow",
choices=['flow', 'proxy']),
ngfw_mode=dict(required=False,
type="str",
default="profile-based",
choices=['profile-based', 'policy-based']),
ssl_ssh_profile=dict(required=False, type="str"),
scope_members=dict(required=False, type="str"),
scope_members_vdom=dict(required=False, type="str", default="root"),
parent_folder=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE DATAGRAM
paramgram = {
"adom": module.params["adom"],
"name": module.params["name"],
"mode": module.params["mode"],
"object_type": module.params["object_type"],
"package-folder": module.params["package_folder"],
"central-nat": module.params["central_nat"],
"fwpolicy-implicit-log": module.params["fwpolicy_implicit_log"],
"fwpolicy6-implicit-log": module.params["fwpolicy6_implicit_log"],
"inspection-mode": module.params["inspection_mode"],
"ngfw-mode": module.params["ngfw_mode"],
"ssl-ssh-profile": module.params["ssl_ssh_profile"],
"scope_members": module.params["scope_members"],
"scope_members_vdom": module.params["scope_members_vdom"],
"parent_folder": module.params["parent_folder"],
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
# BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION
results = DEFAULT_RESULT_OBJ
try:
if paramgram["object_type"] == "pkg":
results = fmgr_fwpol_package(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
try:
# IF THE object_type IS FOLDER LETS RUN THAT METHOD
if paramgram["object_type"] == "folder":
results = fmgr_fwpol_package_folder(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
try:
# IF THE object_type IS INSTALL AND NEEDED PARAMETERS ARE DEFINED INSTALL THE PACKAGE
if paramgram["scope_members"] is not None and paramgram["name"] is not None and\
paramgram["object_type"] == "install":
results = fmgr_fwpol_package_install(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def fmgr_fwpol_package(fmgr, paramgram):
"""
This function will create FMGR Firewall Policy Packages, or delete them. It is also capable of assigning packages.
This function DOES NOT install the package. See the function fmgr_fwpol_package_install()
:param fmgr: The fmgr object instance from fmgr_utils.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
if paramgram["mode"] in ['set', 'add']:
url = '/pm/pkg/adom/{adom}'.format(adom=paramgram["adom"])
members_list = []
# CHECK FOR SCOPE MEMBERS AND CREATE THAT DICT
if paramgram["scope_members"] is not None:
members = FMGRCommon.split_comma_strings_into_lists(
paramgram["scope_members"])
for member in members:
scope_dict = {
"name": member,
"vdom": paramgram["scope_members_vdom"],
}
members_list.append(scope_dict)
# IF PARENT FOLDER IS NOT DEFINED
if paramgram["parent_folder"] is None:
datagram = {
"type": paramgram["object_type"],
"name": paramgram["name"],
"scope member": members_list,
"package settings": {
"central-nat": paramgram["central-nat"],
"fwpolicy-implicit-log":
paramgram["fwpolicy-implicit-log"],
"fwpolicy6-implicit-log":
paramgram["fwpolicy6-implicit-log"],
"inspection-mode": paramgram["inspection-mode"],
"ngfw-mode": paramgram["ngfw-mode"],
}
}
if paramgram["ngfw-mode"] == "policy-based" and paramgram[
"ssl-ssh-profile"] is not None:
datagram["package settings"]["ssl-ssh-profile"] = paramgram[
"ssl-ssh-profile"]
# IF PARENT FOLDER IS DEFINED
if paramgram["parent_folder"] is not None:
datagram = {
"type":
"folder",
"name":
paramgram["parent_folder"],
"subobj": [{
"name": paramgram["name"],
"scope member": members_list,
"type": "pkg",
"package settings": {
"central-nat":
paramgram["central-nat"],
"fwpolicy-implicit-log":
paramgram["fwpolicy-implicit-log"],
"fwpolicy6-implicit-log":
paramgram["fwpolicy6-implicit-log"],
"inspection-mode":
paramgram["inspection-mode"],
"ngfw-mode":
paramgram["ngfw-mode"],
}
}]
}
# NORMAL DELETE NO PARENT
if paramgram["mode"] == "delete" and paramgram["parent_folder"] is None:
datagram = {"name": paramgram["name"]}
# SET DELETE URL
url = '/pm/pkg/adom/{adom}/{name}'.format(adom=paramgram["adom"],
name=paramgram["name"])
# DELETE WITH PARENT
if paramgram["mode"] == "delete" and paramgram["parent_folder"] is not None:
datagram = {"name": paramgram["name"]}
# SET DELETE URL
url = '/pm/pkg/adom/{adom}/{parent_folder}/{name}'.format(
adom=paramgram["adom"],
name=paramgram["name"],
parent_folder=paramgram["parent_folder"])
response = fmgr.process_request(url, datagram, paramgram["mode"])
return response
