def main():
    argument_spec = dict(
        adom=dict(type="str", default="root"),
        mode=dict(choices=["add", "set", "delete", "update"],
                  type="str",
                  default="add"),
        startip=dict(required=False, type="str"),
        name=dict(required=False, type="str"),
        endip=dict(required=False, type="str"),
        comments=dict(required=False, type="str"),
        dynamic_mapping=dict(required=False, type="list"),
        dynamic_mapping_comments=dict(required=False, type="str"),
        dynamic_mapping_endip=dict(required=False, type="str"),
        dynamic_mapping_startip=dict(required=False, type="str"),
    )

    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=False,
    )
    # MODULE PARAMGRAM
    paramgram = {
        "mode": module.params["mode"],
        "adom": module.params["adom"],
        "startip": module.params["startip"],
        "name": module.params["name"],
        "endip": module.params["endip"],
        "comments": module.params["comments"],
        "dynamic_mapping": {
            "comments": module.params["dynamic_mapping_comments"],
            "endip": module.params["dynamic_mapping_endip"],
            "startip": module.params["dynamic_mapping_startip"],
        }
    }
    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    list_overrides = ['dynamic_mapping']
    paramgram = fmgr.tools.paramgram_child_list_override(
        list_overrides=list_overrides, paramgram=paramgram, module=module)

    results = DEFAULT_RESULT_OBJ

    try:
        results = fmgr_fwobj_ippool6_modify(fmgr, paramgram)
        fmgr.govern_response(module=module,
                             results=results,
                             ansible_facts=fmgr.construct_ansible_facts(
                                 results, module.params, paramgram))

    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
示例#2
0
def main():
    module = AnsibleModule(argument_spec=dict(
        device_unique_name=dict(required=True, type='str'),
        vdom=dict(type='str', required=True),
        adom=dict(type='str', required=True),
        state=dict(type='str', required=True, choices=['present', 'absent']),
        zone=dict(type='str', required=True),
        force=dict(type='bool', default=False)),
                           supports_check_mode=True)

    # fortimanager module expects the module parameters duplicated
    # in a dict called paramgram, reasons unknown!
    module.paramgram = {
        'adom': module.params['adom'],
        'device_unique_name': module.params['device_unique_name'],
    }
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        # fail with an un-helpful and error-masking generic response
        module.fail_json(**FAIL_SOCKET_MSG)

    if module.params['state'] == 'present':
        changed, diff, msg = _zone_present(module, fmgr)

    if module.params['state'] == 'absent':
        changed, diff, msg = _zone_absent(module, fmgr)

    module.exit_json(changed=changed, diff=diff, msg=msg)
示例#3
0
def main():
    argument_spec = dict(
        adom=dict(required=False, type="str", default="root"),
        device_unique_name=dict(required=True, type="str"),
        fortimeter_utm_level=dict(required=True, type="str"),
        foslic_type=dict(required=False, type="int", default=2)
    )

    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
    paramgram = {
        "adom": module.params["adom"],
        "device_unique_name": module.params["device_unique_name"],
        "fortimeter_utm_level": module.params["fortimeter_utm_level"],
        "foslic_type": module.params["foslic_type"]
    }
    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    results = DEFAULT_RESULT_OBJ
    try:
        results = fmgr_set_fortimeter_lic(fmgr, paramgram)
        fmgr.govern_response(module=module, results=results,
                             ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))

    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
示例#4
0
def main():
    argument_spec = dict(
        adom=dict(required=False, type="str", default="root"),
        device_unique_name=dict(required=True, type="str"),
        device_hostname=dict(required=False, type="str"),
        interface=dict(required=False, type="str"),
        interface_ip=dict(required=False, type="str"),
        interface_allow_access=dict(required=False, type="str"),
        install_config=dict(required=False, type="str", default="disable"),
    )

    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
    paramgram = {
        "device_unique_name": module.params["device_unique_name"],
        "device_hostname": module.params["device_hostname"],
        "interface": module.params["interface"],
        "interface_ip": module.params["interface_ip"],
        "interface_allow_access": module.params["interface_allow_access"],
        "install_config": module.params["install_config"],
        "adom": module.params["adom"]
    }
    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    # BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION
    results = DEFAULT_RESULT_OBJ
    try:
        if paramgram["device_hostname"] is not None:
            results = update_device_hostname(fmgr, paramgram)
            fmgr.govern_response(module=module, results=results,
                                 ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))

        if paramgram["interface_ip"] is not None or paramgram["interface_allow_access"] is not None:
            results = update_device_interface(fmgr, paramgram)
            fmgr.govern_response(module=module, results=results,
                                 ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))

        if paramgram["install_config"] == "enable":
            results = exec_config(fmgr, paramgram)
            fmgr.govern_response(module=module, results=results,
                                 ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))

    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
示例#5
0
def main():
    module = AnsibleModule(
        argument_spec=dict(
            adom=dict(required=False, type="str", default="root"),
            device=dict(required=True, type="str"),
            vdom=dict(required=True, type="str"),
        ),
        supports_check_mode=True,
    )

    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    # Fetch list of packages
    response = fmgr.process_request(
        "/pm/pkg/adom/{0}".format(module.params['adom']), {}, FMGRMethods.GET)
    if response[0] != 0:
        module.fail_json(msg="Failed to list packages", response=response)
    packages = dict([((pkg['scope member'][0]['name'],
                       pkg['scope member'][0]['vdom']), pkg['name'])
                     for pkg in response[1] if 'scope member' in pkg])
    if (module.params['device'], module.params['vdom']) not in packages:
        module.fail_json(msg="Failed to find package",
                         device=module.params['device'],
                         vdom=module.params['vdom'])
    package = packages[(module.params['device'], module.params['vdom'])]

    if not module.check_mode:
        response = fmgr.process_request("/securityconsole/install/package", {
            "adom": module.params['adom'],
            "pkg": package
        }, FMGRMethods.EXEC)
        if response[0] != 0:
            module.fail_json(msg="Failed to install package",
                             response=response)

    module.exit_json(changed=True, package=package)
示例#6
0
def main():
    module = AnsibleModule(argument_spec=dict(device_unique_name=dict(
        required=True, type='str'),
                                              vdom=dict(type='str',
                                                        required=True),
                                              adom=dict(type='str',
                                                        required=True),
                                              interface=dict(type='str',
                                                             requred=True),
                                              zone=dict(type='str',
                                                        required=False),
                                              vrf=dict(type='int', default=0)),
                           supports_check_mode=True)

    module.paramgram = {
        'adom': module.params['adom'],
        'device_unique_name': module.params['device_unique_name'],
    }
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        # fail with an un-helpful and error-masking generic response
        module.fail_json(**FAIL_SOCKET_MSG)

    zone = validate_zone(module, fmgr)
    if not zone['valid']:
        if not zone['msg']:
            zone['msg'] = 'invalid zone'
        module.exit_json(msg=zone['msg'], changed=False, skipped=True)

    outd = remove_associated_policies(module, fmgr)
    msg = 'no change'
    if outd['changed']:
        msg = 'associated policies removed/updated'
    diff = {'before': outd['before'], 'after': outd['after']}

    module.exit_json(changed=outd['changed'], diff=diff, msg=msg)
示例#7
0
def main():
    module = AnsibleModule(
        argument_spec=dict(
            device_unique_name=dict(required=True, type='str'),
            vdom=dict(type='str', required=True),
            adom=dict(type='str', required=True),
            default_zone=dict(type='str', required=True),
            address_name_prefix=dict(type='str', default='sot'),
            service_name_prefixes=dict(type='list', default=['tcp', 'udp', 'icmp']),
            prefix_delimiter=dict(type='str', default='/'),
            policy_global_label_prefix=dict(type='str', default='socrates'),
            networks=dict(type='list', required=True),
            rulesets=dict(type='list', required=True),
            address_groups=dict(type='list', required=True),
            default_action=dict(type='str', default='accept'),
            default_log_traffic=dict(type='str', choices=['all', 'disable', 'utm'], default='all'),
            default_log_traffic_start=dict(type='str', choices=['enable', 'disable'], default='disable'),
        ),
        supports_check_mode=True
    )

    # fortimanager module expects the module parameters duplicated
    # in a dict called paramgram, reasons unknown!
    module.paramgram = {
        'adom': module.params['adom'],
        'device_unique_name': module.params['device_unique_name'],
    }
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        # fail with an un-helpful and error-masking generic response
        module.fail_json(**FAIL_SOCKET_MSG)
    changed, diff, msg = update_forti(module, fmgr)
    module.exit_json(changed=changed, diff=diff, msg=msg)
示例#8
0
def main():
    argument_spec = dict(
        adom=dict(type="str", default="root"),
        mode=dict(choices=["add", "set", "delete", "update"],
                  type="str",
                  default="add"),
        spam_rbl_table=dict(required=False, type="str"),
        spam_mheader_table=dict(required=False, type="str"),
        spam_log_fortiguard_response=dict(required=False,
                                          type="str",
                                          choices=["disable", "enable"]),
        spam_log=dict(required=False,
                      type="str",
                      choices=["disable", "enable"]),
        spam_iptrust_table=dict(required=False, type="str"),
        spam_filtering=dict(required=False,
                            type="str",
                            choices=["disable", "enable"]),
        spam_bword_threshold=dict(required=False, type="int"),
        spam_bword_table=dict(required=False, type="str"),
        spam_bwl_table=dict(required=False, type="str"),
        replacemsg_group=dict(required=False, type="str"),
        options=dict(required=False,
                     type="list",
                     choices=[
                         "bannedword", "spamfsip", "spamfssubmit",
                         "spamfschksum", "spamfsurl", "spamhelodns",
                         "spamraddrdns", "spamrbl", "spamhdrcheck",
                         "spamfsphish", "spambwl"
                     ]),
        name=dict(required=False, type="str"),
        flow_based=dict(required=False,
                        type="str",
                        choices=["disable", "enable"]),
        external=dict(required=False,
                      type="str",
                      choices=["disable", "enable"]),
        comment=dict(required=False, type="str"),
        gmail=dict(required=False, type="dict"),
        gmail_log=dict(required=False,
                       type="str",
                       choices=["disable", "enable"]),
        imap=dict(required=False, type="dict"),
        imap_action=dict(required=False, type="str", choices=["pass", "tag"]),
        imap_log=dict(required=False,
                      type="str",
                      choices=["disable", "enable"]),
        imap_tag_msg=dict(required=False, type="str"),
        imap_tag_type=dict(required=False,
                           type="str",
                           choices=["subject", "header", "spaminfo"]),
        mapi=dict(required=False, type="dict"),
        mapi_action=dict(required=False,
                         type="str",
                         choices=["pass", "discard"]),
        mapi_log=dict(required=False,
                      type="str",
                      choices=["disable", "enable"]),
        msn_hotmail=dict(required=False, type="dict"),
        msn_hotmail_log=dict(required=False,
                             type="str",
                             choices=["disable", "enable"]),
        pop3=dict(required=False, type="dict"),
        pop3_action=dict(required=False, type="str", choices=["pass", "tag"]),
        pop3_log=dict(required=False,
                      type="str",
                      choices=["disable", "enable"]),
        pop3_tag_msg=dict(required=False, type="str"),
        pop3_tag_type=dict(required=False,
                           type="str",
                           choices=["subject", "header", "spaminfo"]),
        smtp=dict(required=False, type="dict"),
        smtp_action=dict(required=False,
                         type="str",
                         choices=["pass", "tag", "discard"]),
        smtp_hdrip=dict(required=False,
                        type="str",
                        choices=["disable", "enable"]),
        smtp_local_override=dict(required=False,
                                 type="str",
                                 choices=["disable", "enable"]),
        smtp_log=dict(required=False,
                      type="str",
                      choices=["disable", "enable"]),
        smtp_tag_msg=dict(required=False, type="str"),
        smtp_tag_type=dict(required=False,
                           type="str",
                           choices=["subject", "header", "spaminfo"]),
        yahoo_mail=dict(required=False, type="dict"),
        yahoo_mail_log=dict(required=False,
                            type="str",
                            choices=["disable", "enable"]),
    )

