1#!/usr/local/bin/python3.8 2from __future__ import (absolute_import, division, print_function) 3# Copyright 2019-2020 Fortinet, Inc. 4# 5# This program is free software: you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation, either version 3 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <https://www.gnu.org/licenses/>. 17 18__metaclass__ = type 19 20ANSIBLE_METADATA = {'status': ['preview'], 21 'supported_by': 'community', 22 'metadata_version': '1.1'} 23 24DOCUMENTATION = ''' 25--- 26module: fortios_firewall_address6 27short_description: Configure IPv6 firewall addresses in Fortinet's FortiOS and FortiGate. 28description: 29 - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the 30 user to set and modify firewall feature and address6 category. 31 Examples include all parameters and values need to be adjusted to datasources before usage. 32 Tested with FOS v6.0.0 33version_added: "2.10" 34author: 35 - Link Zheng (@chillancezen) 36 - Jie Xue (@JieX19) 37 - Hongbin Lu (@fgtdev-hblu) 38 - Frank Shen (@frankshen01) 39 - Miguel Angel Munoz (@mamunozgonzalez) 40 - Nicolas Thomas (@thomnico) 41notes: 42 - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks 43 44requirements: 45 - ansible>=2.9.0 46options: 47 access_token: 48 description: 49 - Token-based authentication. 50 Generated from GUI of Fortigate. 51 type: str 52 required: false 53 enable_log: 54 description: 55 - Enable/Disable logging for task. 56 type: bool 57 required: false 58 default: false 59 vdom: 60 description: 61 - Virtual domain, among those defined previously. A vdom is a 62 virtual instance of the FortiGate that can be configured and 63 used as a different unit. 64 type: str 65 default: root 66 67 state: 68 description: 69 - Indicates whether to create or remove the object. 70 type: str 71 required: true 72 choices: 73 - present 74 - absent 75 firewall_address6: 76 description: 77 - Configure IPv6 firewall addresses. 78 default: null 79 type: dict 80 suboptions: 81 cache_ttl: 82 description: 83 - Minimal TTL of individual IPv6 addresses in FQDN cache. 84 type: int 85 color: 86 description: 87 - Integer value to determine the color of the icon in the GUI (range 1 to 32). 88 type: int 89 comment: 90 description: 91 - Comment. 92 type: str 93 country: 94 description: 95 - IPv6 addresses associated to a specific country. 96 type: str 97 end_ip: 98 description: 99 - 'Final IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx).' 100 type: str 101 end_mac: 102 description: 103 - Last MAC address in the range. 104 type: str 105 fabric_object: 106 description: 107 - Security Fabric global object setting. 108 type: str 109 choices: 110 - enable 111 - disable 112 fqdn: 113 description: 114 - Fully qualified domain name. 115 type: str 116 host: 117 description: 118 - Host Address. 119 type: str 120 host_type: 121 description: 122 - Host type. 123 type: str 124 choices: 125 - any 126 - specific 127 ip6: 128 description: 129 - 'IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx).' 130 type: str 131 list: 132 description: 133 - IP address list. 134 type: list 135 suboptions: 136 ip: 137 description: 138 - IP. 139 required: true 140 type: str 141 net_id: 142 description: 143 - Network ID. 144 type: str 145 obj_id: 146 description: 147 - Object ID. 148 type: str 149 macaddr: 150 description: 151 - Multiple MAC address ranges. 152 type: list 153 suboptions: 154 macaddr: 155 description: 156 - MAC address ranges <start>[-<end>] separated by space. 