1#!/usr/local/bin/python3.8 2from __future__ import (absolute_import, division, print_function) 3# Copyright 2019-2020 Fortinet, Inc. 4# 5# This program is free software: you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation, either version 3 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <https://www.gnu.org/licenses/>. 17 18__metaclass__ = type 19 20ANSIBLE_METADATA = {'status': ['preview'], 21 'supported_by': 'community', 22 'metadata_version': '1.1'} 23 24DOCUMENTATION = ''' 25--- 26module: fortios_log_fortianalyzer_override_setting 27short_description: Override FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. 28description: 29 - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the 30 user to set and modify log_fortianalyzer feature and override_setting category. 31 Examples include all parameters and values need to be adjusted to datasources before usage. 32 Tested with FOS v6.0.0 33version_added: "2.10" 34author: 35 - Link Zheng (@chillancezen) 36 - Jie Xue (@JieX19) 37 - Hongbin Lu (@fgtdev-hblu) 38 - Frank Shen (@frankshen01) 39 - Miguel Angel Munoz (@mamunozgonzalez) 40 - Nicolas Thomas (@thomnico) 41notes: 42 - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks 43 44requirements: 45 - ansible>=2.9.0 46options: 47 access_token: 48 description: 49 - Token-based authentication. 50 Generated from GUI of Fortigate. 51 type: str 52 required: false 53 enable_log: 54 description: 55 - Enable/Disable logging for task. 56 type: bool 57 required: false 58 default: false 59 vdom: 60 description: 61 - Virtual domain, among those defined previously. A vdom is a 62 virtual instance of the FortiGate that can be configured and 63 used as a different unit. 64 type: str 65 default: root 66 67 log_fortianalyzer_override_setting: 68 description: 69 - Override FortiAnalyzer settings. 70 default: null 71 type: dict 72 suboptions: 73 __change_ip: 74 description: 75 - Hidden attribute. 76 type: int 77 access_config: 78 description: 79 - Enable/disable FortiAnalyzer access to configuration and data. 80 type: str 81 choices: 82 - enable 83 - disable 84 certificate: 85 description: 86 - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. 87 type: str 88 certificate_verification: 89 description: 90 - Enable/disable identity verification of FortiAnalyzer by use of certificate. 91 type: str 92 choices: 93 - enable 94 - disable 95 conn_timeout: 96 description: 97 - FortiAnalyzer connection time-out in seconds (for status and log buffer). 98 type: int 99 enc_algorithm: 100 description: 101 - Enable/disable sending FortiAnalyzer log data with SSL encryption. 102 type: str 103 choices: 104 - high-medium 105 - high 106 - low 107 faz_type: 108 description: 109 - Hidden setting index of FortiAnalyzer. 110 type: int 111 hmac_algorithm: 112 description: 113 - FortiAnalyzer IPsec tunnel HMAC algorithm. 114 type: str 115 choices: 116 - sha256 117 - sha1 118 interface: 119 description: 120 - Specify outgoing interface to reach server. Source system.interface.name. 121 type: str 122 interface_select_method: 123 description: 124 - Specify how to select outgoing interface to reach server. 125 type: str 126 choices: 127 - auto 128 - sdwan 129 - specify 130 ips_archive: 131 description: 132 - Enable/disable IPS packet archive logging. 133 type: str 134 choices: 135 - enable 136 - disable 137 max_log_rate: 138 description: 139 - FortiAnalyzer maximum log rate in MBps (0 = unlimited). 140 type: int 141 mgmt_name: 142 description: 143 - Hidden management name of FortiAnalyzer. 144 type: str 145 monitor_failure_retry_period: 146 description: 147 - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). 148 type: int 149 monitor_keepalive_period: 150 description: 151 - Time between OFTP keepalives in seconds (for status and log buffer). 152 type: int 153 override: 154 description: 155 - Enable/disable overriding FortiAnalyzer settings or use global settings. 