1#!/usr/local/bin/python3.8 2from __future__ import (absolute_import, division, print_function) 3# Copyright 2019-2020 Fortinet, Inc. 4# 5# This program is free software: you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation, either version 3 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <https://www.gnu.org/licenses/>. 17 18__metaclass__ = type 19 20ANSIBLE_METADATA = {'status': ['preview'], 21 'supported_by': 'community', 22 'metadata_version': '1.1'} 23 24DOCUMENTATION = ''' 25--- 26module: fortios_web_proxy_explicit 27short_description: Configure explicit Web proxy settings in Fortinet's FortiOS and FortiGate. 28description: 29 - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the 30 user to set and modify web_proxy feature and explicit category. 31 Examples include all parameters and values need to be adjusted to datasources before usage. 32 Tested with FOS v6.0.0 33version_added: "2.10" 34author: 35 - Link Zheng (@chillancezen) 36 - Jie Xue (@JieX19) 37 - Hongbin Lu (@fgtdev-hblu) 38 - Frank Shen (@frankshen01) 39 - Miguel Angel Munoz (@mamunozgonzalez) 40 - Nicolas Thomas (@thomnico) 41notes: 42 - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks 43 44requirements: 45 - ansible>=2.9.0 46options: 47 access_token: 48 description: 49 - Token-based authentication. 50 Generated from GUI of Fortigate. 51 type: str 52 required: false 53 enable_log: 54 description: 55 - Enable/Disable logging for task. 56 type: bool 57 required: false 58 default: false 59 vdom: 60 description: 61 - Virtual domain, among those defined previously. A vdom is a 62 virtual instance of the FortiGate that can be configured and 63 used as a different unit. 64 type: str 65 default: root 66 67 web_proxy_explicit: 68 description: 69 - Configure explicit Web proxy settings. 70 default: null 71 type: dict 72 suboptions: 73 ftp_incoming_port: 74 description: 75 - Accept incoming FTP-over-HTTP requests on one or more ports (0 - 65535). 76 type: str 77 ftp_over_http: 78 description: 79 - Enable to proxy FTP-over-HTTP sessions sent from a web browser. 80 type: str 81 choices: 82 - enable 83 - disable 84 http_incoming_port: 85 description: 86 - Accept incoming HTTP requests on one or more ports (0 - 65535). 87 type: str 88 https_incoming_port: 89 description: 90 - Accept incoming HTTPS requests on one or more ports (0 - 65535). 91 type: str 92 https_replacement_message: 93 description: 94 - Enable/disable sending the client a replacement message for HTTPS requests. 95 type: str 96 choices: 97 - enable 98 - disable 99 incoming_ip: 100 description: 101 - Restrict the explicit HTTP proxy to only accept sessions from this IP address. An interface must have this IP address. 102 type: str 103 incoming_ip6: 104 description: 105 - Restrict the explicit web proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address. 106 type: str 107 ipv6_status: 108 description: 109 - Enable/disable allowing an IPv6 web proxy destination in policies and all IPv6 related entries in this command. 110 type: str 111 choices: 112 - enable 113 - disable 114 message_upon_server_error: 115 description: 116 - Enable/disable displaying a replacement message when a server error is detected. 117 type: str 118 choices: 119 - enable 120 - disable 121 outgoing_ip: 122 description: 123 - Outgoing HTTP requests will have this IP address as their source address. An interface must have this IP address. 124 type: str 125 outgoing_ip6: 126 description: 127 - Outgoing HTTP requests will leave this IPv6. Multiple interfaces can be specified. Interfaces must have these IPv6 addresses. 128 type: str 129 pac_file_data: 130 description: 131 - PAC file contents enclosed in quotes (maximum of 256K bytes). 132 type: str 133 pac_file_name: 134 description: 135 - Pac file name. 136 type: str 137 pac_file_server_port: 138 description: 139 - Port number that PAC traffic from client web browsers uses to connect to the explicit web proxy (0 - 65535). 140 type: str 141 pac_file_server_status: 142 description: 143 - Enable/disable Proxy Auto-Configuration (PAC) for users of this explicit proxy profile. 144 type: str 145 choices: 146 - enable 147 - disable 148 pac_file_url: 149 description: 150 - PAC file access URL. 151 type: str 152 pac_policy: 153 description: 154 - PAC policies. 155 type: list 156 suboptions: 157 comments: 158 description: 159 - Optional comments. 160 type: str 161 dstaddr: 162 description: 163 - Destination address objects. 