1#!/usr/local/bin/python3.8 2from __future__ import (absolute_import, division, print_function) 3# Copyright 2019-2020 Fortinet, Inc. 4# 5# This program is free software: you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation, either version 3 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <https://www.gnu.org/licenses/>. 17 18__metaclass__ = type 19 20ANSIBLE_METADATA = {'status': ['preview'], 21 'supported_by': 'community', 22 'metadata_version': '1.1'} 23 24DOCUMENTATION = ''' 25--- 26module: fortios_firewall_access_proxy 27short_description: Configure Access Proxy in Fortinet's FortiOS and FortiGate. 28description: 29 - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the 30 user to set and modify firewall feature and access_proxy category. 31 Examples include all parameters and values need to be adjusted to datasources before usage. 32 Tested with FOS v6.0.0 33version_added: "2.10" 34author: 35 - Link Zheng (@chillancezen) 36 - Jie Xue (@JieX19) 37 - Hongbin Lu (@fgtdev-hblu) 38 - Frank Shen (@frankshen01) 39 - Miguel Angel Munoz (@mamunozgonzalez) 40 - Nicolas Thomas (@thomnico) 41notes: 42 - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks 43 44requirements: 45 - ansible>=2.9.0 46options: 47 access_token: 48 description: 49 - Token-based authentication. 50 Generated from GUI of Fortigate. 51 type: str 52 required: false 53 enable_log: 54 description: 55 - Enable/Disable logging for task. 56 type: bool 57 required: false 58 default: false 59 vdom: 60 description: 61 - Virtual domain, among those defined previously. A vdom is a 62 virtual instance of the FortiGate that can be configured and 63 used as a different unit. 64 type: str 65 default: root 66 67 state: 68 description: 69 - Indicates whether to create or remove the object. 70 type: str 71 required: true 72 choices: 73 - present 74 - absent 75 firewall_access_proxy: 76 description: 77 - Configure Access Proxy. 78 default: null 79 type: dict 80 suboptions: 81 api_gateway: 82 description: 83 - Set API Gateway. 84 type: list 85 suboptions: 86 http_cookie_age: 87 description: 88 - Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. 89 type: int 90 http_cookie_domain: 91 description: 92 - Domain that HTTP cookie persistence should apply to. 93 type: str 94 http_cookie_domain_from_host: 95 description: 96 - Enable/disable use of HTTP cookie domain from host field in HTTP. 97 type: str 98 choices: 99 - disable 100 - enable 101 http_cookie_generation: 102 description: 103 - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. 104 type: int 105 http_cookie_path: 106 description: 107 - Limit HTTP cookie persistence to the specified path. 108 type: str 109 http_cookie_share: 110 description: 111 - Control sharing of cookies across API Gateway. same-ip means a cookie from one virtual server can be used by another. Disable 112 stops cookie sharing. 113 type: str 114 choices: 115 - disable 116 - same-ip 117 https_cookie_secure: 118 description: 119 - Enable/disable verification that inserted HTTPS cookies are secure. 120 type: str 121 choices: 122 - disable 123 - enable 124 id: 125 description: 126 - API Gateway ID. 127 required: true 128 type: int 129 ldb_method: 130 description: 131 - Method used to distribute sessions to real servers. 132 type: str 133 choices: 134 - static 135 - round-robin 136 - weighted 137 - least-session 138 - least-rtt 139 - first-alive 140 - http-host 141 persistence: 142 description: 143 - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same 144 session. 145 type: str 146 choices: 147 - none 148 - http-cookie 149 realservers: 150 description: 151 - Select the real servers that this Access Proxy will distribute traffic to. 152 type: list 153 suboptions: 154 address: 155 description: 156 - Address or address group of the real server. Source firewall.address.name firewall.addrgrp.name. 157 type: str 158 health_check: 159 description: 160 - Enable to check the responsiveness of the real server before forwarding traffic. 161 type: str 162 choices: 163 - disable 164 - enable 165 health_check_proto: 166 description: 167 - Protocol of the health check monitor to use when polling to determine server"s connectivity status. 168 type: str 169 choices: 170 - ping 171 - http 172 - tcp-connect 173 http_host: 174 description: 175 - HTTP server domain name in HTTP header. 176 type: str 177 id: 178 description: 179 - Real server ID. 180 required: true 181 type: int 182 ip: 183 description: 184 - IP address of the real server. 185 type: str 186 mappedport: 187 description: 188 - Port for communicating with the real server. 189 type: str 190 port: 191 description: 192 - Port for communicating with the real server. 193 type: int 194 status: 195 description: 196 - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is 197 sent. 198 type: str 199 choices: 200 - active 201 - standby 202 - disable 203 weight: 204 description: 205 - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more 206 connections. 207 type: int 208 saml_server: 209 description: 210 - SAML service provider configuration for VIP authentication. Source user.saml.name. 211 type: str 212 service: 213 description: 214 - Service. 215 type: str 216 choices: 217 - http 218 - https 219 - tcp-forwarding 220 - samlsp 221 ssl_algorithm: 222 description: 223 - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. 224 type: str 225 choices: 226 - high 227 - medium 228 - low 229 - custom 230 ssl_cipher_suites: 231 description: 232 - SSL/TLS cipher suites to offer to a server, ordered by priority. 