def main(): argument_spec = dict( adom=dict(type="str", default="root"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), startip=dict(required=False, type="str"), name=dict(required=False, type="str"), endip=dict(required=False, type="str"), comments=dict(required=False, type="str"), dynamic_mapping=dict(required=False, type="list"), dynamic_mapping_comments=dict(required=False, type="str"), dynamic_mapping_endip=dict(required=False, type="str"), dynamic_mapping_startip=dict(required=False, type="str"), ) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=False, ) # MODULE PARAMGRAM paramgram = { "mode": module.params["mode"], "adom": module.params["adom"], "startip": module.params["startip"], "name": module.params["name"], "endip": module.params["endip"], "comments": module.params["comments"], "dynamic_mapping": { "comments": module.params["dynamic_mapping_comments"], "endip": module.params["dynamic_mapping_endip"], "startip": module.params["dynamic_mapping_startip"], } } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) list_overrides = ['dynamic_mapping'] paramgram = fmgr.tools.paramgram_child_list_override( list_overrides=list_overrides, paramgram=paramgram, module=module) results = DEFAULT_RESULT_OBJ try: results = fmgr_fwobj_ippool6_modify(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts( results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): module = AnsibleModule(argument_spec=dict( device_unique_name=dict(required=True, type='str'), vdom=dict(type='str', required=True), adom=dict(type='str', required=True), state=dict(type='str', required=True, choices=['present', 'absent']), zone=dict(type='str', required=True), force=dict(type='bool', default=False)), supports_check_mode=True) # fortimanager module expects the module parameters duplicated # in a dict called paramgram, reasons unknown! module.paramgram = { 'adom': module.params['adom'], 'device_unique_name': module.params['device_unique_name'], } if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: # fail with an un-helpful and error-masking generic response module.fail_json(**FAIL_SOCKET_MSG) if module.params['state'] == 'present': changed, diff, msg = _zone_present(module, fmgr) if module.params['state'] == 'absent': changed, diff, msg = _zone_absent(module, fmgr) module.exit_json(changed=changed, diff=diff, msg=msg)
def main(): argument_spec = dict( adom=dict(required=False, type="str", default="root"), device_unique_name=dict(required=True, type="str"), fortimeter_utm_level=dict(required=True, type="str"), foslic_type=dict(required=False, type="int", default=2) ) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, ) paramgram = { "adom": module.params["adom"], "device_unique_name": module.params["device_unique_name"], "fortimeter_utm_level": module.params["fortimeter_utm_level"], "foslic_type": module.params["foslic_type"] } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) results = DEFAULT_RESULT_OBJ try: results = fmgr_set_fortimeter_lic(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(required=False, type="str", default="root"), device_unique_name=dict(required=True, type="str"), device_hostname=dict(required=False, type="str"), interface=dict(required=False, type="str"), interface_ip=dict(required=False, type="str"), interface_allow_access=dict(required=False, type="str"), install_config=dict(required=False, type="str", default="disable"), ) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, ) paramgram = { "device_unique_name": module.params["device_unique_name"], "device_hostname": module.params["device_hostname"], "interface": module.params["interface"], "interface_ip": module.params["interface_ip"], "interface_allow_access": module.params["interface_allow_access"], "install_config": module.params["install_config"], "adom": module.params["adom"] } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) # BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION results = DEFAULT_RESULT_OBJ try: if paramgram["device_hostname"] is not None: results = update_device_hostname(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram)) if paramgram["interface_ip"] is not None or paramgram["interface_allow_access"] is not None: results = update_device_interface(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram)) if paramgram["install_config"] == "enable": results = exec_config(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): module = AnsibleModule( argument_spec=dict( adom=dict(required=False, type="str", default="root"), device=dict(required=True, type="str"), vdom=dict(required=True, type="str"), ), supports_check_mode=True, ) if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) # Fetch list of packages response = fmgr.process_request( "/pm/pkg/adom/{0}".format(module.params['adom']), {}, FMGRMethods.GET) if response[0] != 0: module.fail_json(msg="Failed to list packages", response=response) packages = dict([((pkg['scope member'][0]['name'], pkg['scope member'][0]['vdom']), pkg['name']) for pkg in response[1] if 'scope member' in pkg]) if (module.params['device'], module.params['vdom']) not in packages: module.fail_json(msg="Failed to find package", device=module.params['device'], vdom=module.params['vdom']) package = packages[(module.params['device'], module.params['vdom'])] if not module.check_mode: response = fmgr.process_request("/securityconsole/install/package", { "adom": module.params['adom'], "pkg": package }, FMGRMethods.EXEC) if response[0] != 0: module.fail_json(msg="Failed to install package", response=response) module.exit_json(changed=True, package=package)
def main(): module = AnsibleModule(argument_spec=dict(device_unique_name=dict( required=True, type='str'), vdom=dict(type='str', required=True), adom=dict(type='str', required=True), interface=dict(type='str', requred=True), zone=dict(type='str', required=False), vrf=dict(type='int', default=0)), supports_check_mode=True) module.paramgram = { 'adom': module.params['adom'], 'device_unique_name': module.params['device_unique_name'], } if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: # fail with an un-helpful and error-masking generic response module.fail_json(**FAIL_SOCKET_MSG) zone = validate_zone(module, fmgr) if not zone['valid']: if not zone['msg']: zone['msg'] = 'invalid zone' module.exit_json(msg=zone['msg'], changed=False, skipped=True) outd = remove_associated_policies(module, fmgr) msg = 'no change' if outd['changed']: msg = 'associated policies removed/updated' diff = {'before': outd['before'], 'after': outd['after']} module.exit_json(changed=outd['changed'], diff=diff, msg=msg)
def main(): module = AnsibleModule( argument_spec=dict( device_unique_name=dict(required=True, type='str'), vdom=dict(type='str', required=True), adom=dict(type='str', required=True), default_zone=dict(type='str', required=True), address_name_prefix=dict(type='str', default='sot'), service_name_prefixes=dict(type='list', default=['tcp', 'udp', 'icmp']), prefix_delimiter=dict(type='str', default='/'), policy_global_label_prefix=dict(type='str', default='socrates'), networks=dict(type='list', required=True), rulesets=dict(type='list', required=True), address_groups=dict(type='list', required=True), default_action=dict(type='str', default='accept'), default_log_traffic=dict(type='str', choices=['all', 'disable', 'utm'], default='all'), default_log_traffic_start=dict(type='str', choices=['enable', 'disable'], default='disable'), ), supports_check_mode=True ) # fortimanager module expects the module parameters duplicated # in a dict called paramgram, reasons unknown! module.paramgram = { 'adom': module.params['adom'], 'device_unique_name': module.params['device_unique_name'], } if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: # fail with an un-helpful and error-masking generic response module.fail_json(**FAIL_SOCKET_MSG) changed, diff, msg = update_forti(module, fmgr) module.exit_json(changed=changed, diff=diff, msg=msg)
def main(): argument_spec = dict( adom=dict(type="str", default="root"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), spam_rbl_table=dict(required=False, type="str"), spam_mheader_table=dict(required=False, type="str"), spam_log_fortiguard_response=dict(required=False, type="str", choices=["disable", "enable"]), spam_log=dict(required=False, type="str", choices=["disable", "enable"]), spam_iptrust_table=dict(required=False, type="str"), spam_filtering=dict(required=False, type="str", choices=["disable", "enable"]), spam_bword_threshold=dict(required=False, type="int"), spam_bword_table=dict(required=False, type="str"), spam_bwl_table=dict(required=False, type="str"), replacemsg_group=dict(required=False, type="str"), options=dict(required=False, type="list", choices=[ "bannedword", "spamfsip", "spamfssubmit", "spamfschksum", "spamfsurl", "spamhelodns", "spamraddrdns", "spamrbl", "spamhdrcheck", "spamfsphish", "spambwl" ]), name=dict(required=False, type="str"), flow_based=dict(required=False, type="str", choices=["disable", "enable"]), external=dict(required=False, type="str", choices=["disable", "enable"]), comment=dict(required=False, type="str"), gmail=dict(required=False, type="dict"), gmail_log=dict(required=False, type="str", choices=["disable", "enable"]), imap=dict(required=False, type="dict"), imap_action=dict(required=False, type="str", choices=["pass", "tag"]), imap_log=dict(required=False, type="str", choices=["disable", "enable"]), imap_tag_msg=dict(required=False, type="str"), imap_tag_type=dict(required=False, type="str", choices=["subject", "header", "spaminfo"]), mapi=dict(required=False, type="dict"), mapi_action=dict(required=False, type="str", choices=["pass", "discard"]), mapi_log=dict(required=False, type="str", choices=["disable", "enable"]), msn_hotmail=dict(required=False, type="dict"), msn_hotmail_log=dict(required=False, type="str", choices=["disable", "enable"]), pop3=dict(required=False, type="dict"), pop3_action=dict(required=False, type="str", choices=["pass", "tag"]), pop3_log=dict(required=False, type="str", choices=["disable", "enable"]), pop3_tag_msg=dict(required=False, type="str"), pop3_tag_type=dict(required=False, type="str", choices=["subject", "header", "spaminfo"]), smtp=dict(required=False, type="dict"), smtp_action=dict(required=False, type="str", choices=["pass", "tag", "discard"]), smtp_hdrip=dict(required=False, type="str", choices=["disable", "enable"]), smtp_local_override=dict(required=False, type="str", choices=["disable", "enable"]), smtp_log=dict(required=False, type="str", choices=["disable", "enable"]), smtp_tag_msg=dict(required=False, type="str"), smtp_tag_type=dict(required=False, type="str", choices=["subject", "header", "spaminfo"]), yahoo_mail=dict(required=False, type="dict"), yahoo_mail_log=dict(required=False, type="str", choices=["disable", "enable"]), ) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=False, ) # MODULE PARAMGRAM paramgram = { "mode": module.params["mode"], "adom": module.params["adom"], "spam-rbl-table": module.params["spam_rbl_table"], "spam-mheader-table": module.params["spam_mheader_table"], "spam-log-fortiguard-response": module.params["spam_log_fortiguard_response"], "spam-log": module.params["spam_log"], "spam-iptrust-table": module.params["spam_iptrust_table"], "spam-filtering": module.params["spam_filtering"], "spam-bword-threshold": module.params["spam_bword_threshold"], "spam-bword-table": module.params["spam_bword_table"], "spam-bwl-table": module.params["spam_bwl_table"], "replacemsg-group": module.params["replacemsg_group"], "options": module.params["options"], "name": module.params["name"], "flow-based": module.params["flow_based"], "external": module.params["external"], "comment": module.params["comment"], "gmail": { "log": module.params["gmail_log"], }, "imap": { "action": module.params["imap_action"], "log": module.params["imap_log"], "tag-msg": module.params["imap_tag_msg"], "tag-type": module.params["imap_tag_type"], }, "mapi": { "action": module.params["mapi_action"], "log": module.params["mapi_log"], }, "msn-hotmail": { "log": module.params["msn_hotmail_log"], }, "pop3": { "action": module.params["pop3_action"], "log": module.params["pop3_log"], "tag-msg": module.params["pop3_tag_msg"], "tag-type": module.params["pop3_tag_type"], }, "smtp": { "action": module.params["smtp_action"], "hdrip": module.params["smtp_hdrip"], "local-override": module.params["smtp_local_override"], "log": module.params["smtp_log"], "tag-msg": module.params["smtp_tag_msg"], "tag-type": module.params["smtp_tag_type"], }, "yahoo-mail": { "log": module.params["yahoo_mail_log"], } } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) list_overrides = [ 'gmail', 'imap', 'mapi', 'msn-hotmail', 'pop3', 'smtp', 'yahoo-mail' ] paramgram = fmgr.tools.paramgram_child_list_override( list_overrides=list_overrides, paramgram=paramgram, module=module) results = DEFAULT_RESULT_OBJ try: results = fmgr_spamfilter_profile_modify(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts( results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(type="str", default="root"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), transparent=dict(required=False, type="str", choices=["disable", "enable"]), name=dict(required=False, type="str"), comments=dict(required=False, type="str"), auth_group=dict(required=False, type="str"), cifs=dict(required=False, type="dict"), cifs_byte_caching=dict(required=False, type="str", choices=["disable", "enable"]), cifs_log_traffic=dict(required=False, type="str", choices=["disable", "enable"]), cifs_port=dict(required=False, type="str"), cifs_prefer_chunking=dict(required=False, type="str", choices=["dynamic", "fix"]), cifs_secure_tunnel=dict(required=False, type="str", choices=["disable", "enable"]), cifs_status=dict(required=False, type="str", choices=["disable", "enable"]), cifs_tunnel_sharing=dict( required=False, type="str", choices=["private", "shared", "express-shared"]), ftp=dict(required=False, type="dict"), ftp_byte_caching=dict(required=False, type="str", choices=["disable", "enable"]), ftp_log_traffic=dict(required=False, type="str", choices=["disable", "enable"]), ftp_port=dict(required=False, type="str"), ftp_prefer_chunking=dict(required=False, type="str", choices=["dynamic", "fix"]), ftp_secure_tunnel=dict(required=False, type="str", choices=["disable", "enable"]), ftp_status=dict(required=False, type="str", choices=["disable", "enable"]), ftp_tunnel_sharing=dict( required=False, type="str", choices=["private", "shared", "express-shared"]), http=dict(required=False, type="dict"), http_byte_caching=dict(required=False, type="str", choices=["disable", "enable"]), http_log_traffic=dict(required=False, type="str", choices=["disable", "enable"]), http_port=dict(required=False, type="str"), http_prefer_chunking=dict(required=False, type="str", choices=["dynamic", "fix"]), http_secure_tunnel=dict(required=False, type="str", choices=["disable", "enable"]), http_ssl=dict(required=False, type="str", choices=["disable", "enable"]), http_ssl_port=dict(required=False, type="str"), http_status=dict(required=False, type="str", choices=["disable", "enable"]), http_tunnel_non_http=dict(required=False, type="str", choices=["disable", "enable"]), http_tunnel_sharing=dict( required=False, type="str", choices=["private", "shared", "express-shared"]), http_unknown_http_version=dict( required=False, type="str", choices=["best-effort", "reject", "tunnel"]), mapi=dict(required=False, type="dict"), mapi_byte_caching=dict(required=False, type="str", choices=["disable", "enable"]), mapi_log_traffic=dict(required=False, type="str", choices=["disable", "enable"]), mapi_port=dict(required=False, type="str"), mapi_secure_tunnel=dict(required=False, type="str", choices=["disable", "enable"]), mapi_status=dict(required=False, type="str", choices=["disable", "enable"]), mapi_tunnel_sharing=dict( required=False, type="str", choices=["private", "shared", "express-shared"]), tcp=dict(required=False, type="dict"), tcp_byte_caching=dict(required=False, type="str", choices=["disable", "enable"]), tcp_byte_caching_opt=dict(required=False, type="str", choices=["mem-only", "mem-disk"]), tcp_log_traffic=dict(required=False, type="str", choices=["disable", "enable"]), tcp_port=dict(required=False, type="str"), tcp_secure_tunnel=dict(required=False, type="str", choices=["disable", "enable"]), tcp_ssl=dict(required=False, type="str", choices=["disable", "enable"]), tcp_ssl_port=dict(required=False, type="str"), tcp_status=dict(required=False, type="str", choices=["disable", "enable"]), tcp_tunnel_sharing=dict( required=False, type="str", choices=["private", "shared", "express-shared"]), ) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=False, ) # MODULE PARAMGRAM paramgram = { "mode": module.params["mode"], "adom": module.params["adom"], "transparent": module.params["transparent"], "name": module.params["name"], "comments": module.params["comments"], "auth-group": module.params["auth_group"], "cifs": { "byte-caching": module.params["cifs_byte_caching"], "log-traffic": module.params["cifs_log_traffic"], "port": module.params["cifs_port"], "prefer-chunking": module.params["cifs_prefer_chunking"], "secure-tunnel": module.params["cifs_secure_tunnel"], "status": module.params["cifs_status"], "tunnel-sharing": module.params["cifs_tunnel_sharing"], }, "ftp": { "byte-caching": module.params["ftp_byte_caching"], "log-traffic": module.params["ftp_log_traffic"], "port": module.params["ftp_port"], "prefer-chunking": module.params["ftp_prefer_chunking"], "secure-tunnel": module.params["ftp_secure_tunnel"], "status": module.params["ftp_status"], "tunnel-sharing": module.params["ftp_tunnel_sharing"], }, "http": { "byte-caching": module.params["http_byte_caching"], "log-traffic": module.params["http_log_traffic"], "port": module.params["http_port"], "prefer-chunking": module.params["http_prefer_chunking"], "secure-tunnel": module.params["http_secure_tunnel"], "ssl": module.params["http_ssl"], "ssl-port": module.params["http_ssl_port"], "status": module.params["http_status"], "tunnel-non-http": module.params["http_tunnel_non_http"], "tunnel-sharing": module.params["http_tunnel_sharing"], "unknown-http-version": module.params["http_unknown_http_version"], }, "mapi": { "byte-caching": module.params["mapi_byte_caching"], "log-traffic": module.params["mapi_log_traffic"], "port": module.params["mapi_port"], "secure-tunnel": module.params["mapi_secure_tunnel"], "status": module.params["mapi_status"], "tunnel-sharing": module.params["mapi_tunnel_sharing"], }, "tcp": { "byte-caching": module.params["tcp_byte_caching"], "byte-caching-opt": module.params["tcp_byte_caching_opt"], "log-traffic": module.params["tcp_log_traffic"], "port": module.params["tcp_port"], "secure-tunnel": module.params["tcp_secure_tunnel"], "ssl": module.params["tcp_ssl"], "ssl-port": module.params["tcp_ssl_port"], "status": module.params["tcp_status"], "tunnel-sharing": module.params["tcp_tunnel_sharing"], } } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) list_overrides = ['cifs', 'ftp', 'http', 'mapi', 'tcp'] paramgram = fmgr.tools.paramgram_child_list_override( list_overrides=list_overrides, paramgram=paramgram, module=module) results = DEFAULT_RESULT_OBJ try: results = fmgr_wanopt_profile_modify(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts( results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(type="str", default="root"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), unknown_application_log=dict(required=False, type="str", choices=["disable", "enable"]), unknown_application_action=dict(required=False, type="str", choices=["pass", "block"]), replacemsg_group=dict(required=False, type="str"), p2p_black_list=dict(required=False, type="str", choices=["skype", "edonkey", "bittorrent"]), other_application_log=dict(required=False, type="str", choices=["disable", "enable"]), other_application_action=dict(required=False, type="str", choices=["pass", "block"]), options=dict(required=False, type="str", choices=[ "allow-dns", "allow-icmp", "allow-http", "allow-ssl", "allow-quic" ]), name=dict(required=False, type="str"), extended_log=dict(required=False, type="str", choices=["disable", "enable"]), deep_app_inspection=dict(required=False, type="str", choices=["disable", "enable"]), comment=dict(required=False, type="str"), app_replacemsg=dict(required=False, type="str", choices=["disable", "enable"]), entries=dict(required=False, type="list"), entries_action=dict(required=False, type="str", choices=["pass", "block", "reset"]), entries_application=dict(required=False, type="str"), entries_behavior=dict(required=False, type="str"), entries_category=dict(required=False, type="str"), entries_log=dict(required=False, type="str", choices=["disable", "enable"]), entries_log_packet=dict(required=False, type="str", choices=["disable", "enable"]), entries_per_ip_shaper=dict(required=False, type="str"), entries_popularity=dict(required=False, type="str", choices=["1", "2", "3", "4", "5"]), entries_protocols=dict(required=False, type="str"), entries_quarantine=dict(required=False, type="str", choices=["none", "attacker"]), entries_quarantine_expiry=dict(required=False, type="str"), entries_quarantine_log=dict(required=False, type="str", choices=["disable", "enable"]), entries_rate_count=dict(required=False, type="int"), entries_rate_duration=dict(required=False, type="int"), entries_rate_mode=dict(required=False, type="str", choices=["periodical", "continuous"]), entries_rate_track=dict(required=False, type="str", choices=[ "none", "src-ip", "dest-ip", "dhcp-client-mac", "dns-domain" ]), entries_risk=dict(required=False, type="str"), entries_session_ttl=dict(required=False, type="int"), entries_shaper=dict(required=False, type="str"), entries_shaper_reverse=dict(required=False, type="str"), entries_sub_category=dict(required=False, type="str"), entries_technology=dict(required=False, type="str"), entries_vendor=dict(required=False, type="str"), entries_parameters_value=dict(required=False, type="str"), ) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=False, ) # MODULE PARAMGRAM paramgram = { "mode": module.params["mode"], "adom": module.params["adom"], "unknown-application-log": module.params["unknown_application_log"], "unknown-application-action": module.params["unknown_application_action"], "replacemsg-group": module.params["replacemsg_group"], "p2p-black-list": module.params["p2p_black_list"], "other-application-log": module.params["other_application_log"], "other-application-action": module.params["other_application_action"], "options": module.params["options"], "name": module.params["name"], "extended-log": module.params["extended_log"], "deep-app-inspection": module.params["deep_app_inspection"], "comment": module.params["comment"], "app-replacemsg": module.params["app_replacemsg"], "entries": { "action": module.params["entries_action"], "application": module.params["entries_application"], "behavior": module.params["entries_behavior"], "category": module.params["entries_category"], "log": module.params["entries_log"], "log-packet": module.params["entries_log_packet"], "per-ip-shaper": module.params["entries_per_ip_shaper"], "popularity": module.params["entries_popularity"], "protocols": module.params["entries_protocols"], "quarantine": module.params["entries_quarantine"], "quarantine-expiry": module.params["entries_quarantine_expiry"], "quarantine-log": module.params["entries_quarantine_log"], "rate-count": module.params["entries_rate_count"], "rate-duration": module.params["entries_rate_duration"], "rate-mode": module.params["entries_rate_mode"], "rate-track": module.params["entries_rate_track"], "risk": module.params["entries_risk"], "session-ttl": module.params["entries_session_ttl"], "shaper": module.params["entries_shaper"], "shaper-reverse": module.params["entries_shaper_reverse"], "sub-category": module.params["entries_sub_category"], "technology": module.params["entries_technology"], "vendor": module.params["entries_vendor"], "parameters": { "value": module.params["entries_parameters_value"], } } } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) list_overrides = ['entries'] paramgram = fmgr.tools.paramgram_child_list_override( list_overrides=list_overrides, paramgram=paramgram, module=module) results = DEFAULT_RESULT_OBJ try: results = fmgr_application_list_modify(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts( results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(required=False, type="str", default="root"), mode=dict(choices=["add", "set", "delete"], type="str", default="add"), name=dict(required=False, type="str"), object_type=dict(required=True, type="str", choices=['pkg', 'folder', 'install']), package_folder=dict(required=False, type="str"), central_nat=dict(required=False, type="str", default="disable", choices=['enable', 'disable']), fwpolicy_implicit_log=dict(required=False, type="str", default="disable", choices=['enable', 'disable']), fwpolicy6_implicit_log=dict(required=False, type="str", default="disable", choices=['enable', 'disable']), inspection_mode=dict(required=False, type="str", default="flow", choices=['flow', 'proxy']), ngfw_mode=dict(required=False, type="str", default="profile-based", choices=['profile-based', 'policy-based']), ssl_ssh_profile=dict(required=False, type="str"), scope_members=dict(required=False, type="str"), scope_members_vdom=dict(required=False, type="str", default="root"), parent_folder=dict(required=False, type="str"), ) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=False, ) # MODULE DATAGRAM paramgram = { "adom": module.params["adom"], "name": module.params["name"], "mode": module.params["mode"], "object_type": module.params["object_type"], "package-folder": module.params["package_folder"], "central-nat": module.params["central_nat"], "fwpolicy-implicit-log": module.params["fwpolicy_implicit_log"], "fwpolicy6-implicit-log": module.params["fwpolicy6_implicit_log"], "inspection-mode": module.params["inspection_mode"], "ngfw-mode": module.params["ngfw_mode"], "ssl-ssh-profile": module.params["ssl_ssh_profile"], "scope_members": module.params["scope_members"], "scope_members_vdom": module.params["scope_members_vdom"], "parent_folder": module.params["parent_folder"], } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) # BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION results = DEFAULT_RESULT_OBJ try: if paramgram["object_type"] == "pkg": results = fmgr_fwpol_package(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts( results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) try: # IF THE object_type IS FOLDER LETS RUN THAT METHOD if paramgram["object_type"] == "folder": results = fmgr_fwpol_package_folder(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts( results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) try: # IF THE object_type IS INSTALL AND NEEDED PARAMETERS ARE DEFINED INSTALL THE PACKAGE if paramgram["scope_members"] is not None and paramgram["name"] is not None and\ paramgram["object_type"] == "install": results = fmgr_fwpol_package_install(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts( results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(type="str", default="root"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), replacemsg_group=dict(required=False, type="str"), name=dict(required=False, type="str"), extended_log=dict(required=False, type="str", choices=["disable", "enable"]), comment=dict(required=False, type="str"), block_malicious_url=dict(required=False, type="str", choices=[ "disable", "enable"]), entries=dict(required=False, type="list"), entries_action=dict(required=False, type="str", choices=[ "pass", "block", "reset", "default"]), entries_application=dict(required=False, type="str"), entries_location=dict(required=False, type="str"), entries_log=dict(required=False, type="str", choices=["disable", "enable"]), entries_log_attack_context=dict( required=False, type="str", choices=["disable", "enable"]), entries_log_packet=dict(required=False, type="str", choices=[ "disable", "enable"]), entries_os=dict(required=False, type="str"), entries_protocol=dict(required=False, type="str"), entries_quarantine=dict(required=False, type="str", choices=[ "none", "attacker"]), entries_quarantine_expiry=dict(required=False, type="str"), entries_quarantine_log=dict( required=False, type="str", choices=["disable", "enable"]), entries_rate_count=dict(required=False, type="int"), entries_rate_duration=dict(required=False, type="int"), entries_rate_mode=dict(required=False, type="str", choices=[ "periodical", "continuous"]), entries_rate_track=dict(required=False, type="str", choices=["none", "src-ip", "dest-ip", "dhcp-client-mac", "dns-domain"]), entries_rule=dict(required=False, type="str"), entries_severity=dict(required=False, type="str"), entries_status=dict(required=False, type="str", choices=[ "disable", "enable", "default"]), entries_exempt_ip_dst_ip=dict(required=False, type="str"), entries_exempt_ip_src_ip=dict(required=False, type="str"), filter=dict(required=False, type="list"), filter_action=dict(required=False, type="str", choices=[ "pass", "block", "default", "reset"]), filter_application=dict(required=False, type="str"), filter_location=dict(required=False, type="str"), filter_log=dict(required=False, type="str", choices=["disable", "enable"]), filter_log_packet=dict(required=False, type="str", choices=["disable", "enable"]), filter_name=dict(required=False, type="str"), filter_os=dict(required=False, type="str"), filter_protocol=dict(required=False, type="str"), filter_quarantine=dict(required=False, type="str", choices=["none", "attacker"]), filter_quarantine_expiry=dict(required=False, type="int"), filter_quarantine_log=dict(required=False, type="str", choices=[ "disable", "enable"]), filter_severity=dict(required=False, type="str"), filter_status=dict(required=False, type="str", choices=[ "disable", "enable", "default"]), override=dict(required=False, type="list"), override_action=dict(required=False, type="str", choices=["pass", "block", "reset"]), override_log=dict(required=False, type="str", choices=["disable", "enable"]), override_log_packet=dict(required=False, type="str", choices=[ "disable", "enable"]), override_quarantine=dict(required=False, type="str", choices=[ "none", "attacker"]), override_quarantine_expiry=dict(required=False, type="int"), override_quarantine_log=dict( required=False, type="str", choices=["disable", "enable"]), override_rule_id=dict(required=False, type="str"), override_status=dict(required=False, type="str", choices=["disable", "enable"]), override_exempt_ip_dst_ip=dict(required=False, type="str"), override_exempt_ip_src_ip=dict(required=False, type="str"), ) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, ) # MODULE PARAMGRAM paramgram = { "mode": module.params["mode"], "adom": module.params["adom"], "replacemsg-group": module.params["replacemsg_group"], "name": module.params["name"], "extended-log": module.params["extended_log"], "comment": module.params["comment"], "block-malicious-url": module.params["block_malicious_url"], "entries": { "action": module.params["entries_action"], "application": module.params["entries_application"], "location": module.params["entries_location"], "log": module.params["entries_log"], "log-attack-context": module.params["entries_log_attack_context"], "log-packet": module.params["entries_log_packet"], "os": module.params["entries_os"], "protocol": module.params["entries_protocol"], "quarantine": module.params["entries_quarantine"], "quarantine-expiry": module.params["entries_quarantine_expiry"], "quarantine-log": module.params["entries_quarantine_log"], "rate-count": module.params["entries_rate_count"], "rate-duration": module.params["entries_rate_duration"], "rate-mode": module.params["entries_rate_mode"], "rate-track": module.params["entries_rate_track"], "rule": module.params["entries_rule"], "severity": module.params["entries_severity"], "status": module.params["entries_status"], "exempt-ip": { "dst-ip": module.params["entries_exempt_ip_dst_ip"], "src-ip": module.params["entries_exempt_ip_src_ip"], }, }, "filter": { "action": module.params["filter_action"], "application": module.params["filter_application"], "location": module.params["filter_location"], "log": module.params["filter_log"], "log-packet": module.params["filter_log_packet"], "name": module.params["filter_name"], "os": module.params["filter_os"], "protocol": module.params["filter_protocol"], "quarantine": module.params["filter_quarantine"], "quarantine-expiry": module.params["filter_quarantine_expiry"], "quarantine-log": module.params["filter_quarantine_log"], "severity": module.params["filter_severity"], "status": module.params["filter_status"], }, "override": { "action": module.params["override_action"], "log": module.params["override_log"], "log-packet": module.params["override_log_packet"], "quarantine": module.params["override_quarantine"], "quarantine-expiry": module.params["override_quarantine_expiry"], "quarantine-log": module.params["override_quarantine_log"], "rule-id": module.params["override_rule_id"], "status": module.params["override_status"], "exempt-ip": { "dst-ip": module.params["override_exempt_ip_dst_ip"], "src-ip": module.params["override_exempt_ip_src_ip"], } } } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) list_overrides = ['entries', 'filter', 'override'] paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides, paramgram=paramgram, module=module) results = DEFAULT_RESULT_OBJ try: results = fmgr_ips_sensor_modify(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict(adom=dict(required=False, type="str", default="root"), mode=dict(choices=["add", "delete"], type="str", default="add"), blind_add=dict(choices=["enable", "disable"], type="str", default="disable"), device_ip=dict(required=False, type="str"), device_username=dict(required=False, type="str"), device_password=dict(required=False, type="str", no_log=True), device_unique_name=dict(required=True, type="str"), device_serial=dict(required=False, type="str")) # BUILD MODULE OBJECT SO WE CAN BUILD THE PARAMGRAM module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=False, ) # BUILD THE PARAMGRAM paramgram = { "device_ip": module.params["device_ip"], "device_username": module.params["device_username"], "device_password": module.params["device_password"], "device_unique_name": module.params["device_unique_name"], "device_serial": module.params["device_serial"], "adom": module.params["adom"], "mode": module.params["mode"] } # INSERT THE PARAMGRAM INTO THE MODULE SO WHEN WE PASS IT TO MOD_UTILS.FortiManagerHandler IT HAS THAT INFO module.paramgram = paramgram # TRY TO INIT THE CONNECTION SOCKET PATH AND FortiManagerHandler OBJECT AND TOOLS fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) # BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION results = DEFAULT_RESULT_OBJ try: if paramgram["mode"] == "add": # CHECK IF DEVICE EXISTS if module.params["blind_add"] == "disable": exists_results = get_device(fmgr, paramgram) fmgr.govern_response( module=module, results=exists_results, good_codes=(0, -3), changed=False, ansible_facts=fmgr.construct_ansible_facts( exists_results, module.params, paramgram)) discover_results = discover_device(fmgr, paramgram) fmgr.govern_response(module=module, results=discover_results, stop_on_success=False, ansible_facts=fmgr.construct_ansible_facts( discover_results, module.params, paramgram)) if discover_results[0] == 0: results = add_device(fmgr, paramgram) fmgr.govern_response( module=module, results=discover_results, stop_on_success=True, changed_if_success=True, ansible_facts=fmgr.construct_ansible_facts( discover_results, module.params, paramgram)) if paramgram["mode"] == "delete": results = delete_device(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts( results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): module_arg_spec = { 'method': { 'type': 'str', 'required': False }, 'params': { 'type': 'list', 'required': False }, 'json': { 'type': 'str', 'required': False } } module = AnsibleModule(argument_spec=module_arg_spec, supports_check_mode=False) if not module._socket_path: module.fail_json(**FAIL_SOCKET_MSG) connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() response = DEFAULT_RESULT_OBJ method = None params = None if module.params['json']: raw_json_params = None try: raw_json_params = json.loads(module.params['json']) method = raw_json_params['method'] params = raw_json_params['params'] except Exception as e: module.fail_json(msg='invalid json content: %s' % (e)) else: assert (module.params['method'] and module.params['params']) method = module.params['method'] params = module.params['params'] if method not in [ 'get', 'add', 'set', 'update', 'delete', 'move', 'clone', 'exec' ]: module.fail_json(msg='method:%s not supported' % (method)) if not isinstance(params, list): module.fail_json(msg='parameter:params must be an array') for param_block in params: if 'url' not in param_block: module.fail_json(msg='url must be specified in params') try: response = connection.send_request(method, params) fmgr.govern_response(module=module, results=response, msg='Operation Finished', ansible_facts=fmgr.construct_ansible_facts( response, module.params, module.params)) except Exception as e: module.fail_json(msg='error sending request: %s' % (e)) module.exit_json(response=response[1])
def main(): module = AnsibleModule( argument_spec=dict( adom=dict(required=True, type='str'), device_unique_name=dict(required=True, type='str'), network_domain_name=dict(required=True, type='str'), vdom=dict(required=True, type='str') ), supports_check_mode=True ) module.paramgram = { 'adom': module.params['adom'], 'device_unique_name': module.params['device_unique_name'], } if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: # fail with an un-helpful and error-masking generic response, thanks forti! module.fail_json(**FAIL_SOCKET_MSG) # only pick vlan interfaces with the correct vdom interfaces = [i for i in get_interfaces(module, fmgr) if module.params['vdom'] in i.get('vdom', []) and i['type'] == 'vlan'] dyn_interfaces = get_dynamic_interfaces(module, fmgr) networks = [] zones = {} for zone in dyn_interfaces: dynamic_maps = zone.get('dynamic_mapping', []) if not dynamic_maps: continue scope_id = (module.params['device_unique_name'], module.params['vdom']) for dm in dynamic_maps: if scope_id in [(s['name'], s['vdom']) for s in dm.get('_scope', [])]: local_intf = dm.get('local-intf', []) if isinstance(local_intf, str): local_intf = [local_intf] for ifname in local_intf: if not zones.get(module.params['vdom']): zones[module.params['vdom']] = {} zones[module.params['vdom']][ifname] = zone['name'] for interface in interfaces: if 'vlanid' not in interface or interface['vlanid'] == 0 or interface['ip'][0] == '0.0.0.0': continue ip_interface_str = ipaddress.ip_interface('/'.join(interface['ip'])) # crappy py3/py2 compat fix, remove whenever py2 is gone ip_interface = ipaddress.ip_interface(u'{0}'.format(ip_interface_str)) network_str = '{0}'.format(ip_interface.network.network_address) networks.append({ 'vrf': 0, 'network': network_str, 'length': ip_interface.network.prefixlen, 'domains': { module.params['network_domain_name']: { 'vlan_id': interface['vlanid'], 'name': interface['name'], 'data': { 'zone': zones.get(interface['vdom'][0], {}).get(interface['name']), 'vdom': interface['vdom'][0], 'description': interface.get('description') } } }, }) module.exit_json(msg='networks collected', changed=False, networks=networks)
def main(): argument_spec = dict( adom=dict(required=False, type="str", default="root"), vdom=dict(required=False, type="str", default="root"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), grp_desc=dict(required=False, type="str"), grp_name=dict(required=True, type="str"), grp_members=dict(required=False, type="str"), ) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=False, ) paramgram = { "mode": module.params["mode"], "grp_name": module.params["grp_name"], "grp_desc": module.params["grp_desc"], "grp_members": module.params["grp_members"], "adom": module.params["adom"], "vdom": module.params["vdom"] } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) # BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION results = DEFAULT_RESULT_OBJ try: # PROCESS THE GROUP ADDS FIRST if paramgram["grp_name"] is not None and paramgram["mode"] in [ "add", "set", "update" ]: # add device group results = add_device_group(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts( results, module.params, paramgram)) # PROCESS THE GROUP MEMBER ADDS if paramgram["grp_members"] is not None and paramgram["mode"] in [ "add", "set", "update" ]: # assign devices to device group results = add_group_member(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts( results, module.params, paramgram)) # PROCESS THE GROUP MEMBER DELETES if paramgram["grp_members"] is not None and paramgram[ "mode"] == "delete": # remove devices grom a group results = delete_group_member(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts( results, module.params, paramgram)) # PROCESS THE GROUP DELETES, ONLY IF GRP_MEMBERS IS NOT NULL TOO if paramgram["grp_name"] is not None and paramgram[ "mode"] == "delete" and paramgram["grp_members"] is None: # delete device group results = delete_device_group(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts( results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(type="str", default="root"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), youtube_channel_status=dict( required=False, type="str", choices=["disable", "blacklist", "whitelist"]), wisp_servers=dict(required=False, type="str"), wisp_algorithm=dict( required=False, type="str", choices=["auto-learning", "primary-secondary", "round-robin"]), wisp=dict(required=False, type="str", choices=["disable", "enable"]), web_url_log=dict(required=False, type="str", choices=["disable", "enable"]), web_invalid_domain_log=dict(required=False, type="str", choices=["disable", "enable"]), web_ftgd_quota_usage=dict(required=False, type="str", choices=["disable", "enable"]), web_ftgd_err_log=dict(required=False, type="str", choices=["disable", "enable"]), web_filter_vbs_log=dict(required=False, type="str", choices=["disable", "enable"]), web_filter_unknown_log=dict(required=False, type="str", choices=["disable", "enable"]), web_filter_referer_log=dict(required=False, type="str", choices=["disable", "enable"]), web_filter_jscript_log=dict(required=False, type="str", choices=["disable", "enable"]), web_filter_js_log=dict(required=False, type="str", choices=["disable", "enable"]), web_filter_cookie_removal_log=dict(required=False, type="str", choices=["disable", "enable"]), web_filter_cookie_log=dict(required=False, type="str", choices=["disable", "enable"]), web_filter_command_block_log=dict(required=False, type="str", choices=["disable", "enable"]), web_filter_applet_log=dict(required=False, type="str", choices=["disable", "enable"]), web_filter_activex_log=dict(required=False, type="str", choices=["disable", "enable"]), web_extended_all_action_log=dict(required=False, type="str", choices=["disable", "enable"]), web_content_log=dict(required=False, type="str", choices=["disable", "enable"]), replacemsg_group=dict(required=False, type="str"), post_action=dict(required=False, type="str", choices=["normal", "block"]), ovrd_perm=dict(required=False, type="list", choices=[ "bannedword-override", "urlfilter-override", "fortiguard-wf-override", "contenttype-check-override" ]), options=dict(required=False, type="list", choices=[ "block-invalid-url", "jscript", "js", "vbs", "unknown", "wf-referer", "intrinsic", "wf-cookie", "per-user-bwl", "activexfilter", "cookiefilter", "javafilter" ]), name=dict(required=False, type="str"), log_all_url=dict(required=False, type="str", choices=["disable", "enable"]), inspection_mode=dict(required=False, type="str", choices=["proxy", "flow-based"]), https_replacemsg=dict(required=False, type="str", choices=["disable", "enable"]), extended_log=dict(required=False, type="str", choices=["disable", "enable"]), comment=dict(required=False, type="str"), ftgd_wf=dict(required=False, type="list"), ftgd_wf_exempt_quota=dict(required=False, type="str"), ftgd_wf_max_quota_timeout=dict(required=False, type="int"), ftgd_wf_options=dict(required=False, type="str", choices=[ "error-allow", "rate-server-ip", "connect-request-bypass", "ftgd-disable" ]), ftgd_wf_ovrd=dict(required=False, type="str"), ftgd_wf_rate_crl_urls=dict(required=False, type="str", choices=["disable", "enable"]), ftgd_wf_rate_css_urls=dict(required=False, type="str", choices=["disable", "enable"]), ftgd_wf_rate_image_urls=dict(required=False, type="str", choices=["disable", "enable"]), ftgd_wf_rate_javascript_urls=dict(required=False, type="str", choices=["disable", "enable"]), ftgd_wf_filters_action=dict( required=False, type="str", choices=["block", "monitor", "warning", "authenticate"]), ftgd_wf_filters_auth_usr_grp=dict(required=False, type="str"), ftgd_wf_filters_category=dict(required=False, type="str"), ftgd_wf_filters_log=dict(required=False, type="str", choices=["disable", "enable"]), ftgd_wf_filters_override_replacemsg=dict(required=False, type="str"), ftgd_wf_filters_warn_duration=dict(required=False, type="str"), ftgd_wf_filters_warning_duration_type=dict( required=False, type="str", choices=["session", "timeout"]), ftgd_wf_filters_warning_prompt=dict( required=False, type="str", choices=["per-domain", "per-category"]), ftgd_wf_quota_category=dict(required=False, type="str"), ftgd_wf_quota_duration=dict(required=False, type="str"), ftgd_wf_quota_override_replacemsg=dict(required=False, type="str"), ftgd_wf_quota_type=dict(required=False, type="str", choices=["time", "traffic"]), ftgd_wf_quota_unit=dict(required=False, type="str", choices=["B", "KB", "MB", "GB"]), ftgd_wf_quota_value=dict(required=False, type="int"), override=dict(required=False, type="list"), override_ovrd_cookie=dict(required=False, type="str", choices=["deny", "allow"]), override_ovrd_dur=dict(required=False, type="str"), override_ovrd_dur_mode=dict(required=False, type="str", choices=["constant", "ask"]), override_ovrd_scope=dict( required=False, type="str", choices=["user", "user-group", "ip", "ask", "browser"]), override_ovrd_user_group=dict(required=False, type="str"), override_profile=dict(required=False, type="str"), override_profile_attribute=dict( required=False, type="list", choices=[ "User-Name", "NAS-IP-Address", "Framed-IP-Address", "Framed-IP-Netmask", "Filter-Id", "Login-IP-Host", "Reply-Message", "Callback-Number", "Callback-Id", "Framed-Route", "Framed-IPX-Network", "Class", "Called-Station-Id", "Calling-Station-Id", "NAS-Identifier", "Proxy-State", "Login-LAT-Service", "Login-LAT-Node", "Login-LAT-Group", "Framed-AppleTalk-Zone", "Acct-Session-Id", "Acct-Multi-Session-Id" ]), override_profile_type=dict(required=False, type="str", choices=["list", "radius"]), url_extraction=dict(required=False, type="list"), url_extraction_redirect_header=dict(required=False, type="str"), url_extraction_redirect_no_content=dict(required=False, type="str", choices=["disable", "enable"]), url_extraction_redirect_url=dict(required=False, type="str"), url_extraction_server_fqdn=dict(required=False, type="str"), url_extraction_status=dict(required=False, type="str", choices=["disable", "enable"]), web=dict(required=False, type="list"), web_blacklist=dict(required=False, type="str", choices=["disable", "enable"]), web_bword_table=dict(required=False, type="str"), web_bword_threshold=dict(required=False, type="int"), web_content_header_list=dict(required=False, type="str"), web_keyword_match=dict(required=False, type="str"), web_log_search=dict(required=False, type="str", choices=["disable", "enable"]), web_safe_search=dict(required=False, type="str", choices=["url", "header"]), web_urlfilter_table=dict(required=False, type="str"), web_whitelist=dict(required=False, type="list", choices=[ "exempt-av", "exempt-webcontent", "exempt-activex-java-cookie", "exempt-dlp", "exempt-rangeblock", "extended-log-others" ]), web_youtube_restrict=dict(required=False, type="str", choices=["strict", "none", "moderate"]), youtube_channel_filter=dict(required=False, type="list"), youtube_channel_filter_channel_id=dict(required=False, type="str"), youtube_channel_filter_comment=dict(required=False, type="str"), ) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=False, ) # MODULE PARAMGRAM paramgram = { "mode": module.params["mode"], "adom": module.params["adom"], "youtube-channel-status": module.params["youtube_channel_status"], "wisp-servers": module.params["wisp_servers"], "wisp-algorithm": module.params["wisp_algorithm"], "wisp": module.params["wisp"], "web-url-log": module.params["web_url_log"], "web-invalid-domain-log": module.params["web_invalid_domain_log"], "web-ftgd-quota-usage": module.params["web_ftgd_quota_usage"], "web-ftgd-err-log": module.params["web_ftgd_err_log"], "web-filter-vbs-log": module.params["web_filter_vbs_log"], "web-filter-unknown-log": module.params["web_filter_unknown_log"], "web-filter-referer-log": module.params["web_filter_referer_log"], "web-filter-jscript-log": module.params["web_filter_jscript_log"], "web-filter-js-log": module.params["web_filter_js_log"], "web-filter-cookie-removal-log": module.params["web_filter_cookie_removal_log"], "web-filter-cookie-log": module.params["web_filter_cookie_log"], "web-filter-command-block-log": module.params["web_filter_command_block_log"], "web-filter-applet-log": module.params["web_filter_applet_log"], "web-filter-activex-log": module.params["web_filter_activex_log"], "web-extended-all-action-log": module.params["web_extended_all_action_log"], "web-content-log": module.params["web_content_log"], "replacemsg-group": module.params["replacemsg_group"], "post-action": module.params["post_action"], "ovrd-perm": module.params["ovrd_perm"], "options": module.params["options"], "name": module.params["name"], "log-all-url": module.params["log_all_url"], "inspection-mode": module.params["inspection_mode"], "https-replacemsg": module.params["https_replacemsg"], "extended-log": module.params["extended_log"], "comment": module.params["comment"], "ftgd-wf": { "exempt-quota": module.params["ftgd_wf_exempt_quota"], "max-quota-timeout": module.params["ftgd_wf_max_quota_timeout"], "options": module.params["ftgd_wf_options"], "ovrd": module.params["ftgd_wf_ovrd"], "rate-crl-urls": module.params["ftgd_wf_rate_crl_urls"], "rate-css-urls": module.params["ftgd_wf_rate_css_urls"], "rate-image-urls": module.params["ftgd_wf_rate_image_urls"], "rate-javascript-urls": module.params["ftgd_wf_rate_javascript_urls"], "filters": { "action": module.params["ftgd_wf_filters_action"], "auth-usr-grp": module.params["ftgd_wf_filters_auth_usr_grp"], "category": module.params["ftgd_wf_filters_category"], "log": module.params["ftgd_wf_filters_log"], "override-replacemsg": module.params["ftgd_wf_filters_override_replacemsg"], "warn-duration": module.params["ftgd_wf_filters_warn_duration"], "warning-duration-type": module.params["ftgd_wf_filters_warning_duration_type"], "warning-prompt": module.params["ftgd_wf_filters_warning_prompt"], }, "quota": { "category": module.params["ftgd_wf_quota_category"], "duration": module.params["ftgd_wf_quota_duration"], "override-replacemsg": module.params["ftgd_wf_quota_override_replacemsg"], "type": module.params["ftgd_wf_quota_type"], "unit": module.params["ftgd_wf_quota_unit"], "value": module.params["ftgd_wf_quota_value"], }, }, "override": { "ovrd-cookie": module.params["override_ovrd_cookie"], "ovrd-dur": module.params["override_ovrd_dur"], "ovrd-dur-mode": module.params["override_ovrd_dur_mode"], "ovrd-scope": module.params["override_ovrd_scope"], "ovrd-user-group": module.params["override_ovrd_user_group"], "profile": module.params["override_profile"], "profile-attribute": module.params["override_profile_attribute"], "profile-type": module.params["override_profile_type"], }, "url-extraction": { "redirect-header": module.params["url_extraction_redirect_header"], "redirect-no-content": module.params["url_extraction_redirect_no_content"], "redirect-url": module.params["url_extraction_redirect_url"], "server-fqdn": module.params["url_extraction_server_fqdn"], "status": module.params["url_extraction_status"], }, "web": { "blacklist": module.params["web_blacklist"], "bword-table": module.params["web_bword_table"], "bword-threshold": module.params["web_bword_threshold"], "content-header-list": module.params["web_content_header_list"], "keyword-match": module.params["web_keyword_match"], "log-search": module.params["web_log_search"], "safe-search": module.params["web_safe_search"], "urlfilter-table": module.params["web_urlfilter_table"], "whitelist": module.params["web_whitelist"], "youtube-restrict": module.params["web_youtube_restrict"], }, "youtube-channel-filter": { "channel-id": module.params["youtube_channel_filter_channel_id"], "comment": module.params["youtube_channel_filter_comment"], } } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) list_overrides = [ 'ftgd-wf', 'override', 'url-extraction', 'web', 'youtube-channel-filter' ] paramgram = fmgr.tools.paramgram_child_list_override( list_overrides=list_overrides, paramgram=paramgram, module=module) results = DEFAULT_RESULT_OBJ try: results = fmgr_webfilter_profile_modify(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts( results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(type="str", default="root"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), name=dict(required=False, type="str"), comment=dict(required=False, type="str"), sccp=dict(required=False, type="dict"), sccp_block_mcast=dict(required=False, type="str", choices=["disable", "enable"]), sccp_log_call_summary=dict(required=False, type="str", choices=["disable", "enable"]), sccp_log_violations=dict(required=False, type="str", choices=["disable", "enable"]), sccp_max_calls=dict(required=False, type="int"), sccp_status=dict(required=False, type="str", choices=["disable", "enable"]), sccp_verify_header=dict(required=False, type="str", choices=["disable", "enable"]), sip=dict(required=False, type="dict"), sip_ack_rate=dict(required=False, type="int"), sip_block_ack=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_bye=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_cancel=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_geo_red_options=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_info=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_invite=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_long_lines=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_message=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_notify=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_options=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_prack=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_publish=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_refer=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_register=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_subscribe=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_unknown=dict(required=False, type="str", choices=["disable", "enable"]), sip_block_update=dict(required=False, type="str", choices=["disable", "enable"]), sip_bye_rate=dict(required=False, type="int"), sip_call_keepalive=dict(required=False, type="int"), sip_cancel_rate=dict(required=False, type="int"), sip_contact_fixup=dict(required=False, type="str", choices=["disable", "enable"]), sip_hnt_restrict_source_ip=dict(required=False, type="str", choices=["disable", "enable"]), sip_hosted_nat_traversal=dict(required=False, type="str", choices=["disable", "enable"]), sip_info_rate=dict(required=False, type="int"), sip_invite_rate=dict(required=False, type="int"), sip_