157 required: true 158 type: str 159 name: 160 description: 161 - Address name. 162 required: true 163 type: str 164 obj_id: 165 description: 166 - Object ID for NSX. 167 type: str 168 sdn: 169 description: 170 - SDN. Source system.sdn-connector.name. 171 type: str 172 choices: 173 - nsx 174 start_ip: 175 description: 176 - 'First IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx).' 177 type: str 178 start_mac: 179 description: 180 - First MAC address in the range. 181 type: str 182 subnet_segment: 183 description: 184 - IPv6 subnet segments. 185 type: list 186 suboptions: 187 name: 188 description: 189 - Name. 190 required: true 191 type: str 192 type: 193 description: 194 - Subnet segment type. 195 type: str 196 choices: 197 - any 198 - specific 199 value: 200 description: 201 - Subnet segment value. 202 type: str 203 tagging: 204 description: 205 - Config object tagging 206 type: list 207 suboptions: 208 category: 209 description: 210 - Tag category. Source system.object-tagging.category. 211 type: str 212 name: 213 description: 214 - Tagging entry name. 215 required: true 216 type: str 217 tags: 218 description: 219 - Tags. 220 type: list 221 suboptions: 222 name: 223 description: 224 - Tag name. Source system.object-tagging.tags.name. 225 required: true 226 type: str 227 template: 228 description: 229 - IPv6 address template. Source firewall.address6-template.name. 230 type: str 231 type: 232 description: 233 - Type of IPv6 address object . 234 type: str 235 choices: 236 - ipprefix 237 - iprange 238 - fqdn 239 - dynamic 240 - template 241 - mac 242 - geography 243 uuid: 244 description: 245 - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). 246 type: str 247 visibility: 248 description: 249 - Enable/disable the visibility of the object in the GUI. 250 type: str 251 choices: 252 - enable 253 - disable 254''' 255 256EXAMPLES = ''' 257- hosts: fortigates 258 collections: 259 - fortinet.fortios 260 connection: httpapi 261 vars: 262 vdom: "root" 263 ansible_httpapi_use_ssl: yes 264 ansible_httpapi_validate_certs: no 265 ansible_httpapi_port: 443 266 tasks: 267 - name: Configure IPv6 firewall addresses. 268 fortios_firewall_address6: 269 vdom: "{{ vdom }}" 270 state: "present" 271 access_token: "<your_own_value>" 272 firewall_address6: 273 cache_ttl: "3" 274 color: "4" 275 comment: "Comment." 276 country: "<your_own_value>" 277 end_ip: "<your_own_value>" 278 end_mac: "<your_own_value>" 279 fabric_object: "enable" 280 fqdn: "<your_own_value>" 281 host: "<your_own_value>" 282 host_type: "any" 283 ip6: "<your_own_value>" 284 list: 285 - 286 ip: "<your_own_value>" 287 net_id: "<your_own_value>" 288 obj_id: "<your_own_value>" 289 macaddr: 290 - 291 macaddr: "<your_own_value>" 292 name: "default_name_20" 293 obj_id: "<your_own_value>" 294 sdn: "nsx" 295 start_ip: "<your_own_value>" 296 start_mac: "<your_own_value>" 297 subnet_segment: 298 - 299 name: "default_name_26" 300 type: "any" 301 value: "<your_own_value>" 302 tagging: 303 - 304 category: "<your_own_value> (source system.object-tagging.category)" 305 name: "default_name_31" 306 tags: 307 - 308 name: "default_name_33 (source system.object-tagging.tags.name)" 309 template: "<your_own_value> (source firewall.address6-template.name)" 310 type: "ipprefix" 311 uuid: "<your_own_value>" 312 visibility: "enable" 313 314''' 315 316RETURN = ''' 317build: 318 description: Build number of the fortigate image 319 returned: always 320 type: str 321 sample: '1547' 322http_method: 323 description: Last method used to provision the