233 type: list 234 suboptions: 235 cipher: 236 description: 237 - Cipher suite name. 238 type: str 239 choices: 240 - TLS-AES-128-GCM-SHA256 241 - TLS-AES-256-GCM-SHA384 242 - TLS-CHACHA20-POLY1305-SHA256 243 - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 244 - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 245 - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 246 - TLS-DHE-RSA-WITH-AES-128-CBC-SHA 247 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA 248 - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 249 - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 250 - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 251 - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 252 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA 253 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA 254 - TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 255 - TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 256 - TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 257 - TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 258 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA 259 - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 260 - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 261 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA 262 - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 263 - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 264 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA 265 - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 266 - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 267 - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 268 - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 269 - TLS-RSA-WITH-AES-128-CBC-SHA 270 - TLS-RSA-WITH-AES-256-CBC-SHA 271 - TLS-RSA-WITH-AES-128-CBC-SHA256 272 - TLS-RSA-WITH-AES-128-GCM-SHA256 273 - TLS-RSA-WITH-AES-256-CBC-SHA256 274 - TLS-RSA-WITH-AES-256-GCM-SHA384 275 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA 276 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA 277 - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 278 - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 279 - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA 280 - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA 281 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA 282 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA 283 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA 284 - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 285 - TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 286 - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 287 - TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 288 - TLS-DHE-RSA-WITH-SEED-CBC-SHA 289 - TLS-DHE-DSS-WITH-SEED-CBC-SHA 290 - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 291 - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 292 - TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 293 - TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 294 - TLS-RSA-WITH-SEED-CBC-SHA 295 - TLS-RSA-WITH-ARIA-128-CBC-SHA256 296 - TLS-RSA-WITH-ARIA-256-CBC-SHA384 297 - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 298 - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 299 - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 300 - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 301 - TLS-ECDHE-RSA-WITH-RC4-128-SHA 302 - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA 303 - TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA 304 - TLS-RSA-WITH-3DES-EDE-CBC-SHA 305 - TLS-RSA-WITH-RC4-128-MD5 306 - TLS-RSA-WITH-RC4-128-SHA 307 - TLS-DHE-RSA-WITH-DES-CBC-SHA 308 - TLS-DHE-DSS-WITH-DES-CBC-SHA 309 - TLS-RSA-WITH-DES-CBC-SHA 310 priority: 311 description: 312 - SSL/TLS cipher suites priority. 313 required: true 314 type: int 315 versions: 316 description: 317 - SSL/TLS versions that the cipher suite can be used with. 318 type: str 319 choices: 320 - tls-1.0 321 - tls-1.1 322 - tls-1.2 323 - tls-1.3 324 ssl_dh_bits: 325 description: 326 - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. 327 type: str 328 choices: 329 - 768 330 - 1024 331 - 1536 332 - 2048 333 - 3072 334 - 4096 335 ssl_max_version: 336 description: 337 - Highest SSL/TLS version acceptable from a server. 338 type: str 339 choices: 340 - tls-1.0 341 - tls-1.1 342 - tls-1.2 343 - tls-1.3 344 ssl_min_version: 345 description: 346 - Lowest SSL/TLS version acceptable from a server. 347 type: str 348 choices: 349 - tls-1.0 350 - tls-1.1 351 - tls-1.2 352 - tls-1.3 353 url_map: 354 description: 355 - URL pattern to match. 356 type: str 357 url_map_type: 358 description: 359 - Type of url-map. 360 type: str 361 choices: 362 - sub-string 363 - wildcard 364 - regex 365 virtual_host: 366 description: 367 - Virtual host. Source firewall.access-proxy-virtual-host.name. 368 type: str 369 client_cert: 370 description: 371 - Enable/disable to request client certificate. 372 type: str 373 choices: 374 - disable 375 - enable 376 empty_cert_action: 377 description: 378 - Action of an empty client certificate. 379 type: str 380 choices: 381 - accept 382 - block 383 ldb_method: 384 description: 385 - Method used to distribute sessions to SSL real servers. 386 type: str 387 choices: 388 - static 389 - round-robin 390 - weighted 391 - least-session 392 - least-rtt 393 - first-alive 394 name: 395 description: 396 - Access Proxy name. 397 required: true 398 type: str 399 realservers: 400 description: 401 - Select the SSL real servers that this Access Proxy will distribute traffic to. 402 type: list 403 suboptions: 404 id: 405 description: 406 - Real server ID. 407 required: true 408 type: int 409 ip: 410 description: 411 - IP address of the real server. 412 type: str 413 port: 414 description: 415 - Port for communicating with the real server. 416 type: int 417 status: 418 description: 419 - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. 