1#!/usr/local/bin/python3.8 2from __future__ import (absolute_import, division, print_function) 3# Copyright 2019-2020 Fortinet, Inc. 4# 5# This program is free software: you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation, either version 3 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <https://www.gnu.org/licenses/>. 17 18__metaclass__ = type 19 20ANSIBLE_METADATA = {'status': ['preview'], 21 'supported_by': 'community', 22 'metadata_version': '1.1'} 23 24DOCUMENTATION = ''' 25--- 26module: fortios_ips_global 27short_description: Configure IPS global parameter in Fortinet's FortiOS and FortiGate. 28description: 29 - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the 30 user to set and modify ips feature and global category. 31 Examples include all parameters and values need to be adjusted to datasources before usage. 32 Tested with FOS v6.0.0 33version_added: "2.10" 34author: 35 - Link Zheng (@chillancezen) 36 - Jie Xue (@JieX19) 37 - Hongbin Lu (@fgtdev-hblu) 38 - Frank Shen (@frankshen01) 39 - Miguel Angel Munoz (@mamunozgonzalez) 40 - Nicolas Thomas (@thomnico) 41notes: 42 - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks 43 44requirements: 45 - ansible>=2.9.0 46options: 47 access_token: 48 description: 49 - Token-based authentication. 50 Generated from GUI of Fortigate. 51 type: str 52 required: false 53 enable_log: 54 description: 55 - Enable/Disable logging for task. 56 type: bool 57 required: false 58 default: false 59 vdom: 60 description: 61 - Virtual domain, among those defined previously. A vdom is a 62 virtual instance of the FortiGate that can be configured and 63 used as a different unit. 64 type: str 65 default: root 66 67 ips_global: 68 description: 69 - Configure IPS global parameter. 70 default: null 71 type: dict 72 suboptions: 73 anomaly_mode: 74 description: 75 - Global blocking mode for rate-based anomalies. 76 type: str 77 choices: 78 - periodical 79 - continuous 80 cp_accel_mode: 81 description: 82 - IPS Pattern matching acceleration/offloading to CPx processors. 83 type: str 84 choices: 85 - none 86 - basic 87 - advanced 88 database: 89 description: 90 - Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from 91 legacy attacks. 92 type: str 93 choices: 94 - regular 95 - extended 96 deep_app_insp_db_limit: 97 description: 98 - Limit on number of entries in deep application inspection database (1 - 2147483647, 0 = use recommended setting) 99 type: int 100 deep_app_insp_timeout: 101 description: 102 - Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting). 103 type: int 104 engine_count: 105 description: 106 - Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number 107 of CPU cores. 108 type: int 109 exclude_signatures: 110 description: 111 - Excluded signatures. 112 type: str 113 choices: 114 - none 115 - industrial 116 fail_open: 117 description: 118 - Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. 119 type: str 120 choices: 121 - enable 122 - disable 123 intelligent_mode: 124 description: 125 - Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. 126 type: str 127 choices: 128 - enable 129 - disable 130 ips_reserve_cpu: 131 description: 132 - Enable/disable IPS daemon"s use of CPUs other than CPU 0 133 type: str 134 choices: 135 - disable 136 - enable 137 ngfw_max_scan_range: 138 description: 139 - NGFW policy-mode app detection threshold. 