1#!/usr/local/bin/python3.8 2from __future__ import (absolute_import, division, print_function) 3# Copyright 2019-2020 Fortinet, Inc. 4# 5# This program is free software: you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation, either version 3 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <https://www.gnu.org/licenses/>. 17 18__metaclass__ = type 19 20ANSIBLE_METADATA = {'status': ['preview'], 21 'supported_by': 'community', 22 'metadata_version': '1.1'} 23 24DOCUMENTATION = ''' 25--- 26module: fortios_icap_profile 27short_description: Configure ICAP profiles in Fortinet's FortiOS and FortiGate. 28description: 29 - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the 30 user to set and modify icap feature and profile category. 31 Examples include all parameters and values need to be adjusted to datasources before usage. 32 Tested with FOS v6.0.0 33version_added: "2.10" 34author: 35 - Link Zheng (@chillancezen) 36 - Jie Xue (@JieX19) 37 - Hongbin Lu (@fgtdev-hblu) 38 - Frank Shen (@frankshen01) 39 - Miguel Angel Munoz (@mamunozgonzalez) 40 - Nicolas Thomas (@thomnico) 41notes: 42 - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks 43 44requirements: 45 - ansible>=2.9.0 46options: 47 access_token: 48 description: 49 - Token-based authentication. 50 Generated from GUI of Fortigate. 51 type: str 52 required: false 53 enable_log: 54 description: 55 - Enable/Disable logging for task. 56 type: bool 57 required: false 58 default: false 59 vdom: 60 description: 61 - Virtual domain, among those defined previously. A vdom is a 62 virtual instance of the FortiGate that can be configured and 63 used as a different unit. 64 type: str 65 default: root 66 67 state: 68 description: 69 - Indicates whether to create or remove the object. 70 type: str 71 required: true 72 choices: 73 - present 74 - absent 75 icap_profile: 76 description: 77 - Configure ICAP profiles. 78 default: null 79 type: dict 80 suboptions: 81 icap_headers: 82 description: 83 - Configure ICAP forwarded request headers. 84 type: list 85 suboptions: 86 base64_encoding: 87 description: 88 - Enable/disable use of base64 encoding of HTTP content. 89 type: str 90 choices: 91 - disable 92 - enable 93 content: 94 description: 95 - HTTP header content. 96 type: str 97 id: 98 description: 99 - HTTP forwarded header ID. 100 required: true 101 type: int 102 name: 103 description: 104 - HTTP forwarded header name. 105 type: str 106 methods: 107 description: 108 - The allowed HTTP methods that will be sent to ICAP server for further processing. 109 type: list 110 choices: 111 - delete 112 - get 113 - head 114 - options 115 - post 116 - put 117 - trace 118 - other 119 name: 120 description: 121 - ICAP profile name. 122 required: true 123 type: str 124 preview: 125 description: 126 - Enable/disable preview of data to ICAP server. 127 type: str 128 choices: 129 - disable 130 - enable 131 preview_data_length: 132 description: 133 - Preview data length to be sent to ICAP server. 134 type: int 135 replacemsg_group: 136 description: 137 - Replacement message group. Source system.replacemsg-group.name. 138 type: str 139 request: 140 description: 141 - Enable/disable whether an HTTP request is passed to an ICAP server. 142 type: str 143 choices: 144 - disable 145 - enable 146 request_failure: 147 description: 148 - Action to take if the ICAP server cannot be contacted when processing an HTTP request. 149 type: str 150 choices: 151 - error 152 - bypass 153 request_path: 154 description: 155 - Path component of the ICAP URI that identifies the HTTP request processing service. 156 type: str 157 request_server: 158 description: 159 - ICAP server to use for an HTTP request. Source icap.server.name. 160 type: str 161 respmod_default_action: 162 description: 163 - Default action to ICAP response modification (respmod) processing. 164 type: str 165 choices: 166 - forward 167 - bypass 168 respmod_forward_rules: 169 description: 170 - ICAP response mode forward rules. 