164 type: list 165 suboptions: 166 name: 167 description: 168 - Address name. Source firewall.address.name firewall.addrgrp.name. 169 required: true 170 type: str 171 pac_file_data: 172 description: 173 - PAC file contents enclosed in quotes (maximum of 256K bytes). 174 type: str 175 pac_file_name: 176 description: 177 - Pac file name. 178 type: str 179 policyid: 180 description: 181 - Policy ID. 182 required: true 183 type: int 184 srcaddr: 185 description: 186 - Source address objects. 187 type: list 188 suboptions: 189 name: 190 description: 191 - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name. 192 required: true 193 type: str 194 srcaddr6: 195 description: 196 - Source address6 objects. 197 type: list 198 suboptions: 199 name: 200 description: 201 - Address name. Source firewall.address6.name firewall.addrgrp6.name. 202 required: true 203 type: str 204 status: 205 description: 206 - Enable/disable policy. 207 type: str 208 choices: 209 - enable 210 - disable 211 pref_dns_result: 212 description: 213 - Prefer resolving addresses using the configured IPv4 or IPv6 DNS server . 214 type: str 215 choices: 216 - ipv4 217 - ipv6 218 realm: 219 description: 220 - Authentication realm used to identify the explicit web proxy (maximum of 63 characters). 221 type: str 222 sec_default_action: 223 description: 224 - Accept or deny explicit web proxy sessions when no web proxy firewall policy exists. 225 type: str 226 choices: 227 - accept 228 - deny 229 socks: 230 description: 231 - Enable/disable the SOCKS proxy. 232 type: str 233 choices: 234 - enable 235 - disable 236 socks_incoming_port: 237 description: 238 - Accept incoming SOCKS proxy requests on one or more ports (0 - 65535). 239 type: str 240 ssl_algorithm: 241 description: 242 - 'Relative strength of encryption algorithms accepted in HTTPS deep scan: high, medium, or low.' 243 type: str 244 choices: 245 - high 246 - medium 247 - low 248 status: 249 description: 250 - Enable/disable the explicit Web proxy for HTTP and HTTPS session. 251 type: str 252 choices: 253 - enable 254 - disable 255 strict_guest: 256 description: 257 - Enable/disable strict guest user checking by the explicit web proxy. 258 type: str 259 choices: 260 - enable 261 - disable 262 trace_auth_no_rsp: 263 description: 264 - Enable/disable logging timed-out authentication requests. 265 type: str 266 choices: 267 - enable 268 - disable 269 unknown_http_version: 270 description: 271 - Either reject unknown HTTP traffic as malformed or handle unknown HTTP traffic as best as the proxy server can. 272 type: str 273 choices: 274 - reject 275 - best-effort 276 - tunnel 277''' 278 279EXAMPLES = ''' 280- hosts: fortigates 281 collections: 282 - fortinet.fortios 283 connection: httpapi 284 vars: 285 vdom: "root" 286 ansible_httpapi_use_ssl: yes 287 ansible_httpapi_validate_certs: no 288 ansible_httpapi_port: 443 289 tasks: 290 - name: Configure explicit Web proxy settings. 291 fortios_web_proxy_explicit: 292 vdom: "{{ vdom }}" 293 web_proxy_explicit: 294 ftp_incoming_port: "<your_own_value>" 295 ftp_over_http: "enable" 296 http_incoming_port: "<your_own_value>" 297 https_incoming_port: "<your_own_value>" 298 https_replacement_message: "enable" 299 incoming_ip: "<your_own_value>" 300 incoming_ip6: "<your_own_value>" 301 ipv6_status: "enable" 302 message_upon_server_error: "enable" 303 outgoing_ip: "<your_own_value>" 304 outgoing_ip6: "<your_own_value>" 305 pac_file_data: "<your_own_value>" 306 pac_file_name: "<your_own_value>" 307 pac_file_server_port: "<your_own_value>" 308 pac_file_server_status: "enable" 309 pac_file_url: "<your_own_value>" 310 pac_policy: 311 - 312 comments: "<your_own_value>" 313 dstaddr: 314 - 315 name: "default_name_22 (source firewall.address.name firewall.addrgrp.name)" 316 pac_file_data: "<your_own_value>" 317 pac_file_name: "<your_own_value>" 318 policyid: "25" 319 srcaddr: 320 - 321 name: "default_name_27 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name)" 322 srcaddr6: 323 - 324 name: "default_name_29 (source firewall.address6.name firewall.addrgrp6.name)" 325 status: "enable" 326 pref_dns_result: "ipv4" 327 realm: "<your_own_value>" 328 sec_default_action: "accept" 329 socks: "enable" 330 socks_incoming_port: "<your_own_value>" 331 ssl_algorithm: "high" 332 status: "enable" 333 strict_guest: "enable" 334 trace_auth_no_rsp: "enable" 335 unknown_http_version: "reject" 336 337''' 338 339RETURN = ''' 340build: 341 description: Build number of the fortigate image 342 returned: always 343 type: str 344 sample: '1547' 345http_method: 