def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
device_unique_name=dict(required=True, type="str"),
fortimeter_utm_level=dict(required=True, type="str"),
foslic_type=dict(required=False, type="int", default=2)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
paramgram = {
"adom": module.params["adom"],
"device_unique_name": module.params["device_unique_name"],
"fortimeter_utm_level": module.params["fortimeter_utm_level"],
"foslic_type": module.params["foslic_type"]
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_set_fortimeter_lic(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
startip=dict(required=False, type="str"),
name=dict(required=False, type="str"),
endip=dict(required=False, type="str"),
comments=dict(required=False, type="str"),
dynamic_mapping=dict(required=False, type="list"),
dynamic_mapping_comments=dict(required=False, type="str"),
dynamic_mapping_endip=dict(required=False, type="str"),
dynamic_mapping_startip=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"startip": module.params["startip"],
"name": module.params["name"],
"endip": module.params["endip"],
"comments": module.params["comments"],
"dynamic_mapping": {
"comments": module.params["dynamic_mapping_comments"],
"endip": module.params["dynamic_mapping_endip"],
"startip": module.params["dynamic_mapping_startip"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['dynamic_mapping']
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_fwobj_ippool6_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
module = AnsibleModule(argument_spec=dict(
device_unique_name=dict(required=True, type='str'),
vdom=dict(type='str', required=True),
adom=dict(type='str', required=True),
state=dict(type='str', required=True, choices=['present', 'absent']),
zone=dict(type='str', required=True),
force=dict(type='bool', default=False)),
supports_check_mode=True)
# fortimanager module expects the module parameters duplicated
# in a dict called paramgram, reasons unknown!
module.paramgram = {
'adom': module.params['adom'],
'device_unique_name': module.params['device_unique_name'],
}
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
# fail with an un-helpful and error-masking generic response
module.fail_json(**FAIL_SOCKET_MSG)
if module.params['state'] == 'present':
changed, diff, msg = _zone_present(module, fmgr)
if module.params['state'] == 'absent':
changed, diff, msg = _zone_absent(module, fmgr)
module.exit_json(changed=changed, diff=diff, msg=msg)
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
device_unique_name=dict(required=True, type="str"),
device_hostname=dict(required=False, type="str"),
interface=dict(required=False, type="str"),
interface_ip=dict(required=False, type="str"),
interface_allow_access=dict(required=False, type="str"),
install_config=dict(required=False, type="str", default="disable"),
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
paramgram = {
"device_unique_name": module.params["device_unique_name"],
"device_hostname": module.params["device_hostname"],
"interface": module.params["interface"],
"interface_ip": module.params["interface_ip"],
"interface_allow_access": module.params["interface_allow_access"],
"install_config": module.params["install_config"],
"adom": module.params["adom"]
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
# BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION
results = DEFAULT_RESULT_OBJ
try:
if paramgram["device_hostname"] is not None:
results = update_device_hostname(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
if paramgram["interface_ip"] is not None or paramgram["interface_allow_access"] is not None:
results = update_device_interface(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
if paramgram["install_config"] == "enable":
results = exec_config(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
module = AnsibleModule(argument_spec=dict(device_unique_name=dict(
required=True, type='str'),
vdom=dict(type='str',
required=True),
adom=dict(type='str',
required=True),
interface=dict(type='str',
requred=True),
zone=dict(type='str',
required=False),
vrf=dict(type='int', default=0)),
supports_check_mode=True)
module.paramgram = {
'adom': module.params['adom'],
'device_unique_name': module.params['device_unique_name'],
}
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
# fail with an un-helpful and error-masking generic response
module.fail_json(**FAIL_SOCKET_MSG)
zone = validate_zone(module, fmgr)
if not zone['valid']:
if not zone['msg']:
zone['msg'] = 'invalid zone'
module.exit_json(msg=zone['msg'], changed=False, skipped=True)
outd = remove_associated_policies(module, fmgr)
msg = 'no change'
if outd['changed']:
msg = 'associated policies removed/updated'
diff = {'before': outd['before'], 'after': outd['after']}
module.exit_json(changed=outd['changed'], diff=diff, msg=msg)
def main():
module = AnsibleModule(
argument_spec=dict(
device_unique_name=dict(required=True, type='str'),
vdom=dict(type='str', required=True),
adom=dict(type='str', required=True),
default_zone=dict(type='str', required=True),
address_name_prefix=dict(type='str', default='sot'),
service_name_prefixes=dict(type='list', default=['tcp', 'udp', 'icmp']),
prefix_delimiter=dict(type='str', default='/'),
policy_global_label_prefix=dict(type='str', default='socrates'),
networks=dict(type='list', required=True),
rulesets=dict(type='list', required=True),
address_groups=dict(type='list', required=True),
default_action=dict(type='str', default='accept'),
default_log_traffic=dict(type='str', choices=['all', 'disable', 'utm'], default='all'),
default_log_traffic_start=dict(type='str', choices=['enable', 'disable'], default='disable'),
),
supports_check_mode=True
)
# fortimanager module expects the module parameters duplicated
# in a dict called paramgram, reasons unknown!
module.paramgram = {
'adom': module.params['adom'],
'device_unique_name': module.params['device_unique_name'],
}
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
# fail with an un-helpful and error-masking generic response
module.fail_json(**FAIL_SOCKET_MSG)
changed, diff, msg = update_forti(module, fmgr)
module.exit_json(changed=changed, diff=diff, msg=msg)
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
mode=dict(choices=["add", "set", "delete"], type="str", default="add"),
allow_routing=dict(required=False,
type="str",
choices=['enable', 'disable'],
default="disable"),
associated_interface=dict(required=False, type="str"),
cache_ttl=dict(required=False, type="str"),
color=dict(required=False, type="str", default=22),
comment=dict(required=False, type="str"),
country=dict(required=False, type="str"),
fqdn=dict(required=False, type="str"),
name=dict(required=False, type="str"),
start_ip=dict(required=False, type="str"),
end_ip=dict(required=False, type="str"),
ipv4=dict(required=False,
type="str",
choices=[
'ipmask', 'iprange', 'fqdn', 'wildcard', 'geography',
'wildcard-fqdn', 'group'
]),
visibility=dict(required=False,
type="str",
choices=['enable', 'disable'],
default="enable"),
wildcard=dict(required=False, type="str"),
wildcard_fqdn=dict(required=False, type="str"),
ipv6=dict(required=False,
type="str",
choices=['ip', 'iprange', 'group']),
group_members=dict(required=False, type="str"),
group_name=dict(required=False, type="str"),
ipv4addr=dict(required=False, type="str"),
ipv6addr=dict(required=False, type="str"),
multicast=dict(required=False,
type="str",
choices=['multicastrange', 'broadcastmask', 'ip6']),
obj_id=dict(required=False, type="str"),
)
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False,
mutually_exclusive=[['ipv4', 'ipv6'],
['ipv4', 'multicast'],
['ipv6', 'multicast']])
paramgram = {
"adom": module.params["adom"],
"allow-routing": module.params["allow_routing"],
"associated-interface": module.params["associated_interface"],
"cache-ttl": module.params["cache_ttl"],
"color": module.params["color"],
"comment": module.params["comment"],
"country": module.params["country"],
"end-ip": module.params["end_ip"],
"fqdn": module.params["fqdn"],
"name": module.params["name"],
"start-ip": module.params["start_ip"],
"visibility": module.params["visibility"],
"wildcard": module.params["wildcard"],
"wildcard-fqdn": module.params["wildcard_fqdn"],
"ipv6": module.params["ipv6"],
"ipv4": module.params["ipv4"],
"group_members": module.params["group_members"],
"group_name": module.params["group_name"],
"ipv4addr": module.params["ipv4addr"],
"ipv6addr": module.params["ipv6addr"],
"multicast": module.params["multicast"],
"mode": module.params["mode"],
"obj-id": module.params["obj_id"],
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr._tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
results = DEFAULT_RESULT_OBJ
try:
if paramgram["ipv4"]:
results = fmgr_fwobj_ipv4(fmgr, paramgram)
elif paramgram["ipv6"]:
results = fmgr_fwobj_ipv6(fmgr, paramgram)
elif paramgram["multicast"]:
results = fmgr_fwobj_multicast(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
if results is not None:
return module.exit_json(**results[1])
else:
return module.exit_json(
msg="Couldn't find a proper ipv4 or ipv6 or multicast parameter "
"to run in the logic tree. Exiting...")
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
spam_rbl_table=dict(required=False, type="str"),
spam_mheader_table=dict(required=False, type="str"),
spam_log_fortiguard_response=dict(required=False,
type="str",
choices=["disable", "enable"]),
spam_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
spam_iptrust_table=dict(required=False, type="str"),
spam_filtering=dict(required=False,
type="str",
choices=["disable", "enable"]),
spam_bword_threshold=dict(required=False, type="int"),
spam_bword_table=dict(required=False, type="str"),
spam_bwl_table=dict(required=False, type="str"),
replacemsg_group=dict(required=False, type="str"),
options=dict(required=False,
type="list",
choices=[
"bannedword", "spamfsip", "spamfssubmit",
"spamfschksum", "spamfsurl", "spamhelodns",
"spamraddrdns", "spamrbl", "spamhdrcheck",
"spamfsphish", "spambwl"
]),
name=dict(required=False, type="str"),
flow_based=dict(required=False,
type="str",
choices=["disable", "enable"]),
external=dict(required=False,
type="str",
choices=["disable", "enable"]),
comment=dict(required=False, type="str"),
gmail=dict(required=False, type="dict"),
gmail_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
imap=dict(required=False, type="dict"),
imap_action=dict(required=False, type="str", choices=["pass", "tag"]),
imap_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
imap_tag_msg=dict(required=False, type="str"),
imap_tag_type=dict(required=False,
type="str",
choices=["subject", "header", "spaminfo"]),
mapi=dict(required=False, type="dict"),
mapi_action=dict(required=False,
type="str",
choices=["pass", "discard"]),
mapi_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
msn_hotmail=dict(required=False, type="dict"),
msn_hotmail_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
pop3=dict(required=False, type="dict"),
pop3_action=dict(required=False, type="str", choices=["pass", "tag"]),
pop3_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
pop3_tag_msg=dict(required=False, type="str"),
pop3_tag_type=dict(required=False,
type="str",
choices=["subject", "header", "spaminfo"]),
smtp=dict(required=False, type="dict"),
smtp_action=dict(required=False,
type="str",
choices=["pass", "tag", "discard"]),
smtp_hdrip=dict(required=False,
type="str",
choices=["disable", "enable"]),
smtp_local_override=dict(required=False,
type="str",
choices=["disable", "enable"]),
smtp_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
smtp_tag_msg=dict(required=False, type="str"),
smtp_tag_type=dict(required=False,
type="str",
choices=["subject", "header", "spaminfo"]),
yahoo_mail=dict(required=False, type="dict"),
yahoo_mail_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode":
module.params["mode"],
"adom":
module.params["adom"],
"spam-rbl-table":
module.params["spam_rbl_table"],
"spam-mheader-table":
module.params["spam_mheader_table"],
"spam-log-fortiguard-response":
module.params["spam_log_fortiguard_response"],
"spam-log":
module.params["spam_log"],
"spam-iptrust-table":
module.params["spam_iptrust_table"],
"spam-filtering":
module.params["spam_filtering"],
"spam-bword-threshold":
module.params["spam_bword_threshold"],
"spam-bword-table":
module.params["spam_bword_table"],
"spam-bwl-table":
module.params["spam_bwl_table"],
"replacemsg-group":
module.params["replacemsg_group"],
"options":
module.params["options"],
"name":
module.params["name"],
"flow-based":
module.params["flow_based"],
"external":
module.params["external"],
"comment":
module.params["comment"],
"gmail": {
"log": module.params["gmail_log"],
},
"imap": {
"action": module.params["imap_action"],
"log": module.params["imap_log"],
"tag-msg": module.params["imap_tag_msg"],
"tag-type": module.params["imap_tag_type"],
},
"mapi": {
"action": module.params["mapi_action"],
"log": module.params["mapi_log"],
},
"msn-hotmail": {
"log": module.params["msn_hotmail_log"],
},
"pop3": {
"action": module.params["pop3_action"],
"log": module.params["pop3_log"],
"tag-msg": module.params["pop3_tag_msg"],
"tag-type": module.params["pop3_tag_type"],
},
"smtp": {
"action": module.params["smtp_action"],
"hdrip": module.params["smtp_hdrip"],
"local-override": module.params["smtp_local_override"],
"log": module.params["smtp_log"],
"tag-msg": module.params["smtp_tag_msg"],
"tag-type": module.params["smtp_tag_type"],
},
"yahoo-mail": {
"log": module.params["yahoo_mail_log"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = [
'gmail', 'imap', 'mapi', 'msn-hotmail', 'pop3', 'smtp', 'yahoo-mail'
]
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_spamfilter_profile_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
transparent=dict(required=False,
type="str",
choices=["disable", "enable"]),
name=dict(required=False, type="str"),
comments=dict(required=False, type="str"),
auth_group=dict(required=False, type="str"),
cifs=dict(required=False, type="dict"),
cifs_byte_caching=dict(required=False,
type="str",
choices=["disable", "enable"]),
cifs_log_traffic=dict(required=False,
type="str",
choices=["disable", "enable"]),
cifs_port=dict(required=False, type="str"),
cifs_prefer_chunking=dict(required=False,
type="str",
choices=["dynamic", "fix"]),
cifs_secure_tunnel=dict(required=False,
type="str",
choices=["disable", "enable"]),
cifs_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
cifs_tunnel_sharing=dict(
required=False,
type="str",
choices=["private", "shared", "express-shared"]),
ftp=dict(required=False, type="dict"),
ftp_byte_caching=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftp_log_traffic=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftp_port=dict(required=False, type="str"),
ftp_prefer_chunking=dict(required=False,
type="str",
choices=["dynamic", "fix"]),
ftp_secure_tunnel=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftp_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftp_tunnel_sharing=dict(
required=False,
type="str",
choices=["private", "shared", "express-shared"]),
http=dict(required=False, type="dict"),
http_byte_caching=dict(required=False,
type="str",
choices=["disable", "enable"]),
http_log_traffic=dict(required=False,
type="str",
choices=["disable", "enable"]),
http_port=dict(required=False, type="str"),
http_prefer_chunking=dict(required=False,
type="str",
choices=["dynamic", "fix"]),
http_secure_tunnel=dict(required=False,
type="str",
choices=["disable", "enable"]),
http_ssl=dict(required=False,
type="str",
choices=["disable", "enable"]),
http_ssl_port=dict(required=False, type="str"),
http_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
http_tunnel_non_http=dict(required=False,
type="str",
choices=["disable", "enable"]),
http_tunnel_sharing=dict(
required=False,
type="str",
choices=["private", "shared", "express-shared"]),
http_unknown_http_version=dict(
required=False,
type="str",
choices=["best-effort", "reject", "tunnel"]),
mapi=dict(required=False, type="dict"),
mapi_byte_caching=dict(required=False,
type="str",
choices=["disable", "enable"]),
mapi_log_traffic=dict(required=False,
type="str",
choices=["disable", "enable"]),
mapi_port=dict(required=False, type="str"),
mapi_secure_tunnel=dict(required=False,
type="str",
choices=["disable", "enable"]),
mapi_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
mapi_tunnel_sharing=dict(
required=False,
type="str",
choices=["private", "shared", "express-shared"]),
tcp=dict(required=False, type="dict"),
tcp_byte_caching=dict(required=False,
type="str",