171 type: list 172 suboptions: 173 action: 174 description: 175 - Action to be taken for ICAP server. 176 type: str 177 choices: 178 - forward 179 - bypass 180 header_group: 181 description: 182 - HTTP header group. 183 type: list 184 suboptions: 185 case_sensitivity: 186 description: 187 - Enable/disable case sensitivity when matching header. 188 type: str 189 choices: 190 - disable 191 - enable 192 header: 193 description: 194 - HTTP header regular expression. 195 type: str 196 header_name: 197 description: 198 - HTTP header. 199 type: str 200 id: 201 description: 202 - ID. 203 required: true 204 type: int 205 host: 206 description: 207 - Address object for the host. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name. 208 type: str 209 http_resp_status_code: 210 description: 211 - HTTP response status code. 212 type: int 213 suboptions: 214 code: 215 description: 216 - HTTP response status code. 217 required: true 218 type: int 219 name: 220 description: 221 - Address name. 222 required: true 223 type: str 224 response: 225 description: 226 - Enable/disable whether an HTTP response is passed to an ICAP server. 227 type: str 228 choices: 229 - disable 230 - enable 231 response_failure: 232 description: 233 - Action to take if the ICAP server cannot be contacted when processing an HTTP response. 234 type: str 235 choices: 236 - error 237 - bypass 238 response_path: 239 description: 240 - Path component of the ICAP URI that identifies the HTTP response processing service. 241 type: str 242 response_req_hdr: 243 description: 244 - Enable/disable addition of req-hdr for ICAP response modification (respmod) processing. 245 type: str 246 choices: 247 - disable 248 - enable 249 response_server: 250 description: 251 - ICAP server to use for an HTTP response. Source icap.server.name. 252 type: str 253 streaming_content_bypass: 254 description: 255 - Enable/disable bypassing of ICAP server for streaming content. 256 type: str 257 choices: 258 - disable 259 - enable 260''' 261 262EXAMPLES = ''' 263- hosts: fortigates 264 collections: 265 - fortinet.fortios 266 connection: httpapi 267 vars: 268 vdom: "root" 269 ansible_httpapi_use_ssl: yes 270 ansible_httpapi_validate_certs: no 271 ansible_httpapi_port: 443 272 tasks: 273 - name: Configure ICAP profiles. 274 fortios_icap_profile: 275 vdom: "{{ vdom }}" 276 state: "present" 277 access_token: "<your_own_value>" 278 icap_profile: 279 icap_headers: 280 - 281 base64_encoding: "disable" 282 content: "<your_own_value>" 283 id: "6" 284 name: "default_name_7" 285 methods: "delete" 286 name: "default_name_9" 287 preview: "disable" 288 preview_data_length: "11" 289 replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)" 290 request: "disable" 291 request_failure: "error" 292 request_path: "<your_own_value>" 293 request_server: "<your_own_value> (source icap.server.name)" 294 respmod_default_action: "forward" 295 respmod_forward_rules: 296 - 297 action: "forward" 298 header_group: 299 - 300 case_sensitivity: "disable" 301 header: "<your_own_value>" 302 header_name: "<your_own_value>" 303 id: "24" 304 host: "myhostname (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name)" 305 http_resp_status_code: 306 - 307 code: "27" 308 name: "default_name_28" 309 response: "disable" 310 response_failure: "error" 311 response_path: "<your_own_value>" 312 response_req_hdr: "disable" 313 response_server: "<your_own_value> (source icap.server.name)" 314 streaming_content_bypass: "disable" 315 316''' 317 318RETURN = ''' 319build: 320 description: Build number of the fortigate image 321 returned: always 322 type: str 323 sample: '1547' 324http_method: 325 description: Last method used to provision the content into FortiGate 326 returned: always 327 type: str 328 sample: 'PUT' 329http_status: 330 description: Last result given by FortiGate on last operation applied 331 returned: always 332 type: str 333 sample: "200" 334mkey: 335 description: Master key (id) used in the last call to FortiGate 336 returned: success 337 type: str 338 sample: "id" 339name: 340 description: Name of the table used to fulfill the request 341 returned: always 342 type: str 343 sample: "urlfilter" 344path: 345 description: Path of the table used to fulfill the request 346 returned: always 347 type: str 348 sample: "webfilter" 349revision: 350 description: Internal revision number 351 returned: always 352 type: str 353 sample: "17.0.2.10658" 354serial: 355 description: Serial number of the unit 356 returned: always 357 type: str 358 sample: "FGVMEVYYQT3AB5352" 359status: 360 description: Indication of the operation's result 361 returned: always 362 type: str 363 sample: "success" 364vdom: 365 description: Virtual domain used 366 returned: always 367 type: str 368 sample: "root" 369version: 370 description: Version of the FortiGate 371 returned: always 372 type: str 373 sample: "v5.6.3" 374 375''' 376from ansible.module_utils.basic import AnsibleModule 377from ansible.module_utils.connection import Connection 378from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler 379from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi 380from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import schema_to_module_spec 381from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_schema_versioning 382from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG 383from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import is_same_comparison 384from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import serialize 385 386 387def filter_icap_profile_data(json): 388 option_list = ['icap_headers', 'methods', 'name', 389 'preview', 'preview_data_length', 'replacemsg_group', 390 'request', 'request_failure', 'request_path', 391 'request_server', 'respmod_default_action', 'respmod_forward_rules', 392 'response', 'response_failure', 'response_path', 393 'response_req_hdr', 'response_server', 'streaming_content_bypass'] 394 dictionary = {} 395 396 for attribute in option_list: 397 if attribute in json and json[attribute] is not None: 398 dictionary[attribute] = json[attribute] 399 400 return dictionary 401 402 403def flatten_single_path(data, path, index): 404 if not data or index == len(path) or path[index] not in data or not data[path[index]]: 405 return 406 407 if index == len(path) - 1: 408 data[path[index]] = ' '.join(str(elem) for elem in data[path[index]]) 409 elif isinstance(data[path[index]], list): 410 for value in data[path[index]]: 411 flatten_single_path(value, path, index + 1) 412 else: 413 flatten_single_path(data[path[index]], path, index + 1) 414 415 416def flatten_multilists_attributes(data): 417 multilist_attrs = [[u'methods']] 418 419 for attr in multilist_attrs: 420 flatten_single_path(data, attr, 0) 421 422 return data 423 424 425def underscore_to_hyphen(data): 426 if isinstance(data, list): 427 for i, elem in enumerate(data): 428 data[i] = underscore_to_hyphen(elem) 429 elif isinstance(data, dict): 430 new_data = {} 431 for k, v in data.items(): 432 new_data[k.replace('_', '-')] = underscore_to_hyphen(v) 433 data = new_data 434 435 return data 436 437 438def icap_profile(data, fos, check_mode=False): 439 440 vdom = data['vdom'] 441 442 state = data['state'] 443 444 icap_profile_data = data['icap_profile'] 445 icap_profile_data = flatten_multilists_attributes(icap_profile_data) 446 filtered_data = underscore_to_hyphen(filter_icap_profile_data(icap_profile_data)) 447 448 # check_mode starts from here 449 if check_mode: 450 mkey = fos.get_mkey('system', 'interface', filtered_data, vdom=vdom) 451 current_data = fos.get('system', 'interface', vdom=vdom, mkey=mkey) 452 is_existed = current_data and current_data.get('http_status') == 200 \ 453 and isinstance(current_data.get('results'), list) \ 454 and len(current_data['results']) > 0 455 456 # 