    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=False,
    )
    # MODULE PARAMGRAM
    paramgram = {
        "mode":
        module.params["mode"],
        "adom":
        module.params["adom"],
        "spam-rbl-table":
        module.params["spam_rbl_table"],
        "spam-mheader-table":
        module.params["spam_mheader_table"],
        "spam-log-fortiguard-response":
        module.params["spam_log_fortiguard_response"],
        "spam-log":
        module.params["spam_log"],
        "spam-iptrust-table":
        module.params["spam_iptrust_table"],
        "spam-filtering":
        module.params["spam_filtering"],
        "spam-bword-threshold":
        module.params["spam_bword_threshold"],
        "spam-bword-table":
        module.params["spam_bword_table"],
        "spam-bwl-table":
        module.params["spam_bwl_table"],
        "replacemsg-group":
        module.params["replacemsg_group"],
        "options":
        module.params["options"],
        "name":
        module.params["name"],
        "flow-based":
        module.params["flow_based"],
        "external":
        module.params["external"],
        "comment":
        module.params["comment"],
        "gmail": {
            "log": module.params["gmail_log"],
        },
        "imap": {
            "action": module.params["imap_action"],
            "log": module.params["imap_log"],
            "tag-msg": module.params["imap_tag_msg"],
            "tag-type": module.params["imap_tag_type"],
        },
        "mapi": {
            "action": module.params["mapi_action"],
            "log": module.params["mapi_log"],
        },
        "msn-hotmail": {
            "log": module.params["msn_hotmail_log"],
        },
        "pop3": {
            "action": module.params["pop3_action"],
            "log": module.params["pop3_log"],
            "tag-msg": module.params["pop3_tag_msg"],
            "tag-type": module.params["pop3_tag_type"],
        },
        "smtp": {
            "action": module.params["smtp_action"],
            "hdrip": module.params["smtp_hdrip"],
            "local-override": module.params["smtp_local_override"],
            "log": module.params["smtp_log"],
            "tag-msg": module.params["smtp_tag_msg"],
            "tag-type": module.params["smtp_tag_type"],
        },
        "yahoo-mail": {
            "log": module.params["yahoo_mail_log"],
        }
    }
    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    list_overrides = [
        'gmail', 'imap', 'mapi', 'msn-hotmail', 'pop3', 'smtp', 'yahoo-mail'
    ]
    paramgram = fmgr.tools.paramgram_child_list_override(
        list_overrides=list_overrides, paramgram=paramgram, module=module)

    results = DEFAULT_RESULT_OBJ
    try:

        results = fmgr_spamfilter_profile_modify(fmgr, paramgram)
        fmgr.govern_response(module=module,
                             results=results,
                             ansible_facts=fmgr.construct_ansible_facts(
                                 results, module.params, paramgram))

    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
示例#9
0
def main():
    argument_spec = dict(
        adom=dict(type="str", default="root"),
        mode=dict(choices=["add", "set", "delete", "update"],
                  type="str",
                  default="add"),
        transparent=dict(required=False,
                         type="str",
                         choices=["disable", "enable"]),
        name=dict(required=False, type="str"),
        comments=dict(required=False, type="str"),
        auth_group=dict(required=False, type="str"),
        cifs=dict(required=False, type="dict"),
        cifs_byte_caching=dict(required=False,
                               type="str",
                               choices=["disable", "enable"]),
        cifs_log_traffic=dict(required=False,
                              type="str",
                              choices=["disable", "enable"]),
        cifs_port=dict(required=False, type="str"),
        cifs_prefer_chunking=dict(required=False,
                                  type="str",
                                  choices=["dynamic", "fix"]),
        cifs_secure_tunnel=dict(required=False,
                                type="str",
                                choices=["disable", "enable"]),
        cifs_status=dict(required=False,
                         type="str",
                         choices=["disable", "enable"]),
        cifs_tunnel_sharing=dict(
            required=False,
            type="str",
            choices=["private", "shared", "express-shared"]),
        ftp=dict(required=False, type="dict"),
        ftp_byte_caching=dict(required=False,
                              type="str",
                              choices=["disable", "enable"]),
        ftp_log_traffic=dict(required=False,
                             type="str",
                             choices=["disable", "enable"]),
        ftp_port=dict(required=False, type="str"),
        ftp_prefer_chunking=dict(required=False,
                                 type="str",
                                 choices=["dynamic", "fix"]),
        ftp_secure_tunnel=dict(required=False,
                               type="str",
                               choices=["disable", "enable"]),
        ftp_status=dict(required=False,
                        type="str",
                        choices=["disable", "enable"]),
        ftp_tunnel_sharing=dict(
            required=False,
            type="str",
            choices=["private", "shared", "express-shared"]),
        http=dict(required=False, type="dict"),
        http_byte_caching=dict(required=False,
                               type="str",
                               choices=["disable", "enable"]),
        http_log_traffic=dict(required=False,
                              type="str",
                              choices=["disable", "enable"]),
        http_port=dict(required=False, type="str"),
        http_prefer_chunking=dict(required=False,
                                  type="str",
                                  choices=["dynamic", "fix"]),
        http_secure_tunnel=dict(required=False,
                                type="str",
                                choices=["disable", "enable"]),
        http_ssl=dict(required=False,
                      type="str",
                      choices=["disable", "enable"]),
        http_ssl_port=dict(required=False, type="str"),
        http_status=dict(required=False,
                         type="str",
                         choices=["disable", "enable"]),
        http_tunnel_non_http=dict(required=False,
                                  type="str",
                                  choices=["disable", "enable"]),
        http_tunnel_sharing=dict(
            required=False,
            type="str",
            choices=["private", "shared", "express-shared"]),
        http_unknown_http_version=dict(
            required=False,
            type="str",
            choices=["best-effort", "reject", "tunnel"]),
        mapi=dict(required=False, type="dict"),
        mapi_byte_caching=dict(required=False,
                               type="str",
                               choices=["disable", "enable"]),
        mapi_log_traffic=dict(required=False,
                              type="str",
                              choices=["disable", "enable"]),
        mapi_port=dict(required=False, type="str"),
        mapi_secure_tunnel=dict(required=False,
                                type="str",
                                choices=["disable", "enable"]),
        mapi_status=dict(required=False,
                         type="str",
                         choices=["disable", "enable"]),
        mapi_tunnel_sharing=dict(
            required=False,
            type="str",
            choices=["private", "shared", "express-shared"]),
        tcp=dict(required=False, type="dict"),
        tcp_byte_caching=dict(required=False,
                              type="str",
                              choices=["disable", "enable"]),
        tcp_byte_caching_opt=dict(required=False,
                                  type="str",
                                  choices=["mem-only", "mem-disk"]),
        tcp_log_traffic=dict(required=False,
                             type="str",
                             choices=["disable", "enable"]),
        tcp_port=dict(required=False, type="str"),
        tcp_secure_tunnel=dict(required=False,
                               type="str",
                               choices=["disable", "enable"]),
        tcp_ssl=dict(required=False, type="str", choices=["disable",
                                                          "enable"]),
        tcp_ssl_port=dict(required=False, type="str"),
        tcp_status=dict(required=False,
                        type="str",
                        choices=["disable", "enable"]),
        tcp_tunnel_sharing=dict(
            required=False,
            type="str",
            choices=["private", "shared", "express-shared"]),
    )

    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=False,
    )
    # MODULE PARAMGRAM
    paramgram = {
        "mode": module.params["mode"],
        "adom": module.params["adom"],
        "transparent": module.params["transparent"],
        "name": module.params["name"],
        "comments": module.params["comments"],
        "auth-group": module.params["auth_group"],
        "cifs": {
            "byte-caching": module.params["cifs_byte_caching"],
            "log-traffic": module.params["cifs_log_traffic"],
            "port": module.params["cifs_port"],
            "prefer-chunking": module.params["cifs_prefer_chunking"],
            "secure-tunnel": module.params["cifs_secure_tunnel"],
            "status": module.params["cifs_status"],
            "tunnel-sharing": module.params["cifs_tunnel_sharing"],
        },
        "ftp": {
            "byte-caching": module.params["ftp_byte_caching"],
            "log-traffic": module.params["ftp_log_traffic"],
            "port": module.params["ftp_port"],
            "prefer-chunking": module.params["ftp_prefer_chunking"],
            "secure-tunnel": module.params["ftp_secure_tunnel"],
            "status": module.params["ftp_status"],
            "tunnel-sharing": module.params["ftp_tunnel_sharing"],
        },
        "http": {
            "byte-caching": module.params["http_byte_caching"],
            "log-traffic": module.params["http_log_traffic"],
            "port": module.params["http_port"],
            "prefer-chunking": module.params["http_prefer_chunking"],
            "secure-tunnel": module.params["http_secure_tunnel"],
            "ssl": module.params["http_ssl"],
            "ssl-port": module.params["http_ssl_port"],
            "status": module.params["http_status"],
            "tunnel-non-http": module.params["http_tunnel_non_http"],
            "tunnel-sharing": module.params["http_tunnel_sharing"],
            "unknown-http-version": module.params["http_unknown_http_version"],
        },
        "mapi": {
            "byte-caching": module.params["mapi_byte_caching"],
            "log-traffic": module.params["mapi_log_traffic"],
            "port": module.params["mapi_port"],
            "secure-tunnel": module.params["mapi_secure_tunnel"],
            "status": module.params["mapi_status"],
            "tunnel-sharing": module.params["mapi_tunnel_sharing"],
        },
        "tcp": {
            "byte-caching": module.params["tcp_byte_caching"],
            "byte-caching-opt": module.params["tcp_byte_caching_opt"],
            "log-traffic": module.params["tcp_log_traffic"],
            "port": module.params["tcp_port"],
            "secure-tunnel": module.params["tcp_secure_tunnel"],
            "ssl": module.params["tcp_ssl"],
            "ssl-port": module.params["tcp_ssl_port"],
            "status": module.params["tcp_status"],
            "tunnel-sharing": module.params["tcp_tunnel_sharing"],
        }
    }
    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    list_overrides = ['cifs', 'ftp', 'http', 'mapi', 'tcp']
    paramgram = fmgr.tools.paramgram_child_list_override(
        list_overrides=list_overrides, paramgram=paramgram, module=module)

    results = DEFAULT_RESULT_OBJ

    try:
        results = fmgr_wanopt_profile_modify(fmgr, paramgram)
        fmgr.govern_response(module=module,
                             results=results,
                             ansible_facts=fmgr.construct_ansible_facts(
                                 results, module.params, paramgram))