choices=["disable", "enable"]),
tcp_byte_caching_opt=dict(required=False,
type="str",
choices=["mem-only", "mem-disk"]),
tcp_log_traffic=dict(required=False,
type="str",
choices=["disable", "enable"]),
tcp_port=dict(required=False, type="str"),
tcp_secure_tunnel=dict(required=False,
type="str",
choices=["disable", "enable"]),
tcp_ssl=dict(required=False, type="str", choices=["disable",
"enable"]),
tcp_ssl_port=dict(required=False, type="str"),
tcp_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
tcp_tunnel_sharing=dict(
required=False,
type="str",
choices=["private", "shared", "express-shared"]),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"transparent": module.params["transparent"],
"name": module.params["name"],
"comments": module.params["comments"],
"auth-group": module.params["auth_group"],
"cifs": {
"byte-caching": module.params["cifs_byte_caching"],
"log-traffic": module.params["cifs_log_traffic"],
"port": module.params["cifs_port"],
"prefer-chunking": module.params["cifs_prefer_chunking"],
"secure-tunnel": module.params["cifs_secure_tunnel"],
"status": module.params["cifs_status"],
"tunnel-sharing": module.params["cifs_tunnel_sharing"],
},
"ftp": {
"byte-caching": module.params["ftp_byte_caching"],
"log-traffic": module.params["ftp_log_traffic"],
"port": module.params["ftp_port"],
"prefer-chunking": module.params["ftp_prefer_chunking"],
"secure-tunnel": module.params["ftp_secure_tunnel"],
"status": module.params["ftp_status"],
"tunnel-sharing": module.params["ftp_tunnel_sharing"],
},
"http": {
"byte-caching": module.params["http_byte_caching"],
"log-traffic": module.params["http_log_traffic"],
"port": module.params["http_port"],
"prefer-chunking": module.params["http_prefer_chunking"],
"secure-tunnel": module.params["http_secure_tunnel"],
"ssl": module.params["http_ssl"],
"ssl-port": module.params["http_ssl_port"],
"status": module.params["http_status"],
"tunnel-non-http": module.params["http_tunnel_non_http"],
"tunnel-sharing": module.params["http_tunnel_sharing"],
"unknown-http-version": module.params["http_unknown_http_version"],
},
"mapi": {
"byte-caching": module.params["mapi_byte_caching"],
"log-traffic": module.params["mapi_log_traffic"],
"port": module.params["mapi_port"],
"secure-tunnel": module.params["mapi_secure_tunnel"],
"status": module.params["mapi_status"],
"tunnel-sharing": module.params["mapi_tunnel_sharing"],
},
"tcp": {
"byte-caching": module.params["tcp_byte_caching"],
"byte-caching-opt": module.params["tcp_byte_caching_opt"],
"log-traffic": module.params["tcp_log_traffic"],
"port": module.params["tcp_port"],
"secure-tunnel": module.params["tcp_secure_tunnel"],
"ssl": module.params["tcp_ssl"],
"ssl-port": module.params["tcp_ssl_port"],
"status": module.params["tcp_status"],
"tunnel-sharing": module.params["tcp_tunnel_sharing"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['cifs', 'ftp', 'http', 'mapi', 'tcp']
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_wanopt_profile_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
replacemsg_group=dict(required=False, type="str"),
name=dict(required=False, type="str"),
extended_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
comment=dict(required=False, type="str"),
block_malicious_url=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries=dict(required=False, type="list"),
entries_action=dict(required=False,
type="str",
choices=["pass", "block", "reset", "default"]),
entries_application=dict(required=False, type="str"),
entries_location=dict(required=False, type="str"),
entries_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries_log_attack_context=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries_log_packet=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries_os=dict(required=False, type="str"),
entries_protocol=dict(required=False, type="str"),
entries_quarantine=dict(required=False,
type="str",
choices=["none", "attacker"]),
entries_quarantine_expiry=dict(required=False, type="str"),
entries_quarantine_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries_rate_count=dict(required=False, type="int"),
entries_rate_duration=dict(required=False, type="int"),
entries_rate_mode=dict(required=False,
type="str",
choices=["periodical", "continuous"]),
entries_rate_track=dict(required=False,
type="str",
choices=[
"none", "src-ip", "dest-ip",
"dhcp-client-mac", "dns-domain"
]),
entries_rule=dict(required=False, type="str"),
entries_severity=dict(required=False, type="str"),
entries_status=dict(required=False,
type="str",
choices=["disable", "enable", "default"]),
entries_exempt_ip_dst_ip=dict(required=False, type="str"),
entries_exempt_ip_src_ip=dict(required=False, type="str"),
filter=dict(required=False, type="list"),
filter_action=dict(required=False,
type="str",
choices=["pass", "block", "default", "reset"]),
filter_application=dict(required=False, type="str"),
filter_location=dict(required=False, type="str"),
filter_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
filter_log_packet=dict(required=False,
type="str",
choices=["disable", "enable"]),
filter_name=dict(required=False, type="str"),
filter_os=dict(required=False, type="str"),
filter_protocol=dict(required=False, type="str"),
filter_quarantine=dict(required=False,
type="str",
choices=["none", "attacker"]),
filter_quarantine_expiry=dict(required=False, type="int"),
filter_quarantine_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
filter_severity=dict(required=False, type="str"),
filter_status=dict(required=False,
type="str",
choices=["disable", "enable", "default"]),
override=dict(required=False, type="list"),
override_action=dict(required=False,
type="str",
choices=["pass", "block", "reset"]),
override_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
override_log_packet=dict(required=False,
type="str",
choices=["disable", "enable"]),
override_quarantine=dict(required=False,
type="str",
choices=["none", "attacker"]),
override_quarantine_expiry=dict(required=False, type="int"),
override_quarantine_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
override_rule_id=dict(required=False, type="str"),
override_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
override_exempt_ip_dst_ip=dict(required=False, type="str"),
override_exempt_ip_src_ip=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"replacemsg-group": module.params["replacemsg_group"],
"name": module.params["name"],
"extended-log": module.params["extended_log"],
"comment": module.params["comment"],
"block-malicious-url": module.params["block_malicious_url"],
"entries": {
"action": module.params["entries_action"],
"application": module.params["entries_application"],
"location": module.params["entries_location"],
"log": module.params["entries_log"],
"log-attack-context": module.params["entries_log_attack_context"],
"log-packet": module.params["entries_log_packet"],
"os": module.params["entries_os"],
"protocol": module.params["entries_protocol"],
"quarantine": module.params["entries_quarantine"],
"quarantine-expiry": module.params["entries_quarantine_expiry"],
"quarantine-log": module.params["entries_quarantine_log"],
"rate-count": module.params["entries_rate_count"],
"rate-duration": module.params["entries_rate_duration"],
"rate-mode": module.params["entries_rate_mode"],
"rate-track": module.params["entries_rate_track"],
"rule": module.params["entries_rule"],
"severity": module.params["entries_severity"],
"status": module.params["entries_status"],
"exempt-ip": {
"dst-ip": module.params["entries_exempt_ip_dst_ip"],
"src-ip": module.params["entries_exempt_ip_src_ip"],
},
},
"filter": {
"action": module.params["filter_action"],
"application": module.params["filter_application"],
"location": module.params["filter_location"],
"log": module.params["filter_log"],
"log-packet": module.params["filter_log_packet"],
"name": module.params["filter_name"],
"os": module.params["filter_os"],
"protocol": module.params["filter_protocol"],
"quarantine": module.params["filter_quarantine"],
"quarantine-expiry": module.params["filter_quarantine_expiry"],
"quarantine-log": module.params["filter_quarantine_log"],
"severity": module.params["filter_severity"],
"status": module.params["filter_status"],
},
"override": {
"action": module.params["override_action"],
"log": module.params["override_log"],
"log-packet": module.params["override_log_packet"],
"quarantine": module.params["override_quarantine"],
"quarantine-expiry": module.params["override_quarantine_expiry"],
"quarantine-log": module.params["override_quarantine_log"],
"rule-id": module.params["override_rule_id"],
"status": module.params["override_status"],
"exempt-ip": {
"dst-ip": module.params["override_exempt_ip_dst_ip"],
"src-ip": module.params["override_exempt_ip_src_ip"],
}
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['entries', 'filter', 'override']
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_ips_sensor_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
type=dict(required=False, type="str", choices=["overload",
"one-to-one",
"fixed-port-range",
"port-block-allocation"]),
startip=dict(required=False, type="str"),
source_startip=dict(required=False, type="str"),
source_endip=dict(required=False, type="str"),
permit_any_host=dict(required=False, type="str", choices=["disable", "enable"]),
pba_timeout=dict(required=False, type="int"),
num_blocks_per_user=dict(required=False, type="int"),
name=dict(required=False, type="str"),
endip=dict(required=False, type="str"),
comments=dict(required=False, type="str"),
block_size=dict(required=False, type="int"),
associated_interface=dict(required=False, type="str"),
arp_reply=dict(required=False, type="str", choices=["disable", "enable"]),
arp_intf=dict(required=False, type="str"),
dynamic_mapping=dict(required=False, type="list"),
dynamic_mapping_arp_intf=dict(required=False, type="str"),
dynamic_mapping_arp_reply=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_associated_interface=dict(required=False, type="str"),
dynamic_mapping_block_size=dict(required=False, type="int"),
dynamic_mapping_comments=dict(required=False, type="str"),
dynamic_mapping_endip=dict(required=False, type="str"),
dynamic_mapping_num_blocks_per_user=dict(required=False, type="int"),
dynamic_mapping_pba_timeout=dict(required=False, type="int"),
dynamic_mapping_permit_any_host=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_source_endip=dict(required=False, type="str"),
dynamic_mapping_source_startip=dict(required=False, type="str"),
dynamic_mapping_startip=dict(required=False, type="str"),
dynamic_mapping_type=dict(required=False, type="str", choices=["overload",
"one-to-one",
"fixed-port-range",
"port-block-allocation"]),
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"type": module.params["type"],
"startip": module.params["startip"],
"source-startip": module.params["source_startip"],
"source-endip": module.params["source_endip"],
"permit-any-host": module.params["permit_any_host"],
"pba-timeout": module.params["pba_timeout"],
"num-blocks-per-user": module.params["num_blocks_per_user"],
"name": module.params["name"],
"endip": module.params["endip"],
"comments": module.params["comments"],
"block-size": module.params["block_size"],
"associated-interface": module.params["associated_interface"],
"arp-reply": module.params["arp_reply"],
"arp-intf": module.params["arp_intf"],
"dynamic_mapping": {
"arp-intf": module.params["dynamic_mapping_arp_intf"],
"arp-reply": module.params["dynamic_mapping_arp_reply"],
"associated-interface": module.params["dynamic_mapping_associated_interface"],
"block-size": module.params["dynamic_mapping_block_size"],
"comments": module.params["dynamic_mapping_comments"],
"endip": module.params["dynamic_mapping_endip"],
"num-blocks-per-user": module.params["dynamic_mapping_num_blocks_per_user"],
"pba-timeout": module.params["dynamic_mapping_pba_timeout"],
"permit-any-host": module.params["dynamic_mapping_permit_any_host"],
"source-endip": module.params["dynamic_mapping_source_endip"],
"source-startip": module.params["dynamic_mapping_source_startip"],
"startip": module.params["dynamic_mapping_startip"],
"type": module.params["dynamic_mapping_type"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['dynamic_mapping']
paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
paramgram=paramgram, module=module)
# UPDATE THE CHANGED PARAMGRAM
module.paramgram = paramgram
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_fwobj_ippool_modify(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
whitelist=dict(required=False, type="str", choices=["disable", "enable"]),
use_ssl_server=dict(required=False, type="str", choices=["disable", "enable"]),
untrusted_caname=dict(required=False, type="str"),
ssl_exemptions_log=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_anomalies_log=dict(required=False, type="str", choices=["disable", "enable"]),
server_cert_mode=dict(required=False, type="str", choices=["re-sign", "replace"]),
server_cert=dict(required=False, type="str"),
rpc_over_https=dict(required=False, type="str", choices=["disable", "enable"]),
name=dict(required=False, type="str"),
mapi_over_https=dict(required=False, type="str", choices=["disable", "enable"]),
comment=dict(required=False, type="str"),
caname=dict(required=False, type="str"),
ftps=dict(required=False, type="list"),
ftps_allow_invalid_server_cert=dict(required=False, type="str", choices=["disable", "enable"]),
ftps_client_cert_request=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
ftps_ports=dict(required=False, type="str"),
ftps_status=dict(required=False, type="str", choices=["disable", "deep-inspection"]),
ftps_unsupported_ssl=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
ftps_untrusted_cert=dict(required=False, type="str", choices=["allow", "block", "ignore"]),
https=dict(required=False, type="list"),
https_allow_invalid_server_cert=dict(required=False, type="str", choices=["disable", "enable"]),
https_client_cert_request=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
https_ports=dict(required=False, type="str"),
https_status=dict(required=False, type="str", choices=["disable", "certificate-inspection", "deep-inspection"]),
https_unsupported_ssl=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
https_untrusted_cert=dict(required=False, type="str", choices=["allow", "block", "ignore"]),
imaps=dict(required=False, type="list"),
imaps_allow_invalid_server_cert=dict(required=False, type="str", choices=["disable", "enable"]),
imaps_client_cert_request=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
imaps_ports=dict(required=False, type="str"),
imaps_status=dict(required=False, type="str", choices=["disable", "deep-inspection"]),
imaps_unsupported_ssl=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
imaps_untrusted_cert=dict(required=False, type="str", choices=["allow", "block", "ignore"]),
pop3s=dict(required=False, type="list"),
pop3s_allow_invalid_server_cert=dict(required=False, type="str", choices=["disable", "enable"]),
pop3s_client_cert_request=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
pop3s_ports=dict(required=False, type="str"),
pop3s_status=dict(required=False, type="str", choices=["disable", "deep-inspection"]),
pop3s_unsupported_ssl=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
pop3s_untrusted_cert=dict(required=False, type="str", choices=["allow", "block", "ignore"]),
smtps=dict(required=False, type="list"),
smtps_allow_invalid_server_cert=dict(required=False, type="str", choices=["disable", "enable"]),
smtps_client_cert_request=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
smtps_ports=dict(required=False, type="str"),
smtps_status=dict(required=False, type="str", choices=["disable", "deep-inspection"]),
smtps_unsupported_ssl=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
smtps_untrusted_cert=dict(required=False, type="str", choices=["allow", "block", "ignore"]),
ssh=dict(required=False, type="list"),
ssh_inspect_all=dict(required=False, type="str", choices=["disable", "deep-inspection"]),
ssh_ports=dict(required=False, type="str"),
ssh_ssh_algorithm=dict(required=False, type="str", choices=["compatible", "high-encryption"]),
ssh_ssh_policy_check=dict(required=False, type="str", choices=["disable", "enable"]),
ssh_ssh_tun_policy_check=dict(required=False, type="str", choices=["disable", "enable"]),
ssh_status=dict(required=False, type="str", choices=["disable", "deep-inspection"]),
ssh_unsupported_version=dict(required=False, type="str", choices=["block", "bypass"]),
ssl=dict(required=False, type="list"),