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
unknown_application_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
unknown_application_action=dict(required=False,
type="str",
choices=["pass", "block"]),
replacemsg_group=dict(required=False, type="str"),
p2p_black_list=dict(required=False,
type="str",
choices=["skype", "edonkey", "bittorrent"]),
other_application_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
other_application_action=dict(required=False,
type="str",
choices=["pass", "block"]),
options=dict(required=False,
type="str",
choices=[
"allow-dns", "allow-icmp", "allow-http", "allow-ssl",
"allow-quic"
]),
name=dict(required=False, type="str"),
extended_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
deep_app_inspection=dict(required=False,
type="str",
choices=["disable", "enable"]),
comment=dict(required=False, type="str"),
app_replacemsg=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries=dict(required=False, type="list"),
entries_action=dict(required=False,
type="str",
choices=["pass", "block", "reset"]),
entries_application=dict(required=False, type="str"),
entries_behavior=dict(required=False, type="str"),
entries_category=dict(required=False, type="str"),
entries_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries_log_packet=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries_per_ip_shaper=dict(required=False, type="str"),
entries_popularity=dict(required=False,
type="str",
choices=["1", "2", "3", "4", "5"]),
entries_protocols=dict(required=False, type="str"),
entries_quarantine=dict(required=False,
type="str",
choices=["none", "attacker"]),
entries_quarantine_expiry=dict(required=False, type="str"),
entries_quarantine_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries_rate_count=dict(required=False, type="int"),
entries_rate_duration=dict(required=False, type="int"),
entries_rate_mode=dict(required=False,
type="str",
choices=["periodical", "continuous"]),
entries_rate_track=dict(required=False,
type="str",
choices=[
"none", "src-ip", "dest-ip",
"dhcp-client-mac", "dns-domain"
]),
entries_risk=dict(required=False, type="str"),
entries_session_ttl=dict(required=False, type="int"),
entries_shaper=dict(required=False, type="str"),
entries_shaper_reverse=dict(required=False, type="str"),
entries_sub_category=dict(required=False, type="str"),
entries_technology=dict(required=False, type="str"),
entries_vendor=dict(required=False, type="str"),
entries_parameters_value=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"unknown-application-log": module.params["unknown_application_log"],
"unknown-application-action":
module.params["unknown_application_action"],
"replacemsg-group": module.params["replacemsg_group"],
"p2p-black-list": module.params["p2p_black_list"],
"other-application-log": module.params["other_application_log"],
"other-application-action": module.params["other_application_action"],
"options": module.params["options"],
"name": module.params["name"],
"extended-log": module.params["extended_log"],
"deep-app-inspection": module.params["deep_app_inspection"],
"comment": module.params["comment"],
"app-replacemsg": module.params["app_replacemsg"],
"entries": {
"action": module.params["entries_action"],
"application": module.params["entries_application"],
"behavior": module.params["entries_behavior"],
"category": module.params["entries_category"],
"log": module.params["entries_log"],
"log-packet": module.params["entries_log_packet"],
"per-ip-shaper": module.params["entries_per_ip_shaper"],
"popularity": module.params["entries_popularity"],
"protocols": module.params["entries_protocols"],
"quarantine": module.params["entries_quarantine"],
"quarantine-expiry": module.params["entries_quarantine_expiry"],
"quarantine-log": module.params["entries_quarantine_log"],
"rate-count": module.params["entries_rate_count"],
"rate-duration": module.params["entries_rate_duration"],
"rate-mode": module.params["entries_rate_mode"],
"rate-track": module.params["entries_rate_track"],
"risk": module.params["entries_risk"],
"session-ttl": module.params["entries_session_ttl"],
"shaper": module.params["entries_shaper"],
"shaper-reverse": module.params["entries_shaper_reverse"],
"sub-category": module.params["entries_sub_category"],
"technology": module.params["entries_technology"],
"vendor": module.params["entries_vendor"],
"parameters": {
