1#!/usr/local/bin/python3.8 2from __future__ import (absolute_import, division, print_function) 3# Copyright 2019-2020 Fortinet, Inc. 4# 5# This program is free software: you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation, either version 3 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <https://www.gnu.org/licenses/>. 17 18__metaclass__ = type 19 20ANSIBLE_METADATA = {'status': ['preview'], 21 'supported_by': 'community', 22 'metadata_version': '1.1'} 23 24DOCUMENTATION = ''' 25--- 26module: fortios_system_ike 27short_description: Configure IKE global attributes in Fortinet's FortiOS and FortiGate. 28description: 29 - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the 30 user to set and modify system feature and ike category. 31 Examples include all parameters and values need to be adjusted to datasources before usage. 32 Tested with FOS v6.0.0 33version_added: "2.10" 34author: 35 - Link Zheng (@chillancezen) 36 - Jie Xue (@JieX19) 37 - Hongbin Lu (@fgtdev-hblu) 38 - Frank Shen (@frankshen01) 39 - Miguel Angel Munoz (@mamunozgonzalez) 40 - Nicolas Thomas (@thomnico) 41notes: 42 - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks 43 44requirements: 45 - ansible>=2.9.0 46options: 47 access_token: 48 description: 49 - Token-based authentication. 50 Generated from GUI of Fortigate. 51 type: str 52 required: false 53 enable_log: 54 description: 55 - Enable/Disable logging for task. 56 type: bool 57 required: false 58 default: false 59 vdom: 60 description: 61 - Virtual domain, among those defined previously. A vdom is a 62 virtual instance of the FortiGate that can be configured and 63 used as a different unit. 64 type: str 65 default: root 66 67 system_ike: 68 description: 69 - Configure IKE global attributes. 70 default: null 71 type: dict 72 suboptions: 73 dh_group_1: 74 description: 75 - Diffie-Hellman group 1 (MODP-768). 76 type: dict 77 suboptions: 78 keypair_cache: 79 description: 80 - Configure custom key pair cache size for this Diffie-Hellman group. 81 type: str 82 choices: 83 - global 84 - custom 85 keypair_count: 86 description: 87 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 88 type: int 89 mode: 90 description: 91 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 92 type: str 93 choices: 94 - software 95 - hardware 96 - global 97 dh_group_14: 98 description: 99 - Diffie-Hellman group 14 (MODP-2048). 100 type: dict 101 suboptions: 102 keypair_cache: 103 description: 104 - Configure custom key pair cache size for this Diffie-Hellman group. 105 type: str 106 choices: 107 - global 108 - custom 109 keypair_count: 110 description: 111 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 112 type: int 113 mode: 114 description: 115 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 116 type: str 117 choices: 118 - software 119 - hardware 120 - global 121 dh_group_15: 122 description: 123 - Diffie-Hellman group 15 (MODP-3072). 124 type: dict 125 suboptions: 126 keypair_cache: 127 description: 128 - Configure custom key pair cache size for this Diffie-Hellman group. 129 type: str 130 choices: 131 - global 132 - custom 133 keypair_count: 134 description: 135 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 136 type: int 137 mode: 138 description: 139 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 140 type: str 141 choices: 142 - software 143 - hardware 144 - global 145 dh_group_16: 146 description: 147 - Diffie-Hellman group 16 (MODP-4096). 148 type: dict 149 suboptions: 150 keypair_cache: 151 description: 152 - Configure custom key pair cache size for this Diffie-Hellman group. 153 type: str 154 choices: 155 - global 156 - custom 157 keypair_count: 158 description: 159 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 160 type: int 161 mode: 162 description: 163 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 164 type: str 165 choices: 166 - software 167 - hardware 168 - global 169 dh_group_17: 170 description: 171 - Diffie-Hellman group 17 (MODP-6144). 172 type: dict 173 suboptions: 174 keypair_cache: 175 description: 176 - Configure custom key pair cache size for this Diffie-Hellman group. 177 type: str 178 choices: 179 - global 180 - custom 181 keypair_count: 182 description: 183 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 184 type: int 185 mode: 186 description: 187 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 188 type: str 189 choices: 190 - software 191 - hardware 192 - global 193 dh_group_18: 194 description: 195 - Diffie-Hellman group 18 (MODP-8192). 196 type: dict 197 suboptions: 198 keypair_cache: 199 description: 200 - Configure custom key pair cache size for this Diffie-Hellman group. 