ssl_allow_invalid_server_cert=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_client_cert_request=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
ssl_inspect_all=dict(required=False, type="str", choices=["disable", "certificate-inspection",
"deep-inspection"]),
ssl_unsupported_ssl=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
ssl_untrusted_cert=dict(required=False, type="str", choices=["allow", "block", "ignore"]),
ssl_exempt=dict(required=False, type="list"),
ssl_exempt_address=dict(required=False, type="str"),
ssl_exempt_address6=dict(required=False, type="str"),
ssl_exempt_fortiguard_category=dict(required=False, type="str"),
ssl_exempt_regex=dict(required=False, type="str"),
ssl_exempt_type=dict(required=False, type="str", choices=["fortiguard-category", "address", "address6",
"wildcard-fqdn", "regex"]),
ssl_exempt_wildcard_fqdn=dict(required=False, type="str"),
ssl_server=dict(required=False, type="list"),
ssl_server_ftps_client_cert_request=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
ssl_server_https_client_cert_request=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
ssl_server_imaps_client_cert_request=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
ssl_server_ip=dict(required=False, type="str"),
ssl_server_pop3s_client_cert_request=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
ssl_server_smtps_client_cert_request=dict(required=False, type="str", choices=["bypass", "inspect", "block"]),
ssl_server_ssl_other_client_cert_request=dict(required=False, type="str", choices=["bypass", "inspect",
"block"]),
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"whitelist": module.params["whitelist"],
"use-ssl-server": module.params["use_ssl_server"],
"untrusted-caname": module.params["untrusted_caname"],
"ssl-exemptions-log": module.params["ssl_exemptions_log"],
"ssl-anomalies-log": module.params["ssl_anomalies_log"],
"server-cert-mode": module.params["server_cert_mode"],
"server-cert": module.params["server_cert"],
"rpc-over-https": module.params["rpc_over_https"],
"name": module.params["name"],
"mapi-over-https": module.params["mapi_over_https"],
"comment": module.params["comment"],
"caname": module.params["caname"],
"ftps": {
"allow-invalid-server-cert": module.params["ftps_allow_invalid_server_cert"],
"client-cert-request": module.params["ftps_client_cert_request"],
"ports": module.params["ftps_ports"],
"status": module.params["ftps_status"],
"unsupported-ssl": module.params["ftps_unsupported_ssl"],
"untrusted-cert": module.params["ftps_untrusted_cert"],
},
"https": {
"allow-invalid-server-cert": module.params["https_allow_invalid_server_cert"],
"client-cert-request": module.params["https_client_cert_request"],
"ports": module.params["https_ports"],
"status": module.params["https_status"],
"unsupported-ssl": module.params["https_unsupported_ssl"],
"untrusted-cert": module.params["https_untrusted_cert"],
},
"imaps": {
"allow-invalid-server-cert": module.params["imaps_allow_invalid_server_cert"],
"client-cert-request": module.params["imaps_client_cert_request"],
"ports": module.params["imaps_ports"],
"status": module.params["imaps_status"],
"unsupported-ssl": module.params["imaps_unsupported_ssl"],
"untrusted-cert": module.params["imaps_untrusted_cert"],
},
"pop3s": {
"allow-invalid-server-cert": module.params["pop3s_allow_invalid_server_cert"],
"client-cert-request": module.params["pop3s_client_cert_request"],
"ports": module.params["pop3s_ports"],
"status": module.params["pop3s_status"],
"unsupported-ssl": module.params["pop3s_unsupported_ssl"],
"untrusted-cert": module.params["pop3s_untrusted_cert"],
},
"smtps": {
"allow-invalid-server-cert": module.params["smtps_allow_invalid_server_cert"],
"client-cert-request": module.params["smtps_client_cert_request"],
"ports": module.params["smtps_ports"],
"status": module.params["smtps_status"],
"unsupported-ssl": module.params["smtps_unsupported_ssl"],
"untrusted-cert": module.params["smtps_untrusted_cert"],
},
"ssh": {
"inspect-all": module.params["ssh_inspect_all"],
"ports": module.params["ssh_ports"],
"ssh-algorithm": module.params["ssh_ssh_algorithm"],
"ssh-policy-check": module.params["ssh_ssh_policy_check"],
"ssh-tun-policy-check": module.params["ssh_ssh_tun_policy_check"],
"status": module.params["ssh_status"],
"unsupported-version": module.params["ssh_unsupported_version"],
},
"ssl": {
"allow-invalid-server-cert": module.params["ssl_allow_invalid_server_cert"],
"client-cert-request": module.params["ssl_client_cert_request"],
"inspect-all": module.params["ssl_inspect_all"],
"unsupported-ssl": module.params["ssl_unsupported_ssl"],
"untrusted-cert": module.params["ssl_untrusted_cert"],
},
"ssl-exempt": {
"address": module.params["ssl_exempt_address"],
"address6": module.params["ssl_exempt_address6"],
"fortiguard-category": module.params["ssl_exempt_fortiguard_category"],
"regex": module.params["ssl_exempt_regex"],
"type": module.params["ssl_exempt_type"],
"wildcard-fqdn": module.params["ssl_exempt_wildcard_fqdn"],
},
"ssl-server": {
"ftps-client-cert-request": module.params["ssl_server_ftps_client_cert_request"],
"https-client-cert-request": module.params["ssl_server_https_client_cert_request"],
"imaps-client-cert-request": module.params["ssl_server_imaps_client_cert_request"],
"ip": module.params["ssl_server_ip"],
"pop3s-client-cert-request": module.params["ssl_server_pop3s_client_cert_request"],
"smtps-client-cert-request": module.params["ssl_server_smtps_client_cert_request"],
"ssl-other-client-cert-request": module.params["ssl_server_ssl_other_client_cert_request"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['ftps', 'https', 'imaps', 'pop3s', 'smtps', 'ssh', 'ssl', 'ssl-exempt', 'ssl-server']
paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_firewall_ssl_ssh_profile_modify(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
strip_encoding=dict(required=False,
type="str",
choices=["disable", "enable"]),
name=dict(required=False, type="str"),
log_header_change=dict(required=False,
type="str",
choices=["disable", "enable"]),
header_x_forwarded_for=dict(required=False,
type="str",
choices=["pass", "add", "remove"]),
header_x_authenticated_user=dict(required=False,
type="str",
choices=["pass", "add", "remove"]),
header_x_authenticated_groups=dict(required=False,
type="str",
choices=["pass", "add", "remove"]),
header_via_response=dict(required=False,
type="str",
choices=["pass", "add", "remove"]),
header_via_request=dict(required=False,
type="str",
choices=["pass", "add", "remove"]),
header_front_end_https=dict(required=False,
type="str",
choices=["pass", "add", "remove"]),
header_client_ip=dict(required=False,
type="str",
choices=["pass", "add", "remove"]),
headers=dict(required=False, type="list"),
headers_action=dict(required=False,
type="str",
choices=[
"add-to-request", "add-to-response",
"remove-from-request", "remove-from-response"
]),
headers_content=dict(required=False, type="str"),
headers_name=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode":
module.params["mode"],
"adom":
module.params["adom"],
"strip-encoding":
module.params["strip_encoding"],
"name":
module.params["name"],
"log-header-change":
module.params["log_header_change"],
"header-x-forwarded-for":
module.params["header_x_forwarded_for"],
"header-x-authenticated-user":
module.params["header_x_authenticated_user"],
"header-x-authenticated-groups":
module.params["header_x_authenticated_groups"],
"header-via-response":
module.params["header_via_response"],
"header-via-request":
module.params["header_via_request"],
"header-front-end-https":
module.params["header_front_end_https"],
"header-client-ip":
module.params["header_client_ip"],
"headers": {
"action": module.params["headers_action"],
"content": module.params["headers_content"],
"name": module.params["headers_name"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['headers']
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
module.paramgram = paramgram
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_web_proxy_profile_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
name=dict(required=False, type="str"),
comment=dict(required=False, type="str"),
sccp=dict(required=False, type="dict"),
sccp_block_mcast=dict(required=False, type="str", choices=["disable", "enable"]),
sccp_log_call_summary=dict(required=False, type="str", choices=["disable", "enable"]),
sccp_log_violations=dict(required=False, type="str", choices=["disable", "enable"]),
sccp_max_calls=dict(required=False, type="int"),
sccp_status=dict(required=False, type="str", choices=["disable", "enable"]),
sccp_verify_header=dict(required=False, type="str", choices=["disable", "enable"]),
sip=dict(required=False, type="dict"),
sip_ack_rate=dict(required=False, type="int"),
sip_block_ack=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_bye=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_cancel=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_geo_red_options=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_info=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_invite=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_long_lines=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_message=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_notify=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_options=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_prack=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_publish=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_refer=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_register=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_subscribe=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_unknown=dict(required=False, type="str", choices=["disable", "enable"]),
sip_block_update=dict(required=False, type="str", choices=["disable", "enable"]),
sip_bye_rate=dict(required=False, type="int"),
sip_call_keepalive=dict(required=False, type="int"),
sip_cancel_rate=dict(required=False, type="int"),
sip_contact_fixup=dict(required=False, type="str", choices=["disable", "enable"]),
sip_hnt_restrict_source_ip=dict(required=False, type="str", choices=["disable", "enable"]),
sip_hosted_nat_traversal=dict(required=False, type="str", choices=["disable", "enable"]),
sip_info_rate=dict(required=False, type="int"),
sip_invite_rate=dict(required=False, type="int"),
sip_ips_rtp=dict(required=False, type="str", choices=["disable", "enable"]),
sip_log_call_summary=dict(required=False, type="str", choices=["disable", "enable"]),
sip_log_violations=dict(required=False, type="str", choices=["disable", "enable"]),
sip_malformed_header_allow=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_call_id=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_contact=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_content_length=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_content_type=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_cseq=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_expires=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_from=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_max_forwards=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_p_asserted_identity=dict(required=False, type="str", choices=["pass",
"discard",
"respond"]),
sip_malformed_header_rack=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_record_route=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_route=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_rseq=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_sdp_a=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_sdp_b=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_sdp_c=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_sdp_i=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_sdp_k=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_sdp_m=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_sdp_o=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_sdp_r=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_sdp_s=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_sdp_t=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_sdp_v=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_sdp_z=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_to=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_header_via=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_malformed_request_line=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_max_body_length=dict(required=False, type="int"),
sip_max_dialogs=dict(required=False, type="int"),
sip_max_idle_dialogs=dict(required=False, type="int"),
sip_max_line_length=dict(required=False, type="int"),
sip_message_rate=dict(required=False, type="int"),
sip_nat_trace=dict(required=False, type="str", choices=["disable", "enable"]),
sip_no_sdp_fixup=dict(required=False, type="str", choices=["disable", "enable"]),
sip_notify_rate=dict(required=False, type="int"),
sip_open_contact_pinhole=dict(required=False, type="str", choices=["disable", "enable"]),
sip_open_record_route_pinhole=dict(required=False, type="str", choices=["disable", "enable"]),
sip_open_register_pinhole=dict(required=False, type="str", choices=["disable", "enable"]),
sip_open_via_pinhole=dict(required=False, type="str", choices=["disable", "enable"]),
sip_options_rate=dict(required=False, type="int"),
sip_prack_rate=dict(required=False, type="int"),
sip_preserve_override=dict(required=False, type="str", choices=["disable", "enable"]),
sip_provisional_invite_expiry_time=dict(required=False, type="int"),
sip_publish_rate=dict(required=False, type="int"),
sip_refer_rate=dict(required=False, type="int"),
sip_register_contact_trace=dict(required=False, type="str", choices=["disable", "enable"]),
sip_register_rate=dict(required=False, type="int"),
sip_rfc2543_branch=dict(required=False, type="str", choices=["disable", "enable"]),
sip_rtp=dict(required=False, type="str", choices=["disable", "enable"]),
sip_ssl_algorithm=dict(required=False, type="str", choices=["high", "medium", "low"]),
sip_ssl_auth_client=dict(required=False, type="str"),
sip_ssl_auth_server=dict(required=False, type="str"),
sip_ssl_client_certificate=dict(required=False, type="str"),
sip_ssl_client_renegotiation=dict(required=False, type="str", choices=["allow", "deny", "secure"]),
sip_ssl_max_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
sip_ssl_min_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
sip_ssl_mode=dict(required=False, type="str", choices=["off", "full"]),
sip_ssl_pfs=dict(required=False, type="str", choices=["require", "deny", "allow"]),
sip_ssl_send_empty_frags=dict(required=False, type="str", choices=["disable", "enable"]),
sip_ssl_server_certificate=dict(required=False, type="str"),
sip_status=dict(required=False, type="str", choices=["disable", "enable"]),
sip_strict_register=dict(required=False, type="str", choices=["disable", "enable"]),
sip_subscribe_rate=dict(required=False, type="int"),
sip_unknown_header=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
sip_update_rate=dict(required=False, type="int"),
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"name": module.params["name"],
"comment": module.params["comment"],
"sccp": {
"block-mcast": module.params["sccp_block_mcast"],
"log-call-summary": module.params["sccp_log_call_summary"],
"log-violations": module.params["sccp_log_violations"],
"max-calls": module.params["sccp_max_calls"],
"status": module.params["sccp_status"],
"verify-header": module.params["sccp_verify_header"],
},
"sip": {
"ack-rate": module.params["sip_ack_rate"],
"block-ack": module.params["sip_block_ack"],
"block-bye": module.params["sip_block_bye"],
"block-cancel": module.params["sip_block_cancel"],
"block-geo-red-options": module.params["sip_block_geo_red_options"],
"block-info": module.params["sip_block_info"],
"block-invite": module.params["sip_block_invite"],
"block-long-lines": module.params["sip_block_long_lines"],
"block-message": module.params["sip_block_message"],
"block-notify": module.params["sip_block_notify"],
"block-options": module.params["sip_block_options"],
"block-prack": module.params["sip_block_prack"],
"block-publish": module.params["sip_block_publish"],
"block-refer": module.params["sip_block_refer"],
"block-register": module.params["sip_block_register"],
"block-subscribe": module.params["sip_block_subscribe"],
"block-unknown": module.params["sip_block_unknown"],
"block-update": module.params["sip_block_update"],
"bye-rate": module.params["sip_bye_rate"],
"call-keepalive": module.params["sip_call_keepalive"],
"cancel-rate": module.params["sip_cancel_rate"],