"value": module.params["entries_parameters_value"],
}
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['entries']
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_application_list_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
object=dict(required=True,
type="str",
choices=["device", "cluster_nodes", "task", "custom"]),
custom_endpoint=dict(required=False, type="str"),
custom_dict=dict(required=False, type="dict"),
device_ip=dict(required=False, type="str"),
device_unique_name=dict(required=False, type="str"),
device_serial=dict(required=False, type="str"),
nodes=dict(required=False, type="list"),
task_id=dict(required=False, type="str"))
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
paramgram = {
"adom": module.params["adom"],
"object": module.params["object"],
"device_ip": module.params["device_ip"],
"device_unique_name": module.params["device_unique_name"],
"device_serial": module.params["device_serial"],
"nodes": module.params["nodes"],
"task_id": module.params["task_id"],
"custom_endpoint": module.params["custom_endpoint"],
"custom_dict": module.params["custom_dict"]
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
results = DEFAULT_RESULT_OBJ
try:
# IF OBJECT IS DEVICE
if paramgram["object"] == "device" and any(v is not None for v in [
paramgram["device_unique_name"], paramgram["device_serial"],
paramgram["device_ip"]
]):
results = fmgr_get_device(fmgr, paramgram)
if results[0] not in [0]:
module.fail_json(msg="Device query failed!")
elif len(results[1]) == 0:
module.exit_json(msg="Device NOT FOUND!")
else:
module.exit_json(msg="Device Found", **results[1][0])
except Exception as err:
raise FMGBaseException(err)
try:
# IF OBJECT IS CLUSTER_NODES
if paramgram["object"] == "cluster_nodes" and paramgram[
"nodes"] is not None:
results = fmgr_get_cluster_nodes(fmgr, paramgram)
if results["cluster_status"] == "MISSING":
module.exit_json(msg="No cluster device found!", **results)
elif results["query_status"] == "good":
module.exit_json(msg="Cluster Found - Showing Nodes",
**results)
elif results is None:
module.fail_json(
msg="Query FAILED -- Check module or playbook syntax")
except Exception as err:
raise FMGBaseException(err)
try:
# IF OBJECT IS TASK
if paramgram["object"] == "task":
results = fmgr_get_task_status(fmgr, paramgram)
if results[0] != 0:
module.fail_json(**results[1])
if results[0] == 0:
module.exit_json(**results[1])
except Exception as err:
raise FMGBaseException(err)
try:
# IF OBJECT IS CUSTOM
if paramgram["object"] == "custom":
results = fmgr_get_custom(fmgr, paramgram)
if results[0] != 0:
module.fail_json(
msg=
"QUERY FAILED -- Please check syntax check JSON guide if needed."
)
if results[0] == 0:
results_len = len(results[1])
if results_len > 0:
results_combine = dict()
if isinstance(results[1], dict):
results_combine["results"] = results[1]
if isinstance(results[1], list):
results_combine["results"] = results[1][0:results_len]
module.exit_json(msg="Custom Query Success",
**results_combine)
else:
module.exit_json(msg="NO RESULTS")
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
vdom=dict(required=False, type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
grp_desc=dict(required=False, type="str"),
grp_name=dict(required=True, type="str"),
grp_members=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
paramgram = {
"mode": module.params["mode"],
"grp_name": module.params["grp_name"],
"grp_desc": module.params["grp_desc"],
"grp_members": module.params["grp_members"],
"adom": module.params["adom"],
"vdom": module.params["vdom"]
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
# BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION
results = DEFAULT_RESULT_OBJ
try:
# PROCESS THE GROUP ADDS FIRST
if paramgram["grp_name"] is not None and paramgram["mode"] in [
"add", "set", "update"
]:
# add device group
results = add_device_group(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
# PROCESS THE GROUP MEMBER ADDS
if paramgram["grp_members"] is not None and paramgram["mode"] in [
"add", "set", "update"
]:
# assign devices to device group
results = add_group_member(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
# PROCESS THE GROUP MEMBER DELETES
if paramgram["grp_members"] is not None and paramgram[
"mode"] == "delete":
# remove devices grom a group
results = delete_group_member(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