2. if it exists and the state is 'present' then compare current settings with desired 457 if state == 'present' or state is True: 458 if mkey is None: 459 return False, True, filtered_data 460 461 # if mkey exists then compare each other 462 # record exits and they're matched or not 463 if is_existed: 464 is_same = is_same_comparison( 465 serialize(current_data['results'][0]), serialize(filtered_data)) 466 return False, not is_same, filtered_data 467 468 # record does not exist 469 return False, True, filtered_data 470 471 if state == 'absent': 472 if mkey is None: 473 return False, False, filtered_data 474 475 if is_existed: 476 return False, True, filtered_data 477 return False, False, filtered_data 478 479 return True, False, {'reason: ': 'Must provide state parameter'} 480 481 if state == "present" or state is True: 482 return fos.set('icap', 483 'profile', 484 data=filtered_data, 485 vdom=vdom) 486 487 elif state == "absent": 488 return fos.delete('icap', 489 'profile', 490 mkey=filtered_data['name'], 491 vdom=vdom) 492 else: 493 fos._module.fail_json(msg='state must be present or absent!') 494 495 496def is_successful_status(status): 497 return status['status'] == "success" or \ 498 status['http_method'] == "DELETE" and status['http_status'] == 404 499 500 501def fortios_icap(data, fos, check_mode): 502 503 if data['icap_profile']: 504 resp = icap_profile(data, fos, check_mode) 505 else: 506 fos._module.fail_json(msg='missing task body: %s' % ('icap_profile')) 507 if check_mode: 508 return resp 509 return not is_successful_status(resp), \ 510 resp['status'] == "success" and \ 511 (resp['revision_changed'] if 'revision_changed' in resp else True), \ 512 resp 513 514 515versioned_schema = { 516 "type": "list", 517 "children": { 518 "preview": { 519 "type": "string", 520 "options": [ 521 { 522 "value": "disable", 523 "revisions": { 524 "v7.0.0": True, 525 "v6.4.4": True, 526 "v6.4.0": True, 527 "v6.4.1": True, 528 "v6.2.0": True, 529 "v6.2.3": True, 530 "v6.2.5": True, 531 "v6.2.7": True 532 } 533 }, 534 { 535 "value": "enable", 536 "revisions": { 537 "v7.0.0": True, 538 "v6.4.4": True, 539 "v6.4.0": True, 540 "v6.4.1": True, 541 "v6.2.0": True, 542 "v6.2.3": True, 543 "v6.2.5": True, 544 "v6.2.7": True 545 } 546 } 547 ], 548 "revisions": { 549 "v7.0.0": True, 550 "v6.4.4": True, 551 "v6.4.0": True, 552 "v6.4.1": True, 553 "v6.2.0": True, 554 "v6.2.3": True, 555 "v6.2.5": True, 556 "v6.2.7": True 557 } 558 }, 559 "name": { 560 "type": "string", 561 "revisions": { 562 "v6.0.0": True, 563 "v7.0.0": True, 564 "v6.0.5": True, 565 "v6.4.4": True, 566 "v6.4.0": True, 567 "v6.4.1": True, 568 "v6.2.0": True, 569 "v6.2.3": True, 570 "v6.2.5": True, 571 "v6.2.7": True, 572 "v6.0.11": True 573 } 574 }, 575 "response_server": { 576 "type": "string", 577 "revisions": { 578 "v6.0.0": True, 579 "v7.0.0": True, 580 "v6.0.5": True, 581 "v6.4.4": True, 582 "v6.4.0": True, 583 "v6.4.1": True, 584 "v6.2.0": True, 585 "v6.2.3": True, 586 "v6.2.5": True, 587 "v6.2.7": True, 588 "v6.0.11": True 589 } 590 }, 591 "respmod_default_action": { 592 "type": "string", 593 "options": [ 594 { 595 "value": "forward", 596 "revisions": { 597 "v6.4.4": True, 598 "v7.0.0": True, 599 "v6.4.0": True, 600 "v6.4.1": True 601 } 602 }, 603 { 604 "value": "bypass", 605 "revisions": { 606 "v6.4.4": True, 607 "v7.0.0": True, 608 "v6.4.0": True, 609 "v6.4.1": True 610 } 611 } 612 ], 613 "revisions": { 614 "v6.4.4": True, 615 "v7.0.0": True, 616 "v6.4.0": True, 617 "v6.4.1": True 618 } 619 }, 620 "streaming_content_bypass": { 621 "type": "string", 622 "options": [ 623 { 624 "value": "disable", 625 "revisions": { 626 "v6.0.0": True, 627 "v7.0.0": True, 628 "v6.0.5": True, 629 "v6.4.4": True, 630 "v6.4.0": True, 631 "v6.4.1": True, 632 "v6.2.0": True, 633 "v6.2.3": True, 634 "v6.2.5": True, 635 "v6.2.7": True, 636 "v6.0.11": True 637 } 638 }, 639 { 640 "value": "enable", 641 "revisions": { 642 "v6.0.0": True, 