"contact-fixup": module.params["sip_contact_fixup"],
"hnt-restrict-source-ip": module.params["sip_hnt_restrict_source_ip"],
"hosted-nat-traversal": module.params["sip_hosted_nat_traversal"],
"info-rate": module.params["sip_info_rate"],
"invite-rate": module.params["sip_invite_rate"],
"ips-rtp": module.params["sip_ips_rtp"],
"log-call-summary": module.params["sip_log_call_summary"],
"log-violations": module.params["sip_log_violations"],
"malformed-header-allow": module.params["sip_malformed_header_allow"],
"malformed-header-call-id": module.params["sip_malformed_header_call_id"],
"malformed-header-contact": module.params["sip_malformed_header_contact"],
"malformed-header-content-length": module.params["sip_malformed_header_content_length"],
"malformed-header-content-type": module.params["sip_malformed_header_content_type"],
"malformed-header-cseq": module.params["sip_malformed_header_cseq"],
"malformed-header-expires": module.params["sip_malformed_header_expires"],
"malformed-header-from": module.params["sip_malformed_header_from"],
"malformed-header-max-forwards": module.params["sip_malformed_header_max_forwards"],
"malformed-header-p-asserted-identity": module.params["sip_malformed_header_p_asserted_identity"],
"malformed-header-rack": module.params["sip_malformed_header_rack"],
"malformed-header-record-route": module.params["sip_malformed_header_record_route"],
"malformed-header-route": module.params["sip_malformed_header_route"],
"malformed-header-rseq": module.params["sip_malformed_header_rseq"],
"malformed-header-sdp-a": module.params["sip_malformed_header_sdp_a"],
"malformed-header-sdp-b": module.params["sip_malformed_header_sdp_b"],
"malformed-header-sdp-c": module.params["sip_malformed_header_sdp_c"],
"malformed-header-sdp-i": module.params["sip_malformed_header_sdp_i"],
"malformed-header-sdp-k": module.params["sip_malformed_header_sdp_k"],
"malformed-header-sdp-m": module.params["sip_malformed_header_sdp_m"],
"malformed-header-sdp-o": module.params["sip_malformed_header_sdp_o"],
"malformed-header-sdp-r": module.params["sip_malformed_header_sdp_r"],
"malformed-header-sdp-s": module.params["sip_malformed_header_sdp_s"],
"malformed-header-sdp-t": module.params["sip_malformed_header_sdp_t"],
"malformed-header-sdp-v": module.params["sip_malformed_header_sdp_v"],
"malformed-header-sdp-z": module.params["sip_malformed_header_sdp_z"],
"malformed-header-to": module.params["sip_malformed_header_to"],
"malformed-header-via": module.params["sip_malformed_header_via"],
"malformed-request-line": module.params["sip_malformed_request_line"],
"max-body-length": module.params["sip_max_body_length"],
"max-dialogs": module.params["sip_max_dialogs"],
"max-idle-dialogs": module.params["sip_max_idle_dialogs"],
"max-line-length": module.params["sip_max_line_length"],
"message-rate": module.params["sip_message_rate"],
"nat-trace": module.params["sip_nat_trace"],
"no-sdp-fixup": module.params["sip_no_sdp_fixup"],
"notify-rate": module.params["sip_notify_rate"],
"open-contact-pinhole": module.params["sip_open_contact_pinhole"],
"open-record-route-pinhole": module.params["sip_open_record_route_pinhole"],
"open-register-pinhole": module.params["sip_open_register_pinhole"],
"open-via-pinhole": module.params["sip_open_via_pinhole"],
"options-rate": module.params["sip_options_rate"],
"prack-rate": module.params["sip_prack_rate"],
"preserve-override": module.params["sip_preserve_override"],
"provisional-invite-expiry-time": module.params["sip_provisional_invite_expiry_time"],
"publish-rate": module.params["sip_publish_rate"],
"refer-rate": module.params["sip_refer_rate"],
"register-contact-trace": module.params["sip_register_contact_trace"],
"register-rate": module.params["sip_register_rate"],
"rfc2543-branch": module.params["sip_rfc2543_branch"],
"rtp": module.params["sip_rtp"],
"ssl-algorithm": module.params["sip_ssl_algorithm"],
"ssl-auth-client": module.params["sip_ssl_auth_client"],
"ssl-auth-server": module.params["sip_ssl_auth_server"],
"ssl-client-certificate": module.params["sip_ssl_client_certificate"],
"ssl-client-renegotiation": module.params["sip_ssl_client_renegotiation"],
"ssl-max-version": module.params["sip_ssl_max_version"],
"ssl-min-version": module.params["sip_ssl_min_version"],
"ssl-mode": module.params["sip_ssl_mode"],
"ssl-pfs": module.params["sip_ssl_pfs"],
"ssl-send-empty-frags": module.params["sip_ssl_send_empty_frags"],
"ssl-server-certificate": module.params["sip_ssl_server_certificate"],
"status": module.params["sip_status"],
"strict-register": module.params["sip_strict_register"],
"subscribe-rate": module.params["sip_subscribe_rate"],
"unknown-header": module.params["sip_unknown_header"],
"update-rate": module.params["sip_update_rate"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['sccp', 'sip']
paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
paramgram=paramgram, module=module)
module.paramgram = paramgram
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_voip_profile_modify(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
object=dict(required=True,
type="str",
choices=["device", "cluster_nodes", "task", "custom"]),
custom_endpoint=dict(required=False, type="str"),
custom_dict=dict(required=False, type="dict"),
device_ip=dict(required=False, type="str"),
device_unique_name=dict(required=False, type="str"),
device_serial=dict(required=False, type="str"),
nodes=dict(required=False, type="list"),
task_id=dict(required=False, type="str"))
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
paramgram = {
"adom": module.params["adom"],
"object": module.params["object"],
"device_ip": module.params["device_ip"],
"device_unique_name": module.params["device_unique_name"],
"device_serial": module.params["device_serial"],
"nodes": module.params["nodes"],
"task_id": module.params["task_id"],
"custom_endpoint": module.params["custom_endpoint"],
"custom_dict": module.params["custom_dict"]
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
results = DEFAULT_RESULT_OBJ
try:
# IF OBJECT IS DEVICE
if paramgram["object"] == "device" and any(v is not None for v in [
paramgram["device_unique_name"], paramgram["device_serial"],
paramgram["device_ip"]
]):
results = fmgr_get_device(fmgr, paramgram)
if results[0] not in [0]:
module.fail_json(msg="Device query failed!")
elif len(results[1]) == 0:
module.exit_json(msg="Device NOT FOUND!")
else:
module.exit_json(msg="Device Found", **results[1][0])
except Exception as err:
raise FMGBaseException(err)
try:
# IF OBJECT IS CLUSTER_NODES
if paramgram["object"] == "cluster_nodes" and paramgram[
"nodes"] is not None:
results = fmgr_get_cluster_nodes(fmgr, paramgram)
if results["cluster_status"] == "MISSING":
module.exit_json(msg="No cluster device found!", **results)
elif results["query_status"] == "good":
module.exit_json(msg="Cluster Found - Showing Nodes",
**results)
elif results is None:
module.fail_json(
msg="Query FAILED -- Check module or playbook syntax")
except Exception as err:
raise FMGBaseException(err)
try:
# IF OBJECT IS TASK
if paramgram["object"] == "task":
results = fmgr_get_task_status(fmgr, paramgram)
if results[0] != 0:
module.fail_json(**results[1])
if results[0] == 0:
module.exit_json(**results[1])
except Exception as err:
raise FMGBaseException(err)
try:
# IF OBJECT IS CUSTOM
if paramgram["object"] == "custom":
results = fmgr_get_custom(fmgr, paramgram)
if results[0] != 0:
module.fail_json(
msg=
"QUERY FAILED -- Please check syntax check JSON guide if needed."
)
if results[0] == 0:
results_len = len(results[1])
if results_len > 0:
results_combine = dict()
if isinstance(results[1], dict):
results_combine["results"] = results[1]
if isinstance(results[1], list):
results_combine["results"] = results[1][0:results_len]
module.exit_json(msg="Custom Query Success",
**results_combine)
else:
module.exit_json(msg="NO RESULTS")
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
youtube_restrict=dict(required=False,
type="str",
choices=["strict", "moderate"]),
sdns_ftgd_err_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
sdns_domain_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
safe_search=dict(required=False,
type="str",
choices=["disable", "enable"]),
redirect_portal=dict(required=False, type="str"),
name=dict(required=False, type="str"),
log_all_domain=dict(required=False,
type="str",
choices=["disable", "enable"]),
external_ip_blocklist=dict(required=False, type="str"),
comment=dict(required=False, type="str"),
block_botnet=dict(required=False,
type="str",
choices=["disable", "enable"]),
block_action=dict(required=False,
type="str",
choices=["block", "redirect"]),
domain_filter_domain_filter_table=dict(required=False, type="str"),
ftgd_dns_options=dict(required=False,
type="str",
choices=["error-allow", "ftgd-disable"]),
ftgd_dns_filters_action=dict(required=False,
type="str",
choices=["monitor", "block"]),
ftgd_dns_filters_category=dict(required=False, type="str"),
ftgd_dns_filters_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"youtube-restrict": module.params["youtube_restrict"],
"sdns-ftgd-err-log": module.params["sdns_ftgd_err_log"],
"sdns-domain-log": module.params["sdns_domain_log"],
"safe-search": module.params["safe_search"],
"redirect-portal": module.params["redirect_portal"],
"name": module.params["name"],
"log-all-domain": module.params["log_all_domain"],
"external-ip-blocklist": module.params["external_ip_blocklist"],
"comment": module.params["comment"],
"block-botnet": module.params["block_botnet"],
"block-action": module.params["block_action"],
"domain-filter": {
"domain-filter-table":
module.params["domain_filter_domain_filter_table"],
},
"ftgd-dns": {
"options": module.params["ftgd_dns_options"],
"filters": {
"action": module.params["ftgd_dns_filters_action"],
"category": module.params["ftgd_dns_filters_category"],
"log": module.params["ftgd_dns_filters_log"],
}
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_dnsfilter_profile_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
mode=dict(required=False,
type="str",
choices=['add', 'set', 'delete'],
default="add"),
app_category=dict(required=False, type="str"),
app_service_type=dict(required=False, type="str"),
application=dict(required=False, type="str"),
category=dict(required=False, type="str"),
check_reset_range=dict(required=False, type="str"),
color=dict(required=False, type="int", default=22),
comment=dict(required=False, type="str"),
custom_type=dict(required=False,
type="str",
choices=[
'tcp_udp_sctp', 'icmp', 'icmp6', 'ip', 'http',
'ftp', 'connect', 'socks_tcp', 'socks_udp', 'all'
],
default="all"),
explicit_proxy=dict(required=False,
type="str",
choices=['enable', 'disable'],
default="disable"),
fqdn=dict(required=False, type="str", default=""),
group_name=dict(required=False, type="str"),
group_member=dict(required=False, type="str"),
icmp_code=dict(required=False, type="int"),
icmp_type=dict(required=False, type="int"),
iprange=dict(required=False, type="str", default="0.0.0.0"),
name=dict(required=False, type="str"),
protocol=dict(required=False, type="str"),
protocol_number=dict(required=False, type="int"),
sctp_portrange=dict(required=False, type="str"),
session_ttl=dict(required=False, type="int", default=0),
object_type=dict(required=False,
type="str",
choices=['custom', 'group', 'category']),
tcp_halfclose_timer=dict(required=False, type="int", default=0),
tcp_halfopen_timer=dict(required=False, type="int", default=0),
tcp_portrange=dict(required=False, type="str"),
tcp_timewait_timer=dict(required=False, type="int", default=0),
udp_idle_timer=dict(required=False, type="int", default=0),
udp_portrange=dict(required=False, type="str"),
visibility=dict(required=False,
type="str",
default="enable",
choices=["enable", "disable"]),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE DATAGRAM
paramgram = {
"adom": module.params["adom"],
"app-category": module.params["app_category"],
"app-service-type": module.params["app_service_type"],
"application": module.params["application"],
"category": module.params["category"],
"check-reset-range": module.params["check_reset_range"],
"color": module.params["color"],
"comment": module.params["comment"],
"custom_type": module.params["custom_type"],
"explicit-proxy": module.params["explicit_proxy"],
"fqdn": module.params["fqdn"],
"group-name": module.params["group_name"],
"group-member": module.params["group_member"],
"icmp_code": module.params["icmp_code"],
"icmp_type": module.params["icmp_type"],
"iprange": module.params["iprange"],
"name": module.params["name"],
"mode": module.params["mode"],
"protocol": module.params["protocol"],
"protocol-number": module.params["protocol_number"],
"sctp-portrange": module.params["sctp_portrange"],
"object_type": module.params["object_type"],
"session-ttl": module.params["session_ttl"],
"tcp-halfclose-timer": module.params["tcp_halfclose_timer"],
"tcp-halfopen-timer": module.params["tcp_halfopen_timer"],
"tcp-portrange": module.params["tcp_portrange"],
"tcp-timewait-timer": module.params["tcp_timewait_timer"],
"udp-idle-timer": module.params["udp_idle_timer"],
"udp-portrange": module.params["udp_portrange"],
"visibility": module.params["visibility"],
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
results = DEFAULT_RESULT_OBJ
try:
# CHECK FOR CATEGORIES TO ADD
# THIS IS ONLY WHEN OBJECT_TYPE ISN'T SPECIFICALLY ADDING A CATEGORY!
# WE NEED TO ADD THE CATEGORY BEFORE ADDING THE OBJECT
# IF ANY category ARE DEFINED AND MODE IS ADD OR SET LETS ADD THOSE
# THIS IS A "BLIND ADD" AND THE EXIT CODE FOR OBJECT ALREADY EXISTS IS TREATED AS A PASS
if paramgram["category"] is not None and paramgram["mode"] in ['add', 'set'] \
and paramgram["object_type"] != "category":
category_add = fmgr_fwobj_service_category(fmgr, paramgram)
fmgr.govern_response(module=module,
results=category_add,
ansible_facts=fmgr.construct_ansible_facts(
category_add, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
try:
# IF OBJECT_TYPE IS CATEGORY...
if paramgram["object_type"] == 'category':
results = fmgr_fwobj_service_category(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
good_codes=[0, -2, -3],
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
try:
# IF OBJECT_TYPE IS CUSTOM...
if paramgram["object_type"] == 'custom':
results = fmgr_fwobj_service_custom(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
good_codes=[0, -2, -3],
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
try:
# IF OBJECT_TYPE IS GROUP...
if paramgram["object_type"] == 'group':
results = fmgr_fwobj_service_group(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
good_codes=[0, -2, -3],
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
host=dict(required=True, type="str"),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"])),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]),
no_log=True),
ignore_ssl_errors=dict(required=False,
type="str",
choices=["enable", "disable"],
default="enable"),
export_json_to_screen=dict(required=False,
type="str",
choices=["enable", "disable"],
default="enable"),
export_json_to_file_path=dict(required=False, type="str"),
export_xml_to_file_path=dict(required=False, type="str"),
export_csv_to_file_path=dict(required=False, type="str"),
mode=dict(required=False,
type="str",
choices=["short_all", "ip_range", "detailed_single"],
default="short_all"),
ip_range=dict(required=False, type="str"),
ip=dict(required=False, type="str"))
required_if = [
['mode', 'ip_range', ['ip_range']],
['mode', 'detailed_single', ['ip']],
]
module = AnsibleModule(argument_spec,
supports_check_mode=False,
required_if=required_if)
paramgram = {
"host": module.params["host"],
"username": module.params["username"],
"password": module.params["password"],
"export_json_to_screen": module.params["export_json_to_screen"],
"export_json_to_file_path": module.params["export_json_to_file_path"],
"export_xml_to_file_path": module.params["export_xml_to_file_path"],
"export_csv_to_file_path": module.params["export_csv_to_file_path"],
"ignore_ssl_errors": module.params["ignore_ssl_errors"],
"mode": module.params["mode"],
"uri": None
}
# DETERMINE THE MODE AND ADD THE CORRECT DATA TO THE PARAMGRAM
if paramgram["mode"] == "short_all":
paramgram["uri"] = FSMEndpoints.GET_CMDB_SHORT
elif paramgram["mode"] == "ip_range":
paramgram[
"uri"] = FSMEndpoints.GET_CMDB_IPRANGE + module.params["ip_range"]
elif paramgram["mode"] == "detailed_single":
paramgram[
"uri"] = FSMEndpoints.GET_CMDB_DETAILED_SINGLE + module.params[
"ip"] + "&loadDepend=true"
if paramgram["uri"] is None:
raise FSMBaseException(
"Base URI couldn't be constructed. Check options.")