420 type: str 421 choices: 422 - active 423 - standby 424 - disable 425 weight: 426 description: 427 - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. 428 type: int 429 server_pubkey_auth: 430 description: 431 - Enable/disable SSH real server public key authentication. 432 type: str 433 choices: 434 - disable 435 - enable 436 server_pubkey_auth_settings: 437 description: 438 - Server SSH public key authentication settings. 439 type: dict 440 suboptions: 441 auth_ca: 442 description: 443 - Name of the SSH server public key authentication CA. Source firewall.ssh.local-ca.name. 444 type: str 445 cert_extension: 446 description: 447 - Configure certificate extension for user certificate. 448 type: list 449 suboptions: 450 critical: 451 description: 452 - Critical option. 453 type: str 454 choices: 455 - no 456 - yes 457 data: 458 description: 459 - Name of certificate extension. 460 type: str 461 name: 462 description: 463 - Name of certificate extension. 464 required: true 465 type: str 466 type: 467 description: 468 - Type of certificate extension. 469 type: str 470 choices: 471 - fixed 472 - user 473 permit_agent_forwarding: 474 description: 475 - Enable/disable appending permit-agent-forwarding certificate extension. 476 type: str 477 choices: 478 - enable 479 - disable 480 permit_port_forwarding: 481 description: 482 - Enable/disable appending permit-port-forwarding certificate extension. 483 type: str 484 choices: 485 - enable 486 - disable 487 permit_pty: 488 description: 489 - Enable/disable appending permit-pty certificate extension. 490 type: str 491 choices: 492 - enable 493 - disable 494 permit_user_rc: 495 description: 496 - Enable/disable appending permit-user-rc certificate extension. 497 type: str 498 choices: 499 - enable 500 - disable 501 permit_x11_forwarding: 502 description: 503 - Enable/disable appending permit-x11-forwarding certificate extension. 504 type: str 505 choices: 506 - enable 507 - disable 508 source_address: 509 description: 510 - Enable/disable appending source-address certificate critical option. This option ensure certificate only accepted from FortiGate 511 source address. 512 type: str 513 choices: 514 - enable 515 - disable 516 vip: 517 description: 518 - Virtual IP name. Source firewall.vip.name. 519 type: str 520''' 521 522EXAMPLES = ''' 523- hosts: fortigates 524 collections: 525 - fortinet.fortios 526 connection: httpapi 527 vars: 528 vdom: "root" 529 ansible_httpapi_use_ssl: yes 530 ansible_httpapi_validate_certs: no 531 ansible_httpapi_port: 443 532 tasks: 533 - name: Configure Access Proxy. 534 fortios_firewall_access_proxy: 535 vdom: "{{ vdom }}" 536 state: "present" 537 access_token: "<your_own_value>" 538 firewall_access_proxy: 539 api_gateway: 540 - 541 http_cookie_age: "4" 542 http_cookie_domain: "<your_own_value>" 543 http_cookie_domain_from_host: "disable" 544 http_cookie_generation: "7" 545 http_cookie_path: "<your_own_value>" 546 http_cookie_share: "disable" 547 https_cookie_secure: "disable" 548 id: "11" 549 ldb_method: "static" 550 persistence: "none" 551 realservers: 552 - 553 address: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)" 554 health_check: "disable" 555 health_check_proto: "ping" 556 http_host: "myhostname" 557 id: "19" 558 ip: "<your_own_value>" 559 mappedport: "<your_own_value>" 560 port: "22" 561 status: "active" 562 weight: "24" 563 saml_server: "<your_own_value> (source user.saml.name)" 564 service: "http" 565 ssl_algorithm: "high" 566 ssl_cipher_suites: 567 - 568 cipher: "TLS-AES-128-GCM-SHA256" 569 priority: "30" 570 versions: "tls-1.0" 571 ssl_dh_bits: "768" 572 ssl_max_version: "tls-1.0" 573 ssl_min_version: "tls-1.0" 574 url_map: "<your_own_value>" 575 url_map_type: "sub-string" 576 virtual_host: "myhostname (source firewall.access-proxy-virtual-host.name)" 577 client_cert: "disable" 578 empty_cert_action: "accept" 579 ldb_method: "static" 580 name: "default_name_41" 581 realservers: 582 - 583 id: "43" 584 ip: "<your_own_value>" 585 port: "45" 586 status: "active" 587 weight: "47" 588 server_pubkey_auth: "disable" 589 server_pubkey_auth_settings: 590 auth_ca: "<your_own_value> (source firewall.ssh.local-ca.name)" 591 cert_extension: 592 - 593 critical: "no" 594 data: "<your_own_value>" 595 name: "default_name_54" 596 type: "fixed" 597 permit_agent_forwarding: "enable" 598 permit_port_forwarding: "enable" 599 permit_pty: "enable" 600 permit_user_rc: "enable" 601 permit_x11_forwarding: "enable" 602 source_address: "enable" 603 vip: "<your_own_value> (source firewall.vip.name)" 604 605''' 606 607RETURN = ''' 608build: 609 description: Build number of the fortigate image 610 returned: always 611 type: str 612 sample: '1547' 613http_method: 614 description: Last method used to provision the content into FortiGate 615 returned: always 616 type: str 617 sample: 'PUT' 618http_status: 619 description: Last result given by FortiGate on last operation applied 620 returned: always 621 type: str 622 sample: "200" 623mkey: 624 description: Master key (id) used in the last call to FortiGate 625 returned: success 626 type: str 627 sample: "id" 628name: 629 description: Name of the table used to fulfill the request 630 returned: always 631 type: str 632 sample: "urlfilter" 633path: 634 description: Path of the table used to fulfill the request 635 returned: always 636 type: str 637 sample: "webfilter" 638revision: 639 description: Internal revision number 640 returned: always 641 type: str 642 sample: "17.0.2.10658" 643serial: 644 description: Serial number of the unit 645 returned: always 646 type: str 647 sample: "FGVMEVYYQT3AB5352" 648status: 649 description: Indication of the operation's result 650 returned: always 651 type: str 652 sample: "success" 653vdom: 654 