346 description: Last method used to provision the content into FortiGate 347 returned: always 348 type: str 349 sample: 'PUT' 350http_status: 351 description: Last result given by FortiGate on last operation applied 352 returned: always 353 type: str 354 sample: "200" 355mkey: 356 description: Master key (id) used in the last call to FortiGate 357 returned: success 358 type: str 359 sample: "id" 360name: 361 description: Name of the table used to fulfill the request 362 returned: always 363 type: str 364 sample: "urlfilter" 365path: 366 description: Path of the table used to fulfill the request 367 returned: always 368 type: str 369 sample: "webfilter" 370revision: 371 description: Internal revision number 372 returned: always 373 type: str 374 sample: "17.0.2.10658" 375serial: 376 description: Serial number of the unit 377 returned: always 378 type: str 379 sample: "FGVMEVYYQT3AB5352" 380status: 381 description: Indication of the operation's result 382 returned: always 383 type: str 384 sample: "success" 385vdom: 386 description: Virtual domain used 387 returned: always 388 type: str 389 sample: "root" 390version: 391 description: Version of the FortiGate 392 returned: always 393 type: str 394 sample: "v5.6.3" 395 396''' 397from ansible.module_utils.basic import AnsibleModule 398from ansible.module_utils.connection import Connection 399from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler 400from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi 401from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import schema_to_module_spec 402from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_schema_versioning 403from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG 404from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import is_same_comparison 405from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import serialize 406 407 408def filter_web_proxy_explicit_data(json): 409 option_list = ['ftp_incoming_port', 'ftp_over_http', 'http_incoming_port', 410 'https_incoming_port', 'https_replacement_message', 'incoming_ip', 411 'incoming_ip6', 'ipv6_status', 'message_upon_server_error', 412 'outgoing_ip', 'outgoing_ip6', 'pac_file_data', 413 'pac_file_name', 'pac_file_server_port', 'pac_file_server_status', 414 'pac_file_url', 'pac_policy', 'pref_dns_result', 415 'realm', 'sec_default_action', 'socks', 416 'socks_incoming_port', 'ssl_algorithm', 'status', 417 'strict_guest', 'trace_auth_no_rsp', 'unknown_http_version'] 418 dictionary = {} 419 420 for attribute in option_list: 421 if attribute in json and json[attribute] is not None: 422 dictionary[attribute] = json[attribute] 423 424 return dictionary 425 426 427def underscore_to_hyphen(data): 428 if isinstance(data, list): 429 for i, elem in enumerate(data): 430 data[i] = underscore_to_hyphen(elem) 431 elif isinstance(data, dict): 432 new_data = {} 433 for k, v in data.items(): 434 new_data[k.replace('_', '-')] = underscore_to_hyphen(v) 435 data = new_data 436 437 return data 438 439 440def web_proxy_explicit(data, fos): 441 vdom = data['vdom'] 442 web_proxy_explicit_data = data['web_proxy_explicit'] 443 filtered_data = underscore_to_hyphen(filter_web_proxy_explicit_data(web_proxy_explicit_data)) 444 445 return fos.set('web-proxy', 446 'explicit', 447 data=filtered_data, 448 vdom=vdom) 449 450 451def is_successful_status(status): 452 return status['status'] == "success" or \ 453 status['http_method'] == "DELETE" and status['http_status'] == 404 454 455 456def fortios_web_proxy(data, fos): 457 458 if data['web_proxy_explicit']: 459 resp = web_proxy_explicit(data, fos) 460 else: 461 fos._module.fail_json(msg='missing task body: %s' % ('web_proxy_explicit')) 462 463 return not is_successful_status(resp), \ 464 resp['status'] == "success" and \ 465 (resp['revision_changed'] if 'revision_changed' in resp else True), \ 466 resp 467 468 469versioned_schema = { 470 "type": "dict", 471 "children": { 472 "pac_file_server_status": { 473 "type": "string", 474 "options": [ 475 { 476 "value": "enable", 477 "revisions": { 478 "v6.0.0": True, 479 "v7.0.0": True, 480 "v6.0.5": True, 481 "v6.4.4": True, 482 "v6.4.0": True, 483 "v6.4.1": True, 484 "v6.2.0": True, 485 "v6.2.3": True, 486 "v6.2.5": True, 487 "v6.2.7": True, 488 "v6.0.11": True 489 } 490 }, 491 { 492 "value": "disable", 493 "revisions": { 494 "v6.0.0": True, 495 "v7.0.0": True, 496 "v6.0.5": True, 497 "v6.4.4": True, 498 "v6.4.0": True, 499 "v6.4.1": True, 500 "v6.2.0": True, 501 "v6.2.3": True, 502 "v6.2.5": True, 503 "v6.2.7": True, 504 "v6.0.11": True 505 } 506 } 507 ], 508 "revisions": { 509 "v6.0.0": True, 510 "v7.0.0": True, 511 "v6.0.5": True, 512 "v6.4.4": True, 513 "v6.4.0": True, 514 "v6.4.1": True, 515 "v6.2.0": True, 516 "v6.2.3": True, 517 "v6.2.5": True, 518 "v6.2.7": True, 519 "v6.0.11": True 520 } 521 }, 522 "outgoing_ip": { 523 "type": "string", 524 "revisions": { 525 "v6.0.0": True, 526 "v7.0.0": True, 527 "v6.0.5": True, 528 "v6.4.4": True, 529 "v6.4.0": True, 530 "v6.4.1": True, 531 "v6.2.0": True, 532 "v6.2.3": True, 533 "v6.2.5": True, 534 "v6.2.7": True, 535 "v6.0.11": True 536 } 537 }, 538 "socks": { 539 "type": "string", 540 "options": [ 541 { 542 "value": "enable", 543 "revisions": { 544 "v6.0.0": True, 545 "v7.0.0": True, 546 "v6.0.5": True, 547 "v6.4.4": True, 548 "v6.4.0": True, 549 "v6.4.1": True, 550 "v6.2.0": True, 551 "v6.2.3": True, 552 "v6.2.5": True, 553 "v6.2.7": True, 554 "v6.0.11": True 555 } 556 }, 557 { 558 "value": "disable", 559 "revisions": { 560 "v6.0.0": True, 561 "v7.0.0": True, 562 "v6.0.5": True, 563 "v6.4.4": True, 564 "v6.4.0": True, 565 "v6.4.1": True, 566 "v6.2.0": True, 567 "v6.2.3": True, 568 "v6.2.5": True, 569 "v6.2.7": True, 570 "v6.0.11": True 571 } 572 } 573 ], 574 "revisions": { 575 "v6.0.0": True, 576 "v7.0.0": True, 577 "v6.0.5": True, 578 "v6.4.4": True, 579 "v6.4.0": True, 580 "v6.4.1": True, 581 "v6.2.0": True, 582 "v6.2.3": True, 583 "v6.2.5": True, 584 "v6.2.7": True, 585 "v6.0.11": True 586 } 587 }, 588 "outgoing_ip6": { 589 "type": "string", 590 "revisions": { 591 "v6.0.0": True, 592 "v7.0.0": True, 593 "v6.0.5": True, 594 "v6.4.4": True, 595 "v6.4.0": True, 596 "v6.4.1": True, 597 "v6.2.0": True, 598 "v6.2.3": True, 599 "v6.2.5": True, 600 "v6.2.7": True, 601 "v6.0.11": True 602 } 603 }, 604 "incoming_ip": { 605 "type": "string", 606 "revisions": { 607 "v6.0.0": True, 608 "v7.0.0": True, 609 "v6.0.5": True, 610 "v6.4.4": True, 611 "v6.4.0": True, 612 "v6.4.1": True, 613 "v6.2.0": True, 614 "v6.2.3": True, 615 "v6.2.5": True, 616 "v6.2.7": True, 617 "v6.0.11": True 618 } 619 }, 620 "pac_policy": { 621 "type": "list", 622 "children": { 623 "status": { 624 "type": "string", 625 "options": [ 626 { 627 "value": "enable", 628 "revisions": { 629 "v6.0.0": True, 630 "v7.0.0": True, 631 "v6.0.5": True, 632 "v6.4.4": True, 633 "v6.4.0": True, 634 "v6.4.1": True, 635 "v6.2.0": True, 636 "v6.2.3": True, 637 "v6.2.5": True, 638 "v6.2.7": True, 639 "v6.0.11": True 640 } 641 }, 642 { 643 "value": "disable", 644 "revisions": { 645 "v6.0.0": True, 646 "v7.0.0": True, 647 "v6.0.5": True, 648 "v6.4.4": True, 649 "v6.4.0": True, 650 "v6.4.1": True, 651 "v6.2.0": True, 652 "v6.2.3": True, 653 "v6.2.5": True, 654 "v6.2.7": True, 655 "v6.0.11": True 656 } 657 } 658 ], 659 "revisions": { 660 "v6.0.0": True, 661 "v7.0.0": True, 662 "v6.0.5": True, 663 "v6.4.4": True, 664 "v6.4.0": True, 665 "v6.4.1": True, 666 "v6.2.0": True, 667 "v6.2.3": True, 668 "v6.2.5": True, 669 "v6.2.7": True, 670 "v6.0.11": True 671 } 672 }, 673 "srcaddr": { 674 "type": "list", 675 "children": { 676 "name": { 677 "type": "string", 678 "revisions": { 679 "v6.0.0": True, 680 "v7.0.0": True, 681 "v6.0.5": True, 682 "v6.4.4": True, 683 "v6.4.0": True, 684 "v6.4.1": True, 685 "v6.2.0": True, 686 "v6.2.3": True, 687 "v6.2.5": True, 688 "v6.2.7": True, 689 "v6.0.11": True 690 } 691 } 692 }, 693 "revisions": { 694 "v6.0.0": True, 695 "v7.0.0": True, 696 "v6.0.5": True, 697 "v6.4.4": True, 698 "v6.4.0": True, 699 "v6.4.1": True, 700 "v6.2.0": True, 701 "v6.2.3": True, 702 "v6.2.5": True, 703 "v6.2.7": True, 704 "v6.0.11": True 705 } 706 }, 707 "dstaddr": { 708 "type": "list", 709 "children": { 710 "name": { 711 "type": "string", 712 "revisions": { 713 "v6.0.0": True, 714 "v7.0.0": True, 715 "v6.0.5": True, 716 "v6.4.4": True, 717 "v6.4.0": True, 718 "v6.4.1": True, 719 "v6.2.0": True, 720 "v6.2.3": True, 721 "v6.2.5": True, 722 "v6.2.7": True, 723 "v6.0.11": True 724 } 725 } 726 }, 727 "revisions": { 728 "v6.0.0": True, 729 "v7.0.0": True, 730 "v6.0.5": True, 731 "v6.4.4": True, 732 "v6.4.0": True, 733 "v6.4.1": True, 734 "v6.2.0": True, 735 "v6.2.3": True, 736 "v6.2.5": True, 737 "v6.2.7": True, 738 "v6.0.11": True 739 } 740 }, 741 "pac_file_data": { 742 "type": "string", 743 "revisions": { 744 "v6.0.0": True, 745 "v7.0.0": True, 746 "v6.0.5": True, 747 "v6.4.4": True, 748 "v6.4.0": True, 749 "v6.4.1": True, 750 "v6.2.0": True, 751 "v6.2.3": True, 752 "v6.2.5": True, 753 "v6.2.7": True, 754 "v6.0.11": True 755 } 756 }, 757 "comments": { 758 "type": "string", 759 "revisions": { 760 "v6.0.0": True, 761 "v7.0.0": True, 762 "v6.0.5": True, 763 "v6.4.4": True, 764 "v6.4.0": True, 765 "v6.4.1": True, 766 "v6.2.0": True, 767 "v6.2.3": True, 768 "v6.2.5": True, 769 "v6.2.7": True, 770 "v6.0.11": True 771 } 772 }, 773 "pac_file_name": { 774 "type": "string", 775 "revisions": { 776 "v6.0.0": True, 777 "v7.0.0": True, 778 "v6.0.5": True, 779 "v6.4.4": True, 780 "v6.4.0": True, 781 "v6.4.1": True, 782 "v6.2.0": True, 783 "v6.2.3": True, 784 "v6.2.5": True, 785 "v6.2.7": True, 786 "v6.0.11": True 787 } 788 }, 789 "policyid": { 790 "type": "integer", 791 "revisions": { 792 "v6.0.0": True, 793 "v7.0.0": True, 794 "v6.0.5": True, 795 "v6.4.4": True, 796 "v6.4.0": True, 797 "v6.4.1": True, 798 "v6.2.0": True, 799 "v6.2.3": True, 800 "v6.2.5": True, 801 "v6.2.7": True, 802 "v6.0.11": True 803 } 804 }, 805 "srcaddr6": { 806 "type": "list", 807 "children": { 808 "name": { 809 "type": "string", 810 "revisions": { 811 "v6.0.0": True, 812 "v7.0.0": True, 813 "v6.0.5": True, 814 "v6.4.4": True, 815 "v6.4.0": True, 816 "v6.4.1": True, 817 "v6.2.0": True, 818 "v6.2.3": True, 819 "v6.2.5": True, 820 "v6.2.7": True, 821 "v6.0.11": True 822 } 823 } 824 }, 825 "revisions": { 826 "v6.0.0": True, 827 "v7.0.0": True, 828 "v6.0.5": True, 829 "v6.4.4": True, 830 "v6.4.0": True, 831 "v6.4.1": True, 832 "v6.2.0": True, 833 "v6.2.3": True, 834 "v6.2.5": True, 835 "v6.2.7": True, 836 "v6.0.11": True 837 } 838 } 839 }, 840 "revisions": { 841 "v6.0.0": True, 842 "v7.0.0": True, 843 "v6.0.5": True, 844 "v6.4.4": True, 845 "v6.4.0": True, 846 "v6.4.1": True, 847 "v6.2.0": True, 848 "v6.2.3": True, 849 "v6.2.5": True, 850 "v6.2.7": True, 851 "v6.0.11": True 852 } 853 }, 854 "ftp_incoming_port": { 855 "type": "string", 856 "revisions": { 857 "v6.0.0": True, 858 "v7.0.0": True, 859 "v6.0.5": True, 860 "v6.4.4": True, 861 "v6.4.0": True, 862 "v6.4.1": True, 863 "v6.2.0": True, 864 "v6.2.3": True, 865 "v6.2.5": True, 866 "v6.2.7": True, 867 "v6.0.11": True 868 } 869 }, 870 "unknown_http_version": { 871 "type": "string", 872 "options": [ 873 { 874 "value": "reject", 875 "revisions": { 876 "v6.0.0": True, 877 "v7.0.0": True, 878 "v6.0.5": True, 879 "v6.4.4": True, 880 "v6.4.0": True, 881 "v6.4.1": True, 882 "v6.2.0": True, 883 "v6.2.3": True, 884 "v6.2.5": True, 885 "v6.2.7": True, 886 "v6.0.11": True 887 } 888 }, 889 { 890 "value": "best-effort", 891 "revisions": { 892 "v6.0.0": True, 893 "v7.0.0": True, 894 "v6.0.5": True, 895 "v6.4.4": True, 896 "v6.4.0": True, 897 "v6.4.1": True, 898 "v6.2.0": True, 899 "v6.2.3": True, 900 "v6.2.5": True, 901 "v6.2.7": True, 902 "v6.0.11": True 903 } 904 }, 905 { 906 "value": "tunnel", 907 "revisions": { 908 "v6.4.4": True, 909 "v7.0.0": True, 910 "v6.4.0": True, 911 "v6.4.1": True 912 } 913 } 914 ], 915 "revisions": { 916 "v6.0.0": True, 917 "v7.0.0": True, 918 "v6.0.5": True, 919 "v6.4.4": True, 920 "v6.4.0": True, 921 "v6.4.1": True, 922 "v6.2.0": True, 923 "v6.2.3": True, 924 "v6.2.5": True, 925 "v6.2.7": True, 926 "v6.0.11": True 927 } 928 }, 929 "sec_default_action": { 930 "type": "string", 931 "options": [ 932 { 933 "value": "accept", 934 "revisions": { 935 "v6.0.0": True, 936 "v7.0.0": True, 937 "v6.0.5": True, 938 "v6.4.4": True, 939 "v6.4.0": True, 940 "v6.4.1": True, 941 "v6.2.0": True, 942 "v6.2.3": True, 943 "v6.2.5": True, 944 "v6.2.7": True, 945 "v6.0.11": True 946 } 947 }, 948 { 949 "value": "deny", 950 "revisions": { 951 "v6.0.0": True, 952 "v7.0.0": True, 953 "v6.0.5": True, 954 "v6.4.4": True, 955 "v6.4.0": True, 956 "v6.4.1": True, 957 "v6.2.0": True, 958 "v6.2.3": True, 959 "v6.2.5": True, 960 "v6.2.7": True, 961 "v6.0.11": True 962 } 963 } 964 ], 965 "revisions": { 966 "v6.0.0": True, 967 "v7.0.0": True, 968 "v6.0.5": True, 969 "v6.4.4": True, 970 "v6.4.0": True, 971 "v6.4.1": True, 972 "v6.2.0": True, 973 "v6.2.3": True, 974 "v6.2.5": True, 975 "v6.2.7": True, 976 "v6.0.11": True 977 } 978 }, 979 "realm": { 980 "type": "string", 981 "revisions": { 982 "v6.0.0": True, 983 "v7.0.0": True, 984 "v6.0.5": True, 985 "v6.4.4": True, 986 "v6.4.0": True, 987 "v6.4.1": True, 988 "v6.2.0": True, 989 "v6.2.3": True, 990 "v6.2.5": True, 991 "v6.2.7": True, 992 "v6.0.11": True 993 } 994 }, 995 "ssl_algorithm": { 996 "type": "string", 997 "options": [ 998 { 999 "value": "high", 1000 "revisions": { 1001 "v6.0.0": True, 1002 "v7.0.0": True, 1003 "v6.0.5": True, 1004 "v6.4.4": True, 1005 "v6.4.0": True, 1006 "v6.4.1": True, 1007 "v6.2.0": True, 1008 "v6.2.3": True, 1009 "v6.2.5": True, 1010 "v6.2.7": True, 1011 "v6.0.11": True 1012 } 1013 }, 1014 { 1015 "value": "medium", 1016 "revisions": { 1017 "v6.0.0": True, 1018 "v7.0.0": True, 1019 "v6.0.5": True, 1020 "v6.4.4": True, 1021 "v6.4.0": True, 1022 "v6.4.1": True, 1023 "v6.2.0": True, 1024 "v6.2.3": True, 1025 "v6.2.5": True, 1026 "v6.2.7": True, 1027 "v6.0.11": True 1028 } 1029 }, 1030 { 1031 "value": "low", 1032 "revisions": { 1033 "v6.0.0": True, 1034 "v7.0.0": True, 1035 "v6.0.5": True, 1036 "v6.4.4": True, 1037 "v6.4.0": True, 1038 "v6.4.1": True, 1039 "v6.2.0": True, 1040 "v6.2.3": True, 1041 "v6.2.5": True, 1042 "v6.2.7": True, 1043 "v6.0.11": True 1044 } 1045 } 1046 ], 1047 "revisions": { 1048 "v6.0.0": True, 1049 "v7.0.0": True, 1050 "v6.0.5": True, 1051 "v6.4.4": True, 1052 "v6.4.0": True, 1053 "v6.4.1": True, 1054 "v6.2.0": True, 1055 "v6.2.3": True, 1056 "v6.2.5": True, 1057 "v6.2.7": True, 1058 "v6.0.11": True 1059 } 1060 }, 1061 "trace_auth_no_rsp": { 1062 "type": "string", 1063 "options": [ 1064 { 1065 "value": "enable", 1066 "revisions": { 1067 "v6.0.0": True, 1068 "v7.0.0": True, 1069 "v6.0.5": True, 1070 "v6.4.4": True, 1071 "v6.4.0": True, 1072 "v6.4.1": True, 1073 "v6.2.0": True, 1074 "v6.2.3": True, 1075 "v6.2.5": True, 1076 "v6.2.7": True, 1077 "v6.0.11": True 1078 } 1079 }, 1080 { 1081 "value": "disable", 1082 "revisions": { 1083 "v6.0.0": True, 1084 "v7.0.0": True, 1085 "v6.0.5": True, 1086 "v6.4.4": True, 1087 "v6.4.0": True, 1088 "v6.4.1": True, 1089 "v6.2.0": True, 1090 "v6.2.3": True, 1091 "v6.2.5": True, 1092 "v6.2.7": True, 1093 "v6.0.11": True 1094 } 1095 } 1096 ], 1097 "revisions": { 1098 "v6.0.0": True, 1099 "v7.0.0": True, 1100 "v6.0.5": True, 1101 "v6.4.4": True, 1102 "v6.4.0": True, 1103 "v6.4.1": True, 1104 "v6.2.0": True, 1105 "v6.2.3": True, 1106 "v6.2.5": True, 1107 "v6.2.7": True, 1108 "v6.0.11": True 1109 } 1110 }, 1111 "pac_file_name": { 1112 "type": "string", 1113 "revisions": { 1114 "v6.0.0": True, 1115 "v7.0.0": True, 1116 "v6.0.5": True, 1117 "v6.4.4": True, 1118 "v6.4.0": True, 1119 "v6.4.1": True, 1120 "v6.2.0": True, 1121 "v6.2.3": True, 1122 "v6.2.5": True, 1123 "v6.2.7": True, 1124 "v6.0.11": True 1125 } 1126 }, 1127 "status": { 1128 "type": "string", 1129 "options": [ 1130 { 1131 "value": "enable", 1132 "revisions": { 1133 "v6.0.0": True, 1134 "v7.0.0": True, 1135 "v6.0.5": True, 1136 "v6.4.4": True, 1137 "v6.4.0": True, 1138 "v6.4.1": True, 1139 "v6.2.0": True, 1140 "v6.2.3": True, 1141 "v6.2.5": True, 1142 "v6.2.7": True, 1143 "v6.0.11": True 1144 } 1145 }, 1146 { 1147 "value": "disable", 1148 "revisions": { 1149 "v6.0.0": True, 1150 "v7.0.0": True, 1151 "v6.0.5": True, 1152 "v6.4.4": True, 1153 "v6.4.0": True, 1154 "v6.4.1": True, 1155 "v6.2.0": True, 1156 "v6.2.3": True, 1157 "v6.2.5": True, 1158 "v6.2.7": True, 1159 "v6.0.11": True 1160 } 1161 } 1162 ], 1163 "revisions": { 1164 "v6.0.0": True, 1165 "v7.0.0": True, 1166 "v6.0.5": True, 1167 "v6.4.4": True, 1168 "v6.4.0": True, 1169 "v6.4.1": True, 1170 "v6.2.0": True, 1171 "v6.2.3": True, 1172 "v6.2.5": True, 1173 "v6.2.7": True, 1174 "v6.0.11": True 1175 } 1176 }, 1177 "strict_guest": { 1178 "type": "string", 1179 "options": [ 1180 { 1181 "value": "enable", 1182 "revisions": { 1183 "v6.0.0": True, 1184 "v7.0.0": True, 1185 "v6.0.5": True, 1186 "v6.4.4": True, 1187 "v6.4.0": True, 1188 "v6.4.1": True, 1189 "v6.2.0": True, 1190 "v6.2.3": True, 1191 "v6.2.5": True, 1192 "v6.2.7": True, 1193 "v6.0.11": True 1194 } 1195 }, 1196 { 1197 "value": "disable", 1198 "revisions": { 1199 "v6.0.0": True, 1200 "v7.0.0": True, 1201 "v6.0.5": True, 1202 "v6.4.4": True, 1203 "v6.4.0": True, 1204 "v6.4.1": True, 1205 "v6.2.0": True, 1206 "v6.2.3": True, 1207 "v6.2.5": True, 1208 "v6.2.7": True, 1209 "v6.0.11": True 1210 } 1211 } 1212 ], 1213 "revisions": { 1214 "v6.0.0": True, 1215 "v7.0.0": True, 1216 "v6.0.5": True, 1217 "v6.4.4": True, 1218 "v6.4.0": True, 1219 "v6.4.1": True, 1220 "v6.2.0": True, 1221 "v6.2.3": True, 1222 "v6.2.5": True, 1223 "v6.2.7": True, 1224 "v6.0.11": True 1225 } 1226 }, 1227 "https_replacement_message": { 1228 "type": "string", 1229 "options": [ 1230 { 1231 "value": "enable", 1232 "revisions": { 1233 "v6.0.0": True, 1234 "v7.0.0": True, 1235 "v6.0.5": True, 1236 "v6.4.4": True, 1237 "v6.4.0": True, 1238 "v6.4.1": True, 1239 "v6.2.0": True, 1240 "v6.2.3": True, 1241 "v6.2.5": True, 1242 "v6.2.7": True, 1243 "v6.0.11": True 1244 } 1245 }, 1246 { 1247 "value": "disable", 1248 "revisions": { 1249 "v6.0.0": True, 1250 "v7.0.0": True, 1251 "v6.0.5": True, 1252 "v6.4.4": True, 1253 "v6.4.0": True, 1254 "v6.4.1": True, 1255 "v6.2.0": True, 1256 "v6.2.3": True, 1257 "v6.2.5": True, 1258 "v6.2.7": True, 1259 "v6.0.11": True 1260 } 1261 } 1262 ], 1263 "revisions": { 1264 "v6.0.0": True, 1265 "v7.0.0": True, 1266 "v6.0.5": True, 1267 "v6.4.4": True, 1268 "v6.4.0": True, 1269 "v6.4.1": True, 1270 "v6.2.0": True, 1271 "v6.2.3": True, 1272 "v6.2.5": True, 1273 "v6.2.7": True, 1274 "v6.0.11": True 1275 } 1276 }, 1277 "https_incoming_port": { 1278 "type": "string", 1279 "revisions": { 1280 "v6.0.0": True, 1281 "v7.0.0": True, 1282 "v6.0.5": True, 1283 "v6.4.4": True, 1284 "v6.4.0": True, 1285 "v6.4.1": True, 1286 "v6.2.0": True, 1287 "v6.2.3": True, 1288 "v6.2.5": True, 1289 "v6.2.7": True, 1290 "v6.0.11": True 1291 } 1292 }, 1293 "ipv6_status": { 1294 "type": "string", 1295 "options": [ 1296 { 1297 "value": "enable", 1298 "revisions": { 1299 "v6.0.0": True, 1300 "v7.0.0": True, 1301 "v6.0.5": True, 1302 "v6.4.4": True, 1303 "v6.4.0": True, 1304 "v6.4.1": True, 1305 "v6.2.0": True, 1306 "v6.2.3": True, 1307 "v6.2.5": True, 1308 "v6.2.7": True, 1309 "v6.0.11": True 1310 } 1311 }, 1312 { 1313 "value": "disable", 1314 "revisions": { 1315 "v6.0.0": True, 1316 "v7.0.0": True, 1317 "v6.0.5": True, 1318 "v6.4.4": True, 1319 "v6.4.0": True, 1320 "v6.4.1": True, 1321 "v6.2.0": True, 1322 "v6.2.3": True, 1323 "v6.2.5": True, 1324 "v6.2.7": True, 1325 "v6.0.11": True 1326 } 1327 } 1328 ], 1329 "revisions": { 1330 "v6.0.0": True, 1331 "v7.0.0": True, 1332 "v6.0.5": True, 1333 "v6.4.4": True, 1334 "v6.4.0": True, 1335 "v6.4.1": True, 1336 "v6.2.0": True, 1337 "v6.2.3": True, 1338 "v6.2.5": True, 1339 "v6.2.7": True, 1340 "v6.0.11": True 1341 } 1342 }, 1343 "socks_incoming_port": { 1344 "type": "string", 1345 "revisions": { 1346 "v6.0.0": True, 1347 "v7.0.0": True, 1348 "v6.0.5": True, 1349 "v6.4.4": True, 1350 "v6.4.0": True, 1351 "v6.4.1": True, 1352 "v6.2.0": True, 1353 "v6.2.3": True, 1354 "v6.2.5": True, 1355 "v6.2.7": True, 1356 "v6.0.11": True 1357 } 1358 }, 1359 "message_upon_server_error": { 1360 "type": "string", 1361 "options": [ 1362 { 1363 "value": "enable", 1364 "revisions": { 1365 "v6.0.0": True, 1366 "v7.0.0": True, 1367 "v6.0.5": True, 1368 "v6.4.4": True, 1369 "v6.4.0": True, 1370 "v6.4.1": True, 1371 "v6.2.0": True, 1372 "v6.2.3": True, 1373 "v6.2.5": True, 1374 "v6.2.7": True, 1375 "v6.0.11": True 1376 } 1377 }, 1378 { 1379 "value": "disable", 1380 "revisions": { 1381 "v6.0.0": True, 1382 "v7.0.0": True, 1383 "v6.0.5": True, 1384 "v6.4.4": True, 1385 "v6.4.0": True, 1386 "v6.4.1": True, 1387 "v6.2.0": True, 1388 "v6.2.3": True, 1389 "v6.2.5": True, 1390 "v6.2.7": True, 1391 "v6.0.11": True 1392 } 1393 } 1394 ], 1395 "revisions": { 1396 "v6.0.0": True, 1397 "v7.0.0": True, 1398 "v6.0.5": True, 1399 "v6.4.4": True, 1400 "v6.4.0": True, 1401 "v6.4.1": True, 1402 "v6.2.0": True, 1403 "v6.2.3": True, 1404 "v6.2.5": True, 1405 "v6.2.7": True, 1406 "v6.0.11": True 1407 } 1408 }, 1409 "pref_dns_result": { 1410 "type": "string", 1411 "options": [ 1412 { 1413 "value": "ipv4", 1414 "revisions": { 1415 "v6.0.0": True, 1416 "v7.0.0": True, 1417 "v6.0.5": True, 1418 "v6.4.4": True, 1419 "v6.4.0": True, 1420 "v6.4.1": True, 1421 "v6.2.0": True, 1422 "v6.2.3": True, 1423 "v6.2.5": True, 1424 "v6.2.7": True, 1425 "v6.0.11": True 1426 } 1427 }, 1428 { 1429 "value": "ipv6", 1430 "revisions": { 1431 "v6.0.0": True, 1432 "v7.0.0": True, 1433 "v6.0.5": True, 1434 "v6.4.4": True, 1435 "v6.4.0": True, 1436 "v6.4.1": True, 1437 "v6.2.0": True, 1438 "v6.2.3": True, 1439 "v6.2.5": True, 1440 "v6.2.7": True, 1441 "v6.0.11": True 1442 } 1443 } 1444 ], 1445 "revisions": { 1446 "v6.0.0": True, 1447 "v7.0.0": True, 1448 "v6.0.5": True, 1449 "v6.4.4": True, 1450 "v6.4.0": True, 1451 "v6.4.1": True, 1452 "v6.2.0": True, 1453 "v6.2.3": True, 1454 "v6.2.5": True, 1455 "v6.2.7": True, 1456 "v6.0.11": True 1457 } 1458 }, 1459 "pac_file_data": { 1460 "type": "string", 1461 "revisions": { 1462 "v6.0.0": True, 1463 "v7.0.0": True, 1464 "v6.0.5": True, 1465 "v6.4.4": True, 1466 "v6.4.0": True, 1467 "v6.4.1": True, 1468 "v6.2.0": True, 1469 "v6.2.3": True, 1470 "v6.2.5": True, 1471 "v6.2.7": True, 1472 "v6.0.11": True 1473 } 1474 }, 1475 "incoming_ip6": { 1476 "type": "string", 1477 "revisions": { 1478 "v6.0.0": True, 1479 "v7.0.0": True, 1480 "v6.0.5": True, 1481 "v6.4.4": True, 1482 "v6.4.0": True, 1483 "v6.4.1": True, 1484 "v6.2.0": True, 1485 "v6.2.3": True, 