module.paramgram = paramgram
# TRY TO INIT THE CONNECTION SOCKET PATH AND FortiManagerHandler OBJECT AND TOOLS
fsm = None
results = DEFAULT_EXIT_MSG
try:
fsm = FortiSIEMHandler(module)
except BaseException as err:
raise FSMBaseException(
"Couldn't load FortiSIEM Handler from mod_utils. Error: " +
str(err))
# EXECUTE THE MODULE OPERATION
try:
results = fsm.handle_simple_request()
except BaseException as err:
raise FSMBaseException(err)
# EXIT USING GOVERN_RESPONSE()
fsm.govern_response(module=module,
results=results,
changed=False,
ansible_facts=fsm.construct_ansible_facts(
results["json_results"], module.params, paramgram))
return module.exit_json(msg=results)
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
mode=dict(choices=["add", "set", "delete"], type="str", default="add"),
name=dict(required=False, type="str"),
object_type=dict(required=True,
type="str",
choices=['pkg', 'folder', 'install']),
package_folder=dict(required=False, type="str"),
central_nat=dict(required=False,
type="str",
default="disable",
choices=['enable', 'disable']),
fwpolicy_implicit_log=dict(required=False,
type="str",
default="disable",
choices=['enable', 'disable']),
fwpolicy6_implicit_log=dict(required=False,
type="str",
default="disable",
choices=['enable', 'disable']),
inspection_mode=dict(required=False,
type="str",
default="flow",
choices=['flow', 'proxy']),
ngfw_mode=dict(required=False,
type="str",
default="profile-based",
choices=['profile-based', 'policy-based']),
ssl_ssh_profile=dict(required=False, type="str"),
scope_members=dict(required=False, type="str"),
scope_members_vdom=dict(required=False, type="str", default="root"),
parent_folder=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE DATAGRAM
paramgram = {
"adom": module.params["adom"],
"name": module.params["name"],
"mode": module.params["mode"],
"object_type": module.params["object_type"],
"package-folder": module.params["package_folder"],
"central-nat": module.params["central_nat"],
"fwpolicy-implicit-log": module.params["fwpolicy_implicit_log"],
"fwpolicy6-implicit-log": module.params["fwpolicy6_implicit_log"],
"inspection-mode": module.params["inspection_mode"],
"ngfw-mode": module.params["ngfw_mode"],
"ssl-ssh-profile": module.params["ssl_ssh_profile"],
"scope_members": module.params["scope_members"],
"scope_members_vdom": module.params["scope_members_vdom"],
"parent_folder": module.params["parent_folder"],
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
# BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION
results = DEFAULT_RESULT_OBJ
try:
if paramgram["object_type"] == "pkg":
results = fmgr_fwpol_package(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
try:
# IF THE object_type IS FOLDER LETS RUN THAT METHOD
if paramgram["object_type"] == "folder":
results = fmgr_fwpol_package_folder(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
try:
# IF THE object_type IS INSTALL AND NEEDED PARAMETERS ARE DEFINED INSTALL THE PACKAGE
if paramgram["scope_members"] is not None and paramgram["name"] is not None and\
paramgram["object_type"] == "install":
results = fmgr_fwpol_package_install(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
vdom=dict(required=False, type="str", default="root"),
mode=dict(choices=["add", "execute", "set", "delete"],
type="str",
default="add"),
script_name=dict(required=True, type="str"),
script_type=dict(required=False, type="str"),
script_target=dict(required=False, type="str"),
script_description=dict(required=False, type="str"),
script_content=dict(required=False, type="str"),
script_scope=dict(required=False, type="str"),
script_package=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
paramgram = {
"script_name": module.params["script_name"],
"script_type": module.params["script_type"],
"script_target": module.params["script_target"],
"script_description": module.params["script_description"],
"script_content": module.params["script_content"],
"script_scope": module.params["script_scope"],
"script_package": module.params["script_package"],
"adom": module.params["adom"],
"vdom": module.params["vdom"],
"mode": module.params["mode"],
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
results = DEFAULT_RESULT_OBJ
try:
if paramgram["mode"] in ['add', 'set']:
results = set_script(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
msg="Operation Finished",
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, module.params))
except Exception as err:
raise FMGBaseException(err)
try:
if paramgram["mode"] == "execute":
results = execute_script(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
msg="Operation Finished",
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, module.params))
except Exception as err:
raise FMGBaseException(err)
try:
if paramgram["mode"] == "delete":
results = delete_script(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
msg="Operation Finished",
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, module.params))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
mode=dict(choices=["add", "delete", "promote"],
type="str",
default="add"),
device_ip=dict(required=False, type="str"),
device_username=dict(required=False, type="str"),
device_password=dict(required=False, type="str", no_log=True),
device_unique_name=dict(required=False, type="str"),
device_serial=dict(required=False, type="str"),
os_type=dict(required=False,
type="str",
choices=[
"unknown", "fos", "fsw", "foc", "fml", "faz", "fwb",
"fch", "fct", "log", "fmg", "fsa", "fdd", "fac"
]),
mgmt_mode=dict(required=False,
type="str",
choices=["unreg", "fmg", "faz", "fmgfaz"]),
os_minor_vers=dict(required=False, type="str"),
os_ver=dict(required=False,
type="str",
choices=[
"unknown", "0.0", "1.0", "2.0", "3.0", "4.0", "5.0",
"6.0"
]),
platform_str=dict(required=False, type="str"),
faz_quota=dict(required=False, type="str"))
required_if = [['mode', 'delete', ['device_unique_name']],
[
'mode', 'add',
[
'device_serial', 'device_username',
'device_password', 'device_unique_name',
'device_ip', 'mgmt_mode', 'platform_str'
]
]]
module = AnsibleModule(
argument_spec,
supports_check_mode=True,
required_if=required_if,
)
# START SESSION LOGIC
paramgram = {
"adom": module.params["adom"],
"mode": module.params["mode"],
"ip": module.params["device_ip"],
"device_username": module.params["device_username"],
"device_password": module.params["device_password"],
"device_unique_name": module.params["device_unique_name"],
"sn": module.params["device_serial"],
"os_type": module.params["os_type"],
"mgmt_mode": module.params["mgmt_mode"],
"os_minor_vers": module.params["os_minor_vers"],
"os_ver": module.params["os_ver"],
"platform_str": module.params["platform_str"],
"faz.quota": module.params["faz_quota"],
"device_action": None
}
# INSERT THE PARAMGRAM INTO THE MODULE SO WHEN WE PASS IT TO MOD_UTILS.FortiManagerHandler IT HAS THAT INFO
if paramgram["mode"] == "add":
paramgram["device_action"] = "add_model"
elif paramgram["mode"] == "promote":
paramgram["device_action"] = "promote_unreg"
module.paramgram = paramgram
# TRY TO INIT THE CONNECTION SOCKET PATH AND FortiManagerHandler OBJECT AND TOOLS
faz = None
if module._socket_path:
connection = Connection(module._socket_path)
faz = FortiAnalyzerHandler(connection, module)
faz.tools = FAZCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
# BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION
results = DEFAULT_RESULT_OBJ
try:
if paramgram["mode"] == "add":
results = faz_add_device(faz, paramgram)
except BaseException as err:
raise FAZBaseException(
msg="An error occurred trying to add the device. Error: " +
str(err))
try:
if paramgram["mode"] == "promote":
if paramgram["ip"] is not None:
results = faz_approve_unregistered_device_by_ip(faz, paramgram)
elif paramgram["device_unique_name"] is not None:
results = faz_approve_unregistered_device_by_name(
faz, paramgram)
except BaseException as err:
raise FAZBaseException(
msg="An error occurred trying to promote the device. Error: " +
str(err))
try:
if paramgram["mode"] == "delete":
results = faz_delete_device(faz, paramgram)
except BaseException as err:
raise FAZBaseException(
msg="An error occurred trying to delete the device. Error: " +
str(err))
# PROCESS RESULTS
try:
faz.govern_response(module=module,
results=results,
ansible_facts=faz.construct_ansible_facts(
results, module.params, paramgram))
except BaseException as err:
raise FAZBaseException(
msg="An error occurred with govern_response(). Error: " + str(err))
# This should only be hit if faz.govern_response is missed or failed somehow. In fact. It should never be hit.
# But it's here JIC.
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
unknown_application_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
unknown_application_action=dict(required=False,
type="str",
choices=["pass", "block"]),
replacemsg_group=dict(required=False, type="str"),
p2p_black_list=dict(required=False,
type="str",
choices=["skype", "edonkey", "bittorrent"]),
other_application_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
other_application_action=dict(required=False,
type="str",
choices=["pass", "block"]),
options=dict(required=False,
type="str",
choices=[
"allow-dns", "allow-icmp", "allow-http", "allow-ssl",
"allow-quic"
]),
name=dict(required=False, type="str"),
extended_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
deep_app_inspection=dict(required=False,
type="str",
choices=["disable", "enable"]),
comment=dict(required=False, type="str"),
app_replacemsg=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries=dict(required=False, type="list"),
entries_action=dict(required=False,
type="str",
choices=["pass", "block", "reset"]),
entries_application=dict(required=False, type="str"),
entries_behavior=dict(required=False, type="str"),
entries_category=dict(required=False, type="str"),
entries_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries_log_packet=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries_per_ip_shaper=dict(required=False, type="str"),
entries_popularity=dict(required=False,
type="str",
choices=["1", "2", "3", "4", "5"]),
entries_protocols=dict(required=False, type="str"),
entries_quarantine=dict(required=False,
type="str",
choices=["none", "attacker"]),
entries_quarantine_expiry=dict(required=False, type="str"),
entries_quarantine_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
entries_rate_count=dict(required=False, type="int"),
entries_rate_duration=dict(required=False, type="int"),
entries_rate_mode=dict(required=False,
type="str",
choices=["periodical", "continuous"]),
entries_rate_track=dict(required=False,
type="str",
choices=[
"none", "src-ip", "dest-ip",
"dhcp-client-mac", "dns-domain"
]),
entries_risk=dict(required=False, type="str"),
entries_session_ttl=dict(required=False, type="int"),
entries_shaper=dict(required=False, type="str"),
entries_shaper_reverse=dict(required=False, type="str"),
entries_sub_category=dict(required=False, type="str"),
entries_technology=dict(required=False, type="str"),
entries_vendor=dict(required=False, type="str"),
entries_parameters_value=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"unknown-application-log": module.params["unknown_application_log"],
"unknown-application-action":
module.params["unknown_application_action"],
"replacemsg-group": module.params["replacemsg_group"],
"p2p-black-list": module.params["p2p_black_list"],
"other-application-log": module.params["other_application_log"],
"other-application-action": module.params["other_application_action"],
"options": module.params["options"],
"name": module.params["name"],
"extended-log": module.params["extended_log"],
"deep-app-inspection": module.params["deep_app_inspection"],
"comment": module.params["comment"],
"app-replacemsg": module.params["app_replacemsg"],
"entries": {
"action": module.params["entries_action"],
"application": module.params["entries_application"],
"behavior": module.params["entries_behavior"],
"category": module.params["entries_category"],
"log": module.params["entries_log"],
"log-packet": module.params["entries_log_packet"],
"per-ip-shaper": module.params["entries_per_ip_shaper"],
"popularity": module.params["entries_popularity"],
"protocols": module.params["entries_protocols"],
"quarantine": module.params["entries_quarantine"],
"quarantine-expiry": module.params["entries_quarantine_expiry"],
"quarantine-log": module.params["entries_quarantine_log"],
"rate-count": module.params["entries_rate_count"],
"rate-duration": module.params["entries_rate_duration"],
"rate-mode": module.params["entries_rate_mode"],
"rate-track": module.params["entries_rate_track"],
"risk": module.params["entries_risk"],
"session-ttl": module.params["entries_session_ttl"],
"shaper": module.params["entries_shaper"],
"shaper-reverse": module.params["entries_shaper_reverse"],
"sub-category": module.params["entries_sub_category"],
"technology": module.params["entries_technology"],
"vendor": module.params["entries_vendor"],
"parameters": {
"value": module.params["entries_parameters_value"],
}
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['entries']
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_application_list_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
host=dict(required=True, type="str"),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"])),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]), no_log=True),
ignore_ssl_errors=dict(required=False, type="str", choices=["enable", "disable"], default="enable"),
export_json_to_screen=dict(required=False, type="str", choices=["enable", "disable"], default="enable"),
export_json_to_file_path=dict(required=False, type="str"),
export_xml_to_file_path=dict(required=False, type="str"),
export_csv_to_file_path=dict(required=False, type="str"),
mode=dict(required=False, type="str",
choices=["get", "set", "update", "delete", "add"], default="get"),
uri=dict(required=True, type="str"),
payload_file=dict(required=False, type="str", default=None)
)
module = AnsibleModule(argument_spec, supports_check_mode=False, )
paramgram = {
"host": module.params["host"],
"username": module.params["username"],
"password": module.params["password"],
"export_json_to_screen": module.params["export_json_to_screen"],
"export_json_to_file_path": module.params["export_json_to_file_path"],
"export_xml_to_file_path": module.params["export_xml_to_file_path"],
"export_csv_to_file_path": module.params["export_csv_to_file_path"],
"ignore_ssl_errors": module.params["ignore_ssl_errors"],
"mode": module.params["mode"],
"uri": module.params["uri"],
"payload_file": module.params["payload_file"],
"input_xml": None
}
module.paramgram = paramgram
# TRY TO INIT THE CONNECTION SOCKET PATH AND FortiManagerHandler OBJECT AND TOOLS
fsm = None
results = DEFAULT_EXIT_MSG
try:
fsm = FortiSIEMHandler(module)
except BaseException as err:
raise FSMBaseException("Couldn't load FortiSIEM Handler from mod_utils. Error: " + str(err))
if paramgram["payload_file"]:
paramgram["input_xml"] = fsm.get_file_contents(paramgram["payload_file"])
try:
results = fsm.handle_simple_payload_request(paramgram["input_xml"])
except BaseException as err:
raise FSMBaseException(err)
else:
try:
results = fsm.handle_simple_request()
except BaseException as err:
raise FSMBaseException(err)
# EXIT USING GOVERN_RESPONSE()
fsm.govern_response(module=module, results=results, changed=False,
ansible_facts=fsm.construct_ansible_facts(results["json_results"],
module.params,
paramgram))
return module.exit_json(msg=results)
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