# PROCESS THE GROUP DELETES, ONLY IF GRP_MEMBERS IS NOT NULL TOO
if paramgram["grp_name"] is not None and paramgram[
"mode"] == "delete" and paramgram["grp_members"] is None:
# delete device group
results = delete_device_group(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
type=dict(required=False, type="str", choices=["overload",
"one-to-one",
"fixed-port-range",
"port-block-allocation"]),
startip=dict(required=False, type="str"),
source_startip=dict(required=False, type="str"),
source_endip=dict(required=False, type="str"),
permit_any_host=dict(required=False, type="str", choices=["disable", "enable"]),
pba_timeout=dict(required=False, type="int"),
num_blocks_per_user=dict(required=False, type="int"),
name=dict(required=False, type="str"),
endip=dict(required=False, type="str"),
comments=dict(required=False, type="str"),
block_size=dict(required=False, type="int"),
associated_interface=dict(required=False, type="str"),
arp_reply=dict(required=False, type="str", choices=["disable", "enable"]),
arp_intf=dict(required=False, type="str"),
dynamic_mapping=dict(required=False, type="list"),
dynamic_mapping_arp_intf=dict(required=False, type="str"),
dynamic_mapping_arp_reply=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_associated_interface=dict(required=False, type="str"),
dynamic_mapping_block_size=dict(required=False, type="int"),
dynamic_mapping_comments=dict(required=False, type="str"),
dynamic_mapping_endip=dict(required=False, type="str"),
dynamic_mapping_num_blocks_per_user=dict(required=False, type="int"),
dynamic_mapping_pba_timeout=dict(required=False, type="int"),
dynamic_mapping_permit_any_host=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_source_endip=dict(required=False, type="str"),
dynamic_mapping_source_startip=dict(required=False, type="str"),
dynamic_mapping_startip=dict(required=False, type="str"),
dynamic_mapping_type=dict(required=False, type="str", choices=["overload",
"one-to-one",
"fixed-port-range",
"port-block-allocation"]),
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"type": module.params["type"],
"startip": module.params["startip"],
"source-startip": module.params["source_startip"],
"source-endip": module.params["source_endip"],
"permit-any-host": module.params["permit_any_host"],
"pba-timeout": module.params["pba_timeout"],
"num-blocks-per-user": module.params["num_blocks_per_user"],
"name": module.params["name"],
"endip": module.params["endip"],
"comments": module.params["comments"],
"block-size": module.params["block_size"],
"associated-interface": module.params["associated_interface"],
"arp-reply": module.params["arp_reply"],
"arp-intf": module.params["arp_intf"],
"dynamic_mapping": {
"arp-intf": module.params["dynamic_mapping_arp_intf"],
"arp-reply": module.params["dynamic_mapping_arp_reply"],
"associated-interface": module.params["dynamic_mapping_associated_interface"],
"block-size": module.params["dynamic_mapping_block_size"],
"comments": module.params["dynamic_mapping_comments"],
"endip": module.params["dynamic_mapping_endip"],
"num-blocks-per-user": module.params["dynamic_mapping_num_blocks_per_user"],
"pba-timeout": module.params["dynamic_mapping_pba_timeout"],
"permit-any-host": module.params["dynamic_mapping_permit_any_host"],
"source-endip": module.params["dynamic_mapping_source_endip"],
"source-startip": module.params["dynamic_mapping_source_startip"],
"startip": module.params["dynamic_mapping_startip"],
"type": module.params["dynamic_mapping_type"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['dynamic_mapping']
paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
paramgram=paramgram, module=module)
# UPDATE THE CHANGED PARAMGRAM
module.paramgram = paramgram
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_fwobj_ippool_modify(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
strip_encoding=dict(required=False,
type="str",
choices=["disable", "enable"]),
name=dict(required=False, type="str"),
log_header_change=dict(required=False,
type="str",
choices=["disable", "enable"]),
header_x_forwarded_for=dict(required=False,
type="str",
choices=["pass", "add", "remove"]),
header_x_authenticated_user=dict(required=False,
type="str",
choices=["pass", "add", "remove"]),
header_x_authenticated_groups=dict(required=False,
type="str",
choices=["pass", "add", "remove"]),