ips_rtp=dict(required=False, type="str", choices=["disable", "enable"]), sip_log_call_summary=dict(required=False, type="str", choices=["disable", "enable"]), sip_log_violations=dict(required=False, type="str", choices=["disable", "enable"]), sip_malformed_header_allow=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_call_id=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_contact=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_content_length=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_content_type=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_cseq=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_expires=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_from=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_max_forwards=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_p_asserted_identity=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_rack=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_record_route=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_route=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_rseq=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_sdp_a=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_sdp_b=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_sdp_c=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_sdp_i=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_sdp_k=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_sdp_m=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_sdp_o=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_sdp_r=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_sdp_s=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_sdp_t=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_sdp_v=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_sdp_z=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_to=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_header_via=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_malformed_request_line=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_max_body_length=dict(required=False, type="int"), sip_max_dialogs=dict(required=False, type="int"), sip_max_idle_dialogs=dict(required=False, type="int"), sip_max_line_length=dict(required=False, type="int"), sip_message_rate=dict(required=False, type="int"), sip_nat_trace=dict(required=False, type="str", choices=["disable", "enable"]), sip_no_sdp_fixup=dict(required=False, type="str", choices=["disable", "enable"]), sip_notify_rate=dict(required=False, type="int"), sip_open_contact_pinhole=dict(required=False, type="str", choices=["disable", "enable"]), sip_open_record_route_pinhole=dict(required=False, type="str", choices=["disable", "enable"]), sip_open_register_pinhole=dict(required=False, type="str", choices=["disable", "enable"]), sip_open_via_pinhole=dict(required=False, type="str", choices=["disable", "enable"]), sip_options_rate=dict(required=False, type="int"), sip_prack_rate=dict(required=False, type="int"), sip_preserve_override=dict(required=False, type="str", choices=["disable", "enable"]), sip_provisional_invite_expiry_time=dict(required=False, type="int"), sip_publish_rate=dict(required=False, type="int"), sip_refer_rate=dict(required=False, type="int"), sip_register_contact_trace=dict(required=False, type="str", choices=["disable", "enable"]), sip_register_rate=dict(required=False, type="int"), sip_rfc2543_branch=dict(required=False, type="str", choices=["disable", "enable"]), sip_rtp=dict(required=False, type="str", choices=["disable", "enable"]), sip_ssl_algorithm=dict(required=False, type="str", choices=["high", "medium", "low"]), sip_ssl_auth_client=dict(required=False, type="str"), sip_ssl_auth_server=dict(required=False, type="str"), sip_ssl_client_certificate=dict(required=False, type="str"), sip_ssl_client_renegotiation=dict(required=False, type="str", choices=["allow", "deny", "secure"]), sip_ssl_max_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), sip_ssl_min_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), sip_ssl_mode=dict(required=False, type="str", choices=["off", "full"]), sip_ssl_pfs=dict(required=False, type="str", choices=["require", "deny", "allow"]), sip_ssl_send_empty_frags=dict(required=False, type="str", choices=["disable", "enable"]), sip_ssl_server_certificate=dict(required=False, type="str"), sip_status=dict(required=False, type="str", choices=["disable", "enable"]), sip_strict_register=dict(required=False, type="str", choices=["disable", "enable"]), sip_subscribe_rate=dict(required=False, type="int"), sip_unknown_header=dict(required=False, type="str", choices=["pass", "discard", "respond"]), sip_update_rate=dict(required=False, type="int"), ) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, ) # MODULE PARAMGRAM paramgram = { "mode": module.params["mode"], "adom": module.params["adom"], "name": module.params["name"], "comment": module.params["comment"], "sccp": { "block-mcast": module.params["sccp_block_mcast"], "log-call-summary": module.params["sccp_log_call_summary"], "log-violations": module.params["sccp_log_violations"], "max-calls": module.params["sccp_max_calls"], "status": module.params["sccp_status"], "verify-header": module.params["sccp_verify_header"], }, "sip": { "ack-rate": module.params["sip_ack_rate"], "block-ack": module.params["sip_block_ack"], "block-bye": module.params["sip_block_bye"], "block-cancel": module.params["sip_block_cancel"], "block-geo-red-options": module.params["sip_block_geo_red_options"], "block-info": module.params["sip_block_info"], "block-invite": module.params["sip_block_invite"], "block-long-lines": module.params["sip_block_long_lines"], "block-message": module.params["sip_block_message"], "block-notify": module.params["sip_block_notify"], "block-options": module.params["sip_block_options"], "block-prack": module.params["sip_block_prack"], "block-publish": module.params["sip_block_publish"], "block-refer": module.params["sip_block_refer"], "block-register": module.params["sip_block_register"], "block-subscribe": module.params["sip_block_subscribe"], "block-unknown": module.params["sip_block_unknown"], "block-update": module.params["sip_block_update"], "bye-rate": module.params["sip_bye_rate"], "call-keepalive": module.params["sip_call_keepalive"], "cancel-rate": module.params["sip_cancel_rate"], "contact-fixup": module.params["sip_contact_fixup"], "hnt-restrict-source-ip": module.params["sip_hnt_restrict_source_ip"], "hosted-nat-traversal": module.params["sip_hosted_nat_traversal"], "info-rate": module.params["sip_info_rate"], "invite-rate": module.params["sip_invite_rate"], "ips-rtp": module.params["sip_ips_rtp"], "log-call-summary": module.params["sip_log_call_summary"], "log-violations": module.params["sip_log_violations"], "malformed-header-allow": module.params["sip_malformed_header_allow"], "malformed-header-call-id": module.params["sip_malformed_header_call_id"], "malformed-header-contact": module.params["sip_malformed_header_contact"], "malformed-header-content-length": module.params["sip_malformed_header_content_length"], "malformed-header-content-type": module.params["sip_malformed_header_content_type"], "malformed-header-cseq": module.params["sip_malformed_header_cseq"], "malformed-header-expires": module.params["sip_malformed_header_expires"], "malformed-header-from": module.params["sip_malformed_header_from"], "malformed-header-max-forwards": module.params["sip_malformed_header_max_forwards"], "malformed-header-p-asserted-identity": module.params["sip_malformed_header_p_asserted_identity"], "malformed-header-rack": module.params["sip_malformed_header_rack"], "malformed-header-record-route": module.params["sip_malformed_header_record_route"], "malformed-header-route": module.params["sip_malformed_header_route"], "malformed-header-rseq": module.params["sip_malformed_header_rseq"], "malformed-header-sdp-a": module.params["sip_malformed_header_sdp_a"], "malformed-header-sdp-b": module.params["sip_malformed_header_sdp_b"], "malformed-header-sdp-c": module.params["sip_malformed_header_sdp_c"], "malformed-header-sdp-i": module.params["sip_malformed_header_sdp_i"], "malformed-header-sdp-k": module.params["sip_malformed_header_sdp_k"], "malformed-header-sdp-m": module.params["sip_malformed_header_sdp_m"], "malformed-header-sdp-o": module.params["sip_malformed_header_sdp_o"], "malformed-header-sdp-r": module.params["sip_malformed_header_sdp_r"], "malformed-header-sdp-s": module.params["sip_malformed_header_sdp_s"], "malformed-header-sdp-t": module.params["sip_malformed_header_sdp_t"], "malformed-header-sdp-v": module.params["sip_malformed_header_sdp_v"], "malformed-header-sdp-z": module.params["sip_malformed_header_sdp_z"], "malformed-header-to": module.params["sip_malformed_header_to"], "malformed-header-via": module.params["sip_malformed_header_via"], "malformed-request-line": module.params["sip_malformed_request_line"], "max-body-length": module.params["sip_max_body_length"], "max-dialogs": module.params["sip_max_dialogs"], "max-idle-dialogs": module.params["sip_max_idle_dialogs"], "max-line-length": module.params["sip_max_line_length"], "message-rate": module.params["sip_message_rate"], "nat-trace": module.params["sip_nat_trace"], "no-sdp-fixup": module.params["sip_no_sdp_fixup"], "notify-rate": module.params["sip_notify_rate"], "open-contact-pinhole": module.params["sip_open_contact_pinhole"], "open-record-route-pinhole": module.params["sip_open_record_route_pinhole"], "open-register-pinhole": module.params["sip_open_register_pinhole"], "open-via-pinhole": module.params["sip_open_via_pinhole"], "options-rate": module.params["sip_options_rate"], "prack-rate": module.params["sip_prack_rate"], "preserve-override": module.params["sip_preserve_override"], "provisional-invite-expiry-time": module.params["sip_provisional_invite_expiry_time"], "publish-rate": module.params["sip_publish_rate"], "refer-rate": module.params["sip_refer_rate"], "register-contact-trace": module.params["sip_register_contact_trace"], "register-rate": module.params["sip_register_rate"], "rfc2543-branch": module.params["sip_rfc2543_branch"], "rtp": module.params["sip_rtp"], "ssl-algorithm": module.params["sip_ssl_algorithm"], "ssl-auth-client": module.params["sip_ssl_auth_client"], "ssl-auth-server": module.params["sip_ssl_auth_server"], "ssl-client-certificate": module.params["sip_ssl_client_certificate"], "ssl-client-renegotiation": module.params["sip_ssl_client_renegotiation"], "ssl-max-version": module.params["sip_ssl_max_version"], "ssl-min-version": module.params["sip_ssl_min_version"], "ssl-mode": module.params["sip_ssl_mode"], "ssl-pfs": module.params["sip_ssl_pfs"], "ssl-send-empty-frags": module.params["sip_ssl_send_empty_frags"], "ssl-server-certificate": module.params["sip_ssl_server_certificate"], "status": module.params["sip_status"], "strict-register": module.params["sip_strict_register"], "subscribe-rate": module.params["sip_subscribe_rate"], "unknown-header": module.params["sip_unknown_header"], "update-rate": module.params["sip_update_rate"], } } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) list_overrides = ['sccp', 