    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
def main():
    argument_spec = dict(
        adom=dict(type="str", default="root"),
        mode=dict(choices=["add", "set", "delete", "update"],
                  type="str",
                  default="add"),
        unknown_application_log=dict(required=False,
                                     type="str",
                                     choices=["disable", "enable"]),
        unknown_application_action=dict(required=False,
                                        type="str",
                                        choices=["pass", "block"]),
        replacemsg_group=dict(required=False, type="str"),
        p2p_black_list=dict(required=False,
                            type="str",
                            choices=["skype", "edonkey", "bittorrent"]),
        other_application_log=dict(required=False,
                                   type="str",
                                   choices=["disable", "enable"]),
        other_application_action=dict(required=False,
                                      type="str",
                                      choices=["pass", "block"]),
        options=dict(required=False,
                     type="str",
                     choices=[
                         "allow-dns", "allow-icmp", "allow-http", "allow-ssl",
                         "allow-quic"
                     ]),
        name=dict(required=False, type="str"),
        extended_log=dict(required=False,
                          type="str",
                          choices=["disable", "enable"]),
        deep_app_inspection=dict(required=False,
                                 type="str",
                                 choices=["disable", "enable"]),
        comment=dict(required=False, type="str"),
        app_replacemsg=dict(required=False,
                            type="str",
                            choices=["disable", "enable"]),
        entries=dict(required=False, type="list"),
        entries_action=dict(required=False,
                            type="str",
                            choices=["pass", "block", "reset"]),
        entries_application=dict(required=False, type="str"),
        entries_behavior=dict(required=False, type="str"),
        entries_category=dict(required=False, type="str"),
        entries_log=dict(required=False,
                         type="str",
                         choices=["disable", "enable"]),
        entries_log_packet=dict(required=False,
                                type="str",
                                choices=["disable", "enable"]),
        entries_per_ip_shaper=dict(required=False, type="str"),
        entries_popularity=dict(required=False,
                                type="str",
                                choices=["1", "2", "3", "4", "5"]),
        entries_protocols=dict(required=False, type="str"),
        entries_quarantine=dict(required=False,
                                type="str",
                                choices=["none", "attacker"]),
        entries_quarantine_expiry=dict(required=False, type="str"),
        entries_quarantine_log=dict(required=False,
                                    type="str",
                                    choices=["disable", "enable"]),
        entries_rate_count=dict(required=False, type="int"),
        entries_rate_duration=dict(required=False, type="int"),
        entries_rate_mode=dict(required=False,
                               type="str",
                               choices=["periodical", "continuous"]),
        entries_rate_track=dict(required=False,
                                type="str",
                                choices=[
                                    "none", "src-ip", "dest-ip",
                                    "dhcp-client-mac", "dns-domain"
                                ]),
        entries_risk=dict(required=False, type="str"),
        entries_session_ttl=dict(required=False, type="int"),
        entries_shaper=dict(required=False, type="str"),
        entries_shaper_reverse=dict(required=False, type="str"),
        entries_sub_category=dict(required=False, type="str"),
        entries_technology=dict(required=False, type="str"),
        entries_vendor=dict(required=False, type="str"),
        entries_parameters_value=dict(required=False, type="str"),
    )
    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=False,
    )
    # MODULE PARAMGRAM
    paramgram = {
        "mode": module.params["mode"],
        "adom": module.params["adom"],
        "unknown-application-log": module.params["unknown_application_log"],
        "unknown-application-action":
        module.params["unknown_application_action"],
        "replacemsg-group": module.params["replacemsg_group"],
        "p2p-black-list": module.params["p2p_black_list"],
        "other-application-log": module.params["other_application_log"],
        "other-application-action": module.params["other_application_action"],
        "options": module.params["options"],
        "name": module.params["name"],
        "extended-log": module.params["extended_log"],
        "deep-app-inspection": module.params["deep_app_inspection"],
        "comment": module.params["comment"],
        "app-replacemsg": module.params["app_replacemsg"],
        "entries": {
            "action": module.params["entries_action"],
            "application": module.params["entries_application"],
            "behavior": module.params["entries_behavior"],
            "category": module.params["entries_category"],
            "log": module.params["entries_log"],
            "log-packet": module.params["entries_log_packet"],
            "per-ip-shaper": module.params["entries_per_ip_shaper"],
            "popularity": module.params["entries_popularity"],
            "protocols": module.params["entries_protocols"],
            "quarantine": module.params["entries_quarantine"],
            "quarantine-expiry": module.params["entries_quarantine_expiry"],
            "quarantine-log": module.params["entries_quarantine_log"],
            "rate-count": module.params["entries_rate_count"],
            "rate-duration": module.params["entries_rate_duration"],
            "rate-mode": module.params["entries_rate_mode"],
            "rate-track": module.params["entries_rate_track"],
            "risk": module.params["entries_risk"],
            "session-ttl": module.params["entries_session_ttl"],
            "shaper": module.params["entries_shaper"],
            "shaper-reverse": module.params["entries_shaper_reverse"],
            "sub-category": module.params["entries_sub_category"],
            "technology": module.params["entries_technology"],
            "vendor": module.params["entries_vendor"],
            "parameters": {
                "value": module.params["entries_parameters_value"],
            }
        }
    }
    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    list_overrides = ['entries']
    paramgram = fmgr.tools.paramgram_child_list_override(
        list_overrides=list_overrides, paramgram=paramgram, module=module)

    results = DEFAULT_RESULT_OBJ
    try:
        results = fmgr_application_list_modify(fmgr, paramgram)
        fmgr.govern_response(module=module,
                             results=results,
                             ansible_facts=fmgr.construct_ansible_facts(
                                 results, module.params, paramgram))
    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
def main():
    argument_spec = dict(
        adom=dict(required=False, type="str", default="root"),
        mode=dict(choices=["add", "set", "delete"], type="str", default="add"),
        name=dict(required=False, type="str"),
        object_type=dict(required=True,
                         type="str",
                         choices=['pkg', 'folder', 'install']),
        package_folder=dict(required=False, type="str"),
        central_nat=dict(required=False,
                         type="str",
                         default="disable",
                         choices=['enable', 'disable']),
        fwpolicy_implicit_log=dict(required=False,
                                   type="str",
                                   default="disable",
                                   choices=['enable', 'disable']),
        fwpolicy6_implicit_log=dict(required=False,
                                    type="str",
                                    default="disable",
                                    choices=['enable', 'disable']),
        inspection_mode=dict(required=False,
                             type="str",
                             default="flow",
                             choices=['flow', 'proxy']),
        ngfw_mode=dict(required=False,
                       type="str",
                       default="profile-based",
                       choices=['profile-based', 'policy-based']),
        ssl_ssh_profile=dict(required=False, type="str"),
        scope_members=dict(required=False, type="str"),
        scope_members_vdom=dict(required=False, type="str", default="root"),
        parent_folder=dict(required=False, type="str"),
    )

    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=False,
    )
    # MODULE DATAGRAM
    paramgram = {
        "adom": module.params["adom"],
        "name": module.params["name"],
        "mode": module.params["mode"],
        "object_type": module.params["object_type"],
        "package-folder": module.params["package_folder"],
        "central-nat": module.params["central_nat"],
        "fwpolicy-implicit-log": module.params["fwpolicy_implicit_log"],
        "fwpolicy6-implicit-log": module.params["fwpolicy6_implicit_log"],
        "inspection-mode": module.params["inspection_mode"],
        "ngfw-mode": module.params["ngfw_mode"],
        "ssl-ssh-profile": module.params["ssl_ssh_profile"],
        "scope_members": module.params["scope_members"],
        "scope_members_vdom": module.params["scope_members_vdom"],
        "parent_folder": module.params["parent_folder"],
    }
    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    # BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION
    results = DEFAULT_RESULT_OBJ

    try:
        if paramgram["object_type"] == "pkg":
            results = fmgr_fwpol_package(fmgr, paramgram)
            fmgr.govern_response(module=module,
                                 results=results,
                                 ansible_facts=fmgr.construct_ansible_facts(
                                     results, module.params, paramgram))
    except Exception as err:
        raise FMGBaseException(err)

    try:
        # IF THE object_type IS FOLDER LETS RUN THAT METHOD
        if paramgram["object_type"] == "folder":
            results = fmgr_fwpol_package_folder(fmgr, paramgram)
            fmgr.govern_response(module=module,
                                 results=results,
                                 ansible_facts=fmgr.construct_ansible_facts(
                                     results, module.params, paramgram))
    except Exception as err:
        raise FMGBaseException(err)

    try:
        # IF THE object_type IS INSTALL AND NEEDED PARAMETERS ARE DEFINED INSTALL THE PACKAGE
        if paramgram["scope_members"] is not None and paramgram["name"] is not None and\
                paramgram["object_type"] == "install":
            results = fmgr_fwpol_package_install(fmgr, paramgram)
            fmgr.govern_response(module=module,
                                 results=results,
                                 ansible_facts=fmgr.construct_ansible_facts(
                                     results, module.params, paramgram))
    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
def main():
    argument_spec = dict(
        adom=dict(type="str", default="root"),
        mode=dict(choices=["add", "set", "delete", "update"],
                  type="str", default="add"),

        replacemsg_group=dict(required=False, type="str"),
        name=dict(required=False, type="str"),
        extended_log=dict(required=False, type="str",
                          choices=["disable", "enable"]),
        comment=dict(required=False, type="str"),
        block_malicious_url=dict(required=False, type="str", choices=[
                                 "disable", "enable"]),
        entries=dict(required=False, type="list"),
        entries_action=dict(required=False, type="str", choices=[
                            "pass", "block", "reset", "default"]),
        entries_application=dict(required=False, type="str"),
        entries_location=dict(required=False, type="str"),
        entries_log=dict(required=False, type="str",
                         choices=["disable", "enable"]),
        entries_log_attack_context=dict(
            required=False, type="str", choices=["disable", "enable"]),
        entries_log_packet=dict(required=False, type="str", choices=[
                                "disable", "enable"]),
        entries_os=dict(required=False, type="str"),
        entries_protocol=dict(required=False, type="str"),
        entries_quarantine=dict(required=False, type="str", choices=[
                                "none", "attacker"]),
        entries_quarantine_expiry=dict(required=False, type="str"),
        entries_quarantine_log=dict(
            required=False, type="str", choices=["disable", "enable"]),
        entries_rate_count=dict(required=False, type="int"),
        entries_rate_duration=dict(required=False, type="int"),
        entries_rate_mode=dict(required=False, type="str", choices=[
                               "periodical", "continuous"]),
        entries_rate_track=dict(required=False, type="str",
                                choices=["none", "src-ip", "dest-ip", "dhcp-client-mac", "dns-domain"]),
        entries_rule=dict(required=False, type="str"),
        entries_severity=dict(required=False, type="str"),
        entries_status=dict(required=False, type="str", choices=[
                            "disable", "enable", "default"]),

        entries_exempt_ip_dst_ip=dict(required=False, type="str"),
        entries_exempt_ip_src_ip=dict(required=False, type="str"),
        filter=dict(required=False, type="list"),
        filter_action=dict(required=False, type="str", choices=[
                           "pass", "block", "default", "reset"]),
        filter_application=dict(required=False, type="str"),
        filter_location=dict(required=False, type="str"),
        filter_log=dict(required=False, type="str",
                        choices=["disable", "enable"]),
        filter_log_packet=dict(required=False, type="str",
                               choices=["disable", "enable"]),
        filter_name=dict(required=False, type="str"),
        filter_os=dict(required=False, type="str"),
        filter_protocol=dict(required=False, type="str"),
        filter_quarantine=dict(required=False, type="str",
                               choices=["none", "attacker"]),
        filter_quarantine_expiry=dict(required=False, type="int"),
        filter_quarantine_log=dict(required=False, type="str", choices=[
                                   "disable", "enable"]),
        filter_severity=dict(required=False, type="str"),
        filter_status=dict(required=False, type="str", choices=[
                           "disable", "enable", "default"]),
        override=dict(required=False, type="list"),
        override_action=dict(required=False, type="str",
                             choices=["pass", "block", "reset"]),
        override_log=dict(required=False, type="str",
                          choices=["disable", "enable"]),
        override_log_packet=dict(required=False, type="str", choices=[
                                 "disable", "enable"]),
        override_quarantine=dict(required=False, type="str", choices=[
                                 "none", "attacker"]),
        override_quarantine_expiry=dict(required=False, type="int"),
        override_quarantine_log=dict(
            required=False, type="str", choices=["disable", "enable"]),
        override_rule_id=dict(required=False, type="str"),
        override_status=dict(required=False, type="str",
                             choices=["disable", "enable"]),

        override_exempt_ip_dst_ip=dict(required=False, type="str"),
        override_exempt_ip_src_ip=dict(required=False, type="str"),

    )

    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
    # MODULE PARAMGRAM
    paramgram = {
        "mode": module.params["mode"],
        "adom": module.params["adom"],
        "replacemsg-group": module.params["replacemsg_group"],
        "name": module.params["name"],
        "extended-log": module.params["extended_log"],
        "comment": module.params["comment"],
        "block-malicious-url": module.params["block_malicious_url"],
        "entries": {
            "action": module.params["entries_action"],
            "application": module.params["entries_application"],
            "location": module.params["entries_location"],
            "log": module.params["entries_log"],
            "log-attack-context": module.params["entries_log_attack_context"],
            "log-packet": module.params["entries_log_packet"],
            "os": module.params["entries_os"],
            "protocol": module.params["entries_protocol"],
            "quarantine": module.params["entries_quarantine"],
            "quarantine-expiry": module.params["entries_quarantine_expiry"],
            "quarantine-log": module.params["entries_quarantine_log"],
            "rate-count": module.params["entries_rate_count"],
            "rate-duration": module.params["entries_rate_duration"],
            "rate-mode": module.params["entries_rate_mode"],
            "rate-track": module.params["entries_rate_track"],
            "rule": module.params["entries_rule"],
            "severity": module.params["entries_severity"],
            "status": module.params["entries_status"],
            "exempt-ip": {
                "dst-ip": module.params["entries_exempt_ip_dst_ip"],
                "src-ip": module.params["entries_exempt_ip_src_ip"],
            },
        },
        "filter": {
            "action": module.params["filter_action"],
            "application": module.params["filter_application"],
            "location": module.params["filter_location"],
            "log": module.params["filter_log"],
            "log-packet": module.params["filter_log_packet"],
            "name": module.params["filter_name"],
            "os": module.params["filter_os"],
            "protocol": module.params["filter_protocol"],
            "quarantine": module.params["filter_quarantine"],
            "quarantine-expiry": module.params["filter_quarantine_expiry"],
            "quarantine-log": module.params["filter_quarantine_log"],
            "severity": module.params["filter_severity"],
            "status": module.params["filter_status"],
        },
        "override": {
            "action": module.params["override_action"],
            "log": module.params["override_log"],
            "log-packet": module.params["override_log_packet"],
            "quarantine": module.params["override_quarantine"],
            "quarantine-expiry": module.params["override_quarantine_expiry"],
            "quarantine-log": module.params["override_quarantine_log"],
            "rule-id": module.params["override_rule_id"],
            "status": module.params["override_status"],
            "exempt-ip": {
                "dst-ip": module.params["override_exempt_ip_dst_ip"],
                "src-ip": module.params["override_exempt_ip_src_ip"],
            }
        }
    }
    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    list_overrides = ['entries', 'filter', 'override']

    paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
                                                         paramgram=paramgram, module=module)

    results = DEFAULT_RESULT_OBJ
    try:
        results = fmgr_ips_sensor_modify(fmgr, paramgram)
        fmgr.govern_response(module=module, results=results,
                             ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))