content into FortiGate 324 returned: always 325 type: str 326 sample: 'PUT' 327http_status: 328 description: Last result given by FortiGate on last operation applied 329 returned: always 330 type: str 331 sample: "200" 332mkey: 333 description: Master key (id) used in the last call to FortiGate 334 returned: success 335 type: str 336 sample: "id" 337name: 338 description: Name of the table used to fulfill the request 339 returned: always 340 type: str 341 sample: "urlfilter" 342path: 343 description: Path of the table used to fulfill the request 344 returned: always 345 type: str 346 sample: "webfilter" 347revision: 348 description: Internal revision number 349 returned: always 350 type: str 351 sample: "17.0.2.10658" 352serial: 353 description: Serial number of the unit 354 returned: always 355 type: str 356 sample: "FGVMEVYYQT3AB5352" 357status: 358 description: Indication of the operation's result 359 returned: always 360 type: str 361 sample: "success" 362vdom: 363 description: Virtual domain used 364 returned: always 365 type: str 366 sample: "root" 367version: 368 description: Version of the FortiGate 369 returned: always 370 type: str 371 sample: "v5.6.3" 372 373''' 374from ansible.module_utils.basic import AnsibleModule 375from ansible.module_utils.connection import Connection 376from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler 377from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi 378from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import schema_to_module_spec 379from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_schema_versioning 380from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG 381from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import is_same_comparison 382from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import serialize 383 384 385def filter_firewall_address6_data(json): 386 option_list = ['cache_ttl', 'color', 'comment', 387 'country', 'end_ip', 'end_mac', 388 'fabric_object', 'fqdn', 'host', 389 'host_type', 'ip6', 'list', 390 'macaddr', 'name', 'obj_id', 391 'sdn', 'start_ip', 'start_mac', 392 'subnet_segment', 'tagging', 'template', 393 'type', 'uuid', 'visibility'] 394 dictionary = {} 395 396 for attribute in option_list: 397 if attribute in json and json[attribute] is not None: 398 dictionary[attribute] = json[attribute] 399 400 return dictionary 401 402 403def underscore_to_hyphen(data): 404 if isinstance(data, list): 405 for i, elem in enumerate(data): 406 data[i] = underscore_to_hyphen(elem) 407 elif isinstance(data, dict): 408 new_data = {} 409 for k, v in data.items(): 410 new_data[k.replace('_', '-')] = underscore_to_hyphen(v) 411 data = new_data 412 413 return data 414 415 416def firewall_address6(data, fos, check_mode=False): 417 418 vdom = data['vdom'] 419 420 state = data['state'] 421 422 firewall_address6_data = data['firewall_address6'] 423 filtered_data = underscore_to_hyphen(filter_firewall_address6_data(firewall_address6_data)) 424 425 # check_mode starts from here 426 if check_mode: 427 mkey = fos.get_mkey('system', 'interface', filtered_data, vdom=vdom) 428 current_data = fos.get('system', 'interface', vdom=vdom, mkey=mkey) 429 is_existed = current_data and current_data.get('http_status') == 200 \ 430 and isinstance(current_data.get('results'), list) \ 431 and len(current_data['results']) > 0 432 433 # 2. if it exists and the state is 'present' then compare current settings with desired 434 if state == 'present' or state is True: 435 if mkey is None: 