header_via_response=dict(required=False,
type="str",
choices=["pass", "add", "remove"]),
header_via_request=dict(required=False,
type="str",
choices=["pass", "add", "remove"]),
header_front_end_https=dict(required=False,
type="str",
choices=["pass", "add", "remove"]),
header_client_ip=dict(required=False,
type="str",
choices=["pass", "add", "remove"]),
headers=dict(required=False, type="list"),
headers_action=dict(required=False,
type="str",
choices=[
"add-to-request", "add-to-response",
"remove-from-request", "remove-from-response"
]),
headers_content=dict(required=False, type="str"),
headers_name=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode":
module.params["mode"],
"adom":
module.params["adom"],
"strip-encoding":
module.params["strip_encoding"],
"name":
module.params["name"],
"log-header-change":
module.params["log_header_change"],
"header-x-forwarded-for":
module.params["header_x_forwarded_for"],
"header-x-authenticated-user":
module.params["header_x_authenticated_user"],
"header-x-authenticated-groups":
module.params["header_x_authenticated_groups"],
"header-via-response":
module.params["header_via_response"],
"header-via-request":
module.params["header_via_request"],
"header-front-end-https":
module.params["header_front_end_https"],
"header-client-ip":
module.params["header_client_ip"],
"headers": {
"action": module.params["headers_action"],
"content": module.params["headers_content"],
"name": module.params["headers_name"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['headers']
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
module.paramgram = paramgram
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_web_proxy_profile_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
youtube_channel_status=dict(
required=False,
type="str",
choices=["disable", "blacklist", "whitelist"]),
wisp_servers=dict(required=False, type="str"),
wisp_algorithm=dict(
required=False,
type="str",
choices=["auto-learning", "primary-secondary", "round-robin"]),
wisp=dict(required=False, type="str", choices=["disable", "enable"]),
web_url_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_invalid_domain_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_ftgd_quota_usage=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_ftgd_err_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_vbs_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_unknown_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_referer_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_jscript_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_js_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_cookie_removal_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_cookie_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_command_block_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_applet_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_activex_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_extended_all_action_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_content_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
replacemsg_group=dict(required=False, type="str"),
post_action=dict(required=False,
type="str",
choices=["normal", "block"]),
ovrd_perm=dict(required=False,
type="list",
choices=[
"bannedword-override", "urlfilter-override",
"fortiguard-wf-override",
"contenttype-check-override"
]),
options=dict(required=False,
type="list",
choices=[
"block-invalid-url", "jscript", "js", "vbs",
"unknown", "wf-referer", "intrinsic", "wf-cookie",
"per-user-bwl", "activexfilter", "cookiefilter",
"javafilter"
]),
name=dict(required=False, type="str"),
log_all_url=dict(required=False,
type="str",
choices=["disable", "enable"]),
inspection_mode=dict(required=False,
type="str",
choices=["proxy", "flow-based"]),
https_replacemsg=dict(required=False,
type="str",
choices=["disable", "enable"]),
extended_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
comment=dict(required=False, type="str"),
ftgd_wf=dict(required=False, type="list"),
ftgd_wf_exempt_quota=dict(required=False, type="str"),
ftgd_wf_max_quota_timeout=dict(required=False, type="int"),
ftgd_wf_options=dict(required=False,
type="str",
choices=[
"error-allow", "rate-server-ip",
"connect-request-bypass", "ftgd-disable"
]),
ftgd_wf_ovrd=dict(required=False, type="str"),