    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
示例#13
0
def main():
    argument_spec = dict(adom=dict(required=False, type="str", default="root"),
                         mode=dict(choices=["add", "delete"],
                                   type="str",
                                   default="add"),
                         blind_add=dict(choices=["enable", "disable"],
                                        type="str",
                                        default="disable"),
                         device_ip=dict(required=False, type="str"),
                         device_username=dict(required=False, type="str"),
                         device_password=dict(required=False,
                                              type="str",
                                              no_log=True),
                         device_unique_name=dict(required=True, type="str"),
                         device_serial=dict(required=False, type="str"))

    # BUILD MODULE OBJECT SO WE CAN BUILD THE PARAMGRAM
    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=False,
    )

    # BUILD THE PARAMGRAM
    paramgram = {
        "device_ip": module.params["device_ip"],
        "device_username": module.params["device_username"],
        "device_password": module.params["device_password"],
        "device_unique_name": module.params["device_unique_name"],
        "device_serial": module.params["device_serial"],
        "adom": module.params["adom"],
        "mode": module.params["mode"]
    }

    # INSERT THE PARAMGRAM INTO THE MODULE SO WHEN WE PASS IT TO MOD_UTILS.FortiManagerHandler IT HAS THAT INFO
    module.paramgram = paramgram

    # TRY TO INIT THE CONNECTION SOCKET PATH AND FortiManagerHandler OBJECT AND TOOLS
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    # BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION
    results = DEFAULT_RESULT_OBJ
    try:
        if paramgram["mode"] == "add":
            # CHECK IF DEVICE EXISTS
            if module.params["blind_add"] == "disable":
                exists_results = get_device(fmgr, paramgram)
                fmgr.govern_response(
                    module=module,
                    results=exists_results,
                    good_codes=(0, -3),
                    changed=False,
                    ansible_facts=fmgr.construct_ansible_facts(
                        exists_results, module.params, paramgram))

            discover_results = discover_device(fmgr, paramgram)
            fmgr.govern_response(module=module,
                                 results=discover_results,
                                 stop_on_success=False,
                                 ansible_facts=fmgr.construct_ansible_facts(
                                     discover_results, module.params,
                                     paramgram))

            if discover_results[0] == 0:
                results = add_device(fmgr, paramgram)
                fmgr.govern_response(
                    module=module,
                    results=discover_results,
                    stop_on_success=True,
                    changed_if_success=True,
                    ansible_facts=fmgr.construct_ansible_facts(
                        discover_results, module.params, paramgram))

        if paramgram["mode"] == "delete":
            results = delete_device(fmgr, paramgram)
            fmgr.govern_response(module=module,
                                 results=results,
                                 ansible_facts=fmgr.construct_ansible_facts(
                                     results, module.params, paramgram))

    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
def main():

    module_arg_spec = {
        'method': {
            'type': 'str',
            'required': False
        },
        'params': {
            'type': 'list',
            'required': False
        },
        'json': {
            'type': 'str',
            'required': False
        }
    }

    module = AnsibleModule(argument_spec=module_arg_spec,
                           supports_check_mode=False)
    if not module._socket_path:
        module.fail_json(**FAIL_SOCKET_MSG)
    connection = Connection(module._socket_path)
    fmgr = FortiManagerHandler(connection, module)
    fmgr.tools = FMGRCommon()
    response = DEFAULT_RESULT_OBJ
    method = None
    params = None

    if module.params['json']:
        raw_json_params = None
        try:
            raw_json_params = json.loads(module.params['json'])
            method = raw_json_params['method']
            params = raw_json_params['params']
        except Exception as e:
            module.fail_json(msg='invalid json content: %s' % (e))
    else:
        assert (module.params['method'] and module.params['params'])
        method = module.params['method']
        params = module.params['params']

    if method not in [
            'get', 'add', 'set', 'update', 'delete', 'move', 'clone', 'exec'
    ]:
        module.fail_json(msg='method:%s not supported' % (method))

    if not isinstance(params, list):
        module.fail_json(msg='parameter:params must be an array')
    for param_block in params:
        if 'url' not in param_block:
            module.fail_json(msg='url must be specified in params')
    try:
        response = connection.send_request(method, params)
        fmgr.govern_response(module=module,
                             results=response,
                             msg='Operation Finished',
                             ansible_facts=fmgr.construct_ansible_facts(
                                 response, module.params, module.params))
    except Exception as e:
        module.fail_json(msg='error sending request: %s' % (e))

    module.exit_json(response=response[1])
def main():
    module = AnsibleModule(
        argument_spec=dict(
            adom=dict(required=True, type='str'),
            device_unique_name=dict(required=True, type='str'),
            network_domain_name=dict(required=True, type='str'),
            vdom=dict(required=True, type='str')
        ),
        supports_check_mode=True
    )

    module.paramgram = {
        'adom': module.params['adom'],
        'device_unique_name': module.params['device_unique_name'],
    }
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        # fail with an un-helpful and error-masking generic response, thanks forti!
        module.fail_json(**FAIL_SOCKET_MSG)

    # only pick vlan interfaces with the correct vdom
    interfaces = [i for i in get_interfaces(module, fmgr) if module.params['vdom'] in i.get('vdom', []) and i['type'] == 'vlan']
    dyn_interfaces = get_dynamic_interfaces(module, fmgr)

    networks = []
    zones = {}
    for zone in dyn_interfaces:
        dynamic_maps = zone.get('dynamic_mapping', [])
        if not dynamic_maps:
            continue
        scope_id = (module.params['device_unique_name'], module.params['vdom'])
        for dm in dynamic_maps:
            if scope_id in [(s['name'], s['vdom']) for s in dm.get('_scope', [])]:
                local_intf = dm.get('local-intf', [])
                if isinstance(local_intf, str):
                    local_intf = [local_intf]

                for ifname in local_intf:
                    if not zones.get(module.params['vdom']):
                        zones[module.params['vdom']] = {}
                    zones[module.params['vdom']][ifname] = zone['name']

    for interface in interfaces:
        if 'vlanid' not in interface or interface['vlanid'] == 0 or interface['ip'][0] == '0.0.0.0':
            continue

        ip_interface_str = ipaddress.ip_interface('/'.join(interface['ip']))  # crappy py3/py2 compat fix, remove whenever py2 is gone
        ip_interface = ipaddress.ip_interface(u'{0}'.format(ip_interface_str))
        network_str = '{0}'.format(ip_interface.network.network_address)
        networks.append({
            'vrf': 0,
            'network': network_str,
            'length': ip_interface.network.prefixlen,
            'domains': {
                module.params['network_domain_name']: {
                    'vlan_id': interface['vlanid'],
                    'name': interface['name'],
                    'data': {
                        'zone': zones.get(interface['vdom'][0], {}).get(interface['name']),
                        'vdom': interface['vdom'][0],
                        'description': interface.get('description')
                    }
                }
            },
        })

    module.exit_json(msg='networks collected', changed=False, networks=networks)
示例#16
0
def main():
    argument_spec = dict(
        adom=dict(required=False, type="str", default="root"),
        vdom=dict(required=False, type="str", default="root"),
        mode=dict(choices=["add", "set", "delete", "update"],
                  type="str",
                  default="add"),
        grp_desc=dict(required=False, type="str"),
        grp_name=dict(required=True, type="str"),
        grp_members=dict(required=False, type="str"),
    )

    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=False,
    )
    paramgram = {
        "mode": module.params["mode"],
        "grp_name": module.params["grp_name"],
        "grp_desc": module.params["grp_desc"],
        "grp_members": module.params["grp_members"],
        "adom": module.params["adom"],
        "vdom": module.params["vdom"]
    }
    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    # BEGIN MODULE-SPECIFIC LOGIC -- THINGS NEED TO HAPPEN DEPENDING ON THE ENDPOINT AND OPERATION
    results = DEFAULT_RESULT_OBJ
    try:
        # PROCESS THE GROUP ADDS FIRST
        if paramgram["grp_name"] is not None and paramgram["mode"] in [
                "add", "set", "update"
        ]:
            # add device group
            results = add_device_group(fmgr, paramgram)
            fmgr.govern_response(module=module,
                                 results=results,
                                 ansible_facts=fmgr.construct_ansible_facts(
                                     results, module.params, paramgram))

        # PROCESS THE GROUP MEMBER ADDS
        if paramgram["grp_members"] is not None and paramgram["mode"] in [
                "add", "set", "update"
        ]:
            # assign devices to device group
            results = add_group_member(fmgr, paramgram)
            fmgr.govern_response(module=module,
                                 results=results,
                                 ansible_facts=fmgr.construct_ansible_facts(
                                     results, module.params, paramgram))

        # PROCESS THE GROUP MEMBER DELETES
        if paramgram["grp_members"] is not None and paramgram[
                "mode"] == "delete":
            # remove devices grom a group
            results = delete_group_member(fmgr, paramgram)
            fmgr.govern_response(module=module,
                                 results=results,
                                 ansible_facts=fmgr.construct_ansible_facts(
                                     results, module.params, paramgram))