description: Virtual domain used 655 returned: always 656 type: str 657 sample: "root" 658version: 659 description: Version of the FortiGate 660 returned: always 661 type: str 662 sample: "v5.6.3" 663 664''' 665from ansible.module_utils.basic import AnsibleModule 666from ansible.module_utils.connection import Connection 667from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler 668from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi 669from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import schema_to_module_spec 670from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_schema_versioning 671from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG 672from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import is_same_comparison 673from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import serialize 674 675 676def filter_firewall_access_proxy_data(json): 677 option_list = ['api_gateway', 'client_cert', 'empty_cert_action', 678 'ldb_method', 'name', 'realservers', 679 'server_pubkey_auth', 'server_pubkey_auth_settings', 'vip'] 680 dictionary = {} 681 682 for attribute in option_list: 683 if attribute in json and json[attribute] is not None: 684 dictionary[attribute] = json[attribute] 685 686 return dictionary 687 688 689def flatten_single_path(data, path, index): 690 if not data or index == len(path) or path[index] not in data or not data[path[index]]: 691 return 692 693 if index == len(path) - 1: 694 data[path[index]] = ' '.join(str(elem) for elem in data[path[index]]) 695 elif isinstance(data[path[index]], list): 696 for value in data[path[index]]: 697 flatten_single_path(value, path, index + 1) 698 else: 699 flatten_single_path(data[path[index]], path, index + 1) 700 701 702def flatten_multilists_attributes(data): 703 multilist_attrs = [[u'api_gateway', u'ssl_cipher_suites', u'versions']] 704 705 for attr in multilist_attrs: 706 flatten_single_path(data, attr, 0) 707 708 return data 709 710 711def underscore_to_hyphen(data): 712 if isinstance(data, list): 713 for i, elem in enumerate(data): 714 data[i] = underscore_to_hyphen(elem) 715 elif isinstance(data, dict): 716 new_data = {} 717 for k, v in data.items(): 718 new_data[k.replace('_', '-')] = underscore_to_hyphen(v) 719 data = new_data 720 721 return data 722 723 724def firewall_access_proxy(data, fos): 725 vdom = data['vdom'] 726 727 state = data['state'] 728 729 firewall_access_proxy_data = data['firewall_access_proxy'] 730 firewall_access_proxy_data = flatten_multilists_attributes(firewall_access_proxy_data) 731 filtered_data = underscore_to_hyphen(filter_firewall_access_proxy_data(firewall_access_proxy_data)) 732 733 if state == "present" or state is True: 734 return fos.set('firewall', 735 'access-proxy', 736 data=filtered_data, 737 vdom=vdom) 738 739 elif state == "absent": 740 return fos.delete('firewall', 741 'access-proxy', 742 mkey=filtered_data['name'], 743 vdom=vdom) 744 else: 745 fos._module.fail_json(msg='state must be present or absent!') 746 747 748def is_successful_status(status): 749 return status['status'] == "success" or \ 750 status['http_method'] == "DELETE" and status['http_status'] == 404 751 752 753def fortios_firewall(data, fos): 754 755 if data['firewall_access_proxy']: 756 resp = firewall_access_proxy(data, fos) 757 else: 758 fos._module.fail_json(msg='missing task body: %s' % ('firewall_access_proxy')) 759 760 return not is_successful_status(resp), \ 761 resp['status'] == "success" and \ 762 (resp['revision_changed'] if 'revision_changed' in resp else True), \ 763 resp 764 765 766versioned_schema = { 767 "type": "list", 768 "children": { 769 "api_gateway": { 770 "type": "list", 771 "children": { 772 "ssl_algorithm": { 773 "type": "string", 774 "options": [ 775 { 776 "value": "high", 777 "revisions": { 778 "v7.0.0": True 779 } 780 }, 781 { 782 "value": "medium", 783 "revisions": { 784 "v7.0.0": True 785 } 786 }, 787 { 788 "value": "low", 789 "revisions": { 790 "v7.0.0": True 791 } 792 }, 793 { 794 "value": "custom", 795 "revisions": { 796 "v7.0.0": True 797 } 798 } 799 ], 800 "revisions": { 801 "v7.0.0": True 802 } 803 }, 804 "ssl_min_version": { 805 "type": "string", 806 "options": [ 807 { 808 "value": "tls-1.0", 809 "revisions": { 810 "v7.0.0": True 811 } 812 }, 813 { 814 "value": "tls-1.1", 815 "revisions": { 816 "v7.0.0": True 817 } 818 }, 819 { 820 "value": "tls-1.2", 821 "revisions": { 822 "v7.0.0": True 823 } 824 }, 825 { 826 "value": "tls-1.3", 827 "revisions": { 828 "v7.0.0": True 829 } 830 } 831 ], 832 "revisions": { 833 "v7.0.0": True 834 } 835 }, 836 "ssl_cipher_suites": { 837 "type": "list", 838 "children": { 839 "priority": { 840 "type": "integer", 841 "revisions": { 842 "v7.0.0": True 843 } 844 }, 845 "cipher": { 846 "type": "string", 847 "options": [ 848 { 849 "value": "TLS-AES-128-GCM-SHA256", 850 "revisions": { 851 "v7.0.0": True 852 } 853 }, 854 { 855 "value": "TLS-AES-256-GCM-SHA384", 856 "revisions": { 857 "v7.0.0": True 858 } 859 }, 860 { 861 "value": "TLS-CHACHA20-POLY1305-SHA256", 862 "revisions": { 863 "v7.0.0": True 864 } 865 }, 866 { 867 "value": "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", 868 "revisions": { 869 "v7.0.0": True 870 } 871 }, 872 { 873 "value": "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", 874 "revisions": { 875 "v7.0.0": True 876 } 877 }, 878 { 879 "value": "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", 880 "revisions": { 881 "v7.0.0": True 882 } 883 }, 884 { 885 "value": "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", 886 "revisions": { 887 "v7.0.0": True 888 } 889 }, 890 { 891 "value": "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", 892 "revisions": { 893 "v7.0.0": True 894 } 895 }, 896 { 897 "value": "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", 