140 type: int 141 np_accel_mode: 142 description: 143 - Acceleration mode for IPS processing by NPx processors. 144 type: str 145 choices: 146 - none 147 - basic 148 packet_log_queue_depth: 149 description: 150 - Packet/pcap log queue depth per IPS engine. 151 type: int 152 session_limit_mode: 153 description: 154 - Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved 155 performance (heuristics). 156 type: str 157 choices: 158 - accurate 159 - heuristic 160 skype_client_public_ipaddr: 161 description: 162 - Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas. 163 type: str 164 socket_size: 165 description: 166 - IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance. 167 type: int 168 sync_session_ttl: 169 description: 170 - Enable/disable use of kernel session TTL for IPS sessions. 171 type: str 172 choices: 173 - enable 174 - disable 175 tls_active_probe: 176 description: 177 - TLS active probe configuration. 178 type: dict 179 suboptions: 180 interface: 181 description: 182 - Specify outgoing interface to reach server. Source system.interface.name. 183 type: str 184 interface_select_method: 185 description: 186 - Specify how to select outgoing interface to reach server. 187 type: str 188 choices: 189 - auto 190 - sdwan 191 - specify 192 source_ip: 193 description: 194 - Source IP address used for TLS active probe. 195 type: str 196 source_ip6: 197 description: 198 - Source IPv6 address used for TLS active probe. 199 type: str 200 vdom: 201 description: 202 - Virtual domain name for TLS active probe. Source system.vdom.name. 203 type: str 204 traffic_submit: 205 description: 206 - Enable/disable submitting attack data found by this FortiGate to FortiGuard. 207 type: str 208 choices: 209 - enable 210 - disable 211''' 212 213EXAMPLES = ''' 214- hosts: fortigates 215 collections: 216 - fortinet.fortios 217 connection: httpapi 218 vars: 219 vdom: "root" 220 ansible_httpapi_use_ssl: yes 221 ansible_httpapi_validate_certs: no 222 ansible_httpapi_port: 443 223 tasks: 224 - name: Configure IPS global parameter. 225 fortios_ips_global: 226 vdom: "{{ vdom }}" 227 ips_global: 228 anomaly_mode: "periodical" 229 cp_accel_mode: "none" 230 database: "regular" 231 deep_app_insp_db_limit: "6" 232 deep_app_insp_timeout: "7" 233 engine_count: "8" 234 exclude_signatures: "none" 235 fail_open: "enable" 236 intelligent_mode: "enable" 237 ips_reserve_cpu: "disable" 238 ngfw_max_scan_range: "13" 239 np_accel_mode: "none" 240 packet_log_queue_depth: "15" 241 session_limit_mode: "accurate" 242 skype_client_public_ipaddr: "<your_own_value>" 243 socket_size: "18" 244 sync_session_ttl: "enable" 245 tls_active_probe: 246 interface: "<your_own_value> (source system.interface.name)" 247 interface_select_method: "auto" 248 source_ip: "84.230.14.43" 249 source_ip6: "<your_own_value>" 250 vdom: "<your_own_value> (source system.vdom.name)" 251 traffic_submit: "enable" 252 253''' 254 255RETURN = ''' 256build: 257 description: Build number of the fortigate image 258 returned: always 259 type: str 260 sample: '1547' 261http_method: 262 description: Last method used to provision the content into FortiGate 263 returned: always 264 type: str 265 sample: 'PUT' 266http_status: 267 description: Last result given by FortiGate on last operation applied 268 returned: always 269 type: str 270 sample: "200" 271mkey: 272 description: Master key (id) used in the last call to FortiGate 273 returned: success 274 type: str 275 sample: "id" 276name: 277 description: Name of the table used to fulfill the request 278 returned: always 279 type: str 280 sample: "urlfilter" 281path: 282 description: Path of the table used to fulfill the request 283 returned: always 284 type: str 285 sample: "webfilter" 286revision: 287 description: Internal revision number 288 returned: always 289 type: str 290 sample: "17.0.2.10658" 291serial: 292 description: Serial number of the unit 293 returned: always 294 type: str 295 sample: "FGVMEVYYQT3AB5352" 296status: 297 description: Indication of the operation's result 298 returned: always 299 type: str 300 sample: "success" 301vdom: 302 description: Virtual domain used 303 returned: always 304 type: str 305 sample: "root" 306version: 307 description: Version of the FortiGate 308 returned: always 309 type: str 310 sample: "v5.6.3" 311 312''' 313from ansible.module_utils.basic import AnsibleModule 314from ansible.module_utils.connection import Connection 315from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler 316from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi 317from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import schema_to_module_spec 318from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_schema_versioning 319from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG 320from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import is_same_comparison 321from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import serialize 322 323 324def filter_ips_global_data(json): 325 option_list = ['anomaly_mode', 'cp_accel_mode', 'database', 326 'deep_app_insp_db_limit', 'deep_app_insp_timeout', 'engine_count', 327 'exclude_signatures', 'fail_open', 'intelligent_mode', 328 'ips_reserve_cpu', 'ngfw_max_scan_range', 'np_accel_mode', 329 'packet_log_queue_depth', 'session_limit_mode', 'skype_client_public_ipaddr', 330 'socket_size', 'sync_session_ttl', 'tls_active_probe', 331 'traffic_submit'] 332 dictionary = {} 333 334 for attribute in option_list: 335 if attribute in json and json[attribute] is not None: 336 dictionary[attribute] = json[attribute] 337 338 return dictionary 339 340 341def underscore_to_hyphen(data): 342 if isinstance(data, list): 343 for i, elem in enumerate(data): 344 data[i] = underscore_to_hyphen(elem) 345 elif isinstance(data, dict): 346 new_data = {} 347 for k, v in data.items(): 348 new_data[k.replace('_', '-')] = underscore_to_hyphen(v) 349 data = new_data 350 351 return data 352 353 354def ips_global(data, fos): 355 vdom = data['vdom'] 356 ips_global_data = data['ips_global'] 357 filtered_data = underscore_to_hyphen(filter_ips_global_data(ips_global_data)) 358 359 return fos.set('ips', 360 'global', 361 data=filtered_data, 362 vdom=vdom) 363 364 365def is_successful_status(status): 366 return status['status'] == "success" or \ 367 status['http_method'] == "DELETE" and status['http_status'] == 404 368 369 370def fortios_ips(data, fos): 371 372 if data['ips_global']: 373 resp = ips_global(data, fos) 374 else: 375 fos._module.fail_json(msg='missing task body: %s' % ('ips_global')) 376 377 return not is_successful_status(resp), \ 378 resp['status'] == "success" and \ 379 (resp['revision_changed'] if 'revision_changed' in resp else True), \ 380 resp 381 382 383versioned_schema = { 384 "type": "dict", 385 "children": { 386 "ngfw_max_scan_range": { 387 "type": "integer", 388 "revisions": { 389 "v6.4.4": True, 390 "v7.0.0": True 391 } 392 }, 393 "deep_app_insp_timeout": { 394 "type": "integer", 395 "revisions": { 396 "v6.0.0": True, 397 "v7.0.0": True, 398 "v6.0.5": True, 399 "v6.4.4": True, 400 "v6.4.0": True, 401 "v6.4.1": True, 402 "v6.2.0": True, 403 "v6.2.3": True, 404 "v6.2.5": True, 405 "v6.2.7": True, 406 "v6.0.11": True 407 } 408 }, 409 "np_accel_mode": { 410 "type": "string", 411 "options": [ 412 { 413 "value": "none", 414 "revisions": { 415 "v6.0.0": True, 416 "v7.0.0": True, 417 "v6.0.5": True, 418 "v6.4.4": True, 419 "v6.4.0": True, 420 "v6.4.1": True, 421 "v6.2.0": True, 422 "v6.2.3": True, 423 "v6.2.5": True, 424 "v6.2.7": True, 425 "v6.0.11": True 426 } 427 }, 428 { 429 "value": "basic", 430 "revisions": { 431 "v6.0.0": True, 432 "v7.0.0": True, 433 "v6.0.5": True, 434 "v6.4.4": True, 435 "v6.4.0": True, 436 "v6.4.1": True, 437 "v6.2.0": True, 438 "v6.2.3": True, 439 "v6.2.5": True, 440 "v6.2.7": True, 441 "v6.0.11": True 442 } 443 } 444 ], 445 "revisions": { 446 "v6.0.0": True, 447 "v7.0.0": False, 448 "v6.0.5": True, 449 "v6.4.4": True, 450 "v6.4.0": True, 451 "v6.4.1": True, 452 "v6.2.0": True, 453 "v6.2.3": True, 454 "v6.2.5": True, 455 "v6.2.7": True, 456 "v6.0.11": True 457 } 458 }, 459 "packet_log_queue_depth": { 460 "type": "integer", 461 "revisions": { 462 "v7.0.0": True, 463 "v6.4.4": True, 464 "v6.4.1": True, 465 "v6.4.0": True, 466 "v6.2.7": True 467 } 468 }, 469 "session_limit_mode": { 470 "type": "string", 471 "options": [ 472 { 473 "value": "accurate", 474 "revisions": { 475 "v6.0.0": True, 476 "v7.0.0": True, 477 "v6.0.5": True, 478 "v6.4.4": True, 479 "v6.4.0": True, 480 "v6.4.1": True, 481 "v6.2.0": True, 482 "v6.2.3": True, 483 "v6.2.5": True, 484 "v6.2.7": True, 485 "v6.0.11": True 486 } 487 }, 488 { 489 "value": "heuristic", 490 "revisions": { 491 "v6.0.0": True, 492 "v7.0.0": True, 493 "v6.0.5": True, 494 "v6.4.4": True, 495 "v6.4.0": True, 496 "v6.4.1": True, 497 "v6.2.0": True, 498 "v6.2.3": True, 499 "v6.2.5": True, 500 "v6.2.7": True, 501 "v6.0.11": True 502 } 503 } 504 ], 505 "revisions": { 506 "v6.0.0": True, 507 "v7.0.0": True, 508 "v6.0.5": True, 509 "v6.4.4": True, 510 "v6.4.0": True, 511 "v6.4.1": True, 512 "v6.2.0": True, 513 "v6.2.3": True, 514 "v6.2.5": True, 515 "v6.2.7": True, 516 "v6.0.11": True 517 } 518 }, 519 "fail_open": { 520 "type": "string", 521 "options": [ 522 { 523 "value": "enable", 524 "revisions": { 525 "v6.0.0": True, 526 "v7.0.0": True, 527 "v6.0.5": True, 528 "v6.4.4": True, 529 "v6.4.0": True, 530 "v6.4.1": True, 531 "v6.2.0": True, 532 "v6.2.3": True, 533 "v6.2.5": True, 534 "v6.2.7": True, 535 "v6.0.11": True 536 } 537 }, 538 { 539 "value": "disable", 