        # PROCESS THE GROUP DELETES, ONLY IF GRP_MEMBERS IS NOT NULL TOO
        if paramgram["grp_name"] is not None and paramgram[
                "mode"] == "delete" and paramgram["grp_members"] is None:
            # delete device group
            results = delete_device_group(fmgr, paramgram)
            fmgr.govern_response(module=module,
                                 results=results,
                                 ansible_facts=fmgr.construct_ansible_facts(
                                     results, module.params, paramgram))
    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
def main():
    argument_spec = dict(
        adom=dict(type="str", default="root"),
        mode=dict(choices=["add", "set", "delete", "update"],
                  type="str",
                  default="add"),
        youtube_channel_status=dict(
            required=False,
            type="str",
            choices=["disable", "blacklist", "whitelist"]),
        wisp_servers=dict(required=False, type="str"),
        wisp_algorithm=dict(
            required=False,
            type="str",
            choices=["auto-learning", "primary-secondary", "round-robin"]),
        wisp=dict(required=False, type="str", choices=["disable", "enable"]),
        web_url_log=dict(required=False,
                         type="str",
                         choices=["disable", "enable"]),
        web_invalid_domain_log=dict(required=False,
                                    type="str",
                                    choices=["disable", "enable"]),
        web_ftgd_quota_usage=dict(required=False,
                                  type="str",
                                  choices=["disable", "enable"]),
        web_ftgd_err_log=dict(required=False,
                              type="str",
                              choices=["disable", "enable"]),
        web_filter_vbs_log=dict(required=False,
                                type="str",
                                choices=["disable", "enable"]),
        web_filter_unknown_log=dict(required=False,
                                    type="str",
                                    choices=["disable", "enable"]),
        web_filter_referer_log=dict(required=False,
                                    type="str",
                                    choices=["disable", "enable"]),
        web_filter_jscript_log=dict(required=False,
                                    type="str",
                                    choices=["disable", "enable"]),
        web_filter_js_log=dict(required=False,
                               type="str",
                               choices=["disable", "enable"]),
        web_filter_cookie_removal_log=dict(required=False,
                                           type="str",
                                           choices=["disable", "enable"]),
        web_filter_cookie_log=dict(required=False,
                                   type="str",
                                   choices=["disable", "enable"]),
        web_filter_command_block_log=dict(required=False,
                                          type="str",
                                          choices=["disable", "enable"]),
        web_filter_applet_log=dict(required=False,
                                   type="str",
                                   choices=["disable", "enable"]),
        web_filter_activex_log=dict(required=False,
                                    type="str",
                                    choices=["disable", "enable"]),
        web_extended_all_action_log=dict(required=False,
                                         type="str",
                                         choices=["disable", "enable"]),
        web_content_log=dict(required=False,
                             type="str",
                             choices=["disable", "enable"]),
        replacemsg_group=dict(required=False, type="str"),
        post_action=dict(required=False,
                         type="str",
                         choices=["normal", "block"]),
        ovrd_perm=dict(required=False,
                       type="list",
                       choices=[
                           "bannedword-override", "urlfilter-override",
                           "fortiguard-wf-override",
                           "contenttype-check-override"
                       ]),
        options=dict(required=False,
                     type="list",
                     choices=[
                         "block-invalid-url", "jscript", "js", "vbs",
                         "unknown", "wf-referer", "intrinsic", "wf-cookie",
                         "per-user-bwl", "activexfilter", "cookiefilter",
                         "javafilter"
                     ]),
        name=dict(required=False, type="str"),
        log_all_url=dict(required=False,
                         type="str",
                         choices=["disable", "enable"]),
        inspection_mode=dict(required=False,
                             type="str",
                             choices=["proxy", "flow-based"]),
        https_replacemsg=dict(required=False,
                              type="str",
                              choices=["disable", "enable"]),
        extended_log=dict(required=False,
                          type="str",
                          choices=["disable", "enable"]),
        comment=dict(required=False, type="str"),
        ftgd_wf=dict(required=False, type="list"),
        ftgd_wf_exempt_quota=dict(required=False, type="str"),
        ftgd_wf_max_quota_timeout=dict(required=False, type="int"),
        ftgd_wf_options=dict(required=False,
                             type="str",
                             choices=[
                                 "error-allow", "rate-server-ip",
                                 "connect-request-bypass", "ftgd-disable"
                             ]),
        ftgd_wf_ovrd=dict(required=False, type="str"),
        ftgd_wf_rate_crl_urls=dict(required=False,
                                   type="str",
                                   choices=["disable", "enable"]),
        ftgd_wf_rate_css_urls=dict(required=False,
                                   type="str",
                                   choices=["disable", "enable"]),
        ftgd_wf_rate_image_urls=dict(required=False,
                                     type="str",
                                     choices=["disable", "enable"]),
        ftgd_wf_rate_javascript_urls=dict(required=False,
                                          type="str",
                                          choices=["disable", "enable"]),
        ftgd_wf_filters_action=dict(
            required=False,
            type="str",
            choices=["block", "monitor", "warning", "authenticate"]),
        ftgd_wf_filters_auth_usr_grp=dict(required=False, type="str"),
        ftgd_wf_filters_category=dict(required=False, type="str"),
        ftgd_wf_filters_log=dict(required=False,
                                 type="str",
                                 choices=["disable", "enable"]),
        ftgd_wf_filters_override_replacemsg=dict(required=False, type="str"),
        ftgd_wf_filters_warn_duration=dict(required=False, type="str"),
        ftgd_wf_filters_warning_duration_type=dict(
            required=False, type="str", choices=["session", "timeout"]),
        ftgd_wf_filters_warning_prompt=dict(
            required=False, type="str", choices=["per-domain",
                                                 "per-category"]),
        ftgd_wf_quota_category=dict(required=False, type="str"),
        ftgd_wf_quota_duration=dict(required=False, type="str"),
        ftgd_wf_quota_override_replacemsg=dict(required=False, type="str"),
        ftgd_wf_quota_type=dict(required=False,
                                type="str",
                                choices=["time", "traffic"]),
        ftgd_wf_quota_unit=dict(required=False,
                                type="str",
                                choices=["B", "KB", "MB", "GB"]),
        ftgd_wf_quota_value=dict(required=False, type="int"),
        override=dict(required=False, type="list"),
        override_ovrd_cookie=dict(required=False,
                                  type="str",
                                  choices=["deny", "allow"]),
        override_ovrd_dur=dict(required=False, type="str"),
        override_ovrd_dur_mode=dict(required=False,
                                    type="str",
                                    choices=["constant", "ask"]),
        override_ovrd_scope=dict(
            required=False,
            type="str",
            choices=["user", "user-group", "ip", "ask", "browser"]),
        override_ovrd_user_group=dict(required=False, type="str"),
        override_profile=dict(required=False, type="str"),
        override_profile_attribute=dict(
            required=False,
            type="list",
            choices=[
                "User-Name", "NAS-IP-Address", "Framed-IP-Address",
                "Framed-IP-Netmask", "Filter-Id", "Login-IP-Host",
                "Reply-Message", "Callback-Number", "Callback-Id",
                "Framed-Route", "Framed-IPX-Network", "Class",
                "Called-Station-Id", "Calling-Station-Id", "NAS-Identifier",
                "Proxy-State", "Login-LAT-Service", "Login-LAT-Node",
                "Login-LAT-Group", "Framed-AppleTalk-Zone", "Acct-Session-Id",
                "Acct-Multi-Session-Id"
            ]),
        override_profile_type=dict(required=False,
                                   type="str",
                                   choices=["list", "radius"]),
        url_extraction=dict(required=False, type="list"),
        url_extraction_redirect_header=dict(required=False, type="str"),
        url_extraction_redirect_no_content=dict(required=False,
                                                type="str",
                                                choices=["disable", "enable"]),
        url_extraction_redirect_url=dict(required=False, type="str"),
        url_extraction_server_fqdn=dict(required=False, type="str"),
        url_extraction_status=dict(required=False,
                                   type="str",
                                   choices=["disable", "enable"]),
        web=dict(required=False, type="list"),
        web_blacklist=dict(required=False,
                           type="str",
                           choices=["disable", "enable"]),
        web_bword_table=dict(required=False, type="str"),
        web_bword_threshold=dict(required=False, type="int"),
        web_content_header_list=dict(required=False, type="str"),
        web_keyword_match=dict(required=False, type="str"),
        web_log_search=dict(required=False,
                            type="str",
                            choices=["disable", "enable"]),
        web_safe_search=dict(required=False,
                             type="str",
                             choices=["url", "header"]),
        web_urlfilter_table=dict(required=False, type="str"),
        web_whitelist=dict(required=False,
                           type="list",
                           choices=[
                               "exempt-av", "exempt-webcontent",
                               "exempt-activex-java-cookie", "exempt-dlp",
                               "exempt-rangeblock", "extended-log-others"
                           ]),
        web_youtube_restrict=dict(required=False,
                                  type="str",
                                  choices=["strict", "none", "moderate"]),
        youtube_channel_filter=dict(required=False, type="list"),
        youtube_channel_filter_channel_id=dict(required=False, type="str"),
        youtube_channel_filter_comment=dict(required=False, type="str"),
    )

    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=False,
    )
    # MODULE PARAMGRAM
    paramgram = {
        "mode":
        module.params["mode"],
        "adom":
        module.params["adom"],
        "youtube-channel-status":
        module.params["youtube_channel_status"],
        "wisp-servers":
        module.params["wisp_servers"],
        "wisp-algorithm":
        module.params["wisp_algorithm"],
        "wisp":
        module.params["wisp"],
        "web-url-log":
        module.params["web_url_log"],
        "web-invalid-domain-log":
        module.params["web_invalid_domain_log"],
        "web-ftgd-quota-usage":
        module.params["web_ftgd_quota_usage"],
        "web-ftgd-err-log":
        module.params["web_ftgd_err_log"],
        "web-filter-vbs-log":
        module.params["web_filter_vbs_log"],
        "web-filter-unknown-log":
        module.params["web_filter_unknown_log"],
        "web-filter-referer-log":
        module.params["web_filter_referer_log"],
        "web-filter-jscript-log":
        module.params["web_filter_jscript_log"],
        "web-filter-js-log":
        module.params["web_filter_js_log"],
        "web-filter-cookie-removal-log":
        module.params["web_filter_cookie_removal_log"],
        "web-filter-cookie-log":
        module.params["web_filter_cookie_log"],
        "web-filter-command-block-log":
        module.params["web_filter_command_block_log"],
        "web-filter-applet-log":
        module.params["web_filter_applet_log"],
        "web-filter-activex-log":
        module.params["web_filter_activex_log"],
        "web-extended-all-action-log":
        module.params["web_extended_all_action_log"],
        "web-content-log":
        module.params["web_content_log"],
        "replacemsg-group":
        module.params["replacemsg_group"],
        "post-action":
        module.params["post_action"],
        "ovrd-perm":
        module.params["ovrd_perm"],
        "options":
        module.params["options"],
        "name":
        module.params["name"],
        "log-all-url":
        module.params["log_all_url"],
        "inspection-mode":
        module.params["inspection_mode"],
        "https-replacemsg":
        module.params["https_replacemsg"],
        "extended-log":
        module.params["extended_log"],
        "comment":
        module.params["comment"],
        "ftgd-wf": {
            "exempt-quota": module.params["ftgd_wf_exempt_quota"],
            "max-quota-timeout": module.params["ftgd_wf_max_quota_timeout"],
            "options": module.params["ftgd_wf_options"],
            "ovrd": module.params["ftgd_wf_ovrd"],
            "rate-crl-urls": module.params["ftgd_wf_rate_crl_urls"],
            "rate-css-urls": module.params["ftgd_wf_rate_css_urls"],
            "rate-image-urls": module.params["ftgd_wf_rate_image_urls"],
            "rate-javascript-urls":
            module.params["ftgd_wf_rate_javascript_urls"],
            "filters": {
                "action":
                module.params["ftgd_wf_filters_action"],
                "auth-usr-grp":
                module.params["ftgd_wf_filters_auth_usr_grp"],
                "category":
                module.params["ftgd_wf_filters_category"],
                "log":
                module.params["ftgd_wf_filters_log"],
                "override-replacemsg":
                module.params["ftgd_wf_filters_override_replacemsg"],
                "warn-duration":
                module.params["ftgd_wf_filters_warn_duration"],
                "warning-duration-type":
                module.params["ftgd_wf_filters_warning_duration_type"],
                "warning-prompt":
                module.params["ftgd_wf_filters_warning_prompt"],
            },
            "quota": {
                "category":
                module.params["ftgd_wf_quota_category"],
                "duration":
                module.params["ftgd_wf_quota_duration"],
                "override-replacemsg":
                module.params["ftgd_wf_quota_override_replacemsg"],
                "type":
                module.params["ftgd_wf_quota_type"],
                "unit":
                module.params["ftgd_wf_quota_unit"],
                "value":
                module.params["ftgd_wf_quota_value"],
            },
        },
        "override": {
            "ovrd-cookie": module.params["override_ovrd_cookie"],
            "ovrd-dur": module.params["override_ovrd_dur"],
            "ovrd-dur-mode": module.params["override_ovrd_dur_mode"],
            "ovrd-scope": module.params["override_ovrd_scope"],
            "ovrd-user-group": module.params["override_ovrd_user_group"],
            "profile": module.params["override_profile"],
            "profile-attribute": module.params["override_profile_attribute"],
            "profile-type": module.params["override_profile_type"],
        },
        "url-extraction": {
            "redirect-header":
            module.params["url_extraction_redirect_header"],
            "redirect-no-content":
            module.params["url_extraction_redirect_no_content"],
            "redirect-url":
            module.params["url_extraction_redirect_url"],
            "server-fqdn":
            module.params["url_extraction_server_fqdn"],
            "status":
            module.params["url_extraction_status"],
        },
        "web": {
            "blacklist": module.params["web_blacklist"],
            "bword-table": module.params["web_bword_table"],
            "bword-threshold": module.params["web_bword_threshold"],
            "content-header-list": module.params["web_content_header_list"],
            "keyword-match": module.params["web_keyword_match"],
            "log-search": module.params["web_log_search"],
            "safe-search": module.params["web_safe_search"],
            "urlfilter-table": module.params["web_urlfilter_table"],
            "whitelist": module.params["web_whitelist"],
            "youtube-restrict": module.params["web_youtube_restrict"],
        },
        "youtube-channel-filter": {
            "channel-id": module.params["youtube_channel_filter_channel_id"],
            "comment": module.params["youtube_channel_filter_comment"],
        }
    }
    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    list_overrides = [
        'ftgd-wf', 'override', 'url-extraction', 'web',
        'youtube-channel-filter'
    ]
    paramgram = fmgr.tools.paramgram_child_list_override(
        list_overrides=list_overrides, paramgram=paramgram, module=module)

    results = DEFAULT_RESULT_OBJ

    try:

        results = fmgr_webfilter_profile_modify(fmgr, paramgram)
        fmgr.govern_response(module=module,
                             results=results,
                             ansible_facts=fmgr.construct_ansible_facts(
                                 results, module.params, paramgram))