'sip'] paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides, paramgram=paramgram, module=module) module.paramgram = paramgram results = DEFAULT_RESULT_OBJ try: results = fmgr_voip_profile_modify(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(type="str", default="root"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), youtube_restrict=dict(required=False, type="str", choices=["strict", "moderate"]), sdns_ftgd_err_log=dict(required=False, type="str", choices=["disable", "enable"]), sdns_domain_log=dict(required=False, type="str", choices=["disable", "enable"]), safe_search=dict(required=False, type="str", choices=["disable", "enable"]), redirect_portal=dict(required=False, type="str"), name=dict(required=False, type="str"), log_all_domain=dict(required=False, type="str", choices=["disable", "enable"]), external_ip_blocklist=dict(required=False, type="str"), comment=dict(required=False, type="str"), block_botnet=dict(required=False, type="str", choices=["disable", "enable"]), block_action=dict(required=False, type="str", choices=["block", "redirect"]), domain_filter_domain_filter_table=dict(required=False, type="str"), ftgd_dns_options=dict(required=False, type="str", choices=["error-allow", "ftgd-disable"]), ftgd_dns_filters_action=dict(required=False, type="str", choices=["monitor", "block"]), ftgd_dns_filters_category=dict(required=False, type="str"), ftgd_dns_filters_log=dict(required=False, type="str", choices=["disable", "enable"]), ) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, ) # MODULE PARAMGRAM paramgram = { "mode": module.params["mode"], "adom": module.params["adom"], "youtube-restrict": module.params["youtube_restrict"], "sdns-ftgd-err-log": module.params["sdns_ftgd_err_log"], "sdns-domain-log": module.params["sdns_domain_log"], "safe-search": module.params["safe_search"], "redirect-portal": module.params["redirect_portal"], "name": module.params["name"], "log-all-domain": module.params["log_all_domain"], "external-ip-blocklist": module.params["external_ip_blocklist"], "comment": module.params["comment"], "block-botnet": module.params["block_botnet"], "block-action": module.params["block_action"], "domain-filter": { "domain-filter-table": module.params["domain_filter_domain_filter_table"], }, "ftgd-dns": { "options": module.params["ftgd_dns_options"], "filters": { "action": module.params["ftgd_dns_filters_action"], "category": module.params["ftgd_dns_filters_category"], "log": module.params["ftgd_dns_filters_log"], } } } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) results = DEFAULT_RESULT_OBJ try: results = fmgr_dnsfilter_profile_modify(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(type="str", default="root"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), type=dict(required=False, type="str", choices=["overload", "one-to-one", "fixed-port-range", "port-block-allocation"]), startip=dict(required=False, type="str"), source_startip=dict(required=False, type="str"), source_endip=dict(required=False, type="str"), permit_any_host=dict(required=False, type="str", choices=["disable", "enable"]), pba_timeout=dict(required=False, type="int"), num_blocks_per_user=dict(required=False, type="int"), name=dict(required=False, type="str"), endip=dict(required=False, type="str"), comments=dict(required=False, type="str"), block_size=dict(required=False, type="int"), associated_interface=dict(required=False, type="str"), arp_reply=dict(required=False, type="str", choices=["disable", "enable"]), arp_intf=dict(required=False, type="str"), dynamic_mapping=dict(required=False, type="list"), dynamic_mapping_arp_intf=dict(required=False, type="str"), dynamic_mapping_arp_reply=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_associated_interface=dict(required=False, type="str"), dynamic_mapping_block_size=dict(required=False, type="int"), dynamic_mapping_comments=dict(required=False, type="str"), dynamic_mapping_endip=dict(required=False, type="str"), dynamic_mapping_num_blocks_per_user=dict(required=False, type="int"), dynamic_mapping_pba_timeout=dict(required=False, type="int"), dynamic_mapping_permit_any_host=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_source_endip=dict(required=False, type="str"), dynamic_mapping_source_startip=dict(required=False, type="str"), dynamic_mapping_startip=dict(required=False, type="str"), dynamic_mapping_type=dict(required=False, type="str", choices=["overload", "one-to-one", "fixed-port-range", "port-block-allocation"]), ) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, ) # MODULE PARAMGRAM paramgram = { "mode": module.params["mode"], "adom": module.params["adom"], "type": module.params["type"], "startip": module.params["startip"], "source-startip": module.params["source_startip"], "source-endip": module.params["source_endip"], "permit-any-host": module.params["permit_any_host"], "pba-timeout": module.params["pba_timeout"], "num-blocks-per-user": module.params["num_blocks_per_user"], "name": module.params["name"], "endip": module.params["endip"], "comments": module.params["comments"], "block-size": module.params["block_size"], "associated-interface": module.params["associated_interface"], "arp-reply": module.params["arp_reply"], "arp-intf": module.params["arp_intf"], "dynamic_mapping": { "arp-intf": module.params["dynamic_mapping_arp_intf"], "arp-reply": module.params["dynamic_mapping_arp_reply"], "associated-interface": module.params["dynamic_mapping_associated_interface"], "block-size": module.params["dynamic_mapping_block_size"], "comments": module.params["dynamic_mapping_comments"], "endip": module.params["dynamic_mapping_endip"], "num-blocks-per-user": module.params["dynamic_mapping_num_blocks_per_user"], "pba-timeout": module.params["dynamic_mapping_pba_timeout"], "permit-any-host": module.params["dynamic_mapping_permit_any_host"], "source-endip": module.params["dynamic_mapping_source_endip"], "source-startip": module.params["dynamic_mapping_source_startip"], "startip": module.params["dynamic_mapping_startip"], "type": module.params["dynamic_mapping_type"], } } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) list_overrides = ['dynamic_mapping'] paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides, paramgram=paramgram, module=module) # UPDATE THE CHANGED PARAMGRAM module.paramgram = paramgram results = DEFAULT_RESULT_OBJ try: results = fmgr_fwobj_ippool_modify(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(required=False, type="str", default="root"), object=dict(required=True, type="str", choices=["device", "cluster_nodes", "task", "custom"]), custom_endpoint=dict(required=False, type="str"), custom_dict=dict(required=False, type="dict"), device_ip=dict(required=False, type="str"), device_unique_name=dict(required=False, type="str"), device_serial=dict(required=False, type="str"), nodes=dict(required=False, type="list"), task_id=dict(required=False, type="str")) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=False, ) paramgram = { "adom": module.params["adom"], "object": module.params["object"], "device_ip": module.params["device_ip"], "device_unique_name": module.params["device_unique_name"], "device_serial": module.params["device_serial"], "nodes": module.params["nodes"], "task_id": module.params["task_id"], "custom_endpoint": module.params["custom_endpoint"], "custom_dict": module.params["custom_dict"] } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) results = DEFAULT_RESULT_OBJ try: # IF OBJECT IS DEVICE if paramgram["object"] == "device" and any(v is not None for v in [ paramgram["device_unique_name"], paramgram["device_serial"], paramgram["device_ip"] ]): results = fmgr_get_device(fmgr, paramgram) if results[0] not in [0]: module.fail_json(msg="Device query failed!") elif len(results[1]) == 0: module.exit_json(msg="Device NOT FOUND!") else: module.exit_json(msg="Device Found", **results[1][0]) except Exception as err: raise FMGBaseException(err) try: # IF OBJECT IS CLUSTER_NODES if paramgram["object"] == "cluster_nodes" and paramgram[ "nodes"] is not None: results = fmgr_get_cluster_nodes(fmgr, paramgram) if results["cluster_status"] == "MISSING": module.exit_json(msg="No cluster device found!", **results) elif results["query_status"] == "good": module.exit_json(msg="Cluster Found - Showing Nodes", **results) elif results is None: module.fail_json( msg="Query FAILED -- Check module or playbook syntax") except Exception as err: raise FMGBaseException(err) try: # IF OBJECT IS TASK if paramgram["object"] == "task": results = fmgr_get_task_status(fmgr, paramgram) if results[0] != 0: module.fail_json(**results[1]) if results[0] == 0: module.exit_json(**results[1]) except Exception as err: raise FMGBaseException(err) try: # IF OBJECT IS CUSTOM if paramgram["object"] == "custom": results = fmgr_get_custom(fmgr, paramgram) if results[0] != 0: module.fail_json( msg= "QUERY FAILED -- Please check syntax check JSON guide if needed." ) if results[0] == 0: results_len = len(results[1]) if results_len > 0: results_combine = dict() if isinstance(results[1], dict): results_combine["results"] = results[1] if isinstance(results[1], list): results_combine["results"] = results[1][0:results_len] module.exit_json(msg="Custom Query Success", **results_combine) else: module.exit_json(msg="NO RESULTS") except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(required=False, type="str", default="root"), vdom=dict(required=False, type="str", default="root"), mode=dict(choices=["add", "execute", "set", "delete"], type="str", default="add"), script_name=dict(required=True, type="str"), script_type=dict(required=False, type="str"), script_target=dict(required=False, type="str"), script_description=dict(required=False, type="str"), script_content=dict(required=False, type="str"), script_scope=dict(required=False, type="str"), script_package=dict(required=False, type="str"), ) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=False, ) paramgram = { "script_name": module.params["script_name"], "script_type": module.params["script_type"], "script_target": module.params["script_target"], "script_description": module.params["script_description"], "script_content": module.params["script_content"], "script_scope": module.params["script_scope"], "script_package": module.params["script_package"], "adom": module.params["adom"], "vdom": module.params["vdom"], "mode": module.params["mode"], } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) results = DEFAULT_RESULT_OBJ try: if paramgram["mode"] in ['add', 'set']: results = set_script(fmgr, paramgram) fmgr.govern_response(module=module, results=results, msg="Operation Finished", ansible_facts=fmgr.construct_ansible_facts( results, module.params, module.params)) except Exception as err: raise FMGBaseException(err) try: if paramgram["mode"] == "execute": results = execute_script(fmgr, paramgram) fmgr.govern_response(module=module, results=results, msg="Operation Finished", ansible_facts=fmgr.construct_ansible_facts( results, module.params, module.params)) except Exception as err: raise FMGBaseException(err) try: if paramgram["mode"] == "delete": results = delete_script(fmgr, paramgram) fmgr.govern_response(module=module, results=results, msg="Operation