1#!/usr/local/bin/python3.8 2from __future__ import (absolute_import, division, print_function) 3# Copyright 2019-2020 Fortinet, Inc. 4# 5# This program is free software: you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation, either version 3 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <https://www.gnu.org/licenses/>. 17 18__metaclass__ = type 19 20ANSIBLE_METADATA = {'status': ['preview'], 21 'supported_by': 'community', 22 'metadata_version': '1.1'} 23 24DOCUMENTATION = ''' 25--- 26module: fortios_system_csf 27short_description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate in Fortinet's FortiOS and FortiGate. 28description: 29 - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the 30 user to set and modify system feature and csf category. 31 Examples include all parameters and values need to be adjusted to datasources before usage. 32 Tested with FOS v6.0.0 33version_added: "2.10" 34author: 35 - Link Zheng (@chillancezen) 36 - Jie Xue (@JieX19) 37 - Hongbin Lu (@fgtdev-hblu) 38 - Frank Shen (@frankshen01) 39 - Miguel Angel Munoz (@mamunozgonzalez) 40 - Nicolas Thomas (@thomnico) 41notes: 42 - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks 43 44requirements: 45 - ansible>=2.9.0 46options: 47 access_token: 48 description: 49 - Token-based authentication. 50 Generated from GUI of Fortigate. 51 type: str 52 required: false 53 enable_log: 54 description: 55 - Enable/Disable logging for task. 56 type: bool 57 required: false 58 default: false 59 vdom: 60 description: 61 - Virtual domain, among those defined previously. A vdom is a 62 virtual instance of the FortiGate that can be configured and 63 used as a different unit. 64 type: str 65 default: root 66 67 system_csf: 68 description: 69 - Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate. 70 default: null 71 type: dict 72 suboptions: 73 accept_auth_by_cert: 74 description: 75 - Accept connections with unknown certificates and ask admin for approval. 76 type: str 77 choices: 78 - disable 79 - enable 80 authorization_request_type: 81 description: 82 - Authorization request type. 83 type: str 84 choices: 85 - serial 86 - certificate 87 certificate: 88 description: 89 - Certificate. Source certificate.local.name. 90 type: str 91 configuration_sync: 92 description: 93 - Configuration sync mode. 94 type: str 95 choices: 96 - default 97 - local 98 downstream_access: 99 description: 100 - Enable/disable downstream device access to this device"s configuration and data. 101 type: str 102 choices: 103 - enable 104 - disable 105 downstream_accprofile: 106 description: 107 - Default access profile for requests from downstream devices. Source system.accprofile.name. 108 type: str 109 fabric_connector: 110 description: 111 - Fabric connector configuration. 112 type: list 113 suboptions: 114 accprofile: 115 description: 116 - Override access profile. Source system.accprofile.name. 117 type: str 118 configuration_write_access: 119 description: 120 - Enable/disable downstream device write access to configuration. 121 type: str 122 choices: 123 - enable 124 - disable 125 serial: 126 description: 127 - Serial. 128 required: true 129 type: str 130 fabric_device: 131 description: 132 - Fabric device configuration. 133 type: list 134 suboptions: 135 access_token: 136 description: 137 - Device access token. 138 type: varlen_password 139 device_ip: 140 description: 141 - Device IP. 142 type: str 143 device_type: 144 description: 145 - Device type. 146 type: str 147 choices: 148 - fortimail 149 https_port: 150 description: 151 - HTTPS port for fabric device. 152 type: int 153 login: 154 description: 155 - Device login name. 156 type: str 157 name: 158 description: 159 - Device name. 160 required: true 161 type: str 162 password: 163 description: 164 - Device login password. 165 type: str 166 fabric_object_unification: 167 description: 168 - Fabric CMDB Object Unification. 