    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
def main():
    argument_spec = dict(
        adom=dict(type="str", default="root"),
        mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),

        name=dict(required=False, type="str"),
        comment=dict(required=False, type="str"),
        sccp=dict(required=False, type="dict"),
        sccp_block_mcast=dict(required=False, type="str", choices=["disable", "enable"]),
        sccp_log_call_summary=dict(required=False, type="str", choices=["disable", "enable"]),
        sccp_log_violations=dict(required=False, type="str", choices=["disable", "enable"]),
        sccp_max_calls=dict(required=False, type="int"),
        sccp_status=dict(required=False, type="str", choices=["disable", "enable"]),
        sccp_verify_header=dict(required=False, type="str", choices=["disable", "enable"]),
        sip=dict(required=False, type="dict"),
        sip_ack_rate=dict(required=False, type="int"),
        sip_block_ack=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_bye=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_cancel=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_geo_red_options=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_info=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_invite=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_long_lines=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_message=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_notify=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_options=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_prack=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_publish=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_refer=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_register=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_subscribe=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_unknown=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_block_update=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_bye_rate=dict(required=False, type="int"),
        sip_call_keepalive=dict(required=False, type="int"),
        sip_cancel_rate=dict(required=False, type="int"),
        sip_contact_fixup=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_hnt_restrict_source_ip=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_hosted_nat_traversal=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_info_rate=dict(required=False, type="int"),
        sip_invite_rate=dict(required=False, type="int"),
        sip_ips_rtp=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_log_call_summary=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_log_violations=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_malformed_header_allow=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_call_id=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_contact=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_content_length=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_content_type=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_cseq=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_expires=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_from=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_max_forwards=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_p_asserted_identity=dict(required=False, type="str", choices=["pass",
                                                                                           "discard",
                                                                                           "respond"]),
        sip_malformed_header_rack=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_record_route=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_route=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_rseq=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_sdp_a=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_sdp_b=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_sdp_c=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_sdp_i=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_sdp_k=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_sdp_m=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_sdp_o=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_sdp_r=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_sdp_s=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_sdp_t=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_sdp_v=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_sdp_z=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_to=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_header_via=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_malformed_request_line=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_max_body_length=dict(required=False, type="int"),
        sip_max_dialogs=dict(required=False, type="int"),
        sip_max_idle_dialogs=dict(required=False, type="int"),
        sip_max_line_length=dict(required=False, type="int"),
        sip_message_rate=dict(required=False, type="int"),
        sip_nat_trace=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_no_sdp_fixup=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_notify_rate=dict(required=False, type="int"),
        sip_open_contact_pinhole=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_open_record_route_pinhole=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_open_register_pinhole=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_open_via_pinhole=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_options_rate=dict(required=False, type="int"),
        sip_prack_rate=dict(required=False, type="int"),
        sip_preserve_override=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_provisional_invite_expiry_time=dict(required=False, type="int"),
        sip_publish_rate=dict(required=False, type="int"),
        sip_refer_rate=dict(required=False, type="int"),
        sip_register_contact_trace=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_register_rate=dict(required=False, type="int"),
        sip_rfc2543_branch=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_rtp=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_ssl_algorithm=dict(required=False, type="str", choices=["high", "medium", "low"]),
        sip_ssl_auth_client=dict(required=False, type="str"),
        sip_ssl_auth_server=dict(required=False, type="str"),
        sip_ssl_client_certificate=dict(required=False, type="str"),
        sip_ssl_client_renegotiation=dict(required=False, type="str", choices=["allow", "deny", "secure"]),
        sip_ssl_max_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
        sip_ssl_min_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
        sip_ssl_mode=dict(required=False, type="str", choices=["off", "full"]),
        sip_ssl_pfs=dict(required=False, type="str", choices=["require", "deny", "allow"]),
        sip_ssl_send_empty_frags=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_ssl_server_certificate=dict(required=False, type="str"),
        sip_status=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_strict_register=dict(required=False, type="str", choices=["disable", "enable"]),
        sip_subscribe_rate=dict(required=False, type="int"),
        sip_unknown_header=dict(required=False, type="str", choices=["pass", "discard", "respond"]),
        sip_update_rate=dict(required=False, type="int"),

    )

    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
    # MODULE PARAMGRAM
    paramgram = {
        "mode": module.params["mode"],
        "adom": module.params["adom"],
        "name": module.params["name"],
        "comment": module.params["comment"],
        "sccp": {
            "block-mcast": module.params["sccp_block_mcast"],
            "log-call-summary": module.params["sccp_log_call_summary"],
            "log-violations": module.params["sccp_log_violations"],
            "max-calls": module.params["sccp_max_calls"],
            "status": module.params["sccp_status"],
            "verify-header": module.params["sccp_verify_header"],
        },
        "sip": {
            "ack-rate": module.params["sip_ack_rate"],
            "block-ack": module.params["sip_block_ack"],
            "block-bye": module.params["sip_block_bye"],
            "block-cancel": module.params["sip_block_cancel"],
            "block-geo-red-options": module.params["sip_block_geo_red_options"],
            "block-info": module.params["sip_block_info"],
            "block-invite": module.params["sip_block_invite"],
            "block-long-lines": module.params["sip_block_long_lines"],
            "block-message": module.params["sip_block_message"],
            "block-notify": module.params["sip_block_notify"],
            "block-options": module.params["sip_block_options"],
            "block-prack": module.params["sip_block_prack"],
            "block-publish": module.params["sip_block_publish"],
            "block-refer": module.params["sip_block_refer"],
            "block-register": module.params["sip_block_register"],
            "block-subscribe": module.params["sip_block_subscribe"],
            "block-unknown": module.params["sip_block_unknown"],
            "block-update": module.params["sip_block_update"],
            "bye-rate": module.params["sip_bye_rate"],
            "call-keepalive": module.params["sip_call_keepalive"],
            "cancel-rate": module.params["sip_cancel_rate"],
            "contact-fixup": module.params["sip_contact_fixup"],
            "hnt-restrict-source-ip": module.params["sip_hnt_restrict_source_ip"],
            "hosted-nat-traversal": module.params["sip_hosted_nat_traversal"],
            "info-rate": module.params["sip_info_rate"],
            "invite-rate": module.params["sip_invite_rate"],
            "ips-rtp": module.params["sip_ips_rtp"],
            "log-call-summary": module.params["sip_log_call_summary"],
            "log-violations": module.params["sip_log_violations"],
            "malformed-header-allow": module.params["sip_malformed_header_allow"],
            "malformed-header-call-id": module.params["sip_malformed_header_call_id"],
            "malformed-header-contact": module.params["sip_malformed_header_contact"],
            "malformed-header-content-length": module.params["sip_malformed_header_content_length"],
            "malformed-header-content-type": module.params["sip_malformed_header_content_type"],
            "malformed-header-cseq": module.params["sip_malformed_header_cseq"],
            "malformed-header-expires": module.params["sip_malformed_header_expires"],
            "malformed-header-from": module.params["sip_malformed_header_from"],
            "malformed-header-max-forwards": module.params["sip_malformed_header_max_forwards"],
            "malformed-header-p-asserted-identity": module.params["sip_malformed_header_p_asserted_identity"],
            "malformed-header-rack": module.params["sip_malformed_header_rack"],
            "malformed-header-record-route": module.params["sip_malformed_header_record_route"],
            "malformed-header-route": module.params["sip_malformed_header_route"],
            "malformed-header-rseq": module.params["sip_malformed_header_rseq"],
            "malformed-header-sdp-a": module.params["sip_malformed_header_sdp_a"],
            "malformed-header-sdp-b": module.params["sip_malformed_header_sdp_b"],
            "malformed-header-sdp-c": module.params["sip_malformed_header_sdp_c"],
            "malformed-header-sdp-i": module.params["sip_malformed_header_sdp_i"],
            "malformed-header-sdp-k": module.params["sip_malformed_header_sdp_k"],
            "malformed-header-sdp-m": module.params["sip_malformed_header_sdp_m"],
            "malformed-header-sdp-o": module.params["sip_malformed_header_sdp_o"],
            "malformed-header-sdp-r": module.params["sip_malformed_header_sdp_r"],
            "malformed-header-sdp-s": module.params["sip_malformed_header_sdp_s"],
            "malformed-header-sdp-t": module.params["sip_malformed_header_sdp_t"],
            "malformed-header-sdp-v": module.params["sip_malformed_header_sdp_v"],
            "malformed-header-sdp-z": module.params["sip_malformed_header_sdp_z"],
            "malformed-header-to": module.params["sip_malformed_header_to"],
            "malformed-header-via": module.params["sip_malformed_header_via"],
            "malformed-request-line": module.params["sip_malformed_request_line"],
            "max-body-length": module.params["sip_max_body_length"],
            "max-dialogs": module.params["sip_max_dialogs"],
            "max-idle-dialogs": module.params["sip_max_idle_dialogs"],
            "max-line-length": module.params["sip_max_line_length"],
            "message-rate": module.params["sip_message_rate"],
            "nat-trace": module.params["sip_nat_trace"],
            "no-sdp-fixup": module.params["sip_no_sdp_fixup"],
            "notify-rate": module.params["sip_notify_rate"],
            "open-contact-pinhole": module.params["sip_open_contact_pinhole"],
            "open-record-route-pinhole": module.params["sip_open_record_route_pinhole"],
            "open-register-pinhole": module.params["sip_open_register_pinhole"],
            "open-via-pinhole": module.params["sip_open_via_pinhole"],
            "options-rate": module.params["sip_options_rate"],
            "prack-rate": module.params["sip_prack_rate"],
            "preserve-override": module.params["sip_preserve_override"],
            "provisional-invite-expiry-time": module.params["sip_provisional_invite_expiry_time"],
            "publish-rate": module.params["sip_publish_rate"],
            "refer-rate": module.params["sip_refer_rate"],
            "register-contact-trace": module.params["sip_register_contact_trace"],
            "register-rate": module.params["sip_register_rate"],
            "rfc2543-branch": module.params["sip_rfc2543_branch"],
            "rtp": module.params["sip_rtp"],
            "ssl-algorithm": module.params["sip_ssl_algorithm"],
            "ssl-auth-client": module.params["sip_ssl_auth_client"],
            "ssl-auth-server": module.params["sip_ssl_auth_server"],
            "ssl-client-certificate": module.params["sip_ssl_client_certificate"],
            "ssl-client-renegotiation": module.params["sip_ssl_client_renegotiation"],
            "ssl-max-version": module.params["sip_ssl_max_version"],
            "ssl-min-version": module.params["sip_ssl_min_version"],
            "ssl-mode": module.params["sip_ssl_mode"],
            "ssl-pfs": module.params["sip_ssl_pfs"],
            "ssl-send-empty-frags": module.params["sip_ssl_send_empty_frags"],
            "ssl-server-certificate": module.params["sip_ssl_server_certificate"],
            "status": module.params["sip_status"],
            "strict-register": module.params["sip_strict_register"],
            "subscribe-rate": module.params["sip_subscribe_rate"],
            "unknown-header": module.params["sip_unknown_header"],
            "update-rate": module.params["sip_update_rate"],
        }
    }

    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    list_overrides = ['sccp', 'sip']
    paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
                                                         paramgram=paramgram, module=module)
    module.paramgram = paramgram

    results = DEFAULT_RESULT_OBJ
    try:

        results = fmgr_voip_profile_modify(fmgr, paramgram)
        fmgr.govern_response(module=module, results=results,
                             ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))