package_name=dict(type="str", required=False, default="default"),
fail_on_missing_dependency=dict(type="str", required=False, default="disable", choices=["enable",
"disable"]),
wsso=dict(required=False, type="str", choices=["disable", "enable"]),
webfilter_profile=dict(required=False, type="str"),
webcache_https=dict(required=False, type="str", choices=["disable", "enable"]),
webcache=dict(required=False, type="str", choices=["disable", "enable"]),
wccp=dict(required=False, type="str", choices=["disable", "enable"]),
wanopt_profile=dict(required=False, type="str"),
wanopt_peer=dict(required=False, type="str"),
wanopt_passive_opt=dict(required=False, type="str", choices=["default", "transparent", "non-transparent"]),
wanopt_detection=dict(required=False, type="str", choices=["active", "passive", "off"]),
wanopt=dict(required=False, type="str", choices=["disable", "enable"]),
waf_profile=dict(required=False, type="str"),
vpntunnel=dict(required=False, type="str"),
voip_profile=dict(required=False, type="str"),
vlan_filter=dict(required=False, type="str"),
vlan_cos_rev=dict(required=False, type="int"),
vlan_cos_fwd=dict(required=False, type="int"),
utm_status=dict(required=False, type="str", choices=["disable", "enable"]),
users=dict(required=False, type="str"),
url_category=dict(required=False, type="str"),
traffic_shaper_reverse=dict(required=False, type="str"),
traffic_shaper=dict(required=False, type="str"),
timeout_send_rst=dict(required=False, type="str", choices=["disable", "enable"]),
tcp_session_without_syn=dict(required=False, type="str", choices=["all", "data-only", "disable"]),
tcp_mss_sender=dict(required=False, type="int"),
tcp_mss_receiver=dict(required=False, type="int"),
status=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_ssh_profile=dict(required=False, type="str"),
ssl_mirror_intf=dict(required=False, type="str"),
ssl_mirror=dict(required=False, type="str", choices=["disable", "enable"]),
ssh_filter_profile=dict(required=False, type="str"),
srcintf=dict(required=False, type="str"),
srcaddr_negate=dict(required=False, type="str", choices=["disable", "enable"]),
srcaddr=dict(required=False, type="str"),
spamfilter_profile=dict(required=False, type="str"),
session_ttl=dict(required=False, type="int"),
service_negate=dict(required=False, type="str", choices=["disable", "enable"]),
service=dict(required=False, type="str"),
send_deny_packet=dict(required=False, type="str", choices=["disable", "enable"]),
schedule_timeout=dict(required=False, type="str", choices=["disable", "enable"]),
schedule=dict(required=False, type="str"),
scan_botnet_connections=dict(required=False, type="str", choices=["disable", "block", "monitor"]),
rtp_nat=dict(required=False, type="str", choices=["disable", "enable"]),
rtp_addr=dict(required=False, type="str"),
rsso=dict(required=False, type="str", choices=["disable", "enable"]),
replacemsg_override_group=dict(required=False, type="str"),
redirect_url=dict(required=False, type="str"),
radius_mac_auth_bypass=dict(required=False, type="str", choices=["disable", "enable"]),
profile_type=dict(required=False, type="str", choices=["single", "group"]),
profile_protocol_options=dict(required=False, type="str"),
profile_group=dict(required=False, type="str"),
poolname=dict(required=False, type="str"),
policyid=dict(required=False, type="str"),
permit_stun_host=dict(required=False, type="str", choices=["disable", "enable"]),
permit_any_host=dict(required=False, type="str", choices=["disable", "enable"]),
per_ip_shaper=dict(required=False, type="str"),
outbound=dict(required=False, type="str", choices=["disable", "enable"]),
ntlm_guest=dict(required=False, type="str", choices=["disable", "enable"]),
ntlm_enabled_browsers=dict(required=False, type="str"),
ntlm=dict(required=False, type="str", choices=["disable", "enable"]),
np_acceleration=dict(required=False, type="str", choices=["disable", "enable"]),
natoutbound=dict(required=False, type="str", choices=["disable", "enable"]),
natip=dict(required=False, type="str"),
natinbound=dict(required=False, type="str", choices=["disable", "enable"]),
nat=dict(required=False, type="str", choices=["disable", "enable"]),
name=dict(required=False, type="str"),
mms_profile=dict(required=False, type="str"),
match_vip=dict(required=False, type="str", choices=["disable", "enable"]),
logtraffic_start=dict(required=False, type="str", choices=["disable", "enable"]),
logtraffic=dict(required=False, type="str", choices=["disable", "all", "utm"]),
learning_mode=dict(required=False, type="str", choices=["disable", "enable"]),
label=dict(required=False, type="str"),
ips_sensor=dict(required=False, type="str"),
ippool=dict(required=False, type="str", choices=["disable", "enable"]),
internet_service_src_negate=dict(required=False, type="str", choices=["disable", "enable"]),
internet_service_src_id=dict(required=False, type="str"),
internet_service_src_custom=dict(required=False, type="str"),
internet_service_src=dict(required=False, type="str", choices=["disable", "enable"]),
internet_service_negate=dict(required=False, type="str", choices=["disable", "enable"]),
internet_service_id=dict(required=False, type="str"),
internet_service_custom=dict(required=False, type="str"),
internet_service=dict(required=False, type="str", choices=["disable", "enable"]),
inbound=dict(required=False, type="str", choices=["disable", "enable"]),
identity_based_route=dict(required=False, type="str"),
icap_profile=dict(required=False, type="str"),
gtp_profile=dict(required=False, type="str"),
groups=dict(required=False, type="str"),
global_label=dict(required=False, type="str"),
fsso_agent_for_ntlm=dict(required=False, type="str"),
fsso=dict(required=False, type="str", choices=["disable", "enable"]),
fixedport=dict(required=False, type="str", choices=["disable", "enable"]),
firewall_session_dirty=dict(required=False, type="str", choices=["check-all", "check-new"]),
dstintf=dict(required=False, type="str"),
dstaddr_negate=dict(required=False, type="str", choices=["disable", "enable"]),
dstaddr=dict(required=False, type="str"),
dsri=dict(required=False, type="str", choices=["disable", "enable"]),
dscp_value=dict(required=False, type="str"),
dscp_negate=dict(required=False, type="str", choices=["disable", "enable"]),
dscp_match=dict(required=False, type="str", choices=["disable", "enable"]),
dnsfilter_profile=dict(required=False, type="str"),
dlp_sensor=dict(required=False, type="str"),
disclaimer=dict(required=False, type="str", choices=["disable", "enable"]),
diffservcode_rev=dict(required=False, type="str"),
diffservcode_forward=dict(required=False, type="str"),
diffserv_reverse=dict(required=False, type="str", choices=["disable", "enable"]),
diffserv_forward=dict(required=False, type="str", choices=["disable", "enable"]),
devices=dict(required=False, type="str"),
delay_tcp_npu_session=dict(required=False, type="str", choices=["disable", "enable"]),
custom_log_fields=dict(required=False, type="str"),
comments=dict(required=False, type="str"),
capture_packet=dict(required=False, type="str", choices=["disable", "enable"]),
captive_portal_exempt=dict(required=False, type="str", choices=["disable", "enable"]),
block_notification=dict(required=False, type="str", choices=["disable", "enable"]),
av_profile=dict(required=False, type="str"),
auto_asic_offload=dict(required=False, type="str", choices=["disable", "enable"]),
auth_redirect_addr=dict(required=False, type="str"),
auth_path=dict(required=False, type="str", choices=["disable", "enable"]),
auth_cert=dict(required=False, type="str"),
application_list=dict(required=False, type="str"),
application=dict(required=False, type="str"),
app_group=dict(required=False, type="str"),
app_category=dict(required=False, type="str"),
action=dict(required=False, type="str", choices=["deny", "accept", "ipsec"]),
vpn_dst_node=dict(required=False, type="list"),
vpn_dst_node_host=dict(required=False, type="str"),
vpn_dst_node_seq=dict(required=False, type="str"),
vpn_dst_node_subnet=dict(required=False, type="str"),
vpn_src_node=dict(required=False, type="list"),
vpn_src_node_host=dict(required=False, type="str"),
vpn_src_node_seq=dict(required=False, type="str"),
vpn_src_node_subnet=dict(required=False, type="str"),
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"package_name": module.params["package_name"],
"wsso": module.params["wsso"],
"webfilter-profile": module.params["webfilter_profile"],
"webcache-https": module.params["webcache_https"],
"webcache": module.params["webcache"],
"wccp": module.params["wccp"],
"wanopt-profile": module.params["wanopt_profile"],
"wanopt-peer": module.params["wanopt_peer"],
"wanopt-passive-opt": module.params["wanopt_passive_opt"],
"wanopt-detection": module.params["wanopt_detection"],
"wanopt": module.params["wanopt"],
"waf-profile": module.params["waf_profile"],
"vpntunnel": module.params["vpntunnel"],
"voip-profile": module.params["voip_profile"],
"vlan-filter": module.params["vlan_filter"],
"vlan-cos-rev": module.params["vlan_cos_rev"],
"vlan-cos-fwd": module.params["vlan_cos_fwd"],
"utm-status": module.params["utm_status"],
"users": module.params["users"],
"url-category": module.params["url_category"],
"traffic-shaper-reverse": module.params["traffic_shaper_reverse"],
"traffic-shaper": module.params["traffic_shaper"],
"timeout-send-rst": module.params["timeout_send_rst"],
"tcp-session-without-syn": module.params["tcp_session_without_syn"],
"tcp-mss-sender": module.params["tcp_mss_sender"],
"tcp-mss-receiver": module.params["tcp_mss_receiver"],
"status": module.params["status"],
"ssl-ssh-profile": module.params["ssl_ssh_profile"],
"ssl-mirror-intf": module.params["ssl_mirror_intf"],
"ssl-mirror": module.params["ssl_mirror"],
"ssh-filter-profile": module.params["ssh_filter_profile"],
"srcintf": module.params["srcintf"],
"srcaddr-negate": module.params["srcaddr_negate"],
"srcaddr": module.params["srcaddr"],
"spamfilter-profile": module.params["spamfilter_profile"],
"session-ttl": module.params["session_ttl"],
"service-negate": module.params["service_negate"],
"service": module.params["service"],
"send-deny-packet": module.params["send_deny_packet"],
"schedule-timeout": module.params["schedule_timeout"],
"schedule": module.params["schedule"],
"scan-botnet-connections": module.params["scan_botnet_connections"],
"rtp-nat": module.params["rtp_nat"],
"rtp-addr": module.params["rtp_addr"],
"rsso": module.params["rsso"],
"replacemsg-override-group": module.params["replacemsg_override_group"],
"redirect-url": module.params["redirect_url"],
"radius-mac-auth-bypass": module.params["radius_mac_auth_bypass"],
"profile-type": module.params["profile_type"],
"profile-protocol-options": module.params["profile_protocol_options"],
"profile-group": module.params["profile_group"],
"poolname": module.params["poolname"],
"policyid": module.params["policyid"],
"permit-stun-host": module.params["permit_stun_host"],
"permit-any-host": module.params["permit_any_host"],
"per-ip-shaper": module.params["per_ip_shaper"],
"outbound": module.params["outbound"],
"ntlm-guest": module.params["ntlm_guest"],
"ntlm-enabled-browsers": module.params["ntlm_enabled_browsers"],
"ntlm": module.params["ntlm"],
"np-acceleration": module.params["np_acceleration"],
"natoutbound": module.params["natoutbound"],
"natip": module.params["natip"],
"natinbound": module.params["natinbound"],
"nat": module.params["nat"],
"name": module.params["name"],
"mms-profile": module.params["mms_profile"],
"match-vip": module.params["match_vip"],
"logtraffic-start": module.params["logtraffic_start"],
"logtraffic": module.params["logtraffic"],
"learning-mode": module.params["learning_mode"],
"label": module.params["label"],
"ips-sensor": module.params["ips_sensor"],
"ippool": module.params["ippool"],
"internet-service-src-negate": module.params["internet_service_src_negate"],
"internet-service-src-id": module.params["internet_service_src_id"],
"internet-service-src-custom": module.params["internet_service_src_custom"],
"internet-service-src": module.params["internet_service_src"],
"internet-service-negate": module.params["internet_service_negate"],
"internet-service-id": module.params["internet_service_id"],
"internet-service-custom": module.params["internet_service_custom"],
"internet-service": module.params["internet_service"],
"inbound": module.params["inbound"],
"identity-based-route": module.params["identity_based_route"],
"icap-profile": module.params["icap_profile"],
"gtp-profile": module.params["gtp_profile"],
"groups": module.params["groups"],
"global-label": module.params["global_label"],
"fsso-agent-for-ntlm": module.params["fsso_agent_for_ntlm"],
"fsso": module.params["fsso"],
"fixedport": module.params["fixedport"],
"firewall-session-dirty": module.params["firewall_session_dirty"],
"dstintf": module.params["dstintf"],
"dstaddr-negate": module.params["dstaddr_negate"],
"dstaddr": module.params["dstaddr"],
"dsri": module.params["dsri"],
"dscp-value": module.params["dscp_value"],
"dscp-negate": module.params["dscp_negate"],
"dscp-match": module.params["dscp_match"],
"dnsfilter-profile": module.params["dnsfilter_profile"],
"dlp-sensor": module.params["dlp_sensor"],
"disclaimer": module.params["disclaimer"],
"diffservcode-rev": module.params["diffservcode_rev"],
"diffservcode-forward": module.params["diffservcode_forward"],
"diffserv-reverse": module.params["diffserv_reverse"],
"diffserv-forward": module.params["diffserv_forward"],
"devices": module.params["devices"],
"delay-tcp-npu-session": module.params["delay_tcp_npu_session"],
"custom-log-fields": module.params["custom_log_fields"],
"comments": module.params["comments"],
"capture-packet": module.params["capture_packet"],
"captive-portal-exempt": module.params["captive_portal_exempt"],
"block-notification": module.params["block_notification"],
"av-profile": module.params["av_profile"],
"auto-asic-offload": module.params["auto_asic_offload"],
"auth-redirect-addr": module.params["auth_redirect_addr"],
"auth-path": module.params["auth_path"],
"auth-cert": module.params["auth_cert"],
"application-list": module.params["application_list"],
"application": module.params["application"],
"app-group": module.params["app_group"],
"app-category": module.params["app_category"],
"action": module.params["action"],
"vpn_dst_node": {
"host": module.params["vpn_dst_node_host"],
"seq": module.params["vpn_dst_node_seq"],
"subnet": module.params["vpn_dst_node_subnet"],
},
"vpn_src_node": {
"host": module.params["vpn_src_node_host"],
"seq": module.params["vpn_src_node_seq"],
"subnet": module.params["vpn_src_node_subnet"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['vpn_dst_node', 'vpn_src_node']
paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
paramgram=paramgram, module=module)
# BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION
results = DEFAULT_RESULT_OBJ
try:
if paramgram["mode"] == "delete":
# WE NEED TO GET THE POLICY ID FROM THE NAME OF THE POLICY TO DELETE IT
url = '/pm/config/adom/{adom}/pkg/{pkg}/firewall' \
'/policy/'.format(adom=paramgram["adom"],
pkg=paramgram["package_name"])
datagram = {
"filter": ["name", "==", paramgram["name"]]
}
response = fmgr.process_request(url, datagram, FMGRMethods.GET)
try:
if response[1][0]["policyid"]:
policy_id = response[1][0]["policyid"]
paramgram["policyid"] = policy_id
except BaseException:
fmgr.return_response(module=module, results=response, good_codes=[0, ], stop_on_success=True,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram),
msg="Couldn't find policy ID number for policy name specified.")