540 "revisions": { 541 "v6.0.0": True, 542 "v7.0.0": True, 543 "v6.0.5": True, 544 "v6.4.4": True, 545 "v6.4.0": True, 546 "v6.4.1": True, 547 "v6.2.0": True, 548 "v6.2.3": True, 549 "v6.2.5": True, 550 "v6.2.7": True, 551 "v6.0.11": True 552 } 553 } 554 ], 555 "revisions": { 556 "v6.0.0": True, 557 "v7.0.0": True, 558 "v6.0.5": True, 559 "v6.4.4": True, 560 "v6.4.0": True, 561 "v6.4.1": True, 562 "v6.2.0": True, 563 "v6.2.3": True, 564 "v6.2.5": True, 565 "v6.2.7": True, 566 "v6.0.11": True 567 } 568 }, 569 "database": { 570 "type": "string", 571 "options": [ 572 { 573 "value": "regular", 574 "revisions": { 575 "v6.0.0": True, 576 "v7.0.0": True, 577 "v6.0.5": True, 578 "v6.4.4": True, 579 "v6.4.0": True, 580 "v6.4.1": True, 581 "v6.2.0": True, 582 "v6.2.3": True, 583 "v6.2.5": True, 584 "v6.2.7": True, 585 "v6.0.11": True 586 } 587 }, 588 { 589 "value": "extended", 590 "revisions": { 591 "v6.0.0": True, 592 "v7.0.0": True, 593 "v6.0.5": True, 594 "v6.4.4": True, 595 "v6.4.0": True, 596 "v6.4.1": True, 597 "v6.2.0": True, 598 "v6.2.3": True, 599 "v6.2.5": True, 600 "v6.2.7": True, 601 "v6.0.11": True 602 } 603 } 604 ], 605 "revisions": { 606 "v6.0.0": True, 607 "v7.0.0": True, 608 "v6.0.5": True, 609 "v6.4.4": True, 610 "v6.4.0": True, 611 "v6.4.1": True, 612 "v6.2.0": True, 613 "v6.2.3": True, 614 "v6.2.5": True, 615 "v6.2.7": True, 616 "v6.0.11": True 617 } 618 }, 619 "ips_reserve_cpu": { 620 "type": "string", 621 "options": [ 622 { 623 "value": "disable", 624 "revisions": { 625 "v6.0.0": True, 626 "v7.0.0": True, 627 "v6.0.5": True, 628 "v6.4.4": True, 629 "v6.4.0": True, 630 "v6.4.1": True, 631 "v6.2.0": True, 632 "v6.2.3": True, 633 "v6.2.5": True, 634 "v6.2.7": True, 635 "v6.0.11": True 636 } 637 }, 638 { 639 "value": "enable", 640 "revisions": { 641 "v6.0.0": True, 642 "v7.0.0": True, 643 "v6.0.5": True, 644 "v6.4.4": True, 645 "v6.4.0": True, 646 "v6.4.1": True, 647 "v6.2.0": True, 648 "v6.2.3": True, 649 "v6.2.5": True, 650 "v6.2.7": True, 651 "v6.0.11": True 652 } 653 } 654 ], 655 "revisions": { 656 "v6.0.0": True, 657 "v7.0.0": False, 658 "v6.0.5": True, 659 "v6.4.4": True, 660 "v6.4.0": True, 661 "v6.4.1": True, 662 "v6.2.0": True, 663 "v6.2.3": True, 664 "v6.2.5": True, 665 "v6.2.7": True, 666 "v6.0.11": True 667 } 668 }, 669 "anomaly_mode": { 670 "type": "string", 671 "options": [ 672 { 673 "value": "periodical", 674 "revisions": { 675 "v6.0.0": True, 676 "v7.0.0": True, 677 "v6.0.5": True, 678 "v6.4.4": True, 679 "v6.4.0": True, 680 "v6.4.1": True, 681 "v6.2.0": True, 682 "v6.2.3": True, 683 "v6.2.5": True, 684 "v6.2.7": True, 685 "v6.0.11": True 686 } 687 }, 688 { 689 "value": "continuous", 690 "revisions": { 691 "v6.0.0": True, 692 "v7.0.0": True, 693 "v6.0.5": True, 694 "v6.4.4": True, 695 "v6.4.0": True, 696 "v6.4.1": True, 697 "v6.2.0": True, 698 "v6.2.3": True, 699 "v6.2.5": True, 700 "v6.2.7": True, 701 "v6.0.11": True 702 } 703 } 704 ], 705 "revisions": { 706 "v6.0.0": True, 707 "v7.0.0": True, 708 "v6.0.5": True, 709 "v6.4.4": True, 710 "v6.4.0": True, 711 "v6.4.1": True, 712 "v6.2.0": True, 713 "v6.2.3": True, 714 "v6.2.5": True, 715 "v6.2.7": True, 716 "v6.0.11": True 717 } 718 }, 719 "exclude_signatures": { 720 "type": "string", 721 "options": [ 722 { 723 "value": "none", 724 "revisions": { 725 "v6.0.0": True, 726 "v7.0.0": True, 727 "v6.0.5": True, 728 "v6.4.4": True, 729 "v6.4.0": True, 730 "v6.4.1": True, 731 "v6.2.0": True, 732 "v6.2.3": True, 733 "v6.2.5": True, 734 "v6.2.7": True, 735 "v6.0.11": True 736 } 737 }, 738 { 739 "value": "industrial", 740 "revisions": { 741 "v6.0.0": True, 742 "v7.0.0": True, 743 "v6.0.5": True, 744 "v6.4.4": True, 745 "v6.4.0": True, 746 "v6.4.1": True, 747 "v6.2.0": True, 748 "v6.2.3": True, 749 "v6.2.5": True, 750 "v6.2.7": True, 751 "v6.0.11": True 752 } 753 } 754 ], 755 "revisions": { 756 "v6.0.0": True, 757 "v7.0.0": True, 758 "v6.0.5": True, 759 "v6.4.4": True, 760 "v6.4.0": True, 761 "v6.4.1": True, 762 "v6.2.0": True, 763 "v6.2.3": True, 764 "v6.2.5": True, 765 "v6.2.7": True, 766 "v6.0.11": True 767 } 768 }, 769 "tls_active_probe": { 770 "type": "dict", 771 "children": { 772 "interface": { 773 "type": "string", 774 "revisions": { 775 "v6.4.4": True, 776 "v7.0.0": True, 777 "v6.2.7": True 778 } 779 }, 780 "source_ip6": { 781 "type": "string", 782 "revisions": { 783 "v6.4.4": True, 784 "v7.0.0": True, 785 "v6.2.7": True 786 } 787 }, 788 "source_ip": { 789 "type": "string", 790 "revisions": { 791 "v6.4.4": True, 792 "v7.0.0": True, 793 "v6.2.7": True 794 } 795 }, 796 "vdom": { 797 "type": "string", 798 "revisions": { 799 "v6.4.4": True, 800 "v7.0.0": True, 801 "v6.2.7": True 802 } 803 }, 804 "interface_select_method": { 805 "type": "string", 806 "options": [ 807 { 808 "value": "auto", 809 "revisions": { 810 "v6.4.4": True, 811 "v7.0.0": True, 812 "v6.2.7": True 813 } 814 }, 815 { 816 "value": "sdwan", 817 "revisions": { 818 "v6.4.4": True, 819 "v7.0.0": True, 820 "v6.2.7": True 821 } 822 }, 823 { 824 "value": "specify", 825 "revisions": { 826 "v6.4.4": True, 827 "v7.0.0": True, 828 "v6.2.7": True 829 } 830 } 831 ], 832 "revisions": { 833 "v6.4.4": True, 834 "v7.0.0": True, 835 "v6.2.7": True 836 } 837 } 838 }, 839 "revisions": { 840 "v7.0.0": True, 841 "v6.4.4": True, 842 "v6.4.1": False, 843 "v6.4.0": False, 844 "v6.2.7": True 845 } 846 }, 847 "traffic_submit": { 848 "type": "string", 849 "options": [ 850 { 851 "value": "enable", 852 "revisions": { 853 "v6.0.0": True, 854 "v7.0.0": True, 855 "v6.0.5": True, 856 "v6.4.4": True, 857 "v6.4.0": True, 858 "v6.4.1": True, 859 "v6.2.0": True, 860 "v6.2.3": True, 861 "v6.2.5": True, 862 "v6.2.7": True, 863 "v6.0.11": True 864 } 865 }, 866 { 867 "value": "disable", 868 "revisions": { 869 "v6.0.0": True, 870 "v7.0.0": True, 871 "v6.0.5": True, 872 "v6.4.4": True, 873 "v6.4.0": True, 874 "v6.4.1": True, 875 "v6.2.0": True, 876 "v6.2.3": True, 877 "v6.2.5": True, 878 "v6.2.7": True, 879 "v6.0.11": True 880 } 881 } 882 ], 883 "revisions": { 884 "v6.0.0": True, 885 "v7.0.0": True, 886 "v6.0.5": True, 887 "v6.4.4": True, 888 "v6.4.0": True, 889 "v6.4.1": True, 890 "v6.2.0": True, 891 "v6.2.3": True, 892 "v6.2.5": True, 893 "v6.2.7": True, 894 "v6.0.11": True 895 } 896 }, 897 "socket_size": { 898 "type": "integer", 899 "revisions": { 900 "v6.0.0": True, 901 "v7.0.0": True, 902 "v6.0.5": True, 903 "v6.4.4": True, 904 "v6.4.0": True, 905 "v6.4.1": True, 906 "v6.2.0": True, 907 "v6.2.3": True, 908 "v6.2.5": True, 909 "v6.2.7": True, 