    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
示例#19
0
def main():
    argument_spec = dict(
        adom=dict(type="str", default="root"),
        mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),

        youtube_restrict=dict(required=False, type="str", choices=["strict", "moderate"]),
        sdns_ftgd_err_log=dict(required=False, type="str", choices=["disable", "enable"]),
        sdns_domain_log=dict(required=False, type="str", choices=["disable", "enable"]),
        safe_search=dict(required=False, type="str", choices=["disable", "enable"]),
        redirect_portal=dict(required=False, type="str"),
        name=dict(required=False, type="str"),
        log_all_domain=dict(required=False, type="str", choices=["disable", "enable"]),
        external_ip_blocklist=dict(required=False, type="str"),
        comment=dict(required=False, type="str"),
        block_botnet=dict(required=False, type="str", choices=["disable", "enable"]),
        block_action=dict(required=False, type="str", choices=["block", "redirect"]),

        domain_filter_domain_filter_table=dict(required=False, type="str"),

        ftgd_dns_options=dict(required=False, type="str", choices=["error-allow", "ftgd-disable"]),

        ftgd_dns_filters_action=dict(required=False, type="str", choices=["monitor", "block"]),
        ftgd_dns_filters_category=dict(required=False, type="str"),
        ftgd_dns_filters_log=dict(required=False, type="str", choices=["disable", "enable"]),

    )

    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
    # MODULE PARAMGRAM
    paramgram = {
        "mode": module.params["mode"],
        "adom": module.params["adom"],
        "youtube-restrict": module.params["youtube_restrict"],
        "sdns-ftgd-err-log": module.params["sdns_ftgd_err_log"],
        "sdns-domain-log": module.params["sdns_domain_log"],
        "safe-search": module.params["safe_search"],
        "redirect-portal": module.params["redirect_portal"],
        "name": module.params["name"],
        "log-all-domain": module.params["log_all_domain"],
        "external-ip-blocklist": module.params["external_ip_blocklist"],
        "comment": module.params["comment"],
        "block-botnet": module.params["block_botnet"],
        "block-action": module.params["block_action"],
        "domain-filter": {
            "domain-filter-table": module.params["domain_filter_domain_filter_table"],
        },
        "ftgd-dns": {
            "options": module.params["ftgd_dns_options"],
            "filters": {
                "action": module.params["ftgd_dns_filters_action"],
                "category": module.params["ftgd_dns_filters_category"],
                "log": module.params["ftgd_dns_filters_log"],
            }
        }
    }

    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    results = DEFAULT_RESULT_OBJ

    try:
        results = fmgr_dnsfilter_profile_modify(fmgr, paramgram)
        fmgr.govern_response(module=module, results=results,
                             ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))

    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
def main():
    argument_spec = dict(
        adom=dict(type="str", default="root"),
        mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),

        type=dict(required=False, type="str", choices=["overload",
                                                       "one-to-one",
                                                       "fixed-port-range",
                                                       "port-block-allocation"]),
        startip=dict(required=False, type="str"),
        source_startip=dict(required=False, type="str"),
        source_endip=dict(required=False, type="str"),
        permit_any_host=dict(required=False, type="str", choices=["disable", "enable"]),
        pba_timeout=dict(required=False, type="int"),
        num_blocks_per_user=dict(required=False, type="int"),
        name=dict(required=False, type="str"),
        endip=dict(required=False, type="str"),
        comments=dict(required=False, type="str"),
        block_size=dict(required=False, type="int"),
        associated_interface=dict(required=False, type="str"),
        arp_reply=dict(required=False, type="str", choices=["disable", "enable"]),
        arp_intf=dict(required=False, type="str"),
        dynamic_mapping=dict(required=False, type="list"),
        dynamic_mapping_arp_intf=dict(required=False, type="str"),
        dynamic_mapping_arp_reply=dict(required=False, type="str", choices=["disable", "enable"]),
        dynamic_mapping_associated_interface=dict(required=False, type="str"),
        dynamic_mapping_block_size=dict(required=False, type="int"),
        dynamic_mapping_comments=dict(required=False, type="str"),
        dynamic_mapping_endip=dict(required=False, type="str"),
        dynamic_mapping_num_blocks_per_user=dict(required=False, type="int"),
        dynamic_mapping_pba_timeout=dict(required=False, type="int"),
        dynamic_mapping_permit_any_host=dict(required=False, type="str", choices=["disable", "enable"]),
        dynamic_mapping_source_endip=dict(required=False, type="str"),
        dynamic_mapping_source_startip=dict(required=False, type="str"),
        dynamic_mapping_startip=dict(required=False, type="str"),
        dynamic_mapping_type=dict(required=False, type="str", choices=["overload",
                                                                       "one-to-one",
                                                                       "fixed-port-range",
                                                                       "port-block-allocation"]),

    )

    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
    # MODULE PARAMGRAM
    paramgram = {
        "mode": module.params["mode"],
        "adom": module.params["adom"],
        "type": module.params["type"],
        "startip": module.params["startip"],
        "source-startip": module.params["source_startip"],
        "source-endip": module.params["source_endip"],
        "permit-any-host": module.params["permit_any_host"],
        "pba-timeout": module.params["pba_timeout"],
        "num-blocks-per-user": module.params["num_blocks_per_user"],
        "name": module.params["name"],
        "endip": module.params["endip"],
        "comments": module.params["comments"],
        "block-size": module.params["block_size"],
        "associated-interface": module.params["associated_interface"],
        "arp-reply": module.params["arp_reply"],
        "arp-intf": module.params["arp_intf"],
        "dynamic_mapping": {
            "arp-intf": module.params["dynamic_mapping_arp_intf"],
            "arp-reply": module.params["dynamic_mapping_arp_reply"],
            "associated-interface": module.params["dynamic_mapping_associated_interface"],
            "block-size": module.params["dynamic_mapping_block_size"],
            "comments": module.params["dynamic_mapping_comments"],
            "endip": module.params["dynamic_mapping_endip"],
            "num-blocks-per-user": module.params["dynamic_mapping_num_blocks_per_user"],
            "pba-timeout": module.params["dynamic_mapping_pba_timeout"],
            "permit-any-host": module.params["dynamic_mapping_permit_any_host"],
            "source-endip": module.params["dynamic_mapping_source_endip"],
            "source-startip": module.params["dynamic_mapping_source_startip"],
            "startip": module.params["dynamic_mapping_startip"],
            "type": module.params["dynamic_mapping_type"],
        }
    }

    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    list_overrides = ['dynamic_mapping']
    paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
                                                         paramgram=paramgram, module=module)
    # UPDATE THE CHANGED PARAMGRAM
    module.paramgram = paramgram

    results = DEFAULT_RESULT_OBJ
    try:
        results = fmgr_fwobj_ippool_modify(fmgr, paramgram)
        fmgr.govern_response(module=module, results=results,
                             ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))

    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
示例#21
0
def main():
    argument_spec = dict(
        adom=dict(required=False, type="str", default="root"),
        object=dict(required=True,
                    type="str",
                    choices=["device", "cluster_nodes", "task", "custom"]),
        custom_endpoint=dict(required=False, type="str"),
        custom_dict=dict(required=False, type="dict"),
        device_ip=dict(required=False, type="str"),
        device_unique_name=dict(required=False, type="str"),
        device_serial=dict(required=False, type="str"),
        nodes=dict(required=False, type="list"),
        task_id=dict(required=False, type="str"))

    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=False,
    )
    paramgram = {
        "adom": module.params["adom"],
        "object": module.params["object"],
        "device_ip": module.params["device_ip"],
        "device_unique_name": module.params["device_unique_name"],
        "device_serial": module.params["device_serial"],
        "nodes": module.params["nodes"],
        "task_id": module.params["task_id"],
        "custom_endpoint": module.params["custom_endpoint"],
        "custom_dict": module.params["custom_dict"]
    }
    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    results = DEFAULT_RESULT_OBJ

    try:
        # IF OBJECT IS DEVICE
        if paramgram["object"] == "device" and any(v is not None for v in [
                paramgram["device_unique_name"], paramgram["device_serial"],
                paramgram["device_ip"]
        ]):
            results = fmgr_get_device(fmgr, paramgram)
            if results[0] not in [0]:
                module.fail_json(msg="Device query failed!")
            elif len(results[1]) == 0:
                module.exit_json(msg="Device NOT FOUND!")
            else:
                module.exit_json(msg="Device Found", **results[1][0])
    except Exception as err:
        raise FMGBaseException(err)

    try:
        # IF OBJECT IS CLUSTER_NODES
        if paramgram["object"] == "cluster_nodes" and paramgram[
                "nodes"] is not None:
            results = fmgr_get_cluster_nodes(fmgr, paramgram)
            if results["cluster_status"] == "MISSING":
                module.exit_json(msg="No cluster device found!", **results)
            elif results["query_status"] == "good":
                module.exit_json(msg="Cluster Found - Showing Nodes",
                                 **results)
            elif results is None:
                module.fail_json(
                    msg="Query FAILED -- Check module or playbook syntax")
    except Exception as err:
        raise FMGBaseException(err)

    try:
        # IF OBJECT IS TASK
        if paramgram["object"] == "task":
            results = fmgr_get_task_status(fmgr, paramgram)
            if results[0] != 0:
                module.fail_json(**results[1])
            if results[0] == 0:
                module.exit_json(**results[1])
    except Exception as err:
        raise FMGBaseException(err)

    try:
        # IF OBJECT IS CUSTOM
        if paramgram["object"] == "custom":
            results = fmgr_get_custom(fmgr, paramgram)
            if results[0] != 0:
                module.fail_json(
                    msg=
                    "QUERY FAILED -- Please check syntax check JSON guide if needed."
                )
            if results[0] == 0:
                results_len = len(results[1])
                if results_len > 0:
                    results_combine = dict()
                    if isinstance(results[1], dict):
                        results_combine["results"] = results[1]
                    if isinstance(results[1], list):
                        results_combine["results"] = results[1][0:results_len]
                    module.exit_json(msg="Custom Query Success",
                                     **results_combine)
                else:
                    module.exit_json(msg="NO RESULTS")
    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
示例#22
0
def main():
    argument_spec = dict(
        adom=dict(required=False, type="str", default="root"),
        vdom=dict(required=False, type="str", default="root"),
        mode=dict(choices=["add", "execute", "set", "delete"],
                  type="str",
                  default="add"),
        script_name=dict(required=True, type="str"),
        script_type=dict(required=False, type="str"),
        script_target=dict(required=False, type="str"),
        script_description=dict(required=False, type="str"),
        script_content=dict(required=False, type="str"),
        script_scope=dict(required=False, type="str"),
        script_package=dict(required=False, type="str"),
    )

    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=False,
    )
    paramgram = {
        "script_name": module.params["script_name"],
        "script_type": module.params["script_type"],
        "script_target": module.params["script_target"],
        "script_description": module.params["script_description"],
        "script_content": module.params["script_content"],
        "script_scope": module.params["script_scope"],
        "script_package": module.params["script_package"],
        "adom": module.params["adom"],
        "vdom": module.params["vdom"],
        "mode": module.params["mode"],
    }
    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    results = DEFAULT_RESULT_OBJ

    try:
        if paramgram["mode"] in ['add', 'set']:
            results = set_script(fmgr, paramgram)
            fmgr.govern_response(module=module,
                                 results=results,
                                 msg="Operation Finished",
                                 ansible_facts=fmgr.construct_ansible_facts(
                                     results, module.params, module.params))
    except Exception as err:
        raise FMGBaseException(err)

    try:
        if paramgram["mode"] == "execute":
            results = execute_script(fmgr, paramgram)
            fmgr.govern_response(module=module,
                                 results=results,
                                 msg="Operation Finished",
                                 ansible_facts=fmgr.construct_ansible_facts(
                                     results, module.params, module.params))
    except Exception as err:
        raise FMGBaseException(err)

    try:
        if paramgram["mode"] == "delete":
            results = delete_script(fmgr, paramgram)
            fmgr.govern_response(module=module,
                                 results=results,
                                 msg="Operation Finished",
                                 ansible_facts=fmgr.construct_ansible_facts(
                                     results, module.params, module.params))
    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
示例#23
0
def main():
    argument_spec = dict(
        adom=dict(type="str", default="root"),
        mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),

        webfilter_profile=dict(required=False, type="str"),
        waf_profile=dict(required=False, type="str"),
        voip_profile=dict(required=False, type="str"),
        ssl_ssh_profile=dict(required=False, type="str"),
        ssh_filter_profile=dict(required=False, type="str"),
        spamfilter_profile=dict(required=False, type="str"),
        profile_protocol_options=dict(required=False, type="str"),
        name=dict(required=False, type="str"),
        mms_profile=dict(required=False, type="str"),
        ips_sensor=dict(required=False, type="str"),
        icap_profile=dict(required=False, type="str"),
        dnsfilter_profile=dict(required=False, type="str"),
        dlp_sensor=dict(required=False, type="str"),
        av_profile=dict(required=False, type="str"),
        application_list=dict(required=False, type="str"),