201 type: str 202 choices: 203 - global 204 - custom 205 keypair_count: 206 description: 207 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 208 type: int 209 mode: 210 description: 211 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 212 type: str 213 choices: 214 - software 215 - hardware 216 - global 217 dh_group_19: 218 description: 219 - Diffie-Hellman group 19 (EC-P256). 220 type: dict 221 suboptions: 222 keypair_cache: 223 description: 224 - Configure custom key pair cache size for this Diffie-Hellman group. 225 type: str 226 choices: 227 - global 228 - custom 229 keypair_count: 230 description: 231 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 232 type: int 233 mode: 234 description: 235 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 236 type: str 237 choices: 238 - software 239 - hardware 240 - global 241 dh_group_2: 242 description: 243 - Diffie-Hellman group 2 (MODP-1024). 244 type: dict 245 suboptions: 246 keypair_cache: 247 description: 248 - Configure custom key pair cache size for this Diffie-Hellman group. 249 type: str 250 choices: 251 - global 252 - custom 253 keypair_count: 254 description: 255 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 256 type: int 257 mode: 258 description: 259 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 260 type: str 261 choices: 262 - software 263 - hardware 264 - global 265 dh_group_20: 266 description: 267 - Diffie-Hellman group 20 (EC-P384). 268 type: dict 269 suboptions: 270 keypair_cache: 271 description: 272 - Configure custom key pair cache size for this Diffie-Hellman group. 273 type: str 274 choices: 275 - global 276 - custom 277 keypair_count: 278 description: 279 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 280 type: int 281 mode: 282 description: 283 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 284 type: str 285 choices: 286 - software 287 - hardware 288 - global 289 dh_group_21: 290 description: 291 - Diffie-Hellman group 21 (EC-P521). 292 type: dict 293 suboptions: 294 keypair_cache: 295 description: 296 - Configure custom key pair cache size for this Diffie-Hellman group. 297 type: str 298 choices: 299 - global 300 - custom 301 keypair_count: 302 description: 303 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 304 type: int 305 mode: 306 description: 307 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 308 type: str 309 choices: 310 - software 311 - hardware 312 - global 313 dh_group_27: 314 description: 315 - Diffie-Hellman group 27 (EC-P224BP). 316 type: dict 317 suboptions: 318 keypair_cache: 319 description: 320 - Configure custom key pair cache size for this Diffie-Hellman group. 321 type: str 322 choices: 323 - global 324 - custom 325 keypair_count: 326 description: 327 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 328 type: int 329 mode: 330 description: 331 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 332 type: str 333 choices: 334 - software 335 - hardware 336 - global 337 dh_group_28: 338 description: 339 - Diffie-Hellman group 28 (EC-P256BP). 340 type: dict 341 suboptions: 342 keypair_cache: 343 description: 344 - Configure custom key pair cache size for this Diffie-Hellman group. 345 type: str 346 choices: 347 - global 348 - custom 349 keypair_count: 350 description: 351 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 352 type: int 353 mode: 354 description: 355 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 356 type: str 357 choices: 358 - software 359 - hardware 360 - global 361 dh_group_29: 362 description: 363 - Diffie-Hellman group 29 (EC-P384BP). 364 type: dict 365 suboptions: 366 keypair_cache: 367 description: 368 - Configure custom key pair cache size for this Diffie-Hellman group. 369 type: str 370 choices: 371 - global 372 - custom 373 keypair_count: 374 description: 375 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 376 type: int 377 mode: 378 description: 379 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 380 type: str 381 choices: 382 - software 383 - hardware 384 - global 385 dh_group_30: 386 description: 387 - Diffie-Hellman group 30 (EC-P512BP). 388 type: dict 389 suboptions: 390 keypair_cache: 391 description: 392 - Configure custom key pair cache size for this Diffie-Hellman group. 393 type: str 394 choices: 395 - global 396 - custom 397 keypair_count: 398 description: 399 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 400 type: int 401 mode: 402 description: 403 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 404 type: str 405 choices: 406 - software 407 - hardware 408 - global 409 dh_group_31: 410 description: 411 - Diffie-Hellman group 31 (EC-X25519). 