Finished", ansible_facts=fmgr.construct_ansible_facts( results, module.params, module.params)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(type="str", default="root"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), webfilter_profile=dict(required=False, type="str"), waf_profile=dict(required=False, type="str"), voip_profile=dict(required=False, type="str"), ssl_ssh_profile=dict(required=False, type="str"), ssh_filter_profile=dict(required=False, type="str"), spamfilter_profile=dict(required=False, type="str"), profile_protocol_options=dict(required=False, type="str"), name=dict(required=False, type="str"), mms_profile=dict(required=False, type="str"), ips_sensor=dict(required=False, type="str"), icap_profile=dict(required=False, type="str"), dnsfilter_profile=dict(required=False, type="str"), dlp_sensor=dict(required=False, type="str"), av_profile=dict(required=False, type="str"), application_list=dict(required=False, type="str"), ) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, ) # MODULE PARAMGRAM paramgram = { "mode": module.params["mode"], "adom": module.params["adom"], "webfilter-profile": module.params["webfilter_profile"], "waf-profile": module.params["waf_profile"], "voip-profile": module.params["voip_profile"], "ssl-ssh-profile": module.params["ssl_ssh_profile"], "ssh-filter-profile": module.params["ssh_filter_profile"], "spamfilter-profile": module.params["spamfilter_profile"], "profile-protocol-options": module.params["profile_protocol_options"], "name": module.params["name"], "mms-profile": module.params["mms_profile"], "ips-sensor": module.params["ips_sensor"], "icap-profile": module.params["icap_profile"], "dnsfilter-profile": module.params["dnsfilter_profile"], "dlp-sensor": module.params["dlp_sensor"], "av-profile": module.params["av_profile"], "application-list": module.params["application_list"], } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) results = DEFAULT_RESULT_OBJ try: results = fmgr_firewall_profile_group_modify(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(required=False, type="str", default="root"), mode=dict(required=False, type="str", choices=['add', 'set', 'delete'], default="add"), app_category=dict(required=False, type="str"), app_service_type=dict(required=False, type="str"), application=dict(required=False, type="str"), category=dict(required=False, type="str"), check_reset_range=dict(required=False, type="str"), color=dict(required=False, type="int", default=22), comment=dict(required=False, type="str"), custom_type=dict(required=False, type="str", choices=['tcp_udp_sctp', 'icmp', 'icmp6', 'ip', 'http', 'ftp', 'connect', 'socks_tcp', 'socks_udp', 'all'], default="all"), explicit_proxy=dict(required=False, type="str", choices=['enable', 'disable'], default="disable"), fqdn=dict(required=False, type="str", default=""), group_name=dict(required=False, type="str"), group_member=dict(required=False, type="str"), icmp_code=dict(required=False, type="int"), icmp_type=dict(required=False, type="int"), iprange=dict(required=False, type="str", default="0.0.0.0"), name=dict(required=False, type="str"), protocol=dict(required=False, type="str"), protocol_number=dict(required=False, type="int"), sctp_portrange=dict(required=False, type="str"), session_ttl=dict(required=False, type="int", default=0), object_type=dict(required=False, type="str", choices=['custom', 'group', 'category']), tcp_halfclose_timer=dict(required=False, type="int", default=0), tcp_halfopen_timer=dict(required=False, type="int", default=0), tcp_portrange=dict(required=False, type="str"), tcp_timewait_timer=dict(required=False, type="int", default=0), udp_idle_timer=dict(required=False, type="int", default=0), udp_portrange=dict(required=False, type="str"), visibility=dict(required=False, type="str", default="enable", choices=["enable", "disable"]), ) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, ) # MODULE DATAGRAM paramgram = { "adom": module.params["adom"], "app-category": module.params["app_category"], "app-service-type": module.params["app_service_type"], "application": module.params["application"], "category": module.params["category"], "check-reset-range": module.params["check_reset_range"], "color": module.params["color"], "comment": module.params["comment"], "custom_type": module.params["custom_type"], "explicit-proxy": module.params["explicit_proxy"], "fqdn": module.params["fqdn"], "group-name": module.params["group_name"], "group-member": module.params["group_member"], "icmp_code": module.params["icmp_code"], "icmp_type": module.params["icmp_type"], "iprange": module.params["iprange"], "name": module.params["name"], "mode": module.params["mode"], "protocol": module.params["protocol"], "protocol-number": module.params["protocol_number"], "sctp-portrange": module.params["sctp_portrange"], "object_type": module.params["object_type"], "session-ttl": module.params["session_ttl"], "tcp-halfclose-timer": module.params["tcp_halfclose_timer"], "tcp-halfopen-timer": module.params["tcp_halfopen_timer"], "tcp-portrange": module.params["tcp_portrange"], "tcp-timewait-timer": module.params["tcp_timewait_timer"], "udp-idle-timer": module.params["udp_idle_timer"], "udp-portrange": module.params["udp_portrange"], "visibility": module.params["visibility"], } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) results = DEFAULT_RESULT_OBJ try: # CHECK FOR CATEGORIES TO ADD # THIS IS ONLY WHEN OBJECT_TYPE ISN'T SPECIFICALLY ADDING A CATEGORY! # WE NEED TO ADD THE CATEGORY BEFORE ADDING THE OBJECT # IF ANY category ARE DEFINED AND MODE IS ADD OR SET LETS ADD THOSE # THIS IS A "BLIND ADD" AND THE EXIT CODE FOR OBJECT ALREADY EXISTS IS TREATED AS A PASS if paramgram["category"] is not None and paramgram["mode"] in ['add', 'set'] \ and paramgram["object_type"] != "category": category_add = fmgr_fwobj_service_category(fmgr, paramgram) fmgr.govern_response(module=module, results=category_add, ansible_facts=fmgr.construct_ansible_facts(category_add, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) try: # IF OBJECT_TYPE IS CATEGORY... if paramgram["object_type"] == 'category': results = fmgr_fwobj_service_category(fmgr, paramgram) fmgr.govern_response(module=module, results=results, good_codes=[0, -2, -3], ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) try: # IF OBJECT_TYPE IS CUSTOM... if paramgram["object_type"] == 'custom': results = fmgr_fwobj_service_custom(fmgr, paramgram) fmgr.govern_response(module=module, results=results, good_codes=[0, -2, -3], ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) try: # IF OBJECT_TYPE IS GROUP... if paramgram["object_type"] == 'group': results = fmgr_fwobj_service_group(fmgr, paramgram) fmgr.govern_response(module=module, results=results, good_codes=[0, -2, -3], ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(type="str", default="root"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), strip_encoding=dict(required=False, type="str", choices=["disable", "enable"]), name=dict(required=False, type="str"), log_header_change=dict(required=False, type="str", choices=["disable", "enable"]), header_x_forwarded_for=dict(required=False, type="str", choices=["pass", "add", "remove"]), header_x_authenticated_user=dict(required=False, type="str", choices=["pass", "add", "remove"]), header_x_authenticated_groups=dict(required=False, type="str", choices=["pass", "add", "remove"]), header_via_response=dict(required=False, type="str", choices=["pass", "add", "remove"]), header_via_request=dict(required=False, type="str", choices=["pass", "add", "remove"]), header_front_end_https=dict(required=False, type="str", choices=["pass", "add", "remove"]), header_client_ip=dict(required=False, type="str", choices=["pass", "add", "remove"]), headers=dict(required=False, type="list"), headers_action=dict(required=False, type="str", choices=[ "add-to-request", "add-to-response", "remove-from-request", "remove-from-response" ]), headers_content=dict(required=False, type="str"), headers_name=dict(required=False, type="str"), ) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=False, ) # MODULE PARAMGRAM paramgram = { "mode": module.params["mode"], "adom": module.params["adom"], "strip-encoding": module.params["strip_encoding"], "name": module.params["name"], "log-header-change": module.params["log_header_change"], "header-x-forwarded-for": module.params["header_x_forwarded_for"], "header-x-authenticated-user": module.params["header_x_authenticated_user"], "header-x-authenticated-groups": module.params["header_x_authenticated_groups"], "header-via-response": module.params["header_via_response"], "header-via-request": module.params["header_via_request"], "header-front-end-https": module.params["header_front_end_https"], "header-client-ip": module.params["header_client_ip"], "headers": { "action": module.params["headers_action"], "content": module.params["headers_content"], "name": module.params["headers_name"], } } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) list_overrides = ['headers'] paramgram = fmgr.tools.paramgram_child_list_override( list_overrides=list_overrides, paramgram=paramgram, module=module) module.paramgram = paramgram results = DEFAULT_RESULT_OBJ try: results = fmgr_web_proxy_profile_modify(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts( results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
def main(): argument_spec = dict( adom=dict(required=False, type="str", default="root"), vdom=dict(required=False, type="str", default="root"), policy_package=dict(required=False, type="str", default="default"), name=dict(required=True, type="str"), group=dict(required=False, type="str"), serial=dict(required=True, type="str"), platform=dict(required=False, type="str", default="FortiGate-VM64"), description=dict(required=False, type="str"), os_version=dict(required=True, type="str"), minor_release=dict(required=False, type="str"), patch_release=dict(required=False, type="str"), os_type=dict(required=False, type="str", default="fos"), ) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=False, ) paramgram = { "adom": module.params["adom"], "vdom": module.params["vdom"], "policy_package": module.params["policy_package"], "name": module.params["name"], "group": module.params["group"], "serial": module.params["serial"], "platform": module.params["platform"], "description": module.params["description"], "os_version": module.params["os_version"], "minor_release": module.params["minor_release"], "patch_release": module.params["patch_release"], "os_type": module.params["os_type"], } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) results = DEFAULT_RESULT_OBJ try: results = create_model_device(fmgr, paramgram) if results[0] != 0: module.fail_json(msg="Create model failed", **results) results = update_flags(fmgr, paramgram) if results[0] != 0: module.fail_json(msg="Update device flags failed", **results) results = update_install_target(fmgr, paramgram) if results[0] != 0: module.fail_json(msg="Adding device target to package failed", **results) results = install_pp(fmgr, paramgram) if results[0] != 0: module.fail_json(msg="Installing policy package failed", **results) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])