643 "v7.0.0": True, 644 "v6.0.5": True, 645 "v6.4.4": True, 646 "v6.4.0": True, 647 "v6.4.1": True, 648 "v6.2.0": True, 649 "v6.2.3": True, 650 "v6.2.5": True, 651 "v6.2.7": True, 652 "v6.0.11": True 653 } 654 } 655 ], 656 "revisions": { 657 "v6.0.0": True, 658 "v7.0.0": True, 659 "v6.0.5": True, 660 "v6.4.4": True, 661 "v6.4.0": True, 662 "v6.4.1": True, 663 "v6.2.0": True, 664 "v6.2.3": True, 665 "v6.2.5": True, 666 "v6.2.7": True, 667 "v6.0.11": True 668 } 669 }, 670 "response_failure": { 671 "type": "string", 672 "options": [ 673 { 674 "value": "error", 675 "revisions": { 676 "v6.0.0": True, 677 "v7.0.0": True, 678 "v6.0.5": True, 679 "v6.4.4": True, 680 "v6.4.0": True, 681 "v6.4.1": True, 682 "v6.2.0": True, 683 "v6.2.3": True, 684 "v6.2.5": True, 685 "v6.2.7": True, 686 "v6.0.11": True 687 } 688 }, 689 { 690 "value": "bypass", 691 "revisions": { 692 "v6.0.0": True, 693 "v7.0.0": True, 694 "v6.0.5": True, 695 "v6.4.4": True, 696 "v6.4.0": True, 697 "v6.4.1": True, 698 "v6.2.0": True, 699 "v6.2.3": True, 700 "v6.2.5": True, 701 "v6.2.7": True, 702 "v6.0.11": True 703 } 704 } 705 ], 706 "revisions": { 707 "v6.0.0": True, 708 "v7.0.0": True, 709 "v6.0.5": True, 710 "v6.4.4": True, 711 "v6.4.0": True, 712 "v6.4.1": True, 713 "v6.2.0": True, 714 "v6.2.3": True, 715 "v6.2.5": True, 716 "v6.2.7": True, 717 "v6.0.11": True 718 } 719 }, 720 "request_failure": { 721 "type": "string", 722 "options": [ 723 { 724 "value": "error", 725 "revisions": { 726 "v6.0.0": True, 727 "v7.0.0": True, 728 "v6.0.5": True, 729 "v6.4.4": True, 730 "v6.4.0": True, 731 "v6.4.1": True, 732 "v6.2.0": True, 733 "v6.2.3": True, 734 "v6.2.5": True, 735 "v6.2.7": True, 736 "v6.0.11": True 737 } 738 }, 739 { 740 "value": "bypass", 741 "revisions": { 742 "v6.0.0": True, 743 "v7.0.0": True, 744 "v6.0.5": True, 745 "v6.4.4": True, 746 "v6.4.0": True, 747 "v6.4.1": True, 748 "v6.2.0": True, 749 "v6.2.3": True, 750 "v6.2.5": True, 751 "v6.2.7": True, 752 "v6.0.11": True 753 } 754 } 755 ], 756 "revisions": { 757 "v6.0.0": True, 758 "v7.0.0": True, 759 "v6.0.5": True, 760 "v6.4.4": True, 761 "v6.4.0": True, 762 "v6.4.1": True, 763 "v6.2.0": True, 764 "v6.2.3": True, 765 "v6.2.5": True, 766 "v6.2.7": True, 767 "v6.0.11": True 768 } 769 }, 770 "request": { 771 "type": "string", 772 "options": [ 773 { 774 "value": "disable", 775 "revisions": { 776 "v6.0.0": True, 777 "v7.0.0": True, 778 "v6.0.5": True, 779 "v6.4.4": True, 780 "v6.4.0": True, 781 "v6.4.1": True, 782 "v6.2.0": True, 783 "v6.2.3": True, 784 "v6.2.5": True, 785 "v6.2.7": True, 786 "v6.0.11": True 787 } 788 }, 789 { 790 "value": "enable", 791 "revisions": { 792 "v6.0.0": True, 793 "v7.0.0": True, 794 "v6.0.5": True, 795 "v6.4.4": True, 796 "v6.4.0": True, 797 "v6.4.1": True, 798 "v6.2.0": True, 799 "v6.2.3": True, 800 "v6.2.5": True, 801 "v6.2.7": True, 802 "v6.0.11": True 803 } 804 } 805 ], 806 "revisions": { 807 "v6.0.0": True, 808 "v7.0.0": True, 809 "v6.0.5": True, 810 "v6.4.4": True, 811 "v6.4.0": True, 812 "v6.4.1": True, 813 "v6.2.0": True, 814 "v6.2.3": True, 815 "v6.2.5": True, 816 "v6.2.7": True, 817 "v6.0.11": True 818 } 819 }, 820 "preview_data_length": { 821 "type": "integer", 822 "revisions": { 823 "v7.0.0": True, 824 "v6.4.4": True, 825 "v6.4.0": True, 826 "v6.4.1": True, 827 "v6.2.0": True, 828 "v6.2.3": True, 829 "v6.2.5": True, 830 "v6.2.7": True 831 } 832 }, 833 "response_path": { 834 "type": "string", 835 "revisions": { 836 "v6.0.0": True, 837 "v7.0.0": True, 838 "v6.0.5": True, 839 "v6.4.4": True, 840 "v6.4.0": True, 841 "v6.4.1": True, 842 "v6.2.0": True, 843 "v6.2.3": True, 844 "v6.2.5": True, 845 "v6.2.7": True, 846 "v6.0.11": True 847 } 848 }, 849 "request_server": { 850 "type": "string", 851 "revisions": { 852 "v6.0.0": True, 853 "v7.0.0": True, 854 "v6.0.5": True, 855 "v6.4.4": True, 856 "v6.4.0": True, 857 "v6.4.1": True, 858 "v6.2.0": True, 859 "v6.2.3": True, 860 "v6.2.5": True, 861 "v6.2.7": True, 862 "v6.0.11": True 863 } 864 }, 865 "respmod_forward_rules": { 866 "type": "list", 867 "children": { 868 "action": { 869 "type": "string", 870 "options": [ 871 { 872 "value": "forward", 873 "revisions": { 874 "v6.4.4": True, 875 "v7.0.0": True, 876 "v6.4.0": True, 877 "v6.4.1": True 878 } 879 }, 880 { 881 "value": "bypass", 882 "revisions": { 883 "v6.4.4": True, 884 "v7.0.0": True, 885 "v6.4.0": True, 886 "v6.4.1": True 887 } 888 } 889 ], 890 "revisions": { 891 "v6.4.4": True, 892 "v7.0.0": True, 893 "v6.4.0": True, 894 "v6.4.1": True 895 } 896 }, 897 "host": { 898 "type": "string", 899 "revisions": { 900 "v6.4.4": True, 901 "v7.0.0": True, 902 "v6.4.0": True, 903 "v6.4.1": True 904 } 905 }, 906 "http_resp_status_code": { 907 "type": "list", 908 "children": { 909 "code": { 910 "type": "integer", 911 "revisions": { 912 "v6.4.4": True, 913 "v7.0.0": True, 914 "v6.4.0": True, 915 "v6.4.1": True 916 } 917 } 918 }, 919 "revisions": { 920 "v6.4.4": True, 921 "v7.0.0": True, 922 "v6.4.0": True, 923 "v6.4.1": True 924 } 925 }, 926 "name": { 927 "type": "string", 928 "revisions": { 929 "v6.4.4": True, 930 "v7.0.0": True, 931 "v6.4.0": True, 932 "v6.4.1": True 933 } 934 }, 935 "header_group": { 936 "type": "list", 937 "children": { 938 "case_sensitivity": { 939 "type": "string", 940 "options": [ 941 { 942 "value": "disable", 943 "revisions": { 944 "v6.4.4": True, 945 "v7.0.0": True, 946 "v6.4.0": True, 947 "v6.4.1": True 948 } 949 }, 950 { 951 "value": "enable", 952 "revisions": { 953 "v6.4.4": True, 954 "v7.0.0": True, 955 "v6.4.0": True, 956 "v6.4.1": True 957 } 958 } 959 ], 960 "revisions": { 961 "v6.4.4": True, 962 "v7.0.0": True, 963 "v6.4.0": True, 964 "v6.4.1": True 965 } 966 }, 967 "header": { 968 "type": "string", 969 "revisions": { 970 "v6.4.4": True, 971 "v7.0.0": True, 972 "v6.4.0": True, 973 "v6.4.1": True 974 } 975 }, 976 "header_name": { 977 "type": "string", 978 "revisions": { 979 "v6.4.4": True, 980 "v7.0.0": True, 981 "v6.4.0": True, 982 "v6.4.1": True 983 } 984 }, 985 "id": { 986 "type": "integer", 987 "revisions": { 988 "v6.4.4": True, 989 "v7.0.0": True, 990 "v6.4.0": True, 991 "v6.4.1": True 992 } 993 } 994 }, 995 "revisions": { 996 "v6.4.4": True, 997 "v7.0.0": True, 998 "v6.4.0": True, 999 "v6.4.1": True 1000 } 1001 } 1002 }, 1003 "revisions": { 1004 "v6.4.4": True, 1005 "v7.0.0": True, 1006 "v6.4.0": True, 1007 "v6.4.1": True 1008 } 1009 }, 1010 "methods": { 1011 "multiple_values": True, 1012 "type": "list", 1013 "options": [ 1014 { 1015 "value": "delete", 1016 "revisions": { 1017 "v6.0.0": True, 1018 "v7.0.0": True, 1019 "v6.0.5": True, 1020 "v6.4.4": True, 1021 "v6.4.0": True, 1022 "v6.4.1": True, 1023 "v6.2.0": True, 1024 "v6.2.3": True, 1025 "v6.2.5": True, 1026 "v6.2.7": True, 1027 "v6.0.11": True 1028 } 1029 }, 1030 { 1031 "value": "get", 1032 "revisions": { 1033 "v6.0.0": True, 1034 "v7.0.0": True, 1035 "v6.0.5": True, 1036 "v6.4.4": True, 1037 "v6.4.0": True, 1038 "v6.4.1": True, 1039 "v6.2.0": True, 1040 "v6.2.3": True, 1041 "v6.2.5": True, 1042 "v6.2.7": True, 1043 "v6.0.11": True 1044 } 1045 }, 1046 { 1047 "value": "head", 1048 "revisions": { 1049 "v6.0.0": True, 1050 "v7.0.0": True, 1051 "v6.0.5": True, 1052 "v6.4.4": True, 1053 "v6.4.0": True, 1054 "v6.4.1": True, 1055 "v6.2.0": True, 1056 "v6.2.3": True, 1057 "v6.2.5": True, 1058 "v6.2.7": True, 1059 "v6.0.11": True 1060 } 1061 }, 1062 { 1063 "value": "options", 1064 "revisions": { 1065 "v6.0.0": True, 1066 "v7.0.0": True, 1067 "v6.0.5": True, 1068 "v6.4.4": True, 1069 "v6.4.0": True, 1070 "v6.4.1": True, 1071 "v6.2.0": True, 1072 "v6.2.3": True, 1073 "v6.2.5": True, 1074 "v6.2.7": True, 1075 "v6.0.11": True 1076 } 1077 }, 1078 { 1079 "value": "post", 1080 "revisions": { 1081 "v6.0.0": True, 1082 "v7.0.0": True, 1083 "v6.0.5": True, 1084 "v6.4.4": True, 1085 "v6.4.0": True, 1086 "v6.4.1": True, 1087 "v6.2.0": True, 1088 "v6.2.3": True, 1089 "v6.2.5": True, 1090 "v6.2.7": True, 1091 "v6.0.11": True 1092 } 1093 }, 1094 { 1095 "value": "put", 1096 "revisions": { 1097 "v6.0.0": True, 1098 "v7.0.0": True, 1099 "v6.0.5": True, 1100 "v6.4.4": True, 1101 "v6.4.0": True, 1102 "v6.4.1": True, 1103 "v6.2.0": True, 1104 "v6.2.3": True, 1105 "v6.2.5": True, 1106 "v6.2.7": True, 1107 "v6.0.11": True 1108 } 1109 }, 1110 { 1111 "value": "trace", 1112 "revisions": { 1113 "v6.0.0": True, 1114 "v7.0.0": True, 1115 "v6.0.5": True, 1116 "v6.4.4": True, 1117 "v6.4.0": True, 1118 "v6.4.1": True, 1119 "v6.2.0": True, 1120 "v6.2.3": True, 1121 "v6.2.5": True, 1122 "v6.2.7": True, 1123 "v6.0.11": True 1124 } 1125 }, 1126 { 1127 "value": "other", 1128 "revisions": { 1129 "v6.0.0": True, 1130 "v7.0.0": True, 1131 "v6.0.5": True, 1132 "v6.4.4": True, 1133 "v6.4.0": True, 1134 "v6.4.1": True, 1135 "v6.2.0": True, 1136 "v6.2.3": True, 1137 "v6.2.5": True, 1138 "v6.2.7": True, 1139 "v6.0.11": True 1140 } 1141 } 1142 ], 1143 "revisions": { 1144 "v6.0.0": True, 1145 "v7.0.0": True, 1146 "v6.0.5": True, 1147 "v6.4.4": True, 1148 "v6.4.0": True, 1149 "v6.4.1": True, 1150 "v6.2.0": True, 1151 "v6.2.3": True, 1152 "v6.2.5": True, 1153 "v6.2.7": True, 1154 "v6.0.11": True 1155 } 1156 }, 1157 "replacemsg_group": { 1158 "type": "string", 1159 "revisions": { 1160 "v6.0.0": True, 1161 "v7.0.0": True, 1162 "v6.0.5": True, 1163 "v6.4.4": True, 1164 "v6.4.0": True, 1165 "v6.4.1": True, 1166 "v6.2.0": True, 1167 "v6.2.3": True, 1168 "v6.2.5": True, 1169 "v6.2.7": True, 1170 "v6.0.11": True 1171 } 1172 }, 1173 "response_req_hdr": { 1174 "type": "string", 1175 "options": [ 1176 { 1177 "value": "disable", 1178 "revisions": { 1179 "v7.0.0": True, 1180 "v6.4.4": True, 1181 "v6.4.0": True, 1182 "v6.4.1": True, 1183 "v6.2.0": True, 1184 "v6.2.3": True, 1185 "v6.2.5": True, 1186 "v6.2.7": True 1187 } 1188 }, 1189 { 1190 "value": "enable", 1191 "revisions": { 1192 "v7.0.0": True, 1193 "v6.4.4": True, 1194 "v6.4.0": True, 1195 "v6.4.1": True, 1196 "v6.2.0": True, 1197 "v6.2.3": True, 1198 "v6.2.5": True, 1199 "v6.2.7": True 1200 } 1201 } 1202 ], 1203 "revisions": { 1204 "v7.0.0": True, 1205 "v6.4.4": True, 1206 "v6.4.0": True, 1207 "v6.4.1": True, 1208 "v6.2.0": True, 1209 "v6.2.3": True, 1210 "v6.2.5": True, 1211 "v6.2.7": True 1212 } 1213 }, 1214 "icap_headers": { 1215 "type": "list", 1216 "children": { 1217 "content": { 1218 "type": "string", 1219 "revisions": { 1220 "v7.0.0": True, 1221 "v6.4.4": True, 1222 "v6.4.0": True, 1223 "v6.4.1": True, 1224 "v6.2.0": True, 1225 "v6.2.3": True, 1226 "v6.2.5": True, 1227 "v6.2.7": True 1228 } 1229 }, 1230 "base64_encoding": { 1231 "type": "string", 1232 "options": [ 1233 { 1234 "value": "disable", 1235 "revisions": { 1236 "v7.0.0": True, 1237 "v6.4.4": True, 1238 "v6.4.0": True, 1239 "v6.4.1": True, 1240 "v6.2.0": True, 1241 "v6.2.3": True, 1242 "v6.2.5": True, 1243 "v6.2.7": True 1244 } 1245 }, 1246 { 1247 "value": "enable", 1248 "revisions": { 1249 "v7.0.0": True, 1250 "v6.4.4": True, 1251 "v6.4.0": True, 1252 "v6.4.1": True, 1253 "v6.2.0": True, 1254 "v6.2.3": True, 1255 "v6.2.5": True, 1256 "v6.2.7": True 1257 } 1258 } 1259 ], 1260 "revisions": { 1261 "v7.0.0": True, 1262 "v6.4.4": True, 1263 "v6.4.0": True, 1264 "v6.4.1": True, 1265 "v6.2.0": True, 1266 "v6.2.3": True, 1267 "v6.2.5": True, 1268 "v6.2.7": True 1269 } 1270 }, 1271 "id": { 1272 "type": "integer", 1273 "revisions": { 1274 "v7.0.0": True, 1275 "v6.4.4": True, 1276 "v6.4.0": True, 1277 "v6.4.1": True, 1278 "v6.2.0": True, 1279 "v6.2.3": True, 1280 "v6.2.5": True, 1281 "v6.2.7": True 1282 } 1283 }, 1284 "name": { 1285 "type": "string", 1286 "revisions": { 1287 "v7.0.0": True, 1288 "v6.4.4": True, 1289 "v6.4.0": True, 1290 "v6.4.1": True, 1291 "v6.2.0": True, 1292 "v6.2.3": True, 1293 "v6.2.5": True, 1294 "v6.2.7": True 1295 } 1296 } 1297 }, 1298 "revisions": { 1299 "v7.0.0": True, 1300 "v6.4.4": True, 1301 "v6.4.0": True, 1302 "v6.4.1": True, 1303 "v6.2.0": True, 1304 "v6.2.3": True, 