412 type: dict 413 suboptions: 414 keypair_cache: 415 description: 416 - Configure custom key pair cache size for this Diffie-Hellman group. 417 type: str 418 choices: 419 - global 420 - custom 421 keypair_count: 422 description: 423 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 424 type: int 425 mode: 426 description: 427 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 428 type: str 429 choices: 430 - software 431 - hardware 432 - global 433 dh_group_32: 434 description: 435 - Diffie-Hellman group 32 (EC-X448). 436 type: dict 437 suboptions: 438 keypair_cache: 439 description: 440 - Configure custom key pair cache size for this Diffie-Hellman group. 441 type: str 442 choices: 443 - global 444 - custom 445 keypair_count: 446 description: 447 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 448 type: int 449 mode: 450 description: 451 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 452 type: str 453 choices: 454 - software 455 - hardware 456 - global 457 dh_group_5: 458 description: 459 - Diffie-Hellman group 5 (MODP-1536). 460 type: dict 461 suboptions: 462 keypair_cache: 463 description: 464 - Configure custom key pair cache size for this Diffie-Hellman group. 465 type: str 466 choices: 467 - global 468 - custom 469 keypair_count: 470 description: 471 - Number of key pairs to pre-generate for this Diffie-Hellman group (per-worker). 472 type: int 473 mode: 474 description: 475 - Use software (CPU) or hardware (CPX) to perform calculations for this Diffie-Hellman group. 476 type: str 477 choices: 478 - software 479 - hardware 480 - global 481 dh_keypair_cache: 482 description: 483 - Enable/disable Diffie-Hellman key pair cache. 484 type: str 485 choices: 486 - enable 487 - disable 488 dh_keypair_count: 489 description: 490 - Number of key pairs to pre-generate for each Diffie-Hellman group (per-worker). 491 type: int 492 dh_keypair_throttle: 493 description: 494 - Enable/disable Diffie-Hellman key pair cache CPU throttling. 495 type: str 496 choices: 497 - enable 498 - disable 499 dh_mode: 500 description: 501 - Use software (CPU) or hardware (CPX) to perform Diffie-Hellman calculations. 502 type: str 503 choices: 504 - software 505 - hardware 506 dh_multiprocess: 507 description: 508 - Enable/disable multiprocess Diffie-Hellman daemon for IKE. 509 type: str 510 choices: 511 - enable 512 - disable 513 dh_worker_count: 514 description: 515 - Number of Diffie-Hellman workers to start. 516 type: int 517 embryonic_limit: 518 description: 519 - Maximum number of IPsec tunnels to negotiate simultaneously. 520 type: int 521''' 522 523EXAMPLES = ''' 524- hosts: fortigates 525 collections: 526 - fortinet.fortios 527 connection: httpapi 528 vars: 529 vdom: "root" 530 ansible_httpapi_use_ssl: yes 531 ansible_httpapi_validate_certs: no 532 ansible_httpapi_port: 443 533 tasks: 534 - name: Configure IKE global attributes. 535 fortios_system_ike: 536 vdom: "{{ vdom }}" 537 system_ike: 538 dh_group_1: 539 keypair_cache: "global" 540 keypair_count: "5" 541 mode: "software" 542 dh_group_14: 543 keypair_cache: "global" 544 keypair_count: "9" 545 mode: "software" 546 dh_group_15: 547 keypair_cache: "global" 548 keypair_count: "13" 549 mode: "software" 550 dh_group_16: 551 keypair_cache: "global" 552 keypair_count: "17" 553 mode: "software" 554 dh_group_17: 555 keypair_cache: "global" 556 keypair_count: "21" 557 mode: "software" 558 dh_group_18: 559 keypair_cache: "global" 560 keypair_count: "25" 561 mode: "software" 562 dh_group_19: 563 keypair_cache: "global" 564 keypair_count: "29" 565 mode: "software" 566 dh_group_2: 567 keypair_cache: "global" 568 keypair_count: "33" 569 mode: "software" 570 dh_group_20: 571 keypair_cache: "global" 572 keypair_count: "37" 573 mode: "software" 574 dh_group_21: 575 keypair_cache: "global" 576 keypair_count: "41" 577 mode: "software" 578 dh_group_27: 579 keypair_cache: "global" 580 keypair_count: "45" 581 mode: "software" 582 dh_group_28: 583 keypair_cache: "global" 584 keypair_count: "49" 585 mode: "software" 586 dh_group_29: 587 keypair_cache: "global" 588 keypair_count: "53" 589 mode: "software" 590 dh_group_30: 591 keypair_cache: "global" 592 keypair_count: "57" 593 mode: "software" 594 dh_group_31: 595 keypair_cache: "global" 596 keypair_count: "61" 597 mode: "software" 598 dh_group_32: 599 keypair_cache: "global" 600 keypair_count: "65" 601 mode: "software" 602 dh_group_5: 603 keypair_cache: "global" 604 keypair_count: "69" 605 mode: "software" 606 dh_keypair_cache: "enable" 607 dh_keypair_count: "72" 608 dh_keypair_throttle: "enable" 609 dh_mode: "software" 610 dh_multiprocess: "enable" 611 dh_worker_count: "76" 612 embryonic_limit: "77" 613 614''' 615 616RETURN = ''' 617build: 618 description: Build number of the fortigate image 619 returned: always 620 type: str 621 sample: '1547' 622http_method: 623 description: Last method used to provision the content into FortiGate 624 returned: always 625 type: str 626 sample: 'PUT' 627http_status: 628 description: Last result given by FortiGate on last operation applied 629 returned: always 630 type: str 631 sample: "200" 632mkey: 633 description: Master key (id) used in the last call to FortiGate 634 returned: success 635 type: str 636 sample: "id" 637name: 638 description: Name of the table used to fulfill the request 639 returned: always 640 type: str 641 sample: "urlfilter" 642path: 643 description: Path of the table used to fulfill the request 644 returned: always 645 type: str 646 sample: "webfilter" 647revision: 648 description: Internal revision number 649 returned: always 650 type: str 651 sample: "17.0.2.10658" 652serial: 653 description: Serial number of the unit 654 returned: always 655 type: str 656 sample: "FGVMEVYYQT3AB5352" 657status: 658 description: Indication of the operation's result 659 returned: always 660 type: str 661 sample: "success" 662vdom: 663 description: Virtual domain used 664 returned: always 665 type: str 666 sample: "root" 667version: 668 description: Version of the FortiGate 669 returned: always 670 type: str 671 sample: "v5.6.3" 672 673''' 674from ansible.module_utils.basic import AnsibleModule 675from ansible.module_utils.connection import Connection 676from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler 677from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi 678from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import schema_to_module_spec 679from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_schema_versioning 680from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG 681from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import is_same_comparison 682from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import serialize 683 684 685def filter_system_ike_data(json): 686 option_list = ['dh_group_1', 'dh_group_14', 'dh_group_15', 687 'dh_group_16', 'dh_group_17', 'dh_group_18', 688 'dh_group_19', 'dh_group_2', 'dh_group_20', 689 'dh_group_21', 'dh_group_27', 'dh_group_28', 690 'dh_group_29', 'dh_group_30', 'dh_group_31', 691 'dh_group_32', 'dh_group_5', 'dh_keypair_cache', 692 'dh_keypair_count', 'dh_keypair_throttle', 'dh_mode', 693 'dh_multiprocess', 'dh_worker_count', 'embryonic_limit'] 694 dictionary = {} 695 696 for attribute in option_list: 697 if attribute in json and json[attribute] is not None: 698 dictionary[attribute] = json[attribute] 699 700 return dictionary 701 702 703def underscore_to_hyphen(data): 704 if isinstance(data, list): 705 for i, elem in enumerate(data): 706 data[i] = underscore_to_hyphen(elem) 707 elif isinstance(data, dict): 708 new_data = {} 709 for k, v in data.items(): 710 new_data[k.replace('_', '-')] = underscore_to_hyphen(v) 711 data = new_data 712 713 return data 714 715 716def system_ike(data, fos): 717 vdom = data['vdom'] 718 system_ike_data = data['system_ike'] 719 filtered_data = underscore_to_hyphen(filter_system_ike_data(system_ike_data)) 720 721 return fos.set('system', 722 'ike', 723 data=filtered_data, 724 vdom=vdom) 725 726 727def is_successful_status(status): 728 return status['status'] == "success" or \ 729 status['http_method'] == "DELETE" and status['http_status'] == 404 730 731 732def fortios_system(data, fos): 733 734 if data['system_ike']: 735 resp = system_ike(data, fos) 736 else: 737 fos._module.fail_json(msg='missing task body: %s' % ('system_ike')) 738 739 return not is_successful_status(resp), \ 740 resp['status'] == "success" and \ 741 (resp['revision_changed'] if 'revision_changed' in resp else True), \ 742 resp 743 744 745versioned_schema = { 746 "type": "dict", 747 "children": { 748 "dh_worker_count": { 749 "type": "integer", 750 "revisions": { 751 "v7.0.0": True 752 } 753 }, 754 "dh_keypair_cache": { 755 "type": "string", 756 "options": [ 757 { 758 "value": "enable", 759 "revisions": { 760 "v7.0.0": True 761 } 762 }, 763 { 764 "value": "disable", 765 "revisions": { 766 "v7.0.0": True 767 } 768 } 769 ], 770 "revisions": { 771 "v7.0.0": True 772 } 773 }, 774 "dh_group_27": { 775 "type": "dict", 776 "children": { 777 "keypair_count": { 778 "type": "integer", 779 "revisions": { 780 "v7.0.0": True 781 } 782 }, 783 "keypair_cache": { 784 "type": "string", 785 "options": [ 786 { 787 "value": "global", 788 "revisions": { 789 "v7.0.0": True 790 } 791 }, 792 { 793 "value": "custom", 794 "revisions": { 795 "v7.0.0": True 796 } 797 } 798 ], 799 "revisions": { 800 "v7.0.0": True 801 } 802 }, 803 "mode": { 804 "type": "string", 805 "options": [ 806 { 807 "value": "software", 808 "revisions": { 809 "v7.0.0": True 810 } 811 }, 812 { 813 "value": "hardware", 814 "revisions": { 815 "v7.0.0": True 816 } 817 }, 818 { 819 "value": "global", 820 "revisions": { 821 "v7.0.0": True 822 } 823 } 824 ], 825 "revisions": { 826 "v7.0.0": True 827 } 828 } 829 }, 830 "revisions": { 831 "v7.0.0": True 832 } 833 }, 834 "dh_group_20": { 835 "type": "dict", 836 "children": { 837 "keypair_count": { 838 "type": "integer", 839 "revisions": { 840 "v7.0.0": True 841 } 842 }, 843 "keypair_cache": { 844 "type": "string", 845 "options": [ 846 { 847 "value": "global", 848 "revisions": { 849 "v7.0.0": True 850 } 851 }, 852 { 853 "value": "custom", 854 "revisions": { 855 "v7.0.0": True 856 } 857 } 858 ], 859 "revisions": { 860 "v7.0.0": True 861 } 862 }, 863 "mode": { 864 "type": "string", 865 "options": [ 866 { 867 "value": "software", 868 "revisions": { 869 "v7.0.0": True 870 } 871 }, 872 { 873 "value": "hardware", 874 "revisions": { 875 "v7.0.0": True 876 } 877 }, 878 { 879 "value": "global", 880 "revisions": { 881 "v7.0.0": True 882 } 883 } 884 ], 885 "revisions": { 886 "v7.0.0": True 887 } 888 } 889 }, 890 "revisions": { 891 "v7.0.0": True 892 } 893 }, 894 "dh_group_21": { 895 "type": "dict", 896 "children": { 897 "keypair_count": { 898 "type": "integer", 899 "revisions": { 900 "v7.0.0": True 901 } 902 }, 903 "keypair_cache": { 904 "type": "string", 905 "options": [ 906 { 907 "value": "global", 908 "revisions": { 909 "v7.0.0": True 910 } 911 }, 912 { 913 "value": "custom", 914 "revisions": { 915 "v7.0.0": True 916 } 917 } 918 ], 919 "revisions": { 920 "v7.0.0": True 921 } 922 }, 923 "mode": { 924 "type": "string", 925 "options": [ 926 { 927 "value": "software", 928 "revisions": { 929 "v7.0.0": True 930 } 931 }, 932 { 933 "value": "hardware", 934 "revisions": { 935 "v7.0.0": True 936 } 937 }, 938 { 939 "value": "global", 940 "revisions": { 941 "v7.0.0": True 942 } 943 } 944 ], 945 "revisions": { 946 "v7.0.0": True 947 } 948 } 949 }, 950 "revisions": { 951 "v7.0.0": True 952 } 953 }, 954 "dh_group_28": { 955 "type": "dict", 956 "children": { 957 "keypair_count": { 958 "type": "integer", 959 "revisions": { 960 "v7.0.0": True 961 } 962 }, 963 "keypair_cache": { 964 "type": "string", 965 "options": [ 966 { 967 "value": "global", 968 "revisions": { 969 "v7.0.0": True 970 } 971 }, 972 { 973 "value": "custom", 974 "revisions": { 975 "v7.0.0": True 976 } 977 } 978 ], 979 "revisions": { 980 "v7.0.0": True 981 } 982 }, 983 "mode": { 984 "type": "string", 985 "options": [ 986 { 987 "value": "software", 988 "revisions": { 989 "v7.0.0": True 990 } 991 }, 992 { 993 "value": "hardware", 994 "revisions": { 995 "v7.0.0": True 996 } 997 }, 998 { 999 "value": "global", 1000 "revisions": { 1001 "v7.0.0": True 1002 } 1003 } 1004 ], 1005 "revisions": { 1006 "v7.0.0": True 1007 } 1008 } 1009 }, 1010 "revisions": { 1011 "v7.0.0": True 1012 } 1013 }, 1014 "dh_group_29": { 1015 "type": "dict", 1016 "children": { 1017 "keypair_count": { 1018 "type": "integer", 1019 "revisions": { 1020 "v7.0.0": True 1021 } 1022 }, 1023 "keypair_cache": { 1024 "type": "string", 1025 "options": [ 1026 { 1027 "value": "global", 1028 "revisions": { 1029 "v7.0.0": True 1030 } 1031 }, 1032 { 1033 "value": "custom", 1034 "revisions": { 1035 "v7.0.0": True 1036 } 1037 } 1038 ], 1039 "revisions": { 1040 "v7.0.0": True 1041 } 1042 }, 1043 "mode": { 1044 "type": "string", 1045 "options": [ 1046 { 1047 "value": "software", 1048 "revisions": { 1049 "v7.0.0": True 1050 } 1051 }, 1052 { 1053 "value": "hardware", 1054 "revisions": { 1055 "v7.0.0": True 1056 } 1057 }, 1058 { 1059 "value": "global", 1060 "revisions": { 1061 "v7.0.0": True 1062 } 1063 } 1064 ], 1065 "revisions": { 1066 "v7.0.0": True 1067 } 1068 } 1069 }, 1070 "revisions": { 1071 "v7.0.0": True 1072 } 1073 }, 1074 "dh_keypair_throttle": { 1075 "type": "string", 1076 "options": [ 1077 { 1078 "value": "enable", 1079 "revisions": { 1080 "v7.0.0": True 1081 } 1082 }, 1083 { 1084 "value": "disable", 1085 "revisions": { 1086 "v7.0.0": True 1087 } 1088 } 1089 ], 1090 "revisions": { 1091 "v7.0.0": True 1092 } 1093 }, 1094 "dh_keypair_count": { 1095 "type": "integer", 1096 "revisions": { 1097 "v7.0.0": True 1098 } 1099 }, 1100 "dh_mode": { 1101 "type": "string", 1102 "options": [ 