436 return False, True, filtered_data 437 438 # if mkey exists then compare each other 439 # record exits and they're matched or not 440 if is_existed: 441 is_same = is_same_comparison( 442 serialize(current_data['results'][0]), serialize(filtered_data)) 443 return False, not is_same, filtered_data 444 445 # record does not exist 446 return False, True, filtered_data 447 448 if state == 'absent': 449 if mkey is None: 450 return False, False, filtered_data 451 452 if is_existed: 453 return False, True, filtered_data 454 return False, False, filtered_data 455 456 return True, False, {'reason: ': 'Must provide state parameter'} 457 458 if state == "present" or state is True: 459 return fos.set('firewall', 460 'address6', 461 data=filtered_data, 462 vdom=vdom) 463 464 elif state == "absent": 465 return fos.delete('firewall', 466 'address6', 467 mkey=filtered_data['name'], 468 vdom=vdom) 469 else: 470 fos._module.fail_json(msg='state must be present or absent!') 471 472 473def is_successful_status(status): 474 return status['status'] == "success" or \ 475 status['http_method'] == "DELETE" and status['http_status'] == 404 476 477 478def fortios_firewall(data, fos, check_mode): 479 480 if data['firewall_address6']: 481 resp = firewall_address6(data, fos, check_mode) 482 else: 483 fos._module.fail_json(msg='missing task body: %s' % ('firewall_address6')) 484 if check_mode: 485 return resp 486 return not is_successful_status(resp), \ 487 resp['status'] == "success" and \ 488 (resp['revision_changed'] if 'revision_changed' in resp else True), \ 489 resp 490 491 492versioned_schema = { 493 "type": "list", 494 "children": { 495 "comment": { 496 "type": "string", 497 "revisions": { 498 "v6.0.0": True, 499 "v7.0.0": True, 500 "v6.0.5": True, 501 "v6.4.4": True, 502 "v6.4.0": True, 503 "v6.4.1": True, 504 "v6.2.0": True, 505 "v6.2.3": True, 506 "v6.2.5": True, 507 "v6.2.7": True, 508 "v6.0.11": True 509 } 510 }, 511 "macaddr": { 512 "type": "list", 513 "children": { 514 "macaddr": { 515 "type": "string", 516 "revisions": { 517 "v7.0.0": True 518 } 519 } 520 }, 521 "revisions": { 522 "v7.0.0": True 523 } 524 }, 525 "color": { 526 "type": "integer", 527 "revisions": { 528 "v6.0.0": True, 529 "v7.0.0": True, 530 "v6.0.5": True, 531 "v6.4.4": True, 532 "v6.4.0": True, 533 "v6.4.1": True, 534 "v6.2.0": True, 535 "v6.2.3": True, 536 "v6.2.5": True, 537 "v6.2.7": True, 538 "v6.0.11": True 539 } 540 }, 541 "end_mac": { 542 "type": "string", 543 "revisions": { 544 "v7.0.0": False, 545 "v6.4.4": True, 546 "v6.4.0": True, 547 "v6.4.1": False, 548 "v6.2.0": True, 549 "v6.2.3": False, 550 "v6.2.5": True, 551 "v6.2.7": True 552 } 553 }, 554 "fabric_object": { 555 "type": "string", 556 "options": [ 557 { 558 "value": "enable", 559 "revisions": { 560 "v6.4.4": True, 561 "v7.0.0": True 562 } 563 }, 564 { 565 "value": "disable", 566 "revisions": { 567 "v6.4.4": True, 568 "v7.0.0": True 569 } 570 } 571 ], 572 "revisions": { 573 "v6.4.4": True, 574 "v7.0.0": True 575 } 576 }, 577 "cache_ttl": { 578 "type": "integer", 579 "revisions": { 580 "v6.0.0": True, 581 "v7.0.0": True, 582 "v6.0.5": True, 583 "v6.4.4": True, 584 "v6.4.0": True, 585 "v6.4.1": True, 586 "v6.2.0": True, 587 "v6.2.3": True, 588 "v6.2.5": True, 589 "v6.2.7": True, 590 "v6.0.11": True 591 } 592 }, 593 "uuid": { 594 "type": "string", 595 "revisions": { 596 "v6.0.0": True, 597 "v7.0.0": True, 598 "v6.0.5": True, 599 "v6.4.4": True, 600 "v6.4.0": True, 601 "v6.4.1": True, 602 "v6.2.0": True, 603 "v6.2.3": True, 604 "v6.2.5": True, 605 "v6.2.7": True, 606 "v6.0.11": True 607 } 608 }, 609 "list": { 610 "type": "list", 611 "children": { 612 "ip": { 613 "type": "string", 614 "revisions": { 615 "v6.0.0": True, 616 "v7.0.0": True, 617 "v6.0.5": True, 618 "v6.4.4": True, 619 "v6.4.0": True, 620 "v6.4.1": True, 621 "v6.2.0": True, 622 "v6.2.3": True, 623 "v6.2.5": True, 624 "v6.2.7": True, 625 "v6.0.11": True 626 } 627 }, 628 "net_id": { 629 "type": "string", 630 "revisions": { 631 "v7.0.0": False, 632 "v6.4.4": False, 633 "v6.4.0": False, 634 "v6.4.1": False, 635 "v6.2.3": True, 636 "v6.2.5": False, 637 "v6.2.7": False 638 } 639 }, 640 "obj_id": { 641 "type": "string", 642 "revisions": { 643 "v7.0.0": False, 644 "v6.4.4": False, 645 "v6.4.0": False, 646 "v6.4.1": False, 647 "v6.2.3": True, 648 "v6.2.5": False, 649 "v6.2.7": False 650 } 651 } 652 }, 653 "revisions": { 654 "v6.0.0": True, 655 "v7.0.0": True, 656 "v6.0.5": True, 657 "v6.4.4": True, 658 "v6.4.0": True, 659 "v6.4.1": True, 660 "v6.2.0": True, 661 "v6.2.3": True, 662 "v6.2.5": True, 663 "v6.2.7": True, 664 "v6.0.11": True 665 } 666 }, 667 "subnet_segment": { 668 "type": "list", 669 "children": { 670 "type": { 671 "type": "string", 672 "options": [ 673 { 674 "value": "any", 675 "revisions": { 676 "v6.0.0": True, 677 "v7.0.0": True, 678 "v6.0.5": True, 679 "v6.4.4": True, 680 "v6.4.0": True, 681 "v6.4.1": True, 682 "v6.2.0": True, 683 "v6.2.3": True, 684 "v6.2.5": True, 685 "v6.2.7": True, 686 "v6.0.11": True 687 } 688 }, 689 { 690 "value": "specific", 691 "revisions": { 692 "v6.0.0": True, 693 "v7.0.0": True, 694 "v6.0.5": True, 695 "v6.4.4": True, 696 "v6.4.0": True, 697 "v6.4.1": True, 698 "v6.2.0": True, 699 "v6.2.3": True, 700 "v6.2.5": True, 701 "v6.2.7": True, 702 "v6.0.11": True 703 } 704 } 705 ], 706 "revisions": { 707 "v6.0.0": True, 708 "v7.0.0": True, 709 "v6.0.5": True, 710 "v6.4.4": True, 711 "v6.4.0": True, 712 "v6.4.1": True, 713 "v6.2.0": True, 714 "v6.2.3": True, 715 "v6.2.5": True, 716 "v6.2.7": True, 717 "v6.0.11": True 718 } 719 }, 720 "name": { 721 "type": "string", 722 "revisions": { 723 "v6.0.0": True, 724 "v7.0.0": True, 725 "v6.0.5": True, 726 "v6.4.4": True, 727 "v6.4.0": True, 728 "v6.4.1": True, 729 "v6.2.0": True, 730 "v6.2.3": True, 731 "v6.2.5": True, 732 "v6.2.7": True, 733 "v6.0.11": True 734 } 735 }, 736 "value": { 737 "type": "string", 738 "revisions": { 739 "v6.0.0": True, 740 "v7.0.0": True, 741 "v6.0.5": True, 742 "v6.4.4": True, 743 "v6.4.0": True, 744 "v6.4.1": True, 745 "v6.2.0": True, 746 "v6.2.3": True, 747 "v6.2.5": True, 748 "v6.2.7": True, 749 "v6.0.11": True 750 } 751 } 752 }, 753 "revisions": { 754 "v6.0.0": True, 755 "v7.0.0": True, 756 "v6.0.5": True, 757 "v6.4.4": True, 758 "v6.4.0": True, 759 "v6.4.1": True, 760 "v6.2.0": True, 761 "v6.2.3": True, 762 "v6.2.5": True, 763 "v6.2.7": True, 764 "v6.0.11": True 765 } 766 }, 767 "template": { 768 "type": "string", 769 "revisions": { 770 "v6.0.0": True, 771 "v7.0.0": True, 772 "v6.0.5": True, 773 "v6.4.4": True, 774 "v6.4.0": True, 775 "v6.4.1": True, 776 "v6.2.0": True, 777 "v6.2.3": True, 778 "v6.2.5": True, 779 "v6.2.7": True, 780 "v6.0.11": True 781 } 782 }, 783 "type": { 784 "type": "string", 785 "options": [ 786 { 787 "value": "ipprefix", 788 "revisions": { 789 "v6.0.0": True, 790 "v7.0.0": True, 791 "v6.0.5": True, 792 "v6.4.4": True, 793 "v6.4.0": True, 794 "v6.4.1": True, 795 "v6.2.0": True, 796 "v6.2.3": True, 797 "v6.2.5": True, 798 "v6.2.7": True, 799 "v6.0.11": True 800 } 801 }, 802 { 803 "value": "iprange", 