898 "revisions": { 899 "v7.0.0": True 900 } 901 }, 902 { 903 "value": "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", 904 "revisions": { 905 "v7.0.0": True 906 } 907 }, 908 { 909 "value": "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", 910 "revisions": { 911 "v7.0.0": True 912 } 913 }, 914 { 915 "value": "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", 916 "revisions": { 917 "v7.0.0": True 918 } 919 }, 920 { 921 "value": "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", 922 "revisions": { 923 "v7.0.0": True 924 } 925 }, 926 { 927 "value": "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", 928 "revisions": { 929 "v7.0.0": True 930 } 931 }, 932 { 933 "value": "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", 934 "revisions": { 935 "v7.0.0": True 936 } 937 }, 938 { 939 "value": "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", 940 "revisions": { 941 "v7.0.0": True 942 } 943 }, 944 { 945 "value": "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", 946 "revisions": { 947 "v7.0.0": True 948 } 949 }, 950 { 951 "value": "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", 952 "revisions": { 953 "v7.0.0": True 954 } 955 }, 956 { 957 "value": "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", 958 "revisions": { 959 "v7.0.0": True 960 } 961 }, 962 { 963 "value": "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", 964 "revisions": { 965 "v7.0.0": True 966 } 967 }, 968 { 969 "value": "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", 970 "revisions": { 971 "v7.0.0": True 972 } 973 }, 974 { 975 "value": "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", 976 "revisions": { 977 "v7.0.0": True 978 } 979 }, 980 { 981 "value": "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", 982 "revisions": { 983 "v7.0.0": True 984 } 985 }, 986 { 987 "value": "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", 988 "revisions": { 989 "v7.0.0": True 990 } 991 }, 992 { 993 "value": "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", 994 "revisions": { 995 "v7.0.0": True 996 } 997 }, 998 { 999 "value": "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", 1000 "revisions": { 1001 "v7.0.0": True 1002 } 1003 }, 1004 { 1005 "value": "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", 1006 "revisions": { 1007 "v7.0.0": True 1008 } 1009 }, 1010 { 1011 "value": "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", 1012 "revisions": { 1013 "v7.0.0": True 1014 } 1015 }, 1016 { 1017 "value": "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", 1018 "revisions": { 1019 "v7.0.0": True 1020 } 1021 }, 1022 { 1023 "value": "TLS-RSA-WITH-AES-128-CBC-SHA", 1024 "revisions": { 1025 "v7.0.0": True 1026 } 1027 }, 1028 { 1029 "value": "TLS-RSA-WITH-AES-256-CBC-SHA", 1030 "revisions": { 1031 "v7.0.0": True 1032 } 1033 }, 1034 { 1035 "value": "TLS-RSA-WITH-AES-128-CBC-SHA256", 1036 "revisions": { 1037 "v7.0.0": True 1038 } 1039 }, 1040 { 1041 "value": "TLS-RSA-WITH-AES-128-GCM-SHA256", 1042 "revisions": { 1043 "v7.0.0": True 1044 } 1045 }, 1046 { 1047 "value": "TLS-RSA-WITH-AES-256-CBC-SHA256", 1048 "revisions": { 1049 "v7.0.0": True 1050 } 1051 }, 1052 { 1053 "value": "TLS-RSA-WITH-AES-256-GCM-SHA384", 1054 "revisions": { 1055 "v7.0.0": True 1056 } 1057 }, 1058 { 1059 "value": "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", 1060 "revisions": { 1061 "v7.0.0": True 1062 } 1063 }, 1064 { 1065 "value": "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", 1066 "revisions": { 1067 "v7.0.0": True 1068 } 1069 }, 1070 { 1071 "value": "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", 1072 "revisions": { 1073 "v7.0.0": True 1074 } 1075 }, 1076 { 1077 "value": "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", 1078 "revisions": { 1079 "v7.0.0": True 1080 } 1081 }, 1082 { 1083 "value": "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", 1084 "revisions": { 1085 "v7.0.0": True 1086 } 1087 }, 1088 { 1089 "value": "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", 1090 "revisions": { 1091 "v7.0.0": True 1092 } 1093 }, 1094 { 1095 "value": "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", 1096 "revisions": { 1097 "v7.0.0": True 1098 } 1099 }, 1100 { 1101 "value": "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", 1102 "revisions": { 1103 "v7.0.0": True 1104 } 1105 }, 1106 { 1107 "value": "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", 1108 "revisions": { 1109 "v7.0.0": True 1110 } 1111 }, 1112 { 1113 "value": "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", 1114 "revisions": { 1115 "v7.0.0": True 1116 } 1117 }, 1118 { 1119 "value": "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", 1120 "revisions": { 1121 "v7.0.0": True 1122 } 1123 }, 1124 { 1125 "value": "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", 1126 "revisions": { 1127 "v7.0.0": True 1128 } 1129 }, 1130 { 1131 "value": "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256", 1132 "revisions": { 1133 "v7.0.0": True 1134 } 1135 }, 1136 { 1137 "value": "TLS-DHE-RSA-WITH-SEED-CBC-SHA", 1138 "revisions": { 1139 "v7.0.0": True 1140 } 1141 }, 1142 { 1143 "value": "TLS-DHE-DSS-WITH-SEED-CBC-SHA", 1144 "revisions": { 1145 "v7.0.0": True 1146 } 1147 }, 1148 { 1149 "value": "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", 1150 "revisions": { 1151 "v7.0.0": True 1152 } 1153 }, 1154 { 1155 "value": "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", 1156 "revisions": { 1157 "v7.0.0": True 1158 } 1159 }, 1160 { 1161 "value": "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256", 1162 "revisions": { 1163 "v7.0.0": True 1164 } 1165 }, 1166 { 1167 "value": "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384", 1168 "revisions": { 