156 type: str 157 choices: 158 - enable 159 - disable 160 preshared_key: 161 description: 162 - Preshared-key used for auto-authorization on FortiAnalyzer. 163 type: str 164 priority: 165 description: 166 - Set log transmission priority. 167 type: str 168 choices: 169 - default 170 - low 171 reliable: 172 description: 173 - Enable/disable reliable logging to FortiAnalyzer. 174 type: str 175 choices: 176 - enable 177 - disable 178 serial: 179 description: 180 - Serial numbers of the FortiAnalyzer. 181 type: list 182 suboptions: 183 name: 184 description: 185 - Serial Number. 186 required: true 187 type: str 188 server: 189 description: 190 - The remote FortiAnalyzer. 191 type: str 192 source_ip: 193 description: 194 - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. 195 type: str 196 ssl_min_proto_version: 197 description: 198 - Minimum supported protocol version for SSL/TLS connections . 199 type: str 200 choices: 201 - default 202 - SSLv3 203 - TLSv1 204 - TLSv1-1 205 - TLSv1-2 206 status: 207 description: 208 - Enable/disable logging to FortiAnalyzer. 209 type: str 210 choices: 211 - enable 212 - disable 213 upload_day: 214 description: 215 - Day of week (month) to upload logs. 216 type: str 217 upload_interval: 218 description: 219 - Frequency to upload log files to FortiAnalyzer. 220 type: str 221 choices: 222 - daily 223 - weekly 224 - monthly 225 upload_option: 226 description: 227 - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. 228 type: str 229 choices: 230 - store-and-upload 231 - realtime 232 - 1-minute 233 - 5-minute 234 upload_time: 235 description: 236 - 'Time to upload logs (hh:mm).' 237 type: str 238 use_management_vdom: 239 description: 240 - Enable/disable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer. 241 type: str 242 choices: 243 - enable 244 - disable 245''' 246 247EXAMPLES = ''' 248- hosts: fortigates 249 collections: 250 - fortinet.fortios 251 connection: httpapi 252 vars: 253 vdom: "root" 254 ansible_httpapi_use_ssl: yes 255 ansible_httpapi_validate_certs: no 256 ansible_httpapi_port: 443 257 tasks: 258 - name: Override FortiAnalyzer settings. 259 fortios_log_fortianalyzer_override_setting: 260 vdom: "{{ vdom }}" 261 log_fortianalyzer_override_setting: 262 __change_ip: "3" 263 access_config: "enable" 264 certificate: "<your_own_value> (source certificate.local.name)" 265 certificate_verification: "enable" 266 conn_timeout: "7" 267 enc_algorithm: "high-medium" 268 faz_type: "9" 269 hmac_algorithm: "sha256" 270 interface: "<your_own_value> (source system.interface.name)" 271 interface_select_method: "auto" 272 ips_archive: "enable" 273 max_log_rate: "14" 274 mgmt_name: "<your_own_value>" 275 monitor_failure_retry_period: "16" 276 monitor_keepalive_period: "17" 277 override: "enable" 278 preshared_key: "<your_own_value>" 279 priority: "default" 280 reliable: "enable" 281 serial: 282 - 283 name: "default_name_23" 284 server: "192.168.100.40" 285 source_ip: "84.230.14.43" 286 ssl_min_proto_version: "default" 287 status: "enable" 288 upload_day: "<your_own_value>" 289 upload_interval: "daily" 290 upload_option: "store-and-upload" 291 upload_time: "<your_own_value>" 292 use_management_vdom: "enable" 293 294''' 295 296RETURN = ''' 297build: 298 description: Build number of the fortigate image 299 returned: always 300 type: str 301 sample: '1547' 302http_method: 303 description: Last method used to provision the content into FortiGate 304 returned: always 305 type: str 306 sample: 'PUT' 307http_status: 308 description: Last result given by FortiGate on last operation applied 309 returned: always 310 type: str 311 sample: "200" 312mkey: 313 description: Master key (id) used in the last call to FortiGate 314 returned: success 315 type: str 316 sample: "id" 317name: 318 description: Name of the table used to fulfill the request 319 returned: always 320 type: str 321 sample: "urlfilter" 322path: 323 description: Path of the table used to fulfill the request 324 returned: always 325 type: str 326 sample: "webfilter" 327revision: 328 description: Internal