804 "revisions": { 805 "v6.0.0": True, 806 "v7.0.0": True, 807 "v6.0.5": True, 808 "v6.4.4": True, 809 "v6.4.0": True, 810 "v6.4.1": True, 811 "v6.2.0": True, 812 "v6.2.3": True, 813 "v6.2.5": True, 814 "v6.2.7": True, 815 "v6.0.11": True 816 } 817 }, 818 { 819 "value": "fqdn", 820 "revisions": { 821 "v6.0.0": True, 822 "v7.0.0": True, 823 "v6.0.5": True, 824 "v6.4.4": True, 825 "v6.4.0": True, 826 "v6.4.1": True, 827 "v6.2.0": True, 828 "v6.2.3": True, 829 "v6.2.5": True, 830 "v6.2.7": True, 831 "v6.0.11": True 832 } 833 }, 834 { 835 "value": "dynamic", 836 "revisions": { 837 "v6.0.0": True, 838 "v7.0.0": True, 839 "v6.0.5": True, 840 "v6.4.4": True, 841 "v6.4.0": True, 842 "v6.4.1": True, 843 "v6.2.0": True, 844 "v6.2.3": True, 845 "v6.2.5": True, 846 "v6.2.7": True, 847 "v6.0.11": True 848 } 849 }, 850 { 851 "value": "template", 852 "revisions": { 853 "v6.0.0": True, 854 "v7.0.0": True, 855 "v6.0.5": True, 856 "v6.4.4": True, 857 "v6.4.0": True, 858 "v6.4.1": True, 859 "v6.2.0": True, 860 "v6.2.3": True, 861 "v6.2.5": True, 862 "v6.2.7": True, 863 "v6.0.11": True 864 } 865 }, 866 { 867 "value": "mac", 868 "revisions": { 869 "v7.0.0": True, 870 "v6.4.4": True, 871 "v6.4.0": True, 872 "v6.4.1": False, 873 "v6.2.0": True, 874 "v6.2.3": False, 875 "v6.2.5": True, 876 "v6.2.7": True 877 } 878 }, 879 { 880 "value": "geography", 881 "revisions": { 882 "v6.4.4": True, 883 "v7.0.0": True, 884 "v6.4.0": True, 885 "v6.4.1": True 886 } 887 } 888 ], 889 "revisions": { 890 "v6.0.0": True, 891 "v7.0.0": True, 892 "v6.0.5": True, 893 "v6.4.4": True, 894 "v6.4.0": True, 895 "v6.4.1": True, 896 "v6.2.0": True, 897 "v6.2.3": True, 898 "v6.2.5": True, 899 "v6.2.7": True, 900 "v6.0.11": True 901 } 902 }, 903 "start_mac": { 904 "type": "string", 905 "revisions": { 906 "v7.0.0": False, 907 "v6.4.4": True, 908 "v6.4.0": True, 909 "v6.4.1": False, 910 "v6.2.0": True, 911 "v6.2.3": False, 912 "v6.2.5": True, 913 "v6.2.7": True 914 } 915 }, 916 "visibility": { 917 "type": "string", 918 "options": [ 919 { 920 "value": "enable", 921 "revisions": { 922 "v6.0.0": True, 923 "v6.0.5": True, 924 "v6.2.0": True, 925 "v6.2.3": True, 926 "v6.2.5": True, 927 "v6.2.7": True, 928 "v6.0.11": True 929 } 930 }, 931 { 932 "value": "disable", 933 "revisions": { 934 "v6.0.0": True, 935 "v6.0.5": True, 936 "v6.2.0": True, 937 "v6.2.3": True, 938 "v6.2.5": True, 939 "v6.2.7": True, 940 "v6.0.11": True 941 } 942 } 943 ], 944 "revisions": { 945 "v6.0.0": True, 946 "v7.0.0": False, 947 "v6.0.5": True, 948 "v6.4.4": False, 949 "v6.4.0": False, 950 "v6.4.1": False, 951 "v6.2.0": True, 952 "v6.2.3": True, 953 "v6.2.5": True, 954 "v6.2.7": True, 955 "v6.0.11": True 956 } 957 }, 958 "host": { 959 "type": "string", 960 "revisions": { 961 "v6.0.0": True, 962 "v7.0.0": True, 963 "v6.0.5": True, 964 "v6.4.4": True, 965 "v6.4.0": True, 966 "v6.4.1": True, 967 "v6.2.0": True, 968 "v6.2.3": True, 969 "v6.2.5": True, 970 "v6.2.7": True, 971 "v6.0.11": True 972 } 973 }, 974 "ip6": { 975 "type": "string", 976 "revisions": { 977 "v6.0.0": True, 978 "v7.0.0": True, 979 "v6.0.5": True, 980 "v6.4.4": True, 981 "v6.4.0": True, 982 "v6.4.1": True, 983 "v6.2.0": True, 984 "v6.2.3": True, 985 "v6.2.5": True, 986 "v6.2.7": True, 987 "v6.0.11": True 988 } 989 }, 990 "start_ip": { 991 "type": "string", 992 "revisions": { 993 "v6.0.0": True, 994 "v7.0.0": True, 995 "v6.0.5": True, 996 "v6.4.4": True, 997 "v6.4.0": True, 998 "v6.4.1": True, 999 "v6.2.0": True, 1000 "v6.2.3": True, 1001 "v6.2.5": True, 1002 "v6.2.7": True, 