1486 "v6.2.5": True, 1487 "v6.2.7": True, 1488 "v6.0.11": True 1489 } 1490 }, 1491 "ftp_over_http": { 1492 "type": "string", 1493 "options": [ 1494 { 1495 "value": "enable", 1496 "revisions": { 1497 "v6.0.0": True, 1498 "v7.0.0": True, 1499 "v6.0.5": True, 1500 "v6.4.4": True, 1501 "v6.4.0": True, 1502 "v6.4.1": True, 1503 "v6.2.0": True, 1504 "v6.2.3": True, 1505 "v6.2.5": True, 1506 "v6.2.7": True, 1507 "v6.0.11": True 1508 } 1509 }, 1510 { 1511 "value": "disable", 1512 "revisions": { 1513 "v6.0.0": True, 1514 "v7.0.0": True, 1515 "v6.0.5": True, 1516 "v6.4.4": True, 1517 "v6.4.0": True, 1518 "v6.4.1": True, 1519 "v6.2.0": True, 1520 "v6.2.3": True, 1521 "v6.2.5": True, 1522 "v6.2.7": True, 1523 "v6.0.11": True 1524 } 1525 } 1526 ], 1527 "revisions": { 1528 "v6.0.0": True, 1529 "v7.0.0": True, 1530 "v6.0.5": True, 1531 "v6.4.4": True, 1532 "v6.4.0": True, 1533 "v6.4.1": True, 1534 "v6.2.0": True, 1535 "v6.2.3": True, 1536 "v6.2.5": True, 1537 "v6.2.7": True, 1538 "v6.0.11": True 1539 } 1540 }, 1541 "http_incoming_port": { 1542 "type": "string", 1543 "revisions": { 1544 "v6.0.0": True, 1545 "v7.0.0": True, 1546 "v6.0.5": True, 1547 "v6.4.4": True, 1548 "v6.4.0": True, 1549 "v6.4.1": True, 1550 "v6.2.0": True, 1551 "v6.2.3": True, 1552 "v6.2.5": True, 1553 "v6.2.7": True, 1554 "v6.0.11": True 1555 } 1556 }, 1557 "pac_file_url": { 1558 "type": "string", 1559 "revisions": { 1560 "v6.0.0": True, 1561 "v7.0.0": True, 1562 "v6.0.5": True, 1563 "v6.4.4": True, 1564 "v6.4.0": True, 1565 "v6.4.1": True, 1566 "v6.2.0": True, 1567 "v6.2.3": True, 1568 "v6.2.5": True, 1569 "v6.2.7": True, 1570 "v6.0.11": True 1571 } 1572 }, 1573 "pac_file_server_port": { 1574 "type": "string", 1575 "revisions": { 1576 "v6.0.0": True, 1577 "v7.0.0": True, 1578 "v6.0.5": True, 1579 "v6.4.4": True, 1580 "v6.4.0": True, 1581 "v6.4.1": True, 1582 "v6.2.0": True, 1583 "v6.2.3": True, 1584 "v6.2.5": True, 1585 "v6.2.7": True, 1586 "v6.0.11": True 1587 } 1588 } 1589 }, 1590 "revisions": { 1591 "v6.0.0": True, 1592 "v7.0.0": True, 1593 "v6.0.5": True, 1594 "v6.4.4": True, 1595 "v6.4.0": True, 1596 "v6.4.1": True, 1597 "v6.2.0": True, 1598 "v6.2.3": True, 1599 "v6.2.5": True, 1600 "v6.2.7": True, 1601 "v6.0.11": True 1602 } 1603} 1604 1605 1606def main(): 1607 module_spec = schema_to_module_spec(versioned_schema) 1608 mkeyname = None 1609 fields = { 1610 "access_token": {"required": False, "type": "str", "no_log": True}, 1611 "enable_log": {"required": False, "type": bool}, 1612 "vdom": {"required": False, "type": "str", "default": "root"}, 1613 "web_proxy_explicit": { 1614 "required": False, "type": "dict", "default": None, 1615 "options": { 1616 } 1617 } 1618 } 1619 for attribute_name in module_spec['options']: 1620 fields["web_proxy_explicit"]['options'][attribute_name] = module_spec['options'][attribute_name] 1621 if mkeyname and mkeyname == attribute_name: 1622 fields["web_proxy_explicit"]['options'][attribute_name]['required'] = True 1623 1624 check_legacy_fortiosapi() 1625 module = AnsibleModule(argument_spec=fields, 1626 supports_check_mode=False) 1627 1628 versions_check_result = None 1629 if module._socket_path: 1630 connection = Connection(module._socket_path) 1631 if 'access_token' in module.params: 1632 connection.set_option('access_token', module.params['access_token']) 1633 1634 if 'enable_log' in module.params: 1635 connection.set_option('enable_log', module.params['enable_log']) 1636 else: 1637 connection.set_option('enable_log', False) 1638 fos = FortiOSHandler(connection, module, mkeyname) 1639 versions_check_result = check_schema_versioning(fos, versioned_schema, "web_proxy_explicit") 1640 1641 is_error, has_changed, result = fortios_web_proxy(module.params, fos) 1642 1643 else: 1644 module.fail_json(**FAIL_SOCKET_MSG) 1645 1646 if versions_check_result and versions_check_result['matched'] is False: 1647 module.warn("Ansible has detected version mismatch between FortOS system and your playbook, see more details by specifying option -vvv") 1648 1649 if not is_error: 1650 if versions_check_result and versions_check_result['matched'] is False: 1651 module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) 1652 else: 1653 module.exit_json(changed=has_changed, meta=result) 1654 else: 1655 if versions_check_result and versions_check_result['matched'] is False: 1656 module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) 1657 else: 1658 module.fail_json(msg="Error in repo", meta=result) 1659 1660 1661if __name__ == '__main__': 1662 main() 1663