revision number 329 returned: always 330 type: str 331 sample: "17.0.2.10658" 332serial: 333 description: Serial number of the unit 334 returned: always 335 type: str 336 sample: "FGVMEVYYQT3AB5352" 337status: 338 description: Indication of the operation's result 339 returned: always 340 type: str 341 sample: "success" 342vdom: 343 description: Virtual domain used 344 returned: always 345 type: str 346 sample: "root" 347version: 348 description: Version of the FortiGate 349 returned: always 350 type: str 351 sample: "v5.6.3" 352 353''' 354from ansible.module_utils.basic import AnsibleModule 355from ansible.module_utils.connection import Connection 356from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler 357from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi 358from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import schema_to_module_spec 359from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_schema_versioning 360from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG 361from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import is_same_comparison 362from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import serialize 363 364 365def filter_log_fortianalyzer_override_setting_data(json): 366 option_list = ['__change_ip', 'access_config', 'certificate', 367 'certificate_verification', 'conn_timeout', 'enc_algorithm', 368 'faz_type', 'hmac_algorithm', 'interface', 369 'interface_select_method', 'ips_archive', 'max_log_rate', 370 'mgmt_name', 'monitor_failure_retry_period', 'monitor_keepalive_period', 371 'override', 'preshared_key', 'priority', 372 'reliable', 'serial', 'server', 373 'source_ip', 'ssl_min_proto_version', 'status', 374 'upload_day', 'upload_interval', 'upload_option', 375 'upload_time', 'use_management_vdom'] 376 dictionary = {} 377 378 for attribute in option_list: 379 if attribute in json and json[attribute] is not None: 380 dictionary[attribute] = json[attribute] 381 382 return dictionary 383 384 385def underscore_to_hyphen(data): 386 if isinstance(data, list): 387 for i, elem in enumerate(data): 388 data[i] = underscore_to_hyphen(elem) 389 elif isinstance(data, dict): 390 new_data = {} 391 for k, v in data.items(): 392 new_data[k.replace('_', '-')] = underscore_to_hyphen(v) 393 data = new_data 394 395 return data 396 397 398def log_fortianalyzer_override_setting(data, fos): 399 vdom = data['vdom'] 400 log_fortianalyzer_override_setting_data = data['log_fortianalyzer_override_setting'] 401 filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_override_setting_data(log_fortianalyzer_override_setting_data)) 402 403 return fos.set('log.fortianalyzer', 404 'override-setting', 405 data=filtered_data, 406 vdom=vdom) 407 408 409def is_successful_status(status): 410 return status['status'] == "success" or \ 411 status['http_method'] == "DELETE" and status['http_status'] == 404 412 413 414def fortios_log_fortianalyzer(data, fos): 415 416 if data['log_fortianalyzer_override_setting']: 417 resp = log_fortianalyzer_override_setting(data, fos) 418 else: 419 fos._module.fail_json(msg='missing task body: %s' % ('log_fortianalyzer_override_setting')) 420 421 return not is_successful_status(resp), \ 422 resp['status'] == "success" and \ 423 (resp['revision_changed'] if 'revision_changed' in resp else True), \ 424 resp 425 426 427versioned_schema = { 428 "type": "dict", 429 "children": { 430 "use_management_vdom": { 431 "type": "string", 432 "options": [ 433 { 434 "value": "enable", 435 "revisions": { 436 "v6.0.0": True, 437 "v7.0.0": True, 438 "v6.0.5": True, 439 "v6.4.4": True, 440 "v6.4.0": True, 441 "v6.4.1": True, 442 "v6.2.0": True, 443 "v6.2.3": True, 444 "v6.2.5": True, 445 "v6.2.7": True, 446 "v6.0.11": True 447 } 448 }, 449 { 450 "value": "disable", 451 "revisions": { 452 "v6.0.0": True, 453 "v7.0.0": True, 454 "v6.0.5": True, 455 "v6.4.4": True, 456 "v6.4.0": True, 457 "v6.4.1": True, 458 "v6.2.0": True, 459 "v6.2.3": True, 460 "v6.2.5": True, 461 "v6.2.7": True, 462 "v6.0.11": True 463 } 464 } 465 ], 466 "revisions": { 467 "v6.0.0": True, 468 "v7.0.0": True, 469 "v6.0.5": True, 470 "v6.4.4": True, 471 "v6.4.0": True, 472 "v6.4.1": True, 473 "v6.2.0": True, 474 "v6.2.3": True, 475 "v6.2.5": True, 476 "v6.2.7": True, 477 "v6.0.11": True 478 } 479 }, 480 "faz_type": { 481 "type": "integer", 482 "revisions": { 483 "v6.0.0": True, 484 "v7.0.0": False, 485 "v6.0.5": True, 486 "v6.4.4": False, 487 "v6.4.0": False, 488 "v6.4.1": False, 489 "v6.2.0": False, 490 "v6.2.3": True, 491 "v6.2.5": False, 492 "v6.2.7": False, 493 "v6.0.11": True 494 } 495 }, 496 "interface": { 497 "type": "string", 498 "revisions": { 499 "v7.0.0": True, 500 "v6.4.4": True, 501 "v6.4.1": False, 502 "v6.4.0": True, 503 "v6.2.7": True 504 } 505 }, 506 "certificate_verification": { 507 "type": "string", 508 "options": [ 509 { 510 "value": "enable", 511 "revisions": { 512 "v7.0.0": True, 513 "v6.4.4": True, 514 "v6.4.0": True, 515 "v6.4.1": True, 516 "v6.2.0": True, 517 "v6.2.3": True, 518 "v6.2.5": True, 519 "v6.2.7": True 520 } 521 }, 522 { 523 "value": "disable", 524 "revisions": { 525 "v7.0.0": True, 526 "v6.4.4": True, 527 "v6.4.0": True, 528 "v6.4.1": True, 529 "v6.2.0": True, 530 "v6.2.3": True, 531 "v6.2.5": True, 532 "v6.2.7": True 533 } 534 } 535 ], 536 "revisions": { 537 "v7.0.0": True, 538 "v6.4.4": True, 539 "v6.4.0": True, 540 "v6.4.1": True, 541 "v6.2.0": True, 542 "v6.2.3": True, 543 "v6.2.5": True, 544 "v6.2.7": True 545 } 546 }, 547 "upload_interval": { 548 "type": "string", 549 "options": [ 550 { 551 "value": "daily", 552 "revisions": { 553 "v6.0.0": True, 554 "v7.0.0": True, 555 "v6.0.5": True, 556 "v6.4.4": True, 557 "v6.4.0": True, 558 "v6.4.1": True, 559 "v6.2.0": True, 560 "v6.2.3": True, 561 "v6.2.5": True, 562 "v6.2.7": True, 563 "v6.0.11": True 564 } 565 }, 566 { 567 "value": "weekly", 568 "revisions": { 569 "v6.0.0": True, 570 "v7.0.0": True, 571 "v6.0.5": True, 572 "v6.4.4": True, 573 "v6.4.0": True, 574 "v6.4.1": True, 575 "v6.2.0": True, 576 "v6.2.3": True, 577 "v6.2.5": True, 578 "v6.2.7": True, 579 "v6.0.11": True 580 } 581 }, 582 { 583 "value": "monthly", 584 "revisions": { 585 "v6.0.0": True, 586 "v7.0.0": True, 587 "v6.0.5": True, 588 "v6.4.4": True, 589 "v6.4.0": True, 590 "v6.4.1": True, 591 "v6.2.0": True, 592 "v6.2.3": True, 593 "v6.2.5": True, 594 "v6.2.7": True, 595 "v6.0.11": True 596 } 597 } 598 ], 599 "revisions": { 600 "v6.0.0": True, 601 "v7.0.0": True, 602 "v6.0.5": True, 603 "v6.4.4": True, 604 "v6.4.0": True, 605 "v6.4.1": True, 606 "v6.2.0": True, 607 "v6.2.3": True, 608 "v6.2.5": True, 609 "v6.2.7": True, 610 "v6.0.11": True 611 } 612 }, 613 "enc_algorithm": { 614 "type": "string", 615 "options": [ 616 { 617 "value": "high-medium", 618 "revisions": { 619 "v6.0.0": True, 620 "v7.0.0": True, 621 "v6.0.5": True, 622 "v6.4.4": True, 623 "v6.4.0": True, 624 "v6.4.1": True, 625 "v6.2.0": True, 626 "v6.2.3": True, 627 "v6.2.5": True, 628 "v6.2.7": True, 629 "v6.0.11": True 630 } 631 }, 632 { 633 "value": "high", 634 "revisions": { 635 "v6.0.0": True, 636 "v7.0.0": True, 637 "v6.0.5": True, 638 "v6.4.4": True, 639 "v6.4.0": True, 640 "v6.4.1": True, 641 "v6.2.0": True, 642 "v6.2.3": True, 643 "v6.2.5": True, 644 "v6.2.7": True, 645 "v6.0.11": True 646 } 647 }, 648 { 649 "value": "low", 650 "revisions": { 651 "v6.0.0": True, 652 "v7.0.0": True, 653 "v6.0.5": True, 654 "v6.4.4": True, 655 "v6.4.0": True, 656 "v6.4.1": True, 657 "v6.2.0": True, 658 "v6.2.3": True, 659 "v6.2.5": True, 660 "v6.2.7": True, 661 "v6.0.11": True 662 } 663 } 664 ], 665 "revisions": { 666 "v6.0.0": True, 667 "v7.0.0": True, 668 "v6.0.5": True, 669 "v6.4.4": True, 670 "v6.4.0": True, 671 "v6.4.1": True, 672 "v6.2.0": True, 673 "v6.2.3": True, 674 "v6.2.5": True, 675 "v6.2.7": True, 676 "v6.0.11": True 677 } 678 }, 679 "serial": { 680 "type": "list", 681 "children": { 682 "name": { 683 "type": "string", 684 "revisions": { 685 "v7.0.0": True, 686 "v6.4.4": True, 687 "v6.4.0": True, 688 "v6.4.1": True, 689 "v6.2.0": True, 690 "v6.2.3": True, 691 "v6.2.5": True, 692 "v6.2.7": True 693 } 694 } 695 }, 696 "revisions": { 697 "v7.0.0": True, 698 "v6.4.4": True, 699 "v6.4.0": True, 700 "v6.4.1": True, 701 "v6.2.0": True, 702 "v6.2.3": True, 703 "v6.2.5": True, 704 "v6.2.7": True 705 } 706 }, 707 "upload_time": { 708 "type": "string", 709 "revisions": { 710 "v6.0.0": True, 711 "v7.0.0": True, 712 "v6.0.5": True, 713 "v6.4.4": True, 714 "v6.4.0": True, 715 "v6.4.1": True, 716 "v6.2.0": True, 717 "v6.2.3": True, 718 "v6.2.5": True, 719 "v6.2.7": True, 720 "v6.0.11": True 721 } 722 }, 723 "certificate": { 724 "type": "string", 725 "revisions": { 726 "v6.0.0": True, 727 "v7.0.0": True, 728 "v6.0.5": True, 729 "v6.4.4": True, 730 "v6.4.0": True, 731 "v6.4.1": True, 732 "v6.2.0": True, 733 "v6.2.3": True, 734 "v6.2.5": True, 735 "v6.2.7": True, 736 "v6.0.11": True 737 } 738 }, 739 "priority": { 740 "type": "string", 741 "options": [ 742 { 743 "value": "default", 744 "revisions": { 745 "v7.0.0": True, 746 "v6.4.4": True, 747 "v6.4.0": True, 748 "v6.4.1": True, 749 "v6.2.0": True, 750 "v6.2.3": True, 751 "v6.2.5": True, 752 "v6.2.7": True 753 } 754 }, 755 { 756 "value": "low", 757 "revisions": { 758 "v7.0.0": True, 759 "v6.4.4": True, 760 "v6.4.0": True, 761 "v6.4.1": True, 762 "v6.2.0": True, 763 "v6.2.3": True, 764 "v6.2.5": True, 765 "v6.2.7": True 766 } 767 } 768 ], 769 "revisions": { 770 "v7.0.0": True, 771 "v6.4.4": True, 772 "v6.4.0": True, 773 "v6.4.1": True, 774 "v6.2.0": True, 775 "v6.2.3": True, 776 "v6.2.5": True, 777 "v6.2.7": True 778 } 779 }, 780 "conn_timeout": { 781 "type": "integer", 782 "revisions": { 783 "v6.0.0": True, 784 "v7.0.0": True, 785 "v6.0.5": True, 786 "v6.4.4": True, 787 "v6.4.0": True, 788 "v6.4.1": True, 789 "v6.2.0": True, 790 "v6.2.3": True, 791 "v6.2.5": True, 792 "v6.2.7": True, 793 "v6.0.11": True 794 } 795 }, 796 "override": { 797 "type": "string", 798 "options": [ 799 { 800 "value": "enable", 801 "revisions": { 802 "v6.0.11": True, 803 "v6.0.0": True, 804 "v6.2.3": True, 805 "v6.0.5": True 806 } 807 }, 808 { 809 "value": "disable", 810 "revisions": { 811 "v6.0.11": True, 812 "v6.0.0": True, 813 "v6.2.3": True, 814 "v6.0.5": True 815 } 816 } 817 ], 818 "revisions": { 819 "v6.0.0": True, 820 "v7.0.0": False, 821 "v6.0.5": True, 822 "v6.4.4": False, 823 "v6.4.0": False, 824 "v6.4.1": False, 825 "v6.2.0": False, 826 "v6.2.3": True, 827 "v6.2.5": False, 828 "v6.2.7": False, 829 "v6.0.11": True 830 } 831 }, 832 "mgmt_name": { 833 "type": "string", 834 "revisions": { 835 "v6.0.0": True, 836 "v7.0.0": False, 837 "v6.0.5": True, 838 "v6.4.4": False, 839 "v6.4.0": False, 840 "v6.4.1": False, 841 "v6.2.0": False, 842 "v6.2.3": True, 843 "v6.2.5": False, 844 "v6.2.7": False, 845 "v6.0.11": True 846 } 847 }, 848 "hmac_algorithm": { 849 "type": "string", 850 "options": [ 851 { 852 "value": "sha256", 853 "revisions": { 854 "v6.0.0": True, 855 "v7.0.0": True, 856 "v6.0.5": True, 857 "v6.4.4": True, 858 "v6.4.0": True, 859 "v6.4.1": True, 860 "v6.2.0": True, 861 "v6.2.3": True, 862 "v6.2.5": True, 863 "v6.2.7": True, 864 "v6.0.11": True 865 } 866 }, 867 { 868 "value": "sha1", 869 "revisions": { 870 "v6.0.0": True, 871 "v7.0.0": True, 872 "v6.0.5": True, 873 "v6.4.4": True, 874 "v6.4.0": True, 875 "v6.4.1": True, 876 "v6.2.0": True, 877 "v6.2.3": True, 878 "v6.2.5": True, 879 "v6.2.7": True, 880 "v6.0.11": True 881 } 882 } 883 ], 884 "revisions": { 885 "v6.0.0": True, 886 "v7.0.0": True, 887 "v6.0.5": True, 888 "v6.4.4": True, 889 "v6.4.0": True, 890 "v6.4.1": True, 891 "v6.2.0": True, 892 "v6.2.3": True, 893 "v6.2.5": True, 894 "v6.2.7": True, 895 "v6.0.11": True 896 } 897 }, 898 "status": { 899 "type": "string", 900 "options": [ 901 { 902 "value": "enable", 903 "revisions": { 904 "v6.0.0": True, 905 "v7.0.0": True, 906 "v6.0.5": True, 907 "v6.4.4": True, 908 "v6.4.0": True, 909 "v6.4.1": True, 910 "v6.2.0": True, 911 "v6.2.3": True, 912 "v6.2.5": True, 913 "v6.2.7": True, 914 "v6.0.11": True 915 } 916 }, 917 { 