1003 "v6.0.11": True 1004 } 1005 }, 1006 "sdn": { 1007 "type": "string", 1008 "options": [ 1009 { 1010 "value": "nsx", 1011 "revisions": { 1012 "v6.0.11": True, 1013 "v6.0.0": True, 1014 "v6.0.5": True 1015 } 1016 } 1017 ], 1018 "revisions": { 1019 "v6.0.0": True, 1020 "v7.0.0": True, 1021 "v6.0.5": True, 1022 "v6.4.4": True, 1023 "v6.4.0": True, 1024 "v6.4.1": True, 1025 "v6.2.0": True, 1026 "v6.2.3": True, 1027 "v6.2.5": True, 1028 "v6.2.7": True, 1029 "v6.0.11": True 1030 } 1031 }, 1032 "tagging": { 1033 "type": "list", 1034 "children": { 1035 "category": { 1036 "type": "string", 1037 "revisions": { 1038 "v6.0.0": True, 1039 "v7.0.0": True, 1040 "v6.0.5": True, 1041 "v6.4.4": True, 1042 "v6.4.0": True, 1043 "v6.4.1": True, 1044 "v6.2.0": True, 1045 "v6.2.3": True, 1046 "v6.2.5": True, 1047 "v6.2.7": True, 1048 "v6.0.11": True 1049 } 1050 }, 1051 "name": { 1052 "type": "string", 1053 "revisions": { 1054 "v6.0.0": True, 1055 "v7.0.0": True, 1056 "v6.0.5": True, 1057 "v6.4.4": True, 1058 "v6.4.0": True, 1059 "v6.4.1": True, 1060 "v6.2.0": True, 1061 "v6.2.3": True, 1062 "v6.2.5": True, 1063 "v6.2.7": True, 1064 "v6.0.11": True 1065 } 1066 }, 1067 "tags": { 1068 "type": "list", 1069 "children": { 1070 "name": { 1071 "type": "string", 1072 "revisions": { 1073 "v6.0.0": True, 1074 "v7.0.0": True, 1075 "v6.0.5": True, 1076 "v6.4.4": True, 1077 "v6.4.0": True, 1078 "v6.4.1": True, 1079 "v6.2.0": True, 1080 "v6.2.3": True, 1081 "v6.2.5": True, 1082 "v6.2.7": True, 1083 "v6.0.11": True 1084 } 1085 } 1086 }, 1087 "revisions": { 1088 "v6.0.0": True, 1089 "v7.0.0": True, 1090 "v6.0.5": True, 1091 "v6.4.4": True, 1092 "v6.4.0": True, 1093 "v6.4.1": True, 1094 "v6.2.0": True, 1095 "v6.2.3": True, 1096 "v6.2.5": True, 1097 "v6.2.7": True, 1098 "v6.0.11": True 1099 } 1100 } 1101 }, 1102 "revisions": { 1103 "v6.0.0": True, 1104 "v7.0.0": True, 1105 "v6.0.5": True, 1106 "v6.4.4": True, 1107 "v6.4.0": True, 1108 "v6.4.1": True, 1109 "v6.2.0": True, 1110 "v6.2.3": True, 1111 "v6.2.5": True, 1112 "v6.2.7": True, 1113 "v6.0.11": True 1114 } 1115 }, 1116 "name": { 1117 "type": "string", 1118 "revisions": { 1119 "v6.0.0": True, 1120 "v7.0.0": True, 1121 "v6.0.5": True, 1122 "v6.4.4": True, 1123 "v6.4.0": True, 1124 "v6.4.1": True, 1125 "v6.2.0": True, 1126 "v6.2.3": True, 1127 "v6.2.5": True, 1128 "v6.2.7": True, 1129 "v6.0.11": True 1130 } 1131 }, 1132 "obj_id": { 1133 "type": "string", 1134 "revisions": { 1135 "v6.0.0": True, 1136 "v7.0.0": True, 1137 "v6.0.5": True, 1138 "v6.4.4": True, 1139 "v6.4.0": True, 1140 "v6.4.1": True, 1141 "v6.2.0": True, 1142 "v6.2.3": True, 1143 "v6.2.5": True, 1144 "v6.2.7": True, 1145 "v6.0.11": True 1146 } 1147 }, 1148 "country": { 1149 "type": "string", 1150 "revisions": { 1151 "v6.4.4": True, 1152 "v7.0.0": True, 1153 "v6.4.0": True, 1154 "v6.4.1": True 1155 } 1156 }, 1157 "host_type": { 1158 "type": "string", 1159 "options": [ 1160 { 1161 "value": "any", 1162 "revisions": { 1163 "v6.0.0": True, 1164 "v7.0.0": True, 1165 "v6.0.5": True, 1166 "v6.4.4": True, 1167 "v6.4.0": True, 1168 "v6.4.1": True, 1169 "v6.2.0": True, 1170 "v6.2.3": True, 1171 "v6.2.5": True, 1172 "v6.2.7": True, 1173 "v6.0.11": True 1174 } 1175 }, 1176 { 1177 "value": "specific", 1178 "revisions": { 1179 "v6.0.0": True, 1180 "v7.0.0": True, 1181 "v6.0.5": True, 1182 "v6.4.4": True, 1183 "v6.4.0": True, 1184 "v6.4.1": True, 1185 "v6.2.0": True, 1186 "v6.2.3": True, 1187 "v6.2.5": True, 1188 "v6.2.7": True, 1189 "v6.0.11": True 1190 } 1191 } 1192 ], 1193 "revisions": { 