1169 "v7.0.0": True 1170 } 1171 }, 1172 { 1173 "value": "TLS-RSA-WITH-SEED-CBC-SHA", 1174 "revisions": { 1175 "v7.0.0": True 1176 } 1177 }, 1178 { 1179 "value": "TLS-RSA-WITH-ARIA-128-CBC-SHA256", 1180 "revisions": { 1181 "v7.0.0": True 1182 } 1183 }, 1184 { 1185 "value": "TLS-RSA-WITH-ARIA-256-CBC-SHA384", 1186 "revisions": { 1187 "v7.0.0": True 1188 } 1189 }, 1190 { 1191 "value": "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", 1192 "revisions": { 1193 "v7.0.0": True 1194 } 1195 }, 1196 { 1197 "value": "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", 1198 "revisions": { 1199 "v7.0.0": True 1200 } 1201 }, 1202 { 1203 "value": "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", 1204 "revisions": { 1205 "v7.0.0": True 1206 } 1207 }, 1208 { 1209 "value": "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", 1210 "revisions": { 1211 "v7.0.0": True 1212 } 1213 }, 1214 { 1215 "value": "TLS-ECDHE-RSA-WITH-RC4-128-SHA", 1216 "revisions": { 1217 "v7.0.0": True 1218 } 1219 }, 1220 { 1221 "value": "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", 1222 "revisions": { 1223 "v7.0.0": True 1224 } 1225 }, 1226 { 1227 "value": "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", 1228 "revisions": { 1229 "v7.0.0": True 1230 } 1231 }, 1232 { 1233 "value": "TLS-RSA-WITH-3DES-EDE-CBC-SHA", 1234 "revisions": { 1235 "v7.0.0": True 1236 } 1237 }, 1238 { 1239 "value": "TLS-RSA-WITH-RC4-128-MD5", 1240 "revisions": { 1241 "v7.0.0": True 1242 } 1243 }, 1244 { 1245 "value": "TLS-RSA-WITH-RC4-128-SHA", 1246 "revisions": { 1247 "v7.0.0": True 1248 } 1249 }, 1250 { 1251 "value": "TLS-DHE-RSA-WITH-DES-CBC-SHA", 1252 "revisions": { 1253 "v7.0.0": True 1254 } 1255 }, 1256 { 1257 "value": "TLS-DHE-DSS-WITH-DES-CBC-SHA", 1258 "revisions": { 1259 "v7.0.0": True 1260 } 1261 }, 1262 { 1263 "value": "TLS-RSA-WITH-DES-CBC-SHA", 1264 "revisions": { 1265 "v7.0.0": True 1266 } 1267 } 1268 ], 1269 "revisions": { 1270 "v7.0.0": True 1271 } 1272 }, 1273 "versions": { 1274 "multiple_values": True, 1275 "type": "list", 1276 "options": [ 1277 { 1278 "value": "tls-1.0", 1279 "revisions": { 1280 "v7.0.0": True 1281 } 1282 }, 1283 { 1284 "value": "tls-1.1", 1285 "revisions": { 1286 "v7.0.0": True 1287 } 1288 }, 1289 { 1290 "value": "tls-1.2", 1291 "revisions": { 1292 "v7.0.0": True 1293 } 1294 }, 1295 { 1296 "value": "tls-1.3", 1297 "revisions": { 1298 "v7.0.0": True 1299 } 1300 } 1301 ], 1302 "revisions": { 1303 "v7.0.0": True 1304 } 1305 } 1306 }, 1307 "revisions": { 1308 "v7.0.0": True 1309 } 1310 }, 1311 "service": { 1312 "type": "string", 1313 "options": [ 1314 { 1315 "value": "http", 1316 "revisions": { 1317 "v7.0.0": True 1318 } 1319 }, 1320 { 1321 "value": "https", 1322 "revisions": { 1323 "v7.0.0": True 1324 } 1325 }, 1326 { 1327 "value": "tcp-forwarding", 1328 "revisions": { 1329 "v7.0.0": True 1330 } 1331 }, 1332 { 1333 "value": "samlsp", 1334 "revisions": { 1335 "v7.0.0": True 1336 } 1337 } 1338 ], 1339 "revisions": { 1340 "v7.0.0": True 1341 } 1342 }, 1343 "realservers": { 1344 "type": "list", 1345 "children": { 1346 "status": { 1347 "type": "string", 1348 "options": [ 1349 { 1350 "value": "active", 1351 "revisions": { 1352 "v7.0.0": True 1353 } 1354 }, 1355 { 1356 "value": "standby", 1357 "revisions": { 1358 "v7.0.0": True 1359 } 1360 }, 1361 { 1362 "value": "disable", 1363 "revisions": { 1364 "v7.0.0": True 1365 } 1366 } 1367 ], 1368 "revisions": { 1369 "v7.0.0": True 1370 } 1371 }, 1372 "health_check": { 1373 "type": "string", 1374 "options": [ 1375 { 1376 "value": "disable", 1377 "revisions": { 1378 "v7.0.0": True 1379 } 1380 }, 1381 { 1382 "value": "enable", 1383 "revisions": { 1384 "v7.0.0": True 1385 } 1386 } 1387 ], 1388 "revisions": { 1389 "v7.0.0": True 1390 } 1391 }, 1392 "weight": { 1393 "type": "integer", 1394 "revisions": { 1395 "v7.0.0": True 1396 } 1397 }, 1398 "ip": { 1399 "type": "string", 1400 "revisions": { 1401 "v7.0.0": True 1402 } 1403 }, 1404 "id": { 1405 "type": "integer", 1406 "revisions": { 1407 "v7.0.0": True 1408 } 1409 }, 1410 "http_host": { 1411 "type": "string", 1412 "revisions": { 1413 "v7.0.0": True 1414 } 1415 }, 1416 "health_check_proto": { 1417 "type": "string", 1418 "options": [ 1419 { 1420 "value": "ping", 1421 "revisions": { 1422 "v7.0.0": True 1423 } 1424 }, 1425 { 1426 "value": "http", 1427 "revisions": { 1428 "v7.0.0": True 1429 } 1430 }, 1431 { 1432 "value": "tcp-connect", 1433 "revisions": { 1434 "v7.0.0": True 1435 } 1436 } 1437 ], 1438 "revisions": { 1439 "v7.0.0": True 1440 } 1441 }, 1442 "address": { 1443 "type": "string", 1444 "revisions": { 1445 "v7.0.0": True 1446 } 1447 }, 1448 "port": { 1449 "type": "integer", 1450 "revisions": { 1451 "v7.0.0": True 1452 } 1453 }, 1454 "mappedport": { 1455 "type": "string", 1456 "revisions": { 1457 "v7.0.0": True 1458 } 1459 } 1460 }, 1461 "revisions": { 1462 "v7.0.0": True 1463 } 1464 }, 1465 "http_cookie_domain_from_host": { 1466 "type": "string", 1467 "options": [ 1468 { 1469 "value": "disable", 1470 "revisions": { 1471 "v7.0.0": True 1472 } 1473 }, 1474 { 1475 "value": "enable", 1476 "revisions": { 1477 "v7.0.0": True 1478 } 1479 } 1480 ], 1481 "revisions": { 1482 "v7.0.0": True 1483 } 1484 }, 1485 "https_cookie_secure": { 1486 "type": "string", 1487 "options": [ 1488 { 1489 "value": "disable", 1490 "revisions": { 1491 "v7.0.0": True 1492 } 1493 }, 1494 { 1495 "value": "enable", 1496 "revisions": { 1497 "v7.0.0": True 1498 } 1499 } 1500 ], 1501 "revisions": { 1502 "v7.0.0": True 1503 } 1504 }, 1505 "http_cookie_generation": { 1506 "type": "integer", 1507 "revisions": { 1508 "v7.0.0": True 1509 } 1510 }, 1511 "http_cookie_domain": { 1512 "type": "string", 1513 "revisions": { 1514 "v7.0.0": True 1515 } 1516 }, 1517 "url_map_type": { 1518 "type": "string", 