910 "v6.0.11": True 911 } 912 }, 913 "skype_client_public_ipaddr": { 914 "type": "string", 915 "revisions": { 916 "v6.0.0": True, 917 "v7.0.0": False, 918 "v6.0.5": True, 919 "v6.4.4": False, 920 "v6.4.0": False, 921 "v6.4.1": False, 922 "v6.2.0": True, 923 "v6.2.3": True, 924 "v6.2.5": True, 925 "v6.2.7": True, 926 "v6.0.11": True 927 } 928 }, 929 "deep_app_insp_db_limit": { 930 "type": "integer", 931 "revisions": { 932 "v6.0.0": True, 933 "v7.0.0": True, 934 "v6.0.5": True, 935 "v6.4.4": True, 936 "v6.4.0": True, 937 "v6.4.1": True, 938 "v6.2.0": True, 939 "v6.2.3": True, 940 "v6.2.5": True, 941 "v6.2.7": True, 942 "v6.0.11": True 943 } 944 }, 945 "engine_count": { 946 "type": "integer", 947 "revisions": { 948 "v6.0.0": True, 949 "v7.0.0": True, 950 "v6.0.5": True, 951 "v6.4.4": True, 952 "v6.4.0": True, 953 "v6.4.1": True, 954 "v6.2.0": True, 955 "v6.2.3": True, 956 "v6.2.5": True, 957 "v6.2.7": True, 958 "v6.0.11": True 959 } 960 }, 961 "intelligent_mode": { 962 "type": "string", 963 "options": [ 964 { 965 "value": "enable", 966 "revisions": { 967 "v6.0.0": True, 968 "v6.0.5": True, 969 "v6.4.0": True, 970 "v6.4.1": True, 971 "v6.2.0": True, 972 "v6.2.3": True, 973 "v6.2.5": True, 974 "v6.2.7": True, 975 "v6.0.11": True 976 } 977 }, 978 { 979 "value": "disable", 980 "revisions": { 981 "v6.0.0": True, 982 "v6.0.5": True, 983 "v6.4.0": True, 984 "v6.4.1": True, 985 "v6.2.0": True, 986 "v6.2.3": True, 987 "v6.2.5": True, 988 "v6.2.7": True, 989 "v6.0.11": True 990 } 991 } 992 ], 993 "revisions": { 994 "v6.0.0": True, 995 "v7.0.0": False, 996 "v6.0.5": True, 997 "v6.4.4": False, 998 "v6.4.0": True, 999 "v6.4.1": True, 1000 "v6.2.0": True, 1001 "v6.2.3": True, 1002 "v6.2.5": True, 1003 "v6.2.7": True, 1004 "v6.0.11": True 1005 } 1006 }, 1007 "sync_session_ttl": { 1008 "type": "string", 1009 "options": [ 1010 { 1011 "value": "enable", 1012 "revisions": { 1013 "v6.0.0": True, 1014 "v7.0.0": True, 1015 "v6.0.5": True, 1016 "v6.4.4": True, 1017 "v6.4.0": True, 1018 "v6.4.1": True, 1019 "v6.2.0": True, 1020 "v6.2.3": True, 1021 "v6.2.5": True, 1022 "v6.2.7": True, 1023 "v6.0.11": True 1024 } 1025 }, 1026 { 1027 "value": "disable", 1028 "revisions": { 1029 "v6.0.0": True, 1030 "v7.0.0": True, 1031 "v6.0.5": True, 1032 "v6.4.4": True, 1033 "v6.4.0": True, 1034 "v6.4.1": True, 1035 "v6.2.0": True, 1036 "v6.2.3": True, 1037 "v6.2.5": True, 1038 "v6.2.7": True, 1039 "v6.0.11": True 1040 } 1041 } 1042 ], 1043 "revisions": { 1044 "v6.0.0": True, 1045 "v7.0.0": True, 1046 "v6.0.5": True, 1047 "v6.4.4": True, 1048 "v6.4.0": True, 1049 "v6.4.1": True, 1050 "v6.2.0": True, 1051 "v6.2.3": True, 1052 "v6.2.5": True, 1053 "v6.2.7": True, 1054 "v6.0.11": True 1055 } 1056 }, 1057 "cp_accel_mode": { 1058 "type": "string", 1059 "options": [ 1060 { 1061 "value": "none", 1062 "revisions": { 1063 "v6.0.0": True, 1064 "v7.0.0": True, 1065 "v6.0.5": True, 1066 "v6.4.4": True, 1067 "v6.4.0": True, 1068 "v6.4.1": True, 1069 "v6.2.0": True, 1070 "v6.2.3": True, 1071 "v6.2.5": True, 1072 "v6.2.7": True, 1073 "v6.0.11": True 1074 } 1075 }, 1076 { 1077 "value": "basic", 1078 "revisions": { 1079 "v6.0.0": True, 1080 "v7.0.0": True, 1081 "v6.0.5": True, 1082 "v6.4.4": True, 1083 "v6.4.0": True, 