1194 "v6.0.0": True, 1195 "v7.0.0": True, 1196 "v6.0.5": True, 1197 "v6.4.4": True, 1198 "v6.4.0": True, 1199 "v6.4.1": True, 1200 "v6.2.0": True, 1201 "v6.2.3": True, 1202 "v6.2.5": True, 1203 "v6.2.7": True, 1204 "v6.0.11": True 1205 } 1206 }, 1207 "fqdn": { 1208 "type": "string", 1209 "revisions": { 1210 "v6.0.0": True, 1211 "v7.0.0": True, 1212 "v6.0.5": True, 1213 "v6.4.4": True, 1214 "v6.4.0": True, 1215 "v6.4.1": True, 1216 "v6.2.0": True, 1217 "v6.2.3": True, 1218 "v6.2.5": True, 1219 "v6.2.7": True, 1220 "v6.0.11": True 1221 } 1222 }, 1223 "end_ip": { 1224 "type": "string", 1225 "revisions": { 1226 "v6.0.0": True, 1227 "v7.0.0": True, 1228 "v6.0.5": True, 1229 "v6.4.4": True, 1230 "v6.4.0": True, 1231 "v6.4.1": True, 1232 "v6.2.0": True, 1233 "v6.2.3": True, 1234 "v6.2.5": True, 1235 "v6.2.7": True, 1236 "v6.0.11": True 1237 } 1238 } 1239 }, 1240 "revisions": { 1241 "v6.0.0": True, 1242 "v7.0.0": True, 1243 "v6.0.5": True, 1244 "v6.4.4": True, 1245 "v6.4.0": True, 1246 "v6.4.1": True, 1247 "v6.2.0": True, 1248 "v6.2.3": True, 1249 "v6.2.5": True, 1250 "v6.2.7": True, 1251 "v6.0.11": True 1252 } 1253} 1254 1255 1256def main(): 1257 module_spec = schema_to_module_spec(versioned_schema) 1258 mkeyname = 'name' 1259 fields = { 1260 "access_token": {"required": False, "type": "str", "no_log": True}, 1261 "enable_log": {"required": False, "type": bool}, 1262 "vdom": {"required": False, "type": "str", "default": "root"}, 1263 "state": {"required": True, "type": "str", 1264 "choices": ["present", "absent"]}, 1265 "firewall_address6": { 1266 "required": False, "type": "dict", "default": None, 1267 "options": { 1268 } 1269 } 1270 } 1271 for attribute_name in module_spec['options']: 1272 fields["firewall_address6"]['options'][attribute_name] = module_spec['options'][attribute_name] 1273 if mkeyname and mkeyname == attribute_name: 1274 fields["firewall_address6"]['options'][attribute_name]['required'] = True 1275 1276 check_legacy_fortiosapi() 1277 module = AnsibleModule(argument_spec=fields, 1278 supports_check_mode=True) 1279 1280 versions_check_result = None 1281 if module._socket_path: 1282 connection = Connection(module._socket_path) 1283 if 'access_token' in module.params: 1284 connection.set_option('access_token', module.params['access_token']) 1285 1286 if 'enable_log' in module.params: 1287 connection.set_option('enable_log', module.params['enable_log']) 1288 else: 1289 connection.set_option('enable_log', False) 1290 fos = FortiOSHandler(connection, module, mkeyname) 1291 versions_check_result = check_schema_versioning(fos, versioned_schema, "firewall_address6") 1292 1293 is_error, has_changed, result = fortios_firewall(module.params, fos, module.check_mode) 1294 1295 else: 1296 module.fail_json(**FAIL_SOCKET_MSG) 1297 1298 if versions_check_result and versions_check_result['matched'] is False: 1299 module.warn("Ansible has detected version mismatch between FortOS system and your playbook, see more details by specifying option -vvv") 1300 1301 if not is_error: 1302 if versions_check_result and versions_check_result['matched'] is False: 1303 module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) 1304 else: 1305 module.exit_json(changed=has_changed, meta=result) 1306 else: 1307 if versions_check_result and versions_check_result['matched'] is False: 1308 module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) 1309 else: 1310 module.fail_json(msg="Error in repo", meta=result) 1311 1312 1313if __name__ == '__main__': 1314 main() 1315