169 type: str 170 choices: 171 - default 172 - local 173 fabric_workers: 174 description: 175 - Number of worker processes for Security Fabric daemon. 176 type: int 177 fixed_key: 178 description: 179 - Auto-generated fixed key used when this device is the root. (Will automatically be generated if not set.) 180 type: str 181 group_name: 182 description: 183 - Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. 184 type: str 185 group_password: 186 description: 187 - Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. 188 type: str 189 log_unification: 190 description: 191 - Enable/disable broadcast of discovery messages for log unification. 192 type: str 193 choices: 194 - disable 195 - enable 196 management_ip: 197 description: 198 - Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. 199 type: str 200 management_port: 201 description: 202 - Overriding port for management connection (Overrides admin port). 203 type: int 204 saml_configuration_sync: 205 description: 206 - SAML setting configuration synchronization. 207 type: str 208 choices: 209 - default 210 - local 211 status: 212 description: 213 - Enable/disable Security Fabric. 214 type: str 215 choices: 216 - enable 217 - disable 218 trusted_list: 219 description: 220 - Pre-authorized and blocked security fabric nodes. 221 type: list 222 suboptions: 223 action: 224 description: 225 - Security fabric authorization action. 226 type: str 227 choices: 228 - accept 229 - deny 230 authorization_type: 231 description: 232 - Authorization type. 233 type: str 234 choices: 235 - serial 236 - certificate 237 certificate: 238 description: 239 - Certificate. 240 type: str 241 downstream_authorization: 242 description: 243 - Trust authorizations by this node"s administrator. 244 type: str 245 choices: 246 - enable 247 - disable 248 ha_members: 249 description: 250 - HA members. 251 type: str 252 name: 253 description: 254 - Name. 255 type: str 256 serial: 257 description: 258 - Serial. 259 required: true 260 type: str 261 upstream_ip: 262 description: 263 - IP address of the FortiGate upstream from this FortiGate in the Security Fabric. 264 type: str 265 upstream_port: 266 description: 267 - The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric . 268 type: int 269''' 270 271EXAMPLES = ''' 272- hosts: fortigates 273 collections: 274 - fortinet.fortios 275 connection: httpapi 276 vars: 277 vdom: "root" 278 ansible_httpapi_use_ssl: yes 279 ansible_httpapi_validate_certs: no 280 ansible_httpapi_port: 443 281 tasks: 282 - name: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate. 283 fortios_system_csf: 284 vdom: "{{ vdom }}" 285 system_csf: 286 accept_auth_by_cert: "disable" 287 authorization_request_type: "serial" 288 certificate: "<your_own_value> (source certificate.local.name)" 289 configuration_sync: "default" 290 downstream_access: "enable" 291 downstream_accprofile: "<your_own_value> (source system.accprofile.name)" 292 fabric_connector: 293 - 294 accprofile: "<your_own_value> (source system.accprofile.name)" 295 configuration_write_access: "enable" 296 serial: "<your_own_value>" 297 fabric_device: 298 - 299 access_token: "<your_own_value>" 300 device_ip: "<your_own_value>" 301 device_type: "fortimail" 302 https_port: "17" 303 login: "<your_own_value>" 304 name: "default_name_19" 305 password: "<your_own_value>" 306 fabric_object_unification: "default" 307 fabric_workers: "22" 308 fixed_key: "<your_own_value>" 309 group_name: "<your_own_value>" 310 group_password: "<your_own_value>" 311 log_unification: "disable" 312 management_ip: "<your_own_value>" 313 management_port: "28" 314 saml_configuration_sync: "default" 315 status: "enable" 316 trusted_list: 317 - 318 action: "accept" 319 authorization_type: "serial" 320 certificate: "<your_own_value>" 321 downstream_authorization: "enable" 322 ha_members: "<your_own_value>" 323 name: "default_name_37" 324 serial: "<your_own_value>" 325 upstream_ip: "<your_own_value>" 326 upstream_port: "40" 327 328''' 329 330RETURN = ''' 331build: 332 description: Build number of the fortigate image 333 returned: always 334 type: str 335 sample: '1547' 336http_method: 337 description: Last method used to provision the content into FortiGate 338 returned: always 339 type: str 340 sample: 'PUT' 341http_status: 342 description: Last result given by FortiGate on last operation applied 343 returned: always 344 type: str 345 sample: "200" 346mkey: 347 description: Master key (id) used in the last call to FortiGate 348 returned: success 349 type: str 350 sample: "id" 351name: 352 description: Name of the table used to fulfill the request 353 returned: always 354 type: str 355 sample: "urlfilter" 356path: 357 description: Path of the table used to fulfill the request 358 returned: always 359 type: str 360 sample: "webfilter" 361revision: 362 description: Internal revision number 363 returned: always 364 type: str 365 sample: "17.0.2.10658" 366serial: 367 description: Serial number of the unit 368 returned: always 369 type: str 370 sample: "FGVMEVYYQT3AB5352" 371status: 372 description: Indication of the operation's result 373 returned: always 374 type: str 375 sample: "success" 376vdom: 377 description: Virtual domain used 378 returned: always 379 type: str 380 sample: "root" 381version: 382 description: Version of the FortiGate 383 returned: always 384 type: str 385 sample: "v5.6.3" 386 387''' 388from ansible.module_utils.basic import AnsibleModule 389from ansible.module_utils.connection import Connection 390from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler 391from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi 392from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import schema_to_module_spec 393from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_schema_versioning 394from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG 395from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import is_same_comparison 396from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import serialize 397 398 399def filter_system_csf_data(json): 400 option_list = ['accept_auth_by_cert', 'authorization_request_type', 'certificate', 401 'configuration_sync', 'downstream_access', 'downstream_accprofile', 402 'fabric_connector', 'fabric_device', 'fabric_object_unification', 403 'fabric_workers', 'fixed_key', 'group_name', 404 'group_password', 'log_unification', 'management_ip', 405 'management_port', 'saml_configuration_sync', 'status', 406 'trusted_list', 'upstream_ip', 'upstream_port'] 407 dictionary = {} 408 409 for attribute in option_list: 410 if attribute in json and json[attribute] is not None: 411 dictionary[attribute] = json[attribute] 412 413 return dictionary 414 415 416def underscore_to_hyphen(data): 417 if isinstance(data, list): 418 for i, elem in enumerate(data): 419 data[i] = underscore_to_hyphen(elem) 420 elif isinstance(data, dict): 421 new_data = {} 422 for k, v in data.items(): 423 new_data[k.replace('_', '-')] = underscore_to_hyphen(v) 424 data = new_data 425 426 return data 427 428 429def system_csf(data, fos): 430 vdom = data['vdom'] 431 system_csf_data = data['system_csf'] 432 filtered_data = underscore_to_hyphen(filter_system_csf_data(system_csf_data)) 433 434 return fos.set('system', 435 'csf', 436 data=filtered_data, 437 vdom=vdom) 438 439 440def is_successful_status(status): 441 return status['status'] == "success" or \ 442 status['http_method'] == "DELETE" and status['http_status'] == 404 443 444 445def fortios_system(data, fos): 446 447 if data['system_csf']: 448 resp = system_csf(data, fos) 449 else: 450 fos._module.fail_json(msg='missing task body: %s' % ('system_csf')) 451 452 return not is_successful_status(resp), \ 453 resp['status'] == "success" and \ 454 (resp['revision_changed'] if 'revision_changed' in resp else True), \ 455 resp 456 457 458versioned_schema = { 459 "type": "dict", 