1084 "v6.4.1": True, 1085 "v6.2.0": True, 1086 "v6.2.3": True, 1087 "v6.2.5": True, 1088 "v6.2.7": True, 1089 "v6.0.11": True 1090 } 1091 }, 1092 { 1093 "value": "advanced", 1094 "revisions": { 1095 "v6.0.0": True, 1096 "v7.0.0": True, 1097 "v6.0.5": True, 1098 "v6.4.4": True, 1099 "v6.4.0": True, 1100 "v6.4.1": True, 1101 "v6.2.0": True, 1102 "v6.2.3": True, 1103 "v6.2.5": True, 1104 "v6.2.7": True, 1105 "v6.0.11": True 1106 } 1107 } 1108 ], 1109 "revisions": { 1110 "v6.0.0": True, 1111 "v7.0.0": False, 1112 "v6.0.5": True, 1113 "v6.4.4": True, 1114 "v6.4.0": True, 1115 "v6.4.1": True, 1116 "v6.2.0": True, 1117 "v6.2.3": True, 1118 "v6.2.5": True, 1119 "v6.2.7": True, 1120 "v6.0.11": True 1121 } 1122 } 1123 }, 1124 "revisions": { 1125 "v6.0.0": True, 1126 "v7.0.0": True, 1127 "v6.0.5": True, 1128 "v6.4.4": True, 1129 "v6.4.0": True, 1130 "v6.4.1": True, 1131 "v6.2.0": True, 1132 "v6.2.3": True, 1133 "v6.2.5": True, 1134 "v6.2.7": True, 1135 "v6.0.11": True 1136 } 1137} 1138 1139 1140def main(): 1141 module_spec = schema_to_module_spec(versioned_schema) 1142 mkeyname = None 1143 fields = { 1144 "access_token": {"required": False, "type": "str", "no_log": True}, 1145 "enable_log": {"required": False, "type": bool}, 1146 "vdom": {"required": False, "type": "str", "default": "root"}, 1147 "ips_global": { 1148 "required": False, "type": "dict", "default": None, 1149 "options": { 1150 } 1151 } 1152 } 1153 for attribute_name in module_spec['options']: 1154 fields["ips_global"]['options'][attribute_name] = module_spec['options'][attribute_name] 1155 if mkeyname and mkeyname == attribute_name: 1156 fields["ips_global"]['options'][attribute_name]['required'] = True 1157 1158 check_legacy_fortiosapi() 1159 module = AnsibleModule(argument_spec=fields, 1160 supports_check_mode=False) 1161 1162 versions_check_result = None 1163 if module._socket_path: 1164 connection = Connection(module._socket_path) 1165 if 'access_token' in module.params: 1166 connection.set_option('access_token', module.params['access_token']) 1167 1168 if 'enable_log' in module.params: 1169 connection.set_option('enable_log', module.params['enable_log']) 1170 else: 1171 connection.set_option('enable_log', False) 1172 fos = FortiOSHandler(connection, module, mkeyname) 1173 versions_check_result = check_schema_versioning(fos, versioned_schema, "ips_global") 1174 1175 is_error, has_changed, result = fortios_ips(module.params, fos) 1176 1177 else: 1178 module.fail_json(**FAIL_SOCKET_MSG) 1179 1180 if versions_check_result and versions_check_result['matched'] is False: 1181 module.warn("Ansible has detected version mismatch between FortOS system and your playbook, see more details by specifying option -vvv") 1182 1183 if not is_error: 1184 if versions_check_result and versions_check_result['matched'] is False: 1185 module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) 1186 else: 1187 module.exit_json(changed=has_changed, meta=result) 1188 else: 1189 if versions_check_result and versions_check_result['matched'] is False: 1190 module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) 1191 else: 1192 module.fail_json(msg="Error in repo", meta=result) 1193 1194 1195if __name__ == '__main__': 1196 main() 1197