except Exception as err:
raise FMGBaseException(err)
try:
results = fmgr_firewall_policy_modify(fmgr, paramgram)
if module.params["fail_on_missing_dependency"] == "disable":
fmgr.govern_response(module=module, results=results, good_codes=[0, -9998],
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
if module.params["fail_on_missing_dependency"] == "enable" and results[0] == -10131:
fmgr.govern_response(module=module, results=results, good_codes=[0, ], failed=True, skipped=False,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
webfilter_profile=dict(required=False, type="str"),
waf_profile=dict(required=False, type="str"),
voip_profile=dict(required=False, type="str"),
ssl_ssh_profile=dict(required=False, type="str"),
ssh_filter_profile=dict(required=False, type="str"),
spamfilter_profile=dict(required=False, type="str"),
profile_protocol_options=dict(required=False, type="str"),
name=dict(required=False, type="str"),
mms_profile=dict(required=False, type="str"),
ips_sensor=dict(required=False, type="str"),
icap_profile=dict(required=False, type="str"),
dnsfilter_profile=dict(required=False, type="str"),
dlp_sensor=dict(required=False, type="str"),
av_profile=dict(required=False, type="str"),
application_list=dict(required=False, type="str"),
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"webfilter-profile": module.params["webfilter_profile"],
"waf-profile": module.params["waf_profile"],
"voip-profile": module.params["voip_profile"],
"ssl-ssh-profile": module.params["ssl_ssh_profile"],
"ssh-filter-profile": module.params["ssh_filter_profile"],
"spamfilter-profile": module.params["spamfilter_profile"],
"profile-protocol-options": module.params["profile_protocol_options"],
"name": module.params["name"],
"mms-profile": module.params["mms_profile"],
"ips-sensor": module.params["ips_sensor"],
"icap-profile": module.params["icap_profile"],
"dnsfilter-profile": module.params["dnsfilter_profile"],
"dlp-sensor": module.params["dlp_sensor"],
"av-profile": module.params["av_profile"],
"application-list": module.params["application_list"],
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_firewall_profile_group_modify(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
youtube_channel_status=dict(
required=False,
type="str",
choices=["disable", "blacklist", "whitelist"]),
wisp_servers=dict(required=False, type="str"),
wisp_algorithm=dict(
required=False,
type="str",
choices=["auto-learning", "primary-secondary", "round-robin"]),
wisp=dict(required=False, type="str", choices=["disable", "enable"]),
web_url_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_invalid_domain_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_ftgd_quota_usage=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_ftgd_err_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_vbs_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_unknown_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_referer_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_jscript_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_js_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_cookie_removal_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_cookie_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_command_block_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_applet_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_filter_activex_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_extended_all_action_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_content_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
replacemsg_group=dict(required=False, type="str"),
post_action=dict(required=False,
type="str",
choices=["normal", "block"]),
ovrd_perm=dict(required=False,
type="list",
choices=[
"bannedword-override", "urlfilter-override",
"fortiguard-wf-override",
"contenttype-check-override"
]),
options=dict(required=False,
type="list",
choices=[
"block-invalid-url", "jscript", "js", "vbs",
"unknown", "wf-referer", "intrinsic", "wf-cookie",
"per-user-bwl", "activexfilter", "cookiefilter",
"javafilter"
]),
name=dict(required=False, type="str"),
log_all_url=dict(required=False,
type="str",
choices=["disable", "enable"]),
inspection_mode=dict(required=False,
type="str",
choices=["proxy", "flow-based"]),
https_replacemsg=dict(required=False,
type="str",
choices=["disable", "enable"]),
extended_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
comment=dict(required=False, type="str"),
ftgd_wf=dict(required=False, type="list"),
ftgd_wf_exempt_quota=dict(required=False, type="str"),
ftgd_wf_max_quota_timeout=dict(required=False, type="int"),
ftgd_wf_options=dict(required=False,
type="str",
choices=[
"error-allow", "rate-server-ip",
"connect-request-bypass", "ftgd-disable"
]),
ftgd_wf_ovrd=dict(required=False, type="str"),
ftgd_wf_rate_crl_urls=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_rate_css_urls=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_rate_image_urls=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_rate_javascript_urls=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_filters_action=dict(
required=False,
type="str",
choices=["block", "monitor", "warning", "authenticate"]),
ftgd_wf_filters_auth_usr_grp=dict(required=False, type="str"),
ftgd_wf_filters_category=dict(required=False, type="str"),
ftgd_wf_filters_log=dict(required=False,
type="str",
choices=["disable", "enable"]),
ftgd_wf_filters_override_replacemsg=dict(required=False, type="str"),
ftgd_wf_filters_warn_duration=dict(required=False, type="str"),
ftgd_wf_filters_warning_duration_type=dict(
required=False, type="str", choices=["session", "timeout"]),
ftgd_wf_filters_warning_prompt=dict(
required=False, type="str", choices=["per-domain",
"per-category"]),
ftgd_wf_quota_category=dict(required=False, type="str"),
ftgd_wf_quota_duration=dict(required=False, type="str"),
ftgd_wf_quota_override_replacemsg=dict(required=False, type="str"),
ftgd_wf_quota_type=dict(required=False,
type="str",
choices=["time", "traffic"]),
ftgd_wf_quota_unit=dict(required=False,
type="str",
choices=["B", "KB", "MB", "GB"]),
ftgd_wf_quota_value=dict(required=False, type="int"),
override=dict(required=False, type="list"),
override_ovrd_cookie=dict(required=False,
type="str",
choices=["deny", "allow"]),
override_ovrd_dur=dict(required=False, type="str"),
override_ovrd_dur_mode=dict(required=False,
type="str",
choices=["constant", "ask"]),
override_ovrd_scope=dict(
required=False,
type="str",
choices=["user", "user-group", "ip", "ask", "browser"]),
override_ovrd_user_group=dict(required=False, type="str"),
override_profile=dict(required=False, type="str"),
override_profile_attribute=dict(
required=False,
type="list",
choices=[
"User-Name", "NAS-IP-Address", "Framed-IP-Address",
"Framed-IP-Netmask", "Filter-Id", "Login-IP-Host",
"Reply-Message", "Callback-Number", "Callback-Id",
"Framed-Route", "Framed-IPX-Network", "Class",
"Called-Station-Id", "Calling-Station-Id", "NAS-Identifier",
"Proxy-State", "Login-LAT-Service", "Login-LAT-Node",
"Login-LAT-Group", "Framed-AppleTalk-Zone", "Acct-Session-Id",
"Acct-Multi-Session-Id"
]),
override_profile_type=dict(required=False,
type="str",
choices=["list", "radius"]),
url_extraction=dict(required=False, type="list"),
url_extraction_redirect_header=dict(required=False, type="str"),
url_extraction_redirect_no_content=dict(required=False,
type="str",
choices=["disable", "enable"]),
url_extraction_redirect_url=dict(required=False, type="str"),
url_extraction_server_fqdn=dict(required=False, type="str"),
url_extraction_status=dict(required=False,
type="str",
choices=["disable", "enable"]),
web=dict(required=False, type="list"),
web_blacklist=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_bword_table=dict(required=False, type="str"),
web_bword_threshold=dict(required=False, type="int"),
web_content_header_list=dict(required=False, type="str"),
web_keyword_match=dict(required=False, type="str"),
web_log_search=dict(required=False,
type="str",
choices=["disable", "enable"]),
web_safe_search=dict(required=False,
type="str",
choices=["url", "header"]),
web_urlfilter_table=dict(required=False, type="str"),
web_whitelist=dict(required=False,
type="list",
choices=[
"exempt-av", "exempt-webcontent",
"exempt-activex-java-cookie", "exempt-dlp",
"exempt-rangeblock", "extended-log-others"
]),
web_youtube_restrict=dict(required=False,
type="str",
choices=["strict", "none", "moderate"]),
youtube_channel_filter=dict(required=False, type="list"),
youtube_channel_filter_channel_id=dict(required=False, type="str"),
youtube_channel_filter_comment=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# MODULE PARAMGRAM
paramgram = {
"mode":
module.params["mode"],
"adom":
module.params["adom"],
"youtube-channel-status":
module.params["youtube_channel_status"],
"wisp-servers":
module.params["wisp_servers"],
"wisp-algorithm":
module.params["wisp_algorithm"],
"wisp":
module.params["wisp"],
"web-url-log":
module.params["web_url_log"],
"web-invalid-domain-log":
module.params["web_invalid_domain_log"],
"web-ftgd-quota-usage":
module.params["web_ftgd_quota_usage"],
"web-ftgd-err-log":
module.params["web_ftgd_err_log"],
"web-filter-vbs-log":
module.params["web_filter_vbs_log"],
"web-filter-unknown-log":
module.params["web_filter_unknown_log"],
"web-filter-referer-log":
module.params["web_filter_referer_log"],
"web-filter-jscript-log":
module.params["web_filter_jscript_log"],
"web-filter-js-log":
module.params["web_filter_js_log"],
"web-filter-cookie-removal-log":
module.params["web_filter_cookie_removal_log"],
"web-filter-cookie-log":
module.params["web_filter_cookie_log"],
"web-filter-command-block-log":
module.params["web_filter_command_block_log"],
"web-filter-applet-log":
module.params["web_filter_applet_log"],
"web-filter-activex-log":
module.params["web_filter_activex_log"],
"web-extended-all-action-log":
module.params["web_extended_all_action_log"],
"web-content-log":
module.params["web_content_log"],
"replacemsg-group":
module.params["replacemsg_group"],
"post-action":
module.params["post_action"],
"ovrd-perm":
module.params["ovrd_perm"],
"options":
module.params["options"],
"name":
module.params["name"],
"log-all-url":
module.params["log_all_url"],
"inspection-mode":
module.params["inspection_mode"],
"https-replacemsg":
module.params["https_replacemsg"],
"extended-log":
module.params["extended_log"],
"comment":
module.params["comment"],
"ftgd-wf": {
"exempt-quota": module.params["ftgd_wf_exempt_quota"],
"max-quota-timeout": module.params["ftgd_wf_max_quota_timeout"],
"options": module.params["ftgd_wf_options"],
"ovrd": module.params["ftgd_wf_ovrd"],
"rate-crl-urls": module.params["ftgd_wf_rate_crl_urls"],
"rate-css-urls": module.params["ftgd_wf_rate_css_urls"],
"rate-image-urls": module.params["ftgd_wf_rate_image_urls"],
"rate-javascript-urls":
module.params["ftgd_wf_rate_javascript_urls"],
"filters": {
"action":
module.params["ftgd_wf_filters_action"],
"auth-usr-grp":
module.params["ftgd_wf_filters_auth_usr_grp"],
"category":
module.params["ftgd_wf_filters_category"],
"log":
module.params["ftgd_wf_filters_log"],
"override-replacemsg":
module.params["ftgd_wf_filters_override_replacemsg"],
"warn-duration":
module.params["ftgd_wf_filters_warn_duration"],
"warning-duration-type":
module.params["ftgd_wf_filters_warning_duration_type"],
"warning-prompt":
module.params["ftgd_wf_filters_warning_prompt"],
},
"quota": {
"category":
module.params["ftgd_wf_quota_category"],
"duration":
module.params["ftgd_wf_quota_duration"],
"override-replacemsg":
module.params["ftgd_wf_quota_override_replacemsg"],
"type":
module.params["ftgd_wf_quota_type"],
"unit":
module.params["ftgd_wf_quota_unit"],
"value":
module.params["ftgd_wf_quota_value"],
},
},
"override": {
"ovrd-cookie": module.params["override_ovrd_cookie"],
"ovrd-dur": module.params["override_ovrd_dur"],
"ovrd-dur-mode": module.params["override_ovrd_dur_mode"],
"ovrd-scope": module.params["override_ovrd_scope"],
"ovrd-user-group": module.params["override_ovrd_user_group"],
"profile": module.params["override_profile"],
"profile-attribute": module.params["override_profile_attribute"],
"profile-type": module.params["override_profile_type"],
},
"url-extraction": {
"redirect-header":
module.params["url_extraction_redirect_header"],
"redirect-no-content":
module.params["url_extraction_redirect_no_content"],
"redirect-url":
module.params["url_extraction_redirect_url"],
"server-fqdn":
module.params["url_extraction_server_fqdn"],
"status":
module.params["url_extraction_status"],
},
"web": {
"blacklist": module.params["web_blacklist"],
"bword-table": module.params["web_bword_table"],
"bword-threshold": module.params["web_bword_threshold"],
"content-header-list": module.params["web_content_header_list"],
"keyword-match": module.params["web_keyword_match"],
"log-search": module.params["web_log_search"],
"safe-search": module.params["web_safe_search"],
"urlfilter-table": module.params["web_urlfilter_table"],
"whitelist": module.params["web_whitelist"],
"youtube-restrict": module.params["web_youtube_restrict"],
},
"youtube-channel-filter": {
"channel-id": module.params["youtube_channel_filter_channel_id"],
"comment": module.params["youtube_channel_filter_comment"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = [
'ftgd-wf', 'override', 'url-extraction', 'web',
'youtube-channel-filter'
]
paramgram = fmgr.tools.paramgram_child_list_override(
list_overrides=list_overrides, paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_webfilter_profile_modify(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
fmgr_ha_mode=dict(required=False, type="str", choices=["standalone", "master", "slave"]),
fmgr_ha_cluster_pw=dict(required=False, type="str", no_log=True),
fmgr_ha_peer_status=dict(required=False, type="str", choices=["enable", "disable"]),