460 "children": { 461 "status": { 462 "type": "string", 463 "options": [ 464 { 465 "value": "enable", 466 "revisions": { 467 "v6.0.0": True, 468 "v7.0.0": True, 469 "v6.0.5": True, 470 "v6.4.4": True, 471 "v6.4.0": True, 472 "v6.4.1": True, 473 "v6.2.0": True, 474 "v6.2.3": True, 475 "v6.2.5": True, 476 "v6.2.7": True, 477 "v6.0.11": True 478 } 479 }, 480 { 481 "value": "disable", 482 "revisions": { 483 "v6.0.0": True, 484 "v7.0.0": True, 485 "v6.0.5": True, 486 "v6.4.4": True, 487 "v6.4.0": True, 488 "v6.4.1": True, 489 "v6.2.0": True, 490 "v6.2.3": True, 491 "v6.2.5": True, 492 "v6.2.7": True, 493 "v6.0.11": True 494 } 495 } 496 ], 497 "revisions": { 498 "v6.0.0": True, 499 "v7.0.0": True, 500 "v6.0.5": True, 501 "v6.4.4": True, 502 "v6.4.0": True, 503 "v6.4.1": True, 504 "v6.2.0": True, 505 "v6.2.3": True, 506 "v6.2.5": True, 507 "v6.2.7": True, 508 "v6.0.11": True 509 } 510 }, 511 "saml_configuration_sync": { 512 "type": "string", 513 "options": [ 514 { 515 "value": "default", 516 "revisions": { 517 "v6.4.4": True, 518 "v7.0.0": True, 519 "v6.4.0": True 520 } 521 }, 522 { 523 "value": "local", 524 "revisions": { 525 "v6.4.4": True, 526 "v7.0.0": True, 527 "v6.4.0": True 528 } 529 } 530 ], 531 "revisions": { 532 "v6.4.4": True, 533 "v7.0.0": True, 534 "v6.4.0": True, 535 "v6.4.1": False 536 } 537 }, 538 "authorization_request_type": { 539 "type": "string", 540 "options": [ 541 { 542 "value": "serial", 543 "revisions": { 544 "v6.4.4": True, 545 "v7.0.0": True, 546 "v6.4.0": True 547 } 548 }, 549 { 550 "value": "certificate", 551 "revisions": { 552 "v6.4.4": True, 553 "v7.0.0": True, 554 "v6.4.0": True 555 } 556 } 557 ], 558 "revisions": { 559 "v6.4.4": True, 560 "v7.0.0": True, 561 "v6.4.0": True, 562 "v6.4.1": False 563 } 564 }, 565 "upstream_port": { 566 "type": "integer", 567 "revisions": { 568 "v6.0.0": True, 569 "v7.0.0": True, 570 "v6.0.5": True, 571 "v6.4.4": True, 572 "v6.4.0": True, 573 "v6.4.1": True, 574 "v6.2.0": True, 575 "v6.2.3": True, 576 "v6.2.5": True, 577 "v6.2.7": True, 578 "v6.0.11": True 579 } 580 }, 581 "certificate": { 582 "type": "string", 583 "revisions": { 584 "v6.4.4": True, 585 "v7.0.0": True, 586 "v6.4.0": True, 587 "v6.4.1": False 588 } 589 }, 590 "fabric_workers": { 591 "type": "integer", 592 "revisions": { 593 "v6.4.4": True, 594 "v7.0.0": True 595 } 596 }, 597 "log_unification": { 598 "type": "string", 599 "options": [ 600 { 601 "value": "disable", 602 "revisions": { 603 "v7.0.0": True 604 } 605 }, 606 { 607 "value": "enable", 608 "revisions": { 609 "v7.0.0": True 610 } 611 } 612 ], 613 "revisions": { 614 "v7.0.0": True 615 } 616 }, 617 "fixed_key": { 618 "type": "string", 619 "revisions": { 620 "v6.0.0": True, 621 "v7.0.0": False, 622 "v6.0.5": True, 623 "v6.4.4": False, 624 "v6.4.0": False, 625 "v6.4.1": False, 626 "v6.2.0": False, 627 "v6.2.3": True, 628 "v6.2.5": False, 629 "v6.2.7": False, 630 "v6.0.11": True 631 } 632 }, 633 "fabric_object_unification": { 634 "type": "string", 635 "options": [ 636 { 637 "value": "default", 638 "revisions": { 639 "v6.4.4": True, 640 "v7.0.0": True, 641 "v6.4.0": True, 642 "v6.4.1": True 643 } 644 }, 645 { 646 "value": "local", 647 "revisions": { 648 "v6.4.4": True, 649 "v7.0.0": True, 650 "v6.4.0": True, 651 "v6.4.1": True 652 } 653 } 654 ], 655 "revisions": { 656 "v6.4.4": True, 657 "v7.0.0": True, 658 "v6.4.0": True, 659 "v6.4.1": True 660 } 661 }, 662 "management_port": { 663 "type": "integer", 664 "revisions": { 665 "v6.0.0": True, 666 "v7.0.0": False, 667 "v6.0.5": True, 668 "v6.4.4": True, 669 "v6.4.0": True, 670 "v6.4.1": True, 671 "v6.2.0": True, 672 "v6.2.3": True, 673 "v6.2.5": True, 674 "v6.2.7": True, 675 "v6.0.11": True 676 } 677 }, 678 "group_name": { 679 "type": "string", 680 "revisions": { 681 "v6.0.0": True, 682 "v7.0.0": True, 683 "v6.0.5": True, 684 "v6.4.4": True, 685 "v6.4.0": True, 686 "v6.4.1": True, 687 "v6.2.0": True, 688 "v6.2.3": True, 689 "v6.2.5": True, 690 "v6.2.7": True, 691 "v6.0.11": True 692 } 693 }, 694 "trusted_list": { 695 "type": "list", 696 "children": { 697 "authorization_type": { 698 "type": "string", 699 "options": [ 700 { 701 "value": "serial", 702 "revisions": { 703 "v6.4.4": True, 704 "v7.0.0": True, 705 "v6.4.0": True 706 } 707 }, 708 { 709 "value": "certificate", 710 "revisions": { 711 "v6.4.4": True, 712 "v7.0.0": True, 713 "v6.4.0": True 714 } 715 } 716 ], 717 "revisions": { 718 "v6.4.4": True, 719 "v7.0.0": True, 720 "v6.4.0": True, 721 "v6.4.1": False 722 } 723 }, 724 "name": { 725 "type": "string", 726 "revisions": { 727 "v6.4.4": True, 728 "v7.0.0": True, 729 "v6.4.0": True, 730 "v6.4.1": False 731 } 732 }, 733 "certificate": { 734 "type": "string", 735 "revisions": { 736 "v6.4.4": True, 737 "v7.0.0": True, 738 "v6.4.0": True, 739 "v6.4.1": False 740 } 741 }, 742 "ha_members": { 743 "type": "string", 744 "revisions": { 745 "v6.0.0": True, 746 "v7.0.0": True, 747 "v6.0.5": True, 748 "v6.4.4": True, 749 "v6.4.0": True, 750 "v6.4.1": True, 751 "v6.2.0": True, 752 "v6.2.3": True, 753 "v6.2.5": True, 754 "v6.2.7": True, 755 "v6.0.11": True 756 } 757 }, 758 "downstream_authorization": { 759 "type": "string", 760 "options": [ 761 { 762 "value": "enable", 763 "revisions": { 764 "v6.0.0": True, 765 "v7.0.0": True, 766 "v6.0.5": True, 767 "v6.4.4": True, 768 "v6.4.0": True, 769 "v6.4.1": True, 770 "v6.2.0": True, 771 "v6.2.3": True, 772 "v6.2.5": True, 773 "v6.2.7": True, 774 "v6.0.11": True 775 } 776 }, 777 { 778 "value": "disable", 779 "revisions": { 780 "v6.0.0": True, 781 "v7.0.0": True, 782 "v6.0.5": True, 783 "v6.4.4": True, 784 "v6.4.0": True, 785 "v6.4.1": True, 786 "v6.2.0": True, 787 "v6.2.3": True, 788 "v6.2.5": True, 789 "v6.2.7": True, 790 "v6.0.11": True 791 } 792 } 793 ], 794 "revisions": { 795 "v6.0.0": True, 796 "v7.0.0": True, 797 "v6.0.5": True, 798 "v6.4.4": True, 799 "v6.4.0": True, 800 "v6.4.1": True, 801 "v6.2.0": True, 802 "v6.2.3": True, 803 "v6.2.5": True, 804 "v6.2.7": True, 805 "v6.0.11": True 806 } 807 }, 808 "action": { 809 "type": "string", 810 "options": [ 811 { 812 "value": "accept", 813 "revisions": { 814 "v6.0.0": True, 815 "v7.0.0": True, 816 "v6.0.5": True, 817 "v6.4.4": True, 818 "v6.4.0": True, 819 "v6.4.1": True, 820 "v6.2.0": True, 821 "v6.2.3": True, 822 "v6.2.5": True, 823 "v6.2.7": True, 824 "v6.0.11": True 825 } 826 }, 827 { 828 "value": "deny", 829 "revisions": { 830 "v6.0.0": True, 831 "v7.0.0": True, 832 "v6.0.5": True, 833 "v6.4.4": True, 834 "v6.4.0": True, 835 "v6.4.1": True, 836 "v6.2.0": True, 837 "v6.2.3": True, 838 "v6.2.5": True, 839 "v6.2.7": True, 840 "v6.0.11": True 841 } 842 } 843 ], 844 "revisions": { 845 "v6.0.0": True, 846 "v7.0.0": True, 847 "v6.0.5": True, 848 "v6.4.4": True, 849 "v6.4.0": True, 850 "v6.4.1": True, 851 "v6.2.0": True, 852 "v6.2.3": True, 853 "v6.2.5": True, 854 "v6.2.7": True, 855 "v6.0.11": True 856 } 857 }, 858 "serial": { 859 "type": "string", 860 "revisions": { 861 "v6.0.0": True, 862 "v7.0.0": True, 863 "v6.0.5": True, 864 "v6.4.4": True, 865 "v6.4.0": True, 866 "v6.4.1": True, 867 "v6.2.0": True, 868 "v6.2.3": True, 869 "v6.2.5": True, 870 "v6.2.7": True, 871 "v6.0.11": True 872 } 873 } 874 }, 875 "revisions": { 876 "v6.0.0": True, 877 "v7.0.0": True, 878 "v6.0.5": True, 879 "v6.4.4": True, 880 "v6.4.0": True, 881 "v6.4.1": True, 882 "v6.2.0": True, 883 "v6.2.3": True, 884 "v6.2.5": True, 885 "v6.2.7": True, 886 "v6.0.11": True 887 } 888 }, 889 "fabric_device": { 890 "type": "list", 891 "children": { 892 "name": { 893 "type": "string", 894 "revisions": { 895 "v6.0.0": True, 896 "v7.0.0": True, 897 "v6.0.5": True, 898 "v6.4.4": True, 899 "v6.4.0": True, 900 "v6.4.1": True, 901 "v6.2.0": True, 902 "v6.2.3": True, 903 "v6.2.5": True, 904 "v6.2.7": True, 905 "v6.0.11": True 906 } 907 }, 908 "access_token": { 909 "type": "string", 910 "revisions": { 911 "v7.0.0": True, 912 "v6.4.4": True, 913 