918 "value": "disable", 919 "revisions": { 920 "v6.0.0": True, 921 "v7.0.0": True, 922 "v6.0.5": True, 923 "v6.4.4": True, 924 "v6.4.0": True, 925 "v6.4.1": True, 926 "v6.2.0": True, 927 "v6.2.3": True, 928 "v6.2.5": True, 929 "v6.2.7": True, 930 "v6.0.11": True 931 } 932 } 933 ], 934 "revisions": { 935 "v6.0.0": True, 936 "v7.0.0": True, 937 "v6.0.5": True, 938 "v6.4.4": True, 939 "v6.4.0": True, 940 "v6.4.1": True, 941 "v6.2.0": True, 942 "v6.2.3": True, 943 "v6.2.5": True, 944 "v6.2.7": True, 945 "v6.0.11": True 946 } 947 }, 948 "ssl_min_proto_version": { 949 "type": "string", 950 "options": [ 951 { 952 "value": "default", 953 "revisions": { 954 "v6.0.0": True, 955 "v7.0.0": True, 956 "v6.0.5": True, 957 "v6.4.4": True, 958 "v6.4.0": True, 959 "v6.4.1": True, 960 "v6.2.0": True, 961 "v6.2.3": True, 962 "v6.2.5": True, 963 "v6.2.7": True, 964 "v6.0.11": True 965 } 966 }, 967 { 968 "value": "SSLv3", 969 "revisions": { 970 "v6.0.0": True, 971 "v7.0.0": True, 972 "v6.0.5": True, 973 "v6.4.4": True, 974 "v6.4.0": True, 975 "v6.4.1": True, 976 "v6.2.0": True, 977 "v6.2.3": True, 978 "v6.2.5": True, 979 "v6.2.7": True, 980 "v6.0.11": True 981 } 982 }, 983 { 984 "value": "TLSv1", 985 "revisions": { 986 "v6.0.0": True, 987 "v7.0.0": True, 988 "v6.0.5": True, 989 "v6.4.4": True, 990 "v6.4.0": True, 991 "v6.4.1": True, 992 "v6.2.0": True, 993 "v6.2.3": True, 994 "v6.2.5": True, 995 "v6.2.7": True, 996 "v6.0.11": True 997 } 998 }, 999 { 1000 "value": "TLSv1-1", 1001 "revisions": { 1002 "v6.0.0": True, 1003 "v7.0.0": True, 1004 "v6.0.5": True, 1005 "v6.4.4": True, 1006 "v6.4.0": True, 1007 "v6.4.1": True, 1008 "v6.2.0": True, 1009 "v6.2.3": True, 1010 "v6.2.5": True, 1011 "v6.2.7": True, 1012 "v6.0.11": True 1013 } 1014 }, 1015 { 1016 "value": "TLSv1-2", 1017 "revisions": { 1018 "v6.0.0": True, 1019 "v7.0.0": True, 1020 "v6.0.5": True, 1021 "v6.4.4": True, 1022 "v6.4.0": True, 1023 "v6.4.1": True, 1024 "v6.2.0": True, 1025 "v6.2.3": True, 1026 "v6.2.5": True, 1027 "v6.2.7": True, 1028 "v6.0.11": True 1029 } 1030 } 1031 ], 1032 "revisions": { 1033 "v6.0.0": True, 1034 "v7.0.0": True, 1035 "v6.0.5": True, 1036 "v6.4.4": True, 1037 "v6.4.0": True, 1038 "v6.4.1": True, 1039 "v6.2.0": True, 1040 "v6.2.3": True, 1041 "v6.2.5": True, 1042 "v6.2.7": True, 1043 "v6.0.11": True 1044 } 1045 }, 1046 "max_log_rate": { 1047 "type": "integer", 1048 "revisions": { 1049 "v7.0.0": True, 1050 "v6.4.4": True, 1051 "v6.4.0": True, 1052 "v6.4.1": True, 1053 "v6.2.0": True, 1054 "v6.2.3": True, 1055 "v6.2.5": True, 1056 "v6.2.7": True 1057 } 1058 }, 1059 "upload_option": { 1060 "type": "string", 1061 "options": [ 1062 { 1063 "value": "store-and-upload", 1064 "revisions": { 1065 "v6.0.0": True, 1066 "v7.0.0": True, 1067 "v6.0.5": True, 1068 "v6.4.4": True, 1069 "v6.4.0": True, 1070 "v6.4.1": True, 1071 "v6.2.0": True, 1072 "v6.2.3": True, 1073 "v6.2.5": True, 1074 "v6.2.7": True, 1075 "v6.0.11": True 1076 } 1077 }, 1078 { 1079 "value": "realtime", 1080 "revisions": { 1081 "v6.0.0": True, 1082 "v7.0.0": True, 1083 "v6.0.5": True, 1084 "v6.4.4": True, 1085 "v6.4.0": True, 1086 "v6.4.1": True, 1087 "v6.2.0": True, 1088 "v6.2.3": True, 1089 "v6.2.5": True, 1090 "v6.2.7": True, 1091 "v6.0.11": True 1092 } 1093 }, 1094 { 1095 "value": "1-minute", 1096 "revisions": { 1097 "v6.0.0": True, 1098 "v7.0.0": True, 1099 "v6.0.5": True, 1100 "v6.4.4": True, 1101 "v6.4.0": True, 1102 "v6.4.1": True, 1103 "v6.2.0": True, 1104 "v6.2.3": True, 1105 "v6.2.5": True, 1106 "v6.2.7": True, 1107 "v6.0.11": True 1108 } 1109 }, 1110 { 1111 "value": "5-minute", 1112 "revisions": { 1113 "v6.0.0": True, 1114 "v7.0.0": True, 1115 "v6.0.5": True, 1116 "v6.4.4": True, 1117 "v6.4.0": True, 1118 "v6.4.1": True, 1119 "v6.2.0": True, 1120 "v6.2.3": True, 1121 "v6.2.5": True, 1122 "v6.2.7": True, 1123 "v6.0.11": True 1124 } 1125 } 1126 ], 1127 "revisions": { 1128 "v6.0.0": True, 1129 "v7.0.0": True, 1130 "v6.0.5": True, 1131 "v6.4.4": True, 1132 "v6.4.0": True, 1133 "v6.4.1": True, 1134 "v6.2.0": True, 1135 "v6.2.3": True, 1136 "v6.2.5": True, 1137 "v6.2.7": True, 1138 "v6.0.11": True 1139 } 1140 }, 1141 "__change_ip": { 1142 "type": "integer", 1143 "revisions": { 1144 "v6.0.0": True, 1145 "v7.0.0": False, 1146 "v6.0.5": True, 1147 "v6.4.4": False, 1148 "v6.4.0": False, 1149 "v6.4.1": False, 1150 "v6.2.0": False, 1151 "v6.2.3": True, 1152 "v6.2.5": False, 1153 "v6.2.7": False, 1154 "v6.0.11": True 1155 } 1156 }, 1157 "upload_day": { 1158 "type": "string", 1159 "revisions": { 1160 "v6.0.0": True, 1161 "v7.0.0": True, 1162 "v6.0.5": True, 1163 "v6.4.4": True, 1164 "v6.4.0": True, 1165 "v6.4.1": True, 1166 "v6.2.0": True, 1167 "v6.2.3": True, 1168 "v6.2.5": True, 1169 "v6.2.7": True, 1170 "v6.0.11": True 1171 } 1172 }, 1173 "monitor_keepalive_period": { 1174 "type": "integer", 1175 "revisions": { 1176 "v6.0.0": True, 1177 "v7.0.0": True, 1178 "v6.0.5": True, 1179 "v6.4.4": True, 1180 "v6.4.0": True, 1181 "v6.4.1": True, 1182 "v6.2.0": True, 1183 "v6.2.3": True, 1184 "v6.2.5": True, 1185 "v6.2.7": True, 1186 "v6.0.11": True 1187 } 1188 }, 1189 "preshared_key": { 1190 "type": "string", 1191 "revisions": { 1192 "v7.0.0": True 1193 } 1194 }, 1195 "access_config": { 1196 "type": "string", 1197 "options": [ 1198 { 1199 "value": "enable", 1200 "revisions": { 1201 "v7.0.0": True, 1202 "v6.4.4": True, 1203 "v6.4.0": True, 1204 "v6.4.1": True, 1205 "v6.2.0": True, 1206 "v6.2.3": True, 1207 "v6.2.5": True, 1208 "v6.2.7": True 1209 } 1210 }, 1211 { 1212 "value": "disable", 1213 "revisions": { 1214 "v7.0.0": True, 1215 "v6.4.4": True, 1216 "v6.4.0": True, 1217 "v6.4.1": True, 1218 "v6.2.0": True, 1219 "v6.2.3": True, 1220 "v6.2.5": True, 1221 "v6.2.7": True 1222 } 1223 } 1224 ], 1225 "revisions": { 1226 "v7.0.0": True, 1227 "v6.4.4": True, 1228 "v6.4.0": True, 1229 "v6.4.1": True, 1230 "v6.2.0": True, 1231 "v6.2.3": True, 1232 "v6.2.5": True, 1233 "v6.2.7": True 1234 } 1235 }, 1236 "source_ip": { 1237 "type": "string", 1238 "revisions": { 1239 "v6.0.0": True, 1240 "v7.0.0": True, 1241 "v6.0.5": True, 1242 "v6.4.4": True, 1243 "v6.4.0": True, 1244 "v6.4.1": True, 1245 "v6.2.0": True, 1246 "v6.2.3": True, 1247 "v6.2.5": True, 1248 "v6.2.7": True, 1249 "v6.0.11": True 1250 } 1251 }, 1252 "server": { 1253 "type": "string", 1254 "revisions": { 1255 "v6.0.0": True, 1256 "v7.0.0": True, 1257 "v6.0.5": True, 1258 "v6.4.4": True, 1259 "v6.4.0": True, 1260 "v6.4.1": True, 1261 "v6.2.0": True, 1262 "v6.2.3": True, 1263 "v6.2.5": True, 1264 "v6.2.7": True, 1265 "v6.0.11": True 1266 } 1267 }, 1268 "interface_select_method": { 1269 "type": "string", 1270 "options": [ 1271 { 1272 "value": "auto", 1273 "revisions": { 1274 "v6.4.4": True, 1275 "v7.0.0": True, 1276 "v6.4.0": True, 1277 "v6.2.7": True 1278 } 1279 }, 1280 { 1281 "value": "sdwan", 1282 "revisions": { 1283 "v6.4.4": True, 1284 "v7.0.0": True, 1285 "v6.4.0": True, 1286 "v6.2.7": True 1287 } 1288 }, 1289 { 1290 "value": "specify", 1291 "revisions": { 1292 "v6.4.4": True, 1293 "v7.0.0": True, 1294 "v6.4.0": True, 1295 "v6.2.7": True 1296 } 1297 } 1298 ], 1299 "revisions": { 1300 "v7.0.0": True, 1301 "v6.4.4": True, 1302 "v6.4.1": False, 1303 "v6.4.0": True, 1304 "v6.2.7": True 1305 } 1306 }, 1307 "monitor_failure_retry_period": { 1308 "type": "integer", 1309 "revisions": { 1310 "v6.0.0": True, 1311 "v7.0.0": True, 1312 "v6.0.5": True, 1313 "v6.4.4": True, 1314 "v6.4.0": True, 1315 "v6.4.1": True, 1316 "v6.2.0": True, 1317 "v6.2.3": True, 1318 "v6.2.5": True, 1319 "v6.2.7": True, 1320 "v6.0.11": True 1321 } 1322 }, 1323 "reliable": { 1324 "type": "string", 1325 "options": [ 1326 { 1327 "value": "enable", 1328 "revisions": { 1329 "v6.0.0": True, 1330 "v7.0.0": True, 1331 "v6.0.5": True, 1332 "v6.4.4": True, 1333 "v6.4.0": True, 1334 "v6.4.1": True, 1335 "v6.2.0": True, 1336 "v6.2.3": True, 1337 "v6.2.5": True, 1338 "v6.2.7": True, 1339 "v6.0.11": True 1340 } 1341 }, 1342 { 1343 "value": "disable", 1344 "revisions": { 1345 "v6.0.0": True, 1346 "v7.0.0": True, 1347 "v6.0.5": True, 