fmgr_ha_peer_sn=dict(required=False, type="str"),
fmgr_ha_peer_ipv4=dict(required=False, type="str"),
fmgr_ha_peer_ipv6=dict(required=False, type="str"),
fmgr_ha_hb_threshold=dict(required=False, type="int", default=3),
fmgr_ha_hb_interval=dict(required=False, type="int", default=5),
fmgr_ha_file_quota=dict(required=False, type="int", default=4096),
fmgr_ha_cluster_id=dict(required=False, type="int", default=1)
)
required_if = [
['fmgr_ha_peer_ipv4', 'present', ['fmgr_ha_peer_sn', 'fmgr_ha_peer_status']],
['fmgr_ha_peer_ipv6', 'present', ['fmgr_ha_peer_sn', 'fmgr_ha_peer_status']],
['fmgr_ha_mode', 'master', ['fmgr_ha_cluster_pw', 'fmgr_ha_cluster_id']],
['fmgr_ha_mode', 'slave', ['fmgr_ha_cluster_pw', 'fmgr_ha_cluster_id']],
]
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, required_if=required_if)
paramgram = {
"fmgr_ha_mode": module.params["fmgr_ha_mode"],
"fmgr_ha_cluster_pw": module.params["fmgr_ha_cluster_pw"],
"fmgr_ha_peer_status": module.params["fmgr_ha_peer_status"],
"fmgr_ha_peer_sn": module.params["fmgr_ha_peer_sn"],
"fmgr_ha_peer_ipv4": module.params["fmgr_ha_peer_ipv4"],
"fmgr_ha_peer_ipv6": module.params["fmgr_ha_peer_ipv6"],
"fmgr_ha_hb_threshold": module.params["fmgr_ha_hb_threshold"],
"fmgr_ha_hb_interval": module.params["fmgr_ha_hb_interval"],
"fmgr_ha_file_quota": module.params["fmgr_ha_file_quota"],
"fmgr_ha_cluster_id": module.params["fmgr_ha_cluster_id"],
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
# INIT FLAGS AND COUNTERS
get_ha_peers = 0
results = DEFAULT_RESULT_OBJ
try:
if any(v is not None for v in (paramgram["fmgr_ha_peer_sn"], paramgram["fmgr_ha_peer_ipv4"],
paramgram["fmgr_ha_peer_ipv6"], paramgram["fmgr_ha_peer_status"])):
get_ha_peers = 1
except Exception as err:
raise FMGBaseException(err)
try:
# IF HA MODE IS NOT NULL, SWITCH THAT
if paramgram["fmgr_ha_mode"] is not None:
if (str.lower(paramgram["fmgr_ha_mode"]) != "standalone" and paramgram["fmgr_ha_cluster_pw"] is not None)\
or str.lower(paramgram["fmgr_ha_mode"]) == "standalone":
results = fmgr_set_ha_mode(fmgr, paramgram)
fmgr.govern_response(module=module, results=results, stop_on_success=False,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
elif str.lower(paramgram["fmgr_ha_mode"]) != "standalone" and\
paramgram["fmgr_ha_mode"] is not None and\
paramgram["fmgr_ha_cluster_pw"] is None:
module.exit_json(msg="If setting HA Mode of MASTER or SLAVE, you must specify a cluster password")
except Exception as err:
raise FMGBaseException(err)
# IF GET_HA_PEERS IS ENABLED, LETS PROCESS THE PEERS
try:
if get_ha_peers == 1:
# GET THE CURRENT LIST OF PEERS FROM THE NODE
peers = fmgr_get_ha_peer_list(fmgr)
# GET LENGTH OF RETURNED PEERS LIST AND ADD ONE FOR THE NEXT ID
paramgram["next_peer_id"] = len(peers[1]) + 1
# SET THE ACTUAL NUMBER OF PEERS
num_of_peers = len(peers[1])
# SET THE PEER ID FOR DISABLE METHOD
paramgram["peer_id"] = len(peers) - 1
# SET THE PEER LOOPCOUNT TO 1 TO START THE LOOP
peer_loopcount = 1
# LOOP THROUGH PEERS TO FIND THE SERIAL NUMBER MATCH TO GET THE RIGHT PEER ID
# IDEA BEING WE DON'T WANT TO SUBMIT A BAD peer_id THAT DOESN'T JIVE WITH CURRENT DB ON FMG
# SO LETS SEARCH FOR IT, AND IF WE FIND IT, WE WILL CHANGE THE PEER ID VARIABLES TO MATCH
# IF NOT FOUND, LIFE GOES ON AND WE ASSUME THAT WE'RE ADDING A PEER
# AT WHICH POINT THE next_peer_id VARIABLE WILL HAVE THE RIGHT PRIMARY KEY
if paramgram["fmgr_ha_peer_sn"] is not None:
while peer_loopcount <= num_of_peers:
# GET THE SERIAL NUMBER FOR CURRENT PEER IN LOOP TO COMPARE TO SN IN PLAYBOOK
try:
sn_compare = peers[1][peer_loopcount - 1]["serial-number"]
# IF THE SN IN THE PEERS MATCHES THE PLAYBOOK SN, SET THE IDS
if sn_compare == paramgram["fmgr_ha_peer_sn"]:
paramgram["peer_id"] = peer_loopcount
paramgram["next_peer_id"] = paramgram["peer_id"]
except Exception as err:
raise FMGBaseException(err)
# ADVANCE THE LOOP AND REPEAT UNTIL DONE
peer_loopcount += 1
# IF THE PEER STATUS ISN'T IN THE PLAYBOOK, ASSUME ITS ENABLE
if paramgram["fmgr_ha_peer_status"] is None:
paramgram["fmgr_ha_peer_status"] = "enable"
# IF THE PEER STATUS IS ENABLE, USE THE next_peer_id IN THE API CALL FOR THE ID
if paramgram["fmgr_ha_peer_status"] == "enable":
results = fmgr_set_ha_peer(fmgr, paramgram)
fmgr.govern_response(module=module, results=results, stop_on_success=True,
ansible_facts=fmgr.construct_ansible_facts(results,
module.params, paramgram))
# IF THE PEER STATUS IS DISABLE, WE HAVE TO HANDLE THAT A BIT DIFFERENTLY
# JUST USING TWO DIFFERENT peer_id 's HERE
if paramgram["fmgr_ha_peer_status"] == "disable":
results = fmgr_set_ha_peer(fmgr, paramgram)
fmgr.govern_response(module=module, results=results, stop_on_success=True,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(adom=dict(required=False, type="str", default="root"),
mode=dict(choices=["add", "delete"],
type="str",
default="add"),
blind_add=dict(choices=["enable", "disable"],
type="str",
default="disable"),
device_ip=dict(required=False, type="str"),
device_username=dict(required=False, type="str"),
device_password=dict(required=False,
type="str",
no_log=True),
device_unique_name=dict(required=True, type="str"),
device_serial=dict(required=False, type="str"))
# BUILD MODULE OBJECT SO WE CAN BUILD THE PARAMGRAM
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
# BUILD THE PARAMGRAM
paramgram = {
"device_ip": module.params["device_ip"],
"device_username": module.params["device_username"],
"device_password": module.params["device_password"],
"device_unique_name": module.params["device_unique_name"],
"device_serial": module.params["device_serial"],
"adom": module.params["adom"],
"mode": module.params["mode"]
}
# INSERT THE PARAMGRAM INTO THE MODULE SO WHEN WE PASS IT TO MOD_UTILS.FortiManagerHandler IT HAS THAT INFO
module.paramgram = paramgram
# TRY TO INIT THE CONNECTION SOCKET PATH AND FortiManagerHandler OBJECT AND TOOLS
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
# BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION
results = DEFAULT_RESULT_OBJ
try:
if paramgram["mode"] == "add":
# CHECK IF DEVICE EXISTS
if module.params["blind_add"] == "disable":
exists_results = get_device(fmgr, paramgram)
fmgr.govern_response(
module=module,
results=exists_results,
good_codes=(0, -3),
changed=False,
ansible_facts=fmgr.construct_ansible_facts(
exists_results, module.params, paramgram))
discover_results = discover_device(fmgr, paramgram)
fmgr.govern_response(module=module,
results=discover_results,
stop_on_success=False,
ansible_facts=fmgr.construct_ansible_facts(
discover_results, module.params,
paramgram))
if discover_results[0] == 0:
results = add_device(fmgr, paramgram)
fmgr.govern_response(
module=module,
results=discover_results,
stop_on_success=True,
changed_if_success=True,
ansible_facts=fmgr.construct_ansible_facts(
discover_results, module.params, paramgram))
if paramgram["mode"] == "delete":
results = delete_device(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
adom=dict(required=False, type="str", default="root"),
vdom=dict(required=False, type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"],
type="str",
default="add"),
grp_desc=dict(required=False, type="str"),
grp_name=dict(required=True, type="str"),
grp_members=dict(required=False, type="str"),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
)
paramgram = {
"mode": module.params["mode"],
"grp_name": module.params["grp_name"],
"grp_desc": module.params["grp_desc"],
"grp_members": module.params["grp_members"],
"adom": module.params["adom"],
"vdom": module.params["vdom"]
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
# BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION
results = DEFAULT_RESULT_OBJ
try:
# PROCESS THE GROUP ADDS FIRST
if paramgram["grp_name"] is not None and paramgram["mode"] in [
"add", "set", "update"
]:
# add device group
results = add_device_group(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
# PROCESS THE GROUP MEMBER ADDS
if paramgram["grp_members"] is not None and paramgram["mode"] in [
"add", "set", "update"
]:
# assign devices to device group
results = add_group_member(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
# PROCESS THE GROUP MEMBER DELETES
if paramgram["grp_members"] is not None and paramgram[
"mode"] == "delete":
# remove devices grom a group
results = delete_group_member(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
# PROCESS THE GROUP DELETES, ONLY IF GRP_MEMBERS IS NOT NULL TOO
if paramgram["grp_name"] is not None and paramgram[
"mode"] == "delete" and paramgram["grp_members"] is None:
# delete device group
results = delete_device_group(fmgr, paramgram)
fmgr.govern_response(module=module,
results=results,
ansible_facts=fmgr.construct_ansible_facts(
results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
def main():
argument_spec = dict(
host=dict(required=True, type="str"),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"])),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]), no_log=True),
ignore_ssl_errors=dict(required=False, type="str", choices=["enable", "disable"], default="enable"),
export_json_to_screen=dict(required=False, type="str", choices=["enable", "disable"], default="enable"),
export_json_to_file_path=dict(required=False, type="str"),
export_xml_to_file_path=dict(required=False, type="str"),
export_csv_to_file_path=dict(required=False, type="str"),
mode=dict(required=False, type="str",
choices=["add", "update", "get"], default="get"),
ip_range=dict(required=False, type="str"),
access_id=dict(required=False, type="str"),
input_xml_file=dict(required=False, type="str"),
access_protocol=dict(required=False, type="str", choices=['ftp', 'ftp_over_ssl',
'imap', 'imap_over_ssl', 'jdbc', 'jmx', 'kafka_api',
'pop3', 'pop3_over_ssl', 'smtp', 'smtp_over_ssl',
'smtp_over_tls', 'ssh', 'telnet', 'vm_sdk']),
friendly_name=dict(required=False, type="str"),
description=dict(required=False, type="str"),
pull_interval=dict(required=False, type="str", default="5"),
cred_username=dict(required=False, type="str"),
cred_password=dict(required=False, type="str", no_log=True),
super_password=dict(required=False, type="str", no_log=True),
port=dict(required=False, type="str"),
)
module = AnsibleModule(argument_spec, supports_check_mode=False, )
paramgram = {
"host": module.params["host"],
"username": module.params["username"],
"password": module.params["password"],
"export_json_to_screen": module.params["export_json_to_screen"],
"export_json_to_file_path": module.params["export_json_to_file_path"],
"export_xml_to_file_path": module.params["export_xml_to_file_path"],
"export_csv_to_file_path": module.params["export_csv_to_file_path"],
"ignore_ssl_errors": module.params["ignore_ssl_errors"],
"mode": module.params["mode"],
"uri": None,
"input_xml": None,
"ip_range": module.params["ip_range"],
"access_id": module.params["access_id"],
"password_type": "Manual",
"input_xml_file": module.params["input_xml_file"],
"access_protocol": module.params["access_protocol"],
"friendly_name": module.params["friendly_name"],
"description": module.params["description"],
"pull_interval": module.params["pull_interval"],
"cred_username": module.params["cred_username"],
"cred_password": module.params["cred_password"],
"super_password": module.params["super_password"],
"port": module.params["port"],
}
# DETERMINE THE MODE AND ADD THE CORRECT DATA TO THE PARAMGRAM
if paramgram["mode"] in ["add", "update"]:
paramgram["uri"] = FSMEndpoints.SET_CREDS
elif paramgram["mode"] == "get":
paramgram["uri"] = FSMEndpoints.GET_CREDS
if paramgram["uri"] is None:
raise FSMBaseException("Base URI couldn't be constructed. Check options.")
if not paramgram["port"]:
if paramgram["access_protocol"] == "ftp":
paramgram["port"] = "21"
if paramgram["access_protocol"] == "ftp_over_ssl":
paramgram["port"] = "990"
if paramgram["access_protocol"] == "imap":
paramgram["port"] = "143"
if paramgram["access_protocol"] == "imap_over_ssl":
paramgram["port"] = "993"
if paramgram["access_protocol"] == "jdbc":
paramgram["port"] = "1433"
if paramgram["access_protocol"] == "jmx":
paramgram["port"] = "0"
if paramgram["access_protocol"] == "pop3":
paramgram["port"] = "110"
if paramgram["access_protocol"] == "pop3_over_ssl":
paramgram["port"] = "995"
if paramgram["access_protocol"] == "smtp":
paramgram["port"] = "25"
if paramgram["access_protocol"] == "smtp_over_ssl":
paramgram["port"] = "465"
if paramgram["access_protocol"] == "smtp_over_tls":
paramgram["port"] = "465"
if paramgram["access_protocol"] == "ssh":
paramgram["port"] = "22"
if paramgram["access_protocol"] == "telnet":
paramgram["port"] = "23"
if paramgram["access_protocol"] == "vm_sdk":
paramgram["port"] = None
module.paramgram = paramgram
# TRY TO INIT THE CONNECTION SOCKET PATH AND FortiManagerHandler OBJECT AND TOOLS
fsm = None
results = DEFAULT_EXIT_MSG
try:
fsm = FortiSIEMHandler(module)
except BaseException as err:
raise FSMBaseException("Couldn't load FortiSIEM Handler from mod_utils. Error: " + str(err))
# EXECUTE THE MODULE OPERATION
if paramgram["mode"] in ["add", "update"]:
if paramgram["input_xml_file"]:
paramgram["input_xml"] = fsm.get_file_contents(paramgram["input_xml_file"])
try:
results = fsm.handle_simple_payload_request(paramgram["input_xml"])
except BaseException as err:
raise FSMBaseException(err)
else:
paramgram["input_xml"] = fsm._xml.create_credential_payload()
try:
results = fsm.handle_simple_payload_request(paramgram["input_xml"])
except BaseException as err:
raise FSMBaseException(err)
elif paramgram["mode"] == "get":
try:
results = fsm.handle_simple_request()
except BaseException as err:
raise FSMBaseException(err)
# EXIT USING GOVERN_RESPONSE()
fsm.govern_response(module=module, results=results, changed=False,
ansible_facts=fsm.construct_ansible_facts(results["json_results"],
module.params,
paramgram))
return module.exit_json(msg=results)