1519 "options": [ 1520 { 1521 "value": "sub-string", 1522 "revisions": { 1523 "v7.0.0": True 1524 } 1525 }, 1526 { 1527 "value": "wildcard", 1528 "revisions": { 1529 "v7.0.0": True 1530 } 1531 }, 1532 { 1533 "value": "regex", 1534 "revisions": { 1535 "v7.0.0": True 1536 } 1537 } 1538 ], 1539 "revisions": { 1540 "v7.0.0": True 1541 } 1542 }, 1543 "http_cookie_share": { 1544 "type": "string", 1545 "options": [ 1546 { 1547 "value": "disable", 1548 "revisions": { 1549 "v7.0.0": True 1550 } 1551 }, 1552 { 1553 "value": "same-ip", 1554 "revisions": { 1555 "v7.0.0": True 1556 } 1557 } 1558 ], 1559 "revisions": { 1560 "v7.0.0": True 1561 } 1562 }, 1563 "ssl_dh_bits": { 1564 "type": "string", 1565 "options": [ 1566 { 1567 "value": "768", 1568 "revisions": { 1569 "v7.0.0": True 1570 } 1571 }, 1572 { 1573 "value": "1024", 1574 "revisions": { 1575 "v7.0.0": True 1576 } 1577 }, 1578 { 1579 "value": "1536", 1580 "revisions": { 1581 "v7.0.0": True 1582 } 1583 }, 1584 { 1585 "value": "2048", 1586 "revisions": { 1587 "v7.0.0": True 1588 } 1589 }, 1590 { 1591 "value": "3072", 1592 "revisions": { 1593 "v7.0.0": True 1594 } 1595 }, 1596 { 1597 "value": "4096", 1598 "revisions": { 1599 "v7.0.0": True 1600 } 1601 } 1602 ], 1603 "revisions": { 1604 "v7.0.0": True 1605 } 1606 }, 1607 "ldb_method": { 1608 "type": "string", 1609 "options": [ 1610 { 1611 "value": "static", 1612 "revisions": { 1613 "v7.0.0": True 1614 } 1615 }, 1616 { 1617 "value": "round-robin", 1618 "revisions": { 1619 "v7.0.0": True 1620 } 1621 }, 1622 { 1623 "value": "weighted", 1624 "revisions": { 1625 "v7.0.0": True 1626 } 1627 }, 1628 { 1629 "value": "least-session", 1630 "revisions": { 1631 "v7.0.0": True 1632 } 1633 }, 1634 { 1635 "value": "least-rtt", 1636 "revisions": { 1637 "v7.0.0": True 1638 } 1639 }, 1640 { 1641 "value": "first-alive", 1642 "revisions": { 1643 "v7.0.0": True 1644 } 1645 }, 1646 { 1647 "value": "http-host", 1648 "revisions": { 1649 "v7.0.0": True 1650 } 1651 } 1652 ], 1653 "revisions": { 1654 "v7.0.0": True 1655 } 1656 }, 1657 "persistence": { 1658 "type": "string", 1659 "options": [ 1660 { 1661 "value": "none", 1662 "revisions": { 1663 "v7.0.0": True 1664 } 1665 }, 1666 { 1667 "value": "http-cookie", 1668 "revisions": { 1669 "v7.0.0": True 1670 } 1671 } 1672 ], 1673 "revisions": { 1674 "v7.0.0": True 1675 } 1676 }, 1677 "virtual_host": { 1678 "type": "string", 1679 "revisions": { 1680 "v7.0.0": True 1681 } 1682 }, 1683 "ssl_max_version": { 1684 "type": "string", 1685 "options": [ 1686 { 1687 "value": "tls-1.0", 1688 "revisions": { 1689 "v7.0.0": True 1690 } 1691 }, 1692 { 1693 "value": "tls-1.1", 1694 "revisions": { 1695 "v7.0.0": True 1696 } 1697 }, 1698 { 1699 "value": "tls-1.2", 1700 "revisions": { 1701 "v7.0.0": True 1702 } 1703 }, 1704 { 1705 "value": "tls-1.3", 1706 "revisions": { 1707 "v7.0.0": True 1708 } 1709 } 1710 ], 1711 "revisions": { 1712 "v7.0.0": True 1713 } 1714 }, 1715 "url_map": { 1716 "type": "string", 1717 "revisions": { 1718 "v7.0.0": True 1719 } 1720 }, 1721 "saml_server": { 1722 "type": "string", 1723 "revisions": { 1724 "v7.0.0": True 1725 } 1726 }, 1727 "id": { 1728 "type": "integer", 1729 "revisions": { 1730 "v7.0.0": True 1731 } 1732 }, 1733 "http_cookie_age": { 1734 "type": "integer", 1735 "revisions": { 1736 "v7.0.0": True 1737 } 1738 }, 1739 "http_cookie_path": { 1740 "type": "string", 1741 "revisions": { 1742 "v7.0.0": True 1743 } 1744 } 1745 }, 1746 "revisions": { 1747 "v7.0.0": True 1748 } 1749 }, 1750 "name": { 1751 "type": "string", 1752 "revisions": { 1753 "v7.0.0": True 1754 } 1755 }, 1756 "realservers": { 1757 "type": "list", 1758 "children": { 1759 "status": { 1760 "type": "string", 1761 "options": [ 1762 { 1763 "value": "active", 1764 "revisions": { 1765 "v7.0.0": True 1766 } 1767 }, 1768 { 1769 "value": "standby", 1770 "revisions": { 1771 "v7.0.0": True 1772 } 1773 }, 1774 { 1775 "value": "disable", 1776 "revisions": { 1777 "v7.0.0": True 1778 } 1779 } 1780 ], 1781 "revisions": { 1782 "v7.0.0": True 1783 } 1784 }, 1785 "ip": { 1786 "type": "string", 1787 "revisions": { 1788 "v7.0.0": True 1789 } 1790 }, 1791 "id": { 1792 "type": "integer", 1793 "revisions": { 1794 "v7.0.0": True 1795 } 1796 }, 1797 "weight": { 1798 "type": "integer", 1799 "revisions": { 1800 "v7.0.0": True 1801 } 1802 }, 1803 "port": { 1804 "type": "integer", 1805 "revisions": { 1806 "v7.0.0": True 1807 } 1808 } 1809 }, 1810 "revisions": { 1811 "v7.0.0": True 1812 } 1813 }, 1814 "empty_cert_action": { 1815 "type": "string", 1816 "options": [ 1817 { 1818 "value": "accept", 1819 "revisions": { 1820 "v7.0.0": True 1821 } 1822 }, 1823 { 1824 "value": "block", 1825 "revisions": { 1826 "v7.0.0": True 1827 } 1828 } 1829 ], 1830 "revisions": { 1831 "v7.0.0": True 1832 } 1833 }, 1834 "server_pubkey_auth": { 1835 "type": "string", 1836 "options": [ 1837 { 1838 "value": "disable", 1839 "revisions": { 1840 "v7.0.0": True 1841 } 1842 }, 1843 { 1844 "value": "enable", 1845 "revisions": { 1846 "v7.0.0": True 1847 } 1848 } 1849 ], 1850 "revisions": { 1851 "v7.0.0": True 1852 } 1853 }, 1854 "vip": { 1855 "type": "string", 1856 "revisions": { 1857 "v7.0.0": True 1858 } 1859 }, 1860 "ldb_method": { 1861 "type": "string", 1862 "options": [ 1863 { 1864 "value": "static", 1865 "revisions": { 1866 "v7.0.0": True 1867 } 1868 }, 1869 { 1870 "value": "round-robin", 1871 "revisions": { 1872 "v7.0.0": True 1873 } 1874 }, 1875 { 1876 "value": "weighted", 1877 "revisions": { 1878 "v7.0.0": True 1879 } 1880 }, 1881 { 1882 "value": "least-session", 1883 "revisions": { 1884 "v7.0.0": True 1885 } 1886 }, 1887 { 1888 "value": "least-rtt", 1889 "revisions": { 1890 "v7.0.0": True 1891 } 1892 }, 1893 { 1894 "value": "first-alive", 1895 "revisions": { 1896 "v7.0.0": True 1897 } 1898 } 1899 ], 1900 "revisions": { 1901 "v7.0.0": True 1902 } 1903 }, 1904 "server_pubkey_auth_settings": { 1905 "type": "dict", 1906 "children": { 1907 "permit_x11_forwarding": { 1908 "type": "string", 1909 "options": [ 1910 { 1911 "value": "enable", 1912 "revisions": { 1913 "v7.0.0": True 1914 } 1915 }, 1916 { 1917 "value": "disable", 1918 "revisions": { 1919 "v7.0.0": True 1920 } 1921 } 1922 ], 1923 "revisions": { 1924 "v7.0.0": True 1925 } 1926 }, 1927 "auth_ca": { 1928 "type": "string", 1929 "revisions": { 1930 "v7.0.0": True 1931 } 1932 }, 1933 "permit_port_forwarding": { 1934 "type": "string", 1935 "options": [ 1936 { 1937 "value": "enable", 1938 "revisions": { 1939 "v7.0.0": True 1940 } 1941 }, 1942 { 1943 "value": "disable", 1944 "revisions": { 1945 "v7.0.0": True 1946 } 1947 } 1948 ], 1949 "revisions": { 1950 "v7.0.0": True 1951 } 1952 }, 1953 "permit_pty": { 1954 "type": "string", 1955 "options": [ 1956 { 1957 "value": "enable", 1958 "revisions": { 1959 "v7.0.0": True 1960 } 1961 }, 1962 { 1963 "value": "disable", 1964 "revisions": { 1965 "v7.0.0": True 1966 } 1967 } 1968 ], 1969 "revisions": { 1970 "v7.0.0": True 1971 } 1972 }, 1973 "permit_user_rc": { 1974 "type": "string", 1975 "options": [ 1976 { 1977 "value": "enable", 1978 "revisions": { 1979 "v7.0.0": True 1980 } 1981 }, 1982 { 1983 "value": "disable", 1984 "revisions": { 1985 "v7.0.0": True 1986 } 1987 } 1988 ], 1989 "revisions": { 1990 "v7.0.0": True 1991 } 1992 }, 1993 "permit_agent_forwarding": { 1994 "type": "string", 1995 "options": [ 1996 { 1997 "value": "enable", 1998 "revisions": { 1999 "v7.0.0": True 2000 } 2001 }, 2002 { 2003 "value": "disable", 2004 "revisions": { 2005 "v7.0.0": True 2006 } 2007 } 2008 ], 2009 "revisions": { 2010 "v7.0.0": True 2011 } 2012 }, 2013 "source_address": { 2014 "type": "string", 2015 "options": [ 2016 { 2017 "value": "enable", 2018 "revisions": { 2019 "v7.0.0": True 2020 } 2021 }, 2022 { 2023 "value": "disable", 2024 "revisions": { 2025 "v7.0.0": True 2026 } 2027 } 2028 ], 2029 "revisions": { 2030 "v7.0.0": True 2031 } 2032 }, 2033 "cert_extension": { 2034 "type": "list", 2035 "children": { 2036 "data": { 2037 "type": "string", 2038 "revisions": { 2039 "v7.0.0": True 2040 } 2041 }, 2042 "critical": { 2043 "type": "string", 2044 "options": [ 2045 { 2046 "value": "no", 2047 "revisions": { 2048 "v7.0.0": True 2049 } 2050 }, 2051 { 2052 "value": "yes", 2053 "revisions": { 2054 "v7.0.0": True 2055 } 2056 } 2057 ], 2058 "revisions": { 2059 "v7.0.0": True 2060 } 2061 }, 2062 "type": { 2063 "type": "string", 2064 "options": [ 2065 { 2066 "value": "fixed", 2067 "revisions": { 2068 "v7.0.0": True 2069 } 2070 }, 2071 { 2072 "value": "user", 2073 "revisions": { 2074 "v7.0.0": True 2075 } 2076 } 2077 ], 2078 "revisions": { 2079 "v7.0.0": True 2080 } 2081 }, 2082 "name": { 2083 "type": "string", 2084 "revisions": { 2085 "v7.0.0": True 2086 } 2087 } 2088 }, 2089 "revisions": { 2090 "v7.0.0": True 2091 } 2092 } 2093 }, 2094 "revisions": { 2095 "v7.0.0": True 2096 } 2097 }, 2098 "client_cert": { 2099 "type": "string", 2100 "options": [ 2101 { 2102 "value": "disable", 2103 "revisions": { 2104 "v7.0.0": True 2105 } 2106 }, 2107 { 2108 "value": "enable", 2109 "revisions": { 2110 "v7.0.0": True 2111 } 2112 } 2113 ], 2114 "revisions": { 2115 "v7.0.0": True 2116 } 2117 } 2118 }, 2119 "revisions": { 2120 "v7.0.0": True 2121 } 2122} 2123 2124 2125def main(): 2126 module_spec = schema_to_module_spec(versioned_schema) 2127 mkeyname = 'name' 2128 fields = { 2129 "access_token": {"required": False, "type": "str", "no_log": True}, 2130 "enable_log": {"required": False, "type": bool}, 2131 "vdom": {"required": False, "type": "str", "default": "root"}, 2132 "state": {"required": True, "type": "str", 2133 "choices": ["present", "absent"]}, 2134 "firewall_access_proxy": { 2135 "required": False, "type": "dict", "default": None, 2136 "options": { 2137 } 2138 } 2139 } 2140 for attribute_name in module_spec['options']: 2141 fields["firewall_access_proxy"]['options'][attribute_name] = module_spec['options'][attribute_name] 2142 if mkeyname and mkeyname == attribute_name: 2143 fields["firewall_access_proxy"]['options'][attribute_name]['required'] = True 2144 2145 check_legacy_fortiosapi() 2146 module = AnsibleModule(argument_spec=fields, 2147 supports_check_mode=False) 2148 2149 versions_check_result = None 2150 if module._socket_path: 2151 connection = Connection(module._socket_path) 2152 if 'access_token' in module.params: 2153 connection.set_option('access_token', module.params['access_token']) 2154 2155 if 'enable_log' in module.params: 2156 connection.set_option('enable_log', module.params['enable_log']) 2157 else: 2158 connection.set_option('enable_log', False) 2159 fos = FortiOSHandler(connection, module, mkeyname) 2160 versions_check_result = check_schema_versioning(fos, versioned_schema, "firewall_access_proxy") 2161 2162 is_error, has_changed, result = fortios_firewall(module.params, fos) 2163 2164 else: 2165 module.fail_json(**FAIL_SOCKET_MSG) 2166 2167 if versions_check_result and versions_check_result['matched'] is False: 2168 module.warn("Ansible has detected version mismatch between FortOS system and your playbook, see more details by specifying option -vvv") 2169 2170 if not is_error: 2171 if versions_check_result and versions_check_result['matched'] is False: 2172 module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) 2173 else: 2174 module.exit_json(changed=has_changed, meta=result) 2175 else: 2176 if versions_check_result and versions_check_result['matched'] is False: 2177 module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) 2178 else: 2179 module.fail_json(msg="Error in repo", meta=result) 2180 2181 2182if __name__ == '__main__': 2183 main() 2184