    )

    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
    # MODULE PARAMGRAM
    paramgram = {
        "mode": module.params["mode"],
        "adom": module.params["adom"],
        "webfilter-profile": module.params["webfilter_profile"],
        "waf-profile": module.params["waf_profile"],
        "voip-profile": module.params["voip_profile"],
        "ssl-ssh-profile": module.params["ssl_ssh_profile"],
        "ssh-filter-profile": module.params["ssh_filter_profile"],
        "spamfilter-profile": module.params["spamfilter_profile"],
        "profile-protocol-options": module.params["profile_protocol_options"],
        "name": module.params["name"],
        "mms-profile": module.params["mms_profile"],
        "ips-sensor": module.params["ips_sensor"],
        "icap-profile": module.params["icap_profile"],
        "dnsfilter-profile": module.params["dnsfilter_profile"],
        "dlp-sensor": module.params["dlp_sensor"],
        "av-profile": module.params["av_profile"],
        "application-list": module.params["application_list"],

    }
    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    results = DEFAULT_RESULT_OBJ

    try:
        results = fmgr_firewall_profile_group_modify(fmgr, paramgram)
        fmgr.govern_response(module=module, results=results,
                             ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))

    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
示例#24
0
def main():
    argument_spec = dict(
        adom=dict(required=False, type="str", default="root"),
        mode=dict(required=False, type="str", choices=['add', 'set', 'delete'], default="add"),
        app_category=dict(required=False, type="str"),
        app_service_type=dict(required=False, type="str"),
        application=dict(required=False, type="str"),
        category=dict(required=False, type="str"),
        check_reset_range=dict(required=False, type="str"),
        color=dict(required=False, type="int", default=22),
        comment=dict(required=False, type="str"),
        custom_type=dict(required=False, type="str", choices=['tcp_udp_sctp', 'icmp', 'icmp6', 'ip', 'http', 'ftp',
                                                              'connect', 'socks_tcp', 'socks_udp', 'all'],
                         default="all"),
        explicit_proxy=dict(required=False, type="str", choices=['enable', 'disable'], default="disable"),
        fqdn=dict(required=False, type="str", default=""),
        group_name=dict(required=False, type="str"),
        group_member=dict(required=False, type="str"),
        icmp_code=dict(required=False, type="int"),
        icmp_type=dict(required=False, type="int"),
        iprange=dict(required=False, type="str", default="0.0.0.0"),
        name=dict(required=False, type="str"),
        protocol=dict(required=False, type="str"),
        protocol_number=dict(required=False, type="int"),
        sctp_portrange=dict(required=False, type="str"),
        session_ttl=dict(required=False, type="int", default=0),
        object_type=dict(required=False, type="str", choices=['custom', 'group', 'category']),
        tcp_halfclose_timer=dict(required=False, type="int", default=0),
        tcp_halfopen_timer=dict(required=False, type="int", default=0),
        tcp_portrange=dict(required=False, type="str"),
        tcp_timewait_timer=dict(required=False, type="int", default=0),
        udp_idle_timer=dict(required=False, type="int", default=0),
        udp_portrange=dict(required=False, type="str"),
        visibility=dict(required=False, type="str", default="enable", choices=["enable", "disable"]),

    )

    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
    # MODULE DATAGRAM
    paramgram = {
        "adom": module.params["adom"],
        "app-category": module.params["app_category"],
        "app-service-type": module.params["app_service_type"],
        "application": module.params["application"],
        "category": module.params["category"],
        "check-reset-range": module.params["check_reset_range"],
        "color": module.params["color"],
        "comment": module.params["comment"],
        "custom_type": module.params["custom_type"],
        "explicit-proxy": module.params["explicit_proxy"],
        "fqdn": module.params["fqdn"],
        "group-name": module.params["group_name"],
        "group-member": module.params["group_member"],
        "icmp_code": module.params["icmp_code"],
        "icmp_type": module.params["icmp_type"],
        "iprange": module.params["iprange"],
        "name": module.params["name"],
        "mode": module.params["mode"],
        "protocol": module.params["protocol"],
        "protocol-number": module.params["protocol_number"],
        "sctp-portrange": module.params["sctp_portrange"],
        "object_type": module.params["object_type"],
        "session-ttl": module.params["session_ttl"],
        "tcp-halfclose-timer": module.params["tcp_halfclose_timer"],
        "tcp-halfopen-timer": module.params["tcp_halfopen_timer"],
        "tcp-portrange": module.params["tcp_portrange"],
        "tcp-timewait-timer": module.params["tcp_timewait_timer"],
        "udp-idle-timer": module.params["udp_idle_timer"],
        "udp-portrange": module.params["udp_portrange"],
        "visibility": module.params["visibility"],
    }
    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    results = DEFAULT_RESULT_OBJ

    try:
        # CHECK FOR CATEGORIES TO ADD
        # THIS IS ONLY WHEN OBJECT_TYPE ISN'T SPECIFICALLY ADDING A CATEGORY!
        # WE NEED TO ADD THE CATEGORY BEFORE ADDING THE OBJECT
        # IF ANY category ARE DEFINED AND MODE IS ADD OR SET LETS ADD THOSE
        # THIS IS A "BLIND ADD" AND THE EXIT CODE FOR OBJECT ALREADY EXISTS IS TREATED AS A PASS
        if paramgram["category"] is not None and paramgram["mode"] in ['add', 'set'] \
                and paramgram["object_type"] != "category":
            category_add = fmgr_fwobj_service_category(fmgr, paramgram)
            fmgr.govern_response(module=module, results=category_add,
                                 ansible_facts=fmgr.construct_ansible_facts(category_add, module.params, paramgram))
    except Exception as err:
        raise FMGBaseException(err)

    try:
        # IF OBJECT_TYPE IS CATEGORY...
        if paramgram["object_type"] == 'category':
            results = fmgr_fwobj_service_category(fmgr, paramgram)
            fmgr.govern_response(module=module, results=results, good_codes=[0, -2, -3],
                                 ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
    except Exception as err:
        raise FMGBaseException(err)

    try:
        # IF OBJECT_TYPE IS CUSTOM...
        if paramgram["object_type"] == 'custom':
            results = fmgr_fwobj_service_custom(fmgr, paramgram)
            fmgr.govern_response(module=module, results=results, good_codes=[0, -2, -3],
                                 ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
    except Exception as err:
        raise FMGBaseException(err)

    try:
        # IF OBJECT_TYPE IS GROUP...
        if paramgram["object_type"] == 'group':
            results = fmgr_fwobj_service_group(fmgr, paramgram)
            fmgr.govern_response(module=module, results=results, good_codes=[0, -2, -3],
                                 ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
def main():
    argument_spec = dict(
        adom=dict(type="str", default="root"),
        mode=dict(choices=["add", "set", "delete", "update"],
                  type="str",
                  default="add"),
        strip_encoding=dict(required=False,
                            type="str",
                            choices=["disable", "enable"]),
        name=dict(required=False, type="str"),
        log_header_change=dict(required=False,
                               type="str",
                               choices=["disable", "enable"]),
        header_x_forwarded_for=dict(required=False,
                                    type="str",
                                    choices=["pass", "add", "remove"]),
        header_x_authenticated_user=dict(required=False,
                                         type="str",
                                         choices=["pass", "add", "remove"]),
        header_x_authenticated_groups=dict(required=False,
                                           type="str",
                                           choices=["pass", "add", "remove"]),
        header_via_response=dict(required=False,
                                 type="str",
                                 choices=["pass", "add", "remove"]),
        header_via_request=dict(required=False,
                                type="str",
                                choices=["pass", "add", "remove"]),
        header_front_end_https=dict(required=False,
                                    type="str",
                                    choices=["pass", "add", "remove"]),
        header_client_ip=dict(required=False,
                              type="str",
                              choices=["pass", "add", "remove"]),
        headers=dict(required=False, type="list"),
        headers_action=dict(required=False,
                            type="str",
                            choices=[
                                "add-to-request", "add-to-response",
                                "remove-from-request", "remove-from-response"
                            ]),
        headers_content=dict(required=False, type="str"),
        headers_name=dict(required=False, type="str"),
    )

    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=False,
    )
    # MODULE PARAMGRAM
    paramgram = {
        "mode":
        module.params["mode"],
        "adom":
        module.params["adom"],
        "strip-encoding":
        module.params["strip_encoding"],
        "name":
        module.params["name"],
        "log-header-change":
        module.params["log_header_change"],
        "header-x-forwarded-for":
        module.params["header_x_forwarded_for"],
        "header-x-authenticated-user":
        module.params["header_x_authenticated_user"],
        "header-x-authenticated-groups":
        module.params["header_x_authenticated_groups"],
        "header-via-response":
        module.params["header_via_response"],
        "header-via-request":
        module.params["header_via_request"],
        "header-front-end-https":
        module.params["header_front_end_https"],
        "header-client-ip":
        module.params["header_client_ip"],
        "headers": {
            "action": module.params["headers_action"],
            "content": module.params["headers_content"],
            "name": module.params["headers_name"],
        }
    }

    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    list_overrides = ['headers']
    paramgram = fmgr.tools.paramgram_child_list_override(
        list_overrides=list_overrides, paramgram=paramgram, module=module)
    module.paramgram = paramgram

    results = DEFAULT_RESULT_OBJ
    try:
        results = fmgr_web_proxy_profile_modify(fmgr, paramgram)
        fmgr.govern_response(module=module,
                             results=results,
                             ansible_facts=fmgr.construct_ansible_facts(
                                 results, module.params, paramgram))

    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])
示例#26
0
def main():

    argument_spec = dict(
        adom=dict(required=False, type="str", default="root"),
        vdom=dict(required=False, type="str", default="root"),
        policy_package=dict(required=False, type="str", default="default"),
        name=dict(required=True, type="str"),
        group=dict(required=False, type="str"),
        serial=dict(required=True, type="str"),
        platform=dict(required=False, type="str", default="FortiGate-VM64"),
        description=dict(required=False, type="str"),
        os_version=dict(required=True, type="str"),
        minor_release=dict(required=False, type="str"),
        patch_release=dict(required=False, type="str"),
        os_type=dict(required=False, type="str", default="fos"),
    )

    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=False,
    )

    paramgram = {
        "adom": module.params["adom"],
        "vdom": module.params["vdom"],
        "policy_package": module.params["policy_package"],
        "name": module.params["name"],
        "group": module.params["group"],
        "serial": module.params["serial"],
        "platform": module.params["platform"],
        "description": module.params["description"],
        "os_version": module.params["os_version"],
        "minor_release": module.params["minor_release"],
        "patch_release": module.params["patch_release"],
        "os_type": module.params["os_type"],
    }

    module.paramgram = paramgram
    fmgr = None
    if module._socket_path:
        connection = Connection(module._socket_path)
        fmgr = FortiManagerHandler(connection, module)
        fmgr.tools = FMGRCommon()
    else:
        module.fail_json(**FAIL_SOCKET_MSG)

    results = DEFAULT_RESULT_OBJ

    try:
        results = create_model_device(fmgr, paramgram)
        if results[0] != 0:
            module.fail_json(msg="Create model failed", **results)

        results = update_flags(fmgr, paramgram)
        if results[0] != 0:
            module.fail_json(msg="Update device flags failed", **results)

        results = update_install_target(fmgr, paramgram)
        if results[0] != 0:
            module.fail_json(msg="Adding device target to package failed",
                             **results)

        results = install_pp(fmgr, paramgram)
        if results[0] != 0:
            module.fail_json(msg="Installing policy package failed", **results)

    except Exception as err:
        raise FMGBaseException(err)

    return module.exit_json(**results[1])