1305 "v6.2.5": True, 1306 "v6.2.7": True 1307 } 1308 }, 1309 "response": { 1310 "type": "string", 1311 "options": [ 1312 { 1313 "value": "disable", 1314 "revisions": { 1315 "v6.0.0": True, 1316 "v7.0.0": True, 1317 "v6.0.5": True, 1318 "v6.4.4": True, 1319 "v6.4.0": True, 1320 "v6.4.1": True, 1321 "v6.2.0": True, 1322 "v6.2.3": True, 1323 "v6.2.5": True, 1324 "v6.2.7": True, 1325 "v6.0.11": True 1326 } 1327 }, 1328 { 1329 "value": "enable", 1330 "revisions": { 1331 "v6.0.0": True, 1332 "v7.0.0": True, 1333 "v6.0.5": True, 1334 "v6.4.4": True, 1335 "v6.4.0": True, 1336 "v6.4.1": True, 1337 "v6.2.0": True, 1338 "v6.2.3": True, 1339 "v6.2.5": True, 1340 "v6.2.7": True, 1341 "v6.0.11": True 1342 } 1343 } 1344 ], 1345 "revisions": { 1346 "v6.0.0": True, 1347 "v7.0.0": True, 1348 "v6.0.5": True, 1349 "v6.4.4": True, 1350 "v6.4.0": True, 1351 "v6.4.1": True, 1352 "v6.2.0": True, 1353 "v6.2.3": True, 1354 "v6.2.5": True, 1355 "v6.2.7": True, 1356 "v6.0.11": True 1357 } 1358 }, 1359 "request_path": { 1360 "type": "string", 1361 "revisions": { 1362 "v6.0.0": True, 1363 "v7.0.0": True, 1364 "v6.0.5": True, 1365 "v6.4.4": True, 1366 "v6.4.0": True, 1367 "v6.4.1": True, 1368 "v6.2.0": True, 1369 "v6.2.3": True, 1370 "v6.2.5": True, 1371 "v6.2.7": True, 1372 "v6.0.11": True 1373 } 1374 } 1375 }, 1376 "revisions": { 1377 "v6.0.0": True, 1378 "v7.0.0": True, 1379 "v6.0.5": True, 1380 "v6.4.4": True, 1381 "v6.4.0": True, 1382 "v6.4.1": True, 1383 "v6.2.0": True, 1384 "v6.2.3": True, 1385 "v6.2.5": True, 1386 "v6.2.7": True, 1387 "v6.0.11": True 1388 } 1389} 1390 1391 1392def main(): 1393 module_spec = schema_to_module_spec(versioned_schema) 1394 mkeyname = 'name' 1395 fields = { 1396 "access_token": {"required": False, "type": "str", "no_log": True}, 1397 "enable_log": {"required": False, "type": bool}, 1398 "vdom": {"required": False, "type": "str", "default": "root"}, 1399 "state": {"required": True, "type": "str", 1400 "choices": ["present", "absent"]}, 1401 "icap_profile": { 1402 "required": False, "type": "dict", "default": None, 1403 "options": { 1404 } 1405 } 1406 } 1407 for attribute_name in module_spec['options']: 1408 fields["icap_profile"]['options'][attribute_name] = module_spec['options'][attribute_name] 1409 if mkeyname and mkeyname == attribute_name: 1410 fields["icap_profile"]['options'][attribute_name]['required'] = True 1411 1412 check_legacy_fortiosapi() 1413 module = AnsibleModule(argument_spec=fields, 1414 supports_check_mode=True) 1415 1416 versions_check_result = None 1417 if module._socket_path: 1418 connection = Connection(module._socket_path) 1419 if 'access_token' in module.params: 1420 connection.set_option('access_token', module.params['access_token']) 1421 1422 if 'enable_log' in module.params: 1423 connection.set_option('enable_log', module.params['enable_log']) 1424 else: 1425 connection.set_option('enable_log', False) 1426 fos = FortiOSHandler(connection, module, mkeyname) 1427 versions_check_result = check_schema_versioning(fos, versioned_schema, "icap_profile") 1428 1429 is_error, has_changed, result = fortios_icap(module.params, fos, module.check_mode) 1430 1431 else: 1432 module.fail_json(**FAIL_SOCKET_MSG) 1433 1434 if versions_check_result and versions_check_result['matched'] is False: 1435 module.warn("Ansible has detected version mismatch between FortOS system and your playbook, see more details by specifying option -vvv") 1436 1437 if not is_error: 1438 if versions_check_result and versions_check_result['matched'] is False: 1439 module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) 1440 else: 1441 module.exit_json(changed=has_changed, meta=result) 1442 else: 1443 if versions_check_result and versions_check_result['matched'] is False: 1444 module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) 1445 else: 1446 module.fail_json(msg="Error in repo", meta=result) 1447 1448 1449if __name__ == '__main__': 1450 main() 1451