ftgd_wf_rate_crl_urls=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_rate_css_urls=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_rate_image_urls=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_rate_javascript_urls=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_filters_action=dict(
required=False,
type="str",
choices=["block", "monitor", "warning", "authenticate"]),
ftgd_wf_filters_auth_usr_grp=dict(required=False, type="str"),
ftgd_wf_filters_category=dict(required=False, type="str"),
ftgd_wf_filters_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_filters_override_replacemsg=dict(required=False, type="str"),
ftgd_wf_filters_warn_duration=dict(required=False, type="str"),
ftgd_wf_filters_warning_duration_type=dict(
required=False, type="str", choices=["session", "timeout"]),
ftgd_wf_filters_warning_prompt=dict(
required=False, type="str", choices=["per-domain",
"per-category"]),
ftgd_wf_quota_category=dict(required=False, type="str"),
ftgd_wf_quota_duration=dict(required=False, type="str"),
ftgd_wf_quota_override_replacemsg=dict(required=False, type="str"),
ftgd_wf_quota_type=dict(required=False,
type="str",
choices=["time", "traffic"]),
ftgd_wf_quota_unit=dict(required=False,
type="str",
choices=["B", "KB", "MB", "GB"]),
ftgd_wf_quota_value=dict(required=False, type="int"),
override=dict(required=False, type="list"),
override_ovrd_cookie=dict(required=False,
type="str",
choices=["deny", "allow"]),
override_ovrd_dur=dict(required=False, type="str"),
override_ovrd_dur_mode=dict(required=False,
type="str",
choices=["constant", "ask"]),
override_ovrd_scope=dict(
required=False,
type="str",
choices=["user", "user-group", "ip", "ask", "browser"]),
override_ovrd_user_group=dict(required=False, type="str"),
override_profile=dict(required=False, type="str"),
override_profile_attribute=dict(
required=False,
type="list",
choices=[
"User-Name", "NAS-IP-Address", "Framed-IP-Address",
"Framed-IP-Netmask", "Filter-Id", "Login-IP-Host",
"Reply-Message", "Callback-Number", "Callback-Id",
"Framed-Route", "Framed-IPX-Network", "Class",
"Called-Station-Id", "Calling-Station-Id", "NAS-Identifier",
"Proxy-State", "Login-LAT-Service", "Login-LAT-Node",
"Login-LAT-Group", "Framed-AppleTalk-Zone", "Acct-Session-Id",
"Acct-Multi-Session-Id"
]),
override_profile_type=dict(required=False,
type="str",
choices=["list", "radius"]),
url_extraction=dict(required=False, type="list"),
url_extraction_redirect_header=dict(required=False, type="str"),
url_extraction_redirect_no_content=dict(required=False,
type="str",
choices=["disable", "enable"]),
url_extraction_redirect_url=dict(required=False, type="str"),
url_extraction_server_fqdn=dict(required=False, type="str"),
url_extraction_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
web=dict(required=False, type="list"),
web_blacklist=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_bword_table=dict(required=False, type="str"),
web_bword_threshold=dict(required=False, type="int"),
web_content_header_list=dict(required=False, type="str"),
web_keyword_match=dict(required=False, type="str"),
web_log_search=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_safe_search=dict(required=False,
type="str",
choices=["url", "header"]),
web_urlfilter_table=dict(required=False, type="str"),
web_whitelist=dict(required=False,
type="list",
choices=[
"exempt-av", "exempt-webcontent",
"exempt-activex-java-cookie", "exempt-dlp",
"exempt-rangeblock", "extended-log-others"
]),
web_youtube_restrict=dict(required=False,
type="str",
choices=["strict", "none", "moderate"]),
youtube_channel_filter=dict(required=False, type="list"),
youtube_channel_filter_channel_id=dict(required=False, type="str"),
youtube_channel_filter_comment=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode":
module.params["mode"],
"adom":
module.params["adom"],
"youtube-channel-status":
module.params["youtube_channel_status"],
"wisp-servers":
module.params["wisp_servers"],
"wisp-algorithm":
module.params["wisp_algorithm"],
"wisp":
module.params["wisp"],
"web-url-log":
module.params["web_url_log"],
"web-invalid-domain-log":
module.params["web_invalid_domain_log"],
"web-ftgd-quota-usage":
module.params["web_ftgd_quota_usage"],
"web-ftgd-err-log":
module.params["web_ftgd_err_log"],
"web-filter-vbs-log":
module.params["web_filter_vbs_log"],
"web-filter-unknown-log":
module.params["web_filter_unknown_log"],
"web-filter-referer-log":