1348 "v6.4.4": True, 1349 "v6.4.0": True, 1350 "v6.4.1": True, 1351 "v6.2.0": True, 1352 "v6.2.3": True, 1353 "v6.2.5": True, 1354 "v6.2.7": True, 1355 "v6.0.11": True 1356 } 1357 } 1358 ], 1359 "revisions": { 1360 "v6.0.0": True, 1361 "v7.0.0": True, 1362 "v6.0.5": True, 1363 "v6.4.4": True, 1364 "v6.4.0": True, 1365 "v6.4.1": True, 1366 "v6.2.0": True, 1367 "v6.2.3": True, 1368 "v6.2.5": True, 1369 "v6.2.7": True, 1370 "v6.0.11": True 1371 } 1372 }, 1373 "ips_archive": { 1374 "type": "string", 1375 "options": [ 1376 { 1377 "value": "enable", 1378 "revisions": { 1379 "v6.0.0": True, 1380 "v7.0.0": True, 1381 "v6.0.5": True, 1382 "v6.4.4": True, 1383 "v6.4.0": True, 1384 "v6.4.1": True, 1385 "v6.2.0": True, 1386 "v6.2.3": True, 1387 "v6.2.5": True, 1388 "v6.2.7": True, 1389 "v6.0.11": True 1390 } 1391 }, 1392 { 1393 "value": "disable", 1394 "revisions": { 1395 "v6.0.0": True, 1396 "v7.0.0": True, 1397 "v6.0.5": True, 1398 "v6.4.4": True, 1399 "v6.4.0": True, 1400 "v6.4.1": True, 1401 "v6.2.0": True, 1402 "v6.2.3": True, 1403 "v6.2.5": True, 1404 "v6.2.7": True, 1405 "v6.0.11": True 1406 } 1407 } 1408 ], 1409 "revisions": { 1410 "v6.0.0": True, 1411 "v7.0.0": True, 1412 "v6.0.5": True, 1413 "v6.4.4": True, 1414 "v6.4.0": True, 1415 "v6.4.1": True, 1416 "v6.2.0": True, 1417 "v6.2.3": True, 1418 "v6.2.5": True, 1419 "v6.2.7": True, 1420 "v6.0.11": True 1421 } 1422 } 1423 }, 1424 "revisions": { 1425 "v6.0.0": True, 1426 "v7.0.0": True, 1427 "v6.0.5": True, 1428 "v6.4.4": True, 1429 "v6.4.0": True, 1430 "v6.4.1": True, 1431 "v6.2.0": True, 1432 "v6.2.3": True, 1433 "v6.2.5": True, 1434 "v6.2.7": True, 1435 "v6.0.11": True 1436 } 1437} 1438 1439 1440def main(): 1441 module_spec = schema_to_module_spec(versioned_schema) 1442 mkeyname = None 1443 fields = { 1444 "access_token": {"required": False, "type": "str", "no_log": True}, 1445 "enable_log": {"required": False, "type": bool}, 1446 "vdom": {"required": False, "type": "str", "default": "root"}, 1447 "log_fortianalyzer_override_setting": { 1448 "required": False, "type": "dict", "default": None, 1449 "options": { 1450 } 1451 } 1452 } 1453 for attribute_name in module_spec['options']: 1454 fields["log_fortianalyzer_override_setting"]['options'][attribute_name] = module_spec['options'][attribute_name] 1455 if mkeyname and mkeyname == attribute_name: 1456 fields["log_fortianalyzer_override_setting"]['options'][attribute_name]['required'] = True 1457 1458 check_legacy_fortiosapi() 1459 module = AnsibleModule(argument_spec=fields, 1460 supports_check_mode=False) 1461 1462 versions_check_result = None 1463 if module._socket_path: 1464 connection = Connection(module._socket_path) 1465 if 'access_token' in module.params: 1466 connection.set_option('access_token', module.params['access_token']) 1467 1468 if 'enable_log' in module.params: 1469 connection.set_option('enable_log', module.params['enable_log']) 1470 else: 1471 connection.set_option('enable_log', False) 1472 fos = FortiOSHandler(connection, module, mkeyname) 1473 versions_check_result = check_schema_versioning(fos, versioned_schema, "log_fortianalyzer_override_setting") 1474 1475 is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos) 1476 1477 else: 1478 module.fail_json(**FAIL_SOCKET_MSG) 1479 1480 if versions_check_result and versions_check_result['matched'] is False: 1481 module.warn("Ansible has detected version mismatch between FortOS system and your playbook, see more details by specifying option -vvv") 1482 1483 if not is_error: 1484 if versions_check_result and versions_check_result['matched'] is False: 1485 module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) 1486 else: 1487 module.exit_json(changed=has_changed, meta=result) 1488 else: 1489 if versions_check_result and versions_check_result['matched'] is False: 1490 module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) 1491 else: 1492 module.fail_json(msg="Error in repo", meta=result) 1493 1494 1495if __name__ == '__main__': 1496 main() 1497