1103 { 1104 "value": "software", 1105 "revisions": { 1106 "v7.0.0": True 1107 } 1108 }, 1109 { 1110 "value": "hardware", 1111 "revisions": { 1112 "v7.0.0": True 1113 } 1114 } 1115 ], 1116 "revisions": { 1117 "v7.0.0": True 1118 } 1119 }, 1120 "dh_multiprocess": { 1121 "type": "string", 1122 "options": [ 1123 { 1124 "value": "enable", 1125 "revisions": { 1126 "v7.0.0": True 1127 } 1128 }, 1129 { 1130 "value": "disable", 1131 "revisions": { 1132 "v7.0.0": True 1133 } 1134 } 1135 ], 1136 "revisions": { 1137 "v7.0.0": True 1138 } 1139 }, 1140 "dh_group_5": { 1141 "type": "dict", 1142 "children": { 1143 "keypair_count": { 1144 "type": "integer", 1145 "revisions": { 1146 "v7.0.0": True 1147 } 1148 }, 1149 "keypair_cache": { 1150 "type": "string", 1151 "options": [ 1152 { 1153 "value": "global", 1154 "revisions": { 1155 "v7.0.0": True 1156 } 1157 }, 1158 { 1159 "value": "custom", 1160 "revisions": { 1161 "v7.0.0": True 1162 } 1163 } 1164 ], 1165 "revisions": { 1166 "v7.0.0": True 1167 } 1168 }, 1169 "mode": { 1170 "type": "string", 1171 "options": [ 1172 { 1173 "value": "software", 1174 "revisions": { 1175 "v7.0.0": True 1176 } 1177 }, 1178 { 1179 "value": "hardware", 1180 "revisions": { 1181 "v7.0.0": True 1182 } 1183 }, 1184 { 1185 "value": "global", 1186 "revisions": { 1187 "v7.0.0": True 1188 } 1189 } 1190 ], 1191 "revisions": { 1192 "v7.0.0": True 1193 } 1194 } 1195 }, 1196 "revisions": { 1197 "v7.0.0": True 1198 } 1199 }, 1200 "dh_group_2": { 1201 "type": "dict", 1202 "children": { 1203 "keypair_count": { 1204 "type": "integer", 1205 "revisions": { 1206 "v7.0.0": True 1207 } 1208 }, 1209 "keypair_cache": { 1210 "type": "string", 1211 "options": [ 1212 { 1213 "value": "global", 1214 "revisions": { 1215 "v7.0.0": True 1216 } 1217 }, 1218 { 1219 "value": "custom", 1220 "revisions": { 1221 "v7.0.0": True 1222 } 1223 } 1224 ], 1225 "revisions": { 1226 "v7.0.0": True 1227 } 1228 }, 1229 "mode": { 1230 "type": "string", 1231 "options": [ 1232 { 1233 "value": "software", 1234 "revisions": { 1235 "v7.0.0": True 1236 } 1237 }, 1238 { 1239 "value": "hardware", 1240 "revisions": { 1241 "v7.0.0": True 1242 } 1243 }, 1244 { 1245 "value": "global", 1246 "revisions": { 1247 "v7.0.0": True 1248 } 1249 } 1250 ], 1251 "revisions": { 1252 "v7.0.0": True 1253 } 1254 } 1255 }, 1256 "revisions": { 1257 "v7.0.0": True 1258 } 1259 }, 1260 "dh_group_1": { 1261 "type": "dict", 1262 "children": { 1263 "keypair_count": { 1264 "type": "integer", 1265 "revisions": { 1266 "v7.0.0": True 1267 } 1268 }, 1269 "keypair_cache": { 1270 "type": "string", 1271 "options": [ 1272 { 1273 "value": "global", 1274 "revisions": { 1275 "v7.0.0": True 1276 } 1277 }, 1278 { 1279 "value": "custom", 1280 "revisions": { 1281 "v7.0.0": True 1282 } 1283 } 1284 ], 1285 "revisions": { 1286 "v7.0.0": True 1287 } 1288 }, 1289 "mode": { 1290 "type": "string", 1291 "options": [ 1292 { 1293 "value": "software", 1294 "revisions": { 1295 "v7.0.0": True 1296 } 1297 }, 1298 { 1299 "value": "hardware", 1300 "revisions": { 1301 "v7.0.0": True 1302 } 1303 }, 1304 { 1305 "value": "global", 1306 "revisions": { 1307 "v7.0.0": True 1308 } 1309 } 1310 ], 1311 "revisions": { 1312 "v7.0.0": True 1313 } 1314 } 1315 }, 1316 "revisions": { 1317 "v7.0.0": True 1318 } 1319 }, 1320 "embryonic_limit": { 1321 "type": "integer", 1322 "revisions": { 1323 "v7.0.0": True 1324 } 1325 }, 1326 "dh_group_31": { 1327 "type": "dict", 1328 "children": { 1329 "keypair_count": { 1330 "type": "integer", 1331 "revisions": { 1332 "v7.0.0": True 1333 } 1334 }, 1335 "keypair_cache": { 1336 "type": "string", 1337 "options": [ 1338 { 1339 "value": "global", 1340 "revisions": { 1341 "v7.0.0": True 1342 } 1343 }, 1344 { 1345 "value": "custom", 1346 "revisions": { 1347 "v7.0.0": True 1348 } 1349 } 1350 ], 1351 "revisions": { 1352 "v7.0.0": True 1353 } 1354 }, 1355 "mode": { 1356 "type": "string", 1357 "options": [ 1358 { 1359 "value": "software", 1360 "revisions": { 1361 "v7.0.0": True 1362 } 1363 }, 1364 { 1365 "value": "hardware", 1366 "revisions": { 1367 "v7.0.0": True 1368 } 1369 }, 1370 { 1371 "value": "global", 1372 "revisions": { 1373 "v7.0.0": True 1374 } 1375 } 1376 ], 1377 "revisions": { 1378 "v7.0.0": True 1379 } 1380 } 1381 }, 1382 "revisions": { 1383 "v7.0.0": True 1384 } 1385 }, 1386 "dh_group_30": { 1387 "type": "dict", 1388 "children": { 1389 "keypair_count": { 1390 "type": "integer", 1391 "revisions": { 1392 "v7.0.0": True 1393 } 1394 }, 1395 "keypair_cache": { 1396 "type": "string", 1397 "options": [ 1398 { 1399 "value": "global", 1400 "revisions": { 1401 "v7.0.0": True 1402 } 1403 }, 1404 { 1405 "value": "custom", 1406 "revisions": { 1407 "v7.0.0": True 1408 } 1409 } 1410 ], 1411 "revisions": { 1412 "v7.0.0": True 1413 } 1414 }, 1415 "mode": { 1416 "type": "string", 1417 "options": [ 1418 { 1419 "value": "software", 1420 "revisions": { 1421 "v7.0.0": True 1422 } 1423 }, 1424 { 1425 "value": "hardware", 1426 "revisions": { 1427 "v7.0.0": True 1428 } 1429 }, 1430 { 1431 "value": "global", 1432 "revisions": { 1433 "v7.0.0": True 1434 } 1435 } 1436 ], 1437 "revisions": { 1438 "v7.0.0": True 1439 } 1440 } 1441 }, 1442 "revisions": { 1443 "v7.0.0": True 1444 } 1445 }, 1446 "dh_group_32": { 1447 "type": "dict", 1448 "children": { 1449 "keypair_count": { 1450 "type": "integer", 1451 "revisions": { 1452 "v7.0.0": True 1453 } 1454 }, 1455 "keypair_cache": { 1456 "type": "string", 1457 "options": [ 1458 { 1459 "value": "global", 1460 "revisions": { 1461 "v7.0.0": True 1462 } 1463 }, 1464 { 1465 "value": "custom", 1466 "revisions": { 1467 "v7.0.0": True 1468 } 1469 } 1470 ], 1471 "revisions": { 1472 "v7.0.0": True 1473 } 1474 }, 1475 "mode": { 1476 "type": "string", 1477 "options": [ 1478 { 1479 "value": "software", 1480 "revisions": { 1481 "v7.0.0": True 1482 } 1483 }, 1484 { 1485 "value": "hardware", 1486 "revisions": { 1487 "v7.0.0": True 1488 } 1489 }, 1490 { 1491 "value": "global", 1492 "revisions": { 1493 "v7.0.0": True 1494 } 1495 } 1496 ], 1497 "revisions": { 1498 "v7.0.0": True 1499 } 1500 } 1501 }, 1502 "revisions": { 1503 "v7.0.0": True 1504 } 1505 }, 1506 "dh_group_19": { 1507 "type": "dict", 1508 "children": { 1509 "keypair_count": { 1510 "type": "integer", 1511 "revisions": { 1512 "v7.0.0": True 1513 } 1514 }, 1515 "keypair_cache": { 1516 "type": "string", 1517 "options": [ 1518 { 1519 "value": "global", 1520 "revisions": { 1521 "v7.0.0": True 1522 } 1523 }, 1524 { 1525 "value": "custom", 1526 "revisions": { 1527 "v7.0.0": True 1528 } 1529 } 1530 ], 1531 "revisions": { 1532 "v7.0.0": True 1533 } 1534 }, 1535 "mode": { 1536 "type": "string", 1537 "options": [ 1538 { 1539 "value": "software", 1540 "revisions": { 1541 "v7.0.0": True 1542 } 1543 }, 1544 { 1545 "value": "hardware", 1546 "revisions": { 1547 "v7.0.0": True 1548 } 1549 }, 1550 { 1551 "value": "global", 1552 "revisions": { 1553 "v7.0.0": True 1554 } 1555 } 1556 ], 1557 "revisions": { 1558 "v7.0.0": True 1559 } 1560 } 1561 }, 1562 "revisions": { 1563 "v7.0.0": True 1564 } 1565 }, 1566 "dh_group_18": { 1567 "type": "dict", 1568 "children": { 1569 "keypair_count": { 1570 "type": "integer", 1571 "revisions": { 1572 "v7.0.0": True 1573 } 1574 }, 1575 "keypair_cache": { 1576 "type": "string", 1577 "options": [ 1578 { 1579 "value": "global", 1580 "revisions": { 1581 "v7.0.0": True 1582 } 1583 }, 1584 { 1585 "value": "custom", 1586 "revisions": { 1587 "v7.0.0": True 1588 } 1589 } 1590 ], 1591 "revisions": { 1592 "v7.0.0": True 1593 } 1594 }, 1595 "mode": { 1596 "type": "string", 1597 "options": [ 1598 { 1599 "value": "software", 1600 "revisions": { 1601 "v7.0.0": True 1602 } 1603 }, 1604 { 1605 "value": "hardware", 1606 "revisions": { 1607 "v7.0.0": True 1608 } 1609 }, 1610 { 1611 "value": "global", 1612 "revisions": { 1613 "v7.0.0": True 1614 } 1615 } 1616 ], 1617 "revisions": { 1618 "v7.0.0": True 1619 } 1620 } 1621 }, 1622 "revisions": { 1623 "v7.0.0": True 1624 } 1625 }, 1626 "dh_group_17": { 1627 "type": "dict", 1628 "children": { 1629 "keypair_count": { 1630 "type": "integer", 1631 "revisions": { 1632 "v7.0.0": True 1633 } 1634 }, 1635 "keypair_cache": { 1636 "type": "string", 1637 "options": [ 1638 { 1639 "value": "global", 1640 "revisions": { 1641 "v7.0.0": True 1642 } 1643 }, 1644 { 1645 "value": "custom", 1646 "revisions": { 1647 "v7.0.0": True 1648 } 1649 } 1650 ], 1651 "revisions": { 1652 "v7.0.0": True 1653 } 1654 }, 1655 "mode": { 1656 "type": "string", 1657 "options": [ 1658 { 1659 "value": "software", 1660 "revisions": { 1661 "v7.0.0": True 1662 } 1663 }, 1664 { 1665 "value": "hardware", 1666 "revisions": { 1667 "v7.0.0": True 1668 } 1669 }, 1670 { 1671 "value": "global", 1672 "revisions": { 1673 "v7.0.0": True 1674 } 1675 } 1676 ], 1677 "revisions": { 1678 "v7.0.0": True 1679 } 1680 } 1681 }, 1682 "revisions": { 1683 "v7.0.0": True 1684 } 1685 }, 1686 "dh_group_16": { 1687 "type": "dict", 1688 "children": { 1689 "keypair_count": { 1690 "type": "integer", 1691 "revisions": { 1692 "v7.0.0": True 1693 } 1694 }, 1695 "keypair_cache": { 1696 "type": "string", 1697 "options": [ 1698 { 1699 "value": "global", 1700 "revisions": { 1701 "v7.0.0": True 1702 } 1703 }, 1704 { 1705 "value": "custom", 1706 "revisions": { 1707 "v7.0.0": True 1708 } 1709 } 1710 ], 1711 "revisions": { 1712 "v7.0.0": True 1713 } 1714 }, 1715 "mode": { 1716 "type": "string", 1717 "options": [ 1718 { 1719 "value": "software", 1720 "revisions": { 1721 "v7.0.0": True 1722 } 1723 }, 1724 { 1725 "value": "hardware", 1726 "revisions": { 1727 "v7.0.0": True 1728 } 1729 }, 1730 { 1731 "value": "global", 1732 "revisions": { 1733 "v7.0.0": True 1734 } 1735 } 1736 ], 1737 "revisions": { 1738 "v7.0.0": True 1739 } 1740 } 1741 }, 1742 "revisions": { 1743 "v7.0.0": True 1744 } 1745 }, 1746 "dh_group_15": { 1747 "type": "dict", 1748 "children": { 1749 "keypair_count": { 1750 "type": "integer", 1751 "revisions": { 1752 "v7.0.0": True 1753 } 1754 }, 1755 "keypair_cache": { 1756 "type": "string", 1757 "options": [ 1758 { 1759 "value": "global", 1760 "revisions": { 1761 "v7.0.0": True 1762 } 1763 }, 1764 { 1765 "value": "custom", 1766 "revisions": { 1767 "v7.0.0": True 1768 } 1769 } 1770 ], 1771 "revisions": { 1772 "v7.0.0": True 1773 } 1774 }, 1775 "mode": { 1776 "type": "string", 1777 "options": [ 1778 { 1779 "value": "software", 1780 "revisions": { 1781 "v7.0.0": True 1782 } 1783 }, 1784 { 1785 "value": "hardware", 1786 "revisions": { 1787 "v7.0.0": True 1788 } 1789 }, 1790 { 1791 "value": "global", 1792 "revisions": { 1793 "v7.0.0": True 1794 } 1795 } 1796 ], 1797 "revisions": { 1798 "v7.0.0": True 1799 } 1800 } 1801 }, 1802 "revisions": { 1803 "v7.0.0": True 1804 } 1805 }, 1806 "dh_group_14": { 1807 "type": "dict", 1808 "children": { 1809 "keypair_count": { 1810 "type": "integer", 1811 "revisions": { 1812 "v7.0.0": True 1813 } 1814 }, 1815 "keypair_cache": { 1816 "type": "string", 1817 "options": [ 1818 { 1819 "value": "global", 1820 "revisions": { 1821 "v7.0.0": True 1822 } 1823 }, 1824 { 1825 "value": "custom", 1826 "revisions": { 1827 "v7.0.0": True 1828 } 1829 } 1830 ], 1831 "revisions": { 1832 "v7.0.0": True 1833 } 1834 }, 1835 "mode": { 1836 "type": "string", 1837 "options": [ 1838 { 1839 "value": "software", 1840 "revisions": { 1841 "v7.0.0": True 1842 } 1843 }, 1844 { 1845 "value": "hardware", 1846 "revisions": { 1847 "v7.0.0": True 1848 } 1849 }, 1850 { 1851 "value": "global", 1852 "revisions": { 1853 "v7.0.0": True 1854 } 1855 } 1856 ], 1857 "revisions": { 1858 "v7.0.0": True 1859 } 1860 } 1861 }, 1862 "revisions": { 1863 "v7.0.0": True 1864 } 1865 } 1866 }, 1867 "revisions": { 1868 "v7.0.0": True 1869 } 1870} 1871 1872 1873def main(): 1874 module_spec = schema_to_module_spec(versioned_schema) 1875 mkeyname = None 1876 fields = { 1877 "access_token": {"required": False, "type": "str", "no_log": True}, 1878 "enable_log": {"required": False, "type": bool}, 1879 "vdom": {"required": False, "type": "str", "default": "root"}, 1880 "system_ike": { 1881 "required": False, "type": "dict", "default": None, 1882 "options": { 1883 } 1884 } 1885 } 1886 for attribute_name in module_spec['options']: 1887 fields["system_ike"]['options'][attribute_name] = module_spec['options'][attribute_name] 1888 if mkeyname and mkeyname == attribute_name: 1889 fields["system_ike"]['options'][attribute_name]['required'] = True 1890 1891 check_legacy_fortiosapi() 1892 module = AnsibleModule(argument_spec=fields, 1893 supports_check_mode=False) 1894 1895 versions_check_result = None 1896 if module._socket_path: 1897 connection = Connection(module._socket_path) 1898 if 'access_token' in module.params: 1899 connection.set_option('access_token', module.params['access_token']) 1900 1901 if 'enable_log' in module.params: 1902 connection.set_option('enable_log', module.params['enable_log']) 1903 else: 1904 connection.set_option('enable_log', False) 1905 fos = FortiOSHandler(connection, module, mkeyname) 1906 versions_check_result = check_schema_versioning(fos, versioned_schema, "system_ike") 1907 1908 is_error, has_changed, result = fortios_system(module.params, fos) 1909 1910 else: 1911 module.fail_json(**FAIL_SOCKET_MSG) 1912 1913 if versions_check_result and versions_check_result['matched'] is False: 1914 module.warn("Ansible has detected version mismatch between FortOS system and your playbook, see more details by specifying option -vvv") 1915 1916 if not is_error: 1917 if versions_check_result and versions_check_result['matched'] is False: 1918 module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) 1919 else: 1920 module.exit_json(changed=has_changed, meta=result) 1921 else: 1922 if versions_check_result and versions_check_result['matched'] is False: 1923 module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) 1924 else: 1925 module.fail_json(msg="Error in repo", meta=result) 1926 1927 1928if __name__ == '__main__': 1929 main() 1930