module.params["web_filter_referer_log"],
"web-filter-jscript-log":
module.params["web_filter_jscript_log"],
"web-filter-js-log":
module.params["web_filter_js_log"],
"web-filter-cookie-removal-log":
module.params["web_filter_cookie_removal_log"],
"web-filter-cookie-log":
module.params["web_filter_cookie_log"],
"web-filter-command-block-log":
module.params["web_filter_command_block_log"],
"web-filter-applet-log":
module.params["web_filter_applet_log"],
"web-filter-activex-log":
module.params["web_filter_activex_log"],
"web-extended-all-action-log":
module.params["web_extended_all_action_log"],
"web-content-log":
module.params["web_content_log"],
"replacemsg-group":
module.params["replacemsg_group"],
"post-action":
module.params["post_action"],
"ovrd-perm":
module.params["ovrd_perm"],
"options":
module.params["options"],
"name":
module.params["name"],
"log-all-url":
module.params["log_all_url"],
"inspection-mode":
module.params["inspection_mode"],
"https-replacemsg":
module.params["https_replacemsg"],
"extended-log":
module.params["extended_log"],
"comment":
module.params["comment"],
"ftgd-wf": {
"exempt-quota": module.params["ftgd_wf_exempt_quota"],
"max-quota-timeout": module.params["ftgd_wf_max_quota_timeout"],
"options": module.params["ftgd_wf_options"],
"ovrd": module.params["ftgd_wf_ovrd"],
"rate-crl-urls": module.params["ftgd_wf_rate_crl_urls"],
"rate-css-urls": module.params["ftgd_wf_rate_css_urls"],
"rate-image-urls": module.params["ftgd_wf_rate_image_urls"],
"rate-javascript-urls":
module.params["ftgd_wf_rate_javascript_urls"],
"filters": {
"action":
module.params["ftgd_wf_filters_action"],
"auth-usr-grp":
module.params["ftgd_wf_filters_auth_usr_grp"],
"category":
module.params["ftgd_wf_filters_category"],
"log":
module.params["ftgd_wf_filters_log"],
"override-replacemsg":
module.params["ftgd_wf_filters_override_replacemsg"],
"warn-duration":
module.params["ftgd_wf_filters_warn_duration"],
"warning-duration-type":
module.params["ftgd_wf_filters_warning_duration_type"],
"warning-prompt":
module.params["ftgd_wf_filters_warning_prompt"],
},
"quota": {
"category":
module.params["ftgd_wf_quota_category"],
"duration":
module.params["ftgd_wf_quota_duration"],
"override-replacemsg":
module.params["ftgd_wf_quota_override_replacemsg"],
"type":
module.params["ftgd_wf_quota_type"],
"unit":
module.params["ftgd_wf_quota_unit"],
"value":
module.params["ftgd_wf_quota_value"],
},
},
"override": {
"ovrd-cookie": module.params["override_ovrd_cookie"],
"ovrd-dur": module.params["override_ovrd_dur"],
"ovrd-dur-mode": module.params["override_ovrd_dur_mode"],
"ovrd-scope": module.params["override_ovrd_scope"],
"ovrd-user-group": module.params["override_ovrd_user_group"],
"profile": module.params["override_profile"],
"profile-attribute": module.params["override_profile_attribute"],
"profile-type": module.params["override_profile_type"],
},
"url-extraction": {
"redirect-header":
module.params["url_extraction_redirect_header"],
"redirect-no-content":
module.params["url_extraction_redirect_no_content"],
"redirect-url":
module.params["url_extraction_redirect_url"],
"server-fqdn":
module.params["url_extraction_server_fqdn"],
"status":
module.params["url_extraction_status"],
},
"web": {
"blacklist": module.params["web_blacklist"],
"bword-table": module.params["web_bword_table"],
"bword-threshold": module.params["web_bword_threshold"],
"content-header-list": module.params["web_content_header_list"],
"keyword-match": module.params["web_keyword_match"],
"log-search": module.params["web_log_search"],
"safe-search": module.params["web_safe_search"],
"urlfilter-table": module.params["web_urlfilter_table"],
"whitelist": module.params["web_whitelist"],
"youtube-restrict": module.params["web_youtube_restrict"],
},
"youtube-channel-filter": {
"channel-id": module.params["youtube_channel_filter_channel_id"],
"comment": module.params["youtube_channel_filter_comment"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = [
'ftgd-wf', 'override', 'url-extraction', 'web',
'youtube-channel-filter'
]
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_webfilter_profile_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
spam_rbl_table=dict(required=False, type="str"),
spam_mheader_table=dict(required=False, type="str"),
spam_log_fortiguard_response=dict(required=False,
type="str",
choices=["disable", "enable"]),
spam_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
spam_iptrust_table=dict(required=False, type="str"),
spam_filtering=dict(required=False,
type="str",
choices=["disable", "enable"]),
spam_bword_threshold=dict(required=False, type="int"),
spam_bword_table=dict(required=False, type="str"),
spam_bwl_table=dict(required=False, type="str"),
replacemsg_group=dict(required=False, type="str"),
options=dict(required=False,
type="list",
choices=[
"bannedword", "spamfsip", "spamfssubmit",
"spamfschksum", "spamfsurl", "spamhelodns",
"spamraddrdns", "spamrbl", "spamhdrcheck",
"spamfsphish", "spambwl"
]),
name=dict(required=False, type="str"),
flow_based=dict(required=False,
type="str",
choices=["disable", "enable"]),
external=dict(required=False,
type="str",
choices=["disable", "enable"]),
comment=dict(required=False, type="str"),
gmail=dict(required=False, type="dict"),
gmail_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
imap=dict(required=False, type="dict"),
imap_action=dict(required=False, type="str", choices=["pass", "tag"]),
imap_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
imap_tag_msg=dict(required=False, type="str"),
imap_tag_type=dict(required=False,
type="str",
choices=["subject", "header", "spaminfo"]),
mapi=dict(required=False, type="dict"),
mapi_action=dict(required=False,
type="str",
choices=["pass", "discard"]),
mapi_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
msn_hotmail=dict(required=False, type="dict"),
msn_hotmail_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
pop3=dict(required=False, type="dict"),
pop3_action=dict(required=False, type="str", choices=["pass", "tag"]),
pop3_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
pop3_tag_msg=dict(required=False, type="str"),
pop3_tag_type=dict(required=False,
type="str",
choices=["subject", "header", "spaminfo"]),
smtp=dict(required=False, type="dict"),
smtp_action=dict(required=False,
type="str",
choices=["pass", "tag", "discard"]),
smtp_hdrip=dict(required=False,
type="str",
choices=["disable", "enable"]),
smtp_local_override=dict(required=False,
type="str",
choices=["disable", "enable"]),
smtp_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
smtp_tag_msg=dict(required=False, type="str"),
smtp_tag_type=dict(required=False,
type="str",
choices=["subject", "header", "spaminfo"]),
yahoo_mail=dict(required=False, type="dict"),
yahoo_mail_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode":
module.params["mode"],
"adom":
module.params["adom"],
"spam-rbl-table":
module.params["spam_rbl_table"],
"spam-mheader-table":
module.params["spam_mheader_table"],
"spam-log-fortiguard-response":
module.params["spam_log_fortiguard_response"],
"spam-log":
module.params["spam_log"],
"spam-iptrust-table":
module.params["spam_iptrust_table"],
"spam-filtering":
module.params["spam_filtering"],
"spam-bword-threshold":
module.params["spam_bword_threshold"],
"spam-bword-table":
module.params["spam_bword_table"],
"spam-bwl-table":
module.params["spam_bwl_table"],
"replacemsg-group":
module.params["replacemsg_group"],
"options":
module.params["options"],
"name":
module.params["name"],
"flow-based":
module.params["flow_based"],
"external":
module.params["external"],
"comment":
module.params["comment"],
"gmail": {
"log": module.params["gmail_log"],
},
"imap": {
"action": module.params["imap_action"],
"log": module.params["imap_log"],
"tag-msg": module.params["imap_tag_msg"],
"tag-type": module.params["imap_tag_type"],
},
"mapi": {
"action": module.params["mapi_action"],
"log": module.params["mapi_log"],
},
"msn-hotmail": {
"log": module.params["msn_hotmail_log"],
},
"pop3": {
"action": module.params["pop3_action"],
"log": module.params["pop3_log"],
"tag-msg": module.params["pop3_tag_msg"],
"tag-type": module.params["pop3_tag_type"],
},
"smtp": {
"action": module.params["smtp_action"],
"hdrip": module.params["smtp_hdrip"],
"local-override": module.params["smtp_local_override"],
"log": module.params["smtp_log"],
"tag-msg": module.params["smtp_tag_msg"],
"tag-type": module.params["smtp_tag_type"],
},
"yahoo-mail": {
"log": module.params["yahoo_mail_log"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = [
'gmail', 'imap', 'mapi', 'msn-hotmail', 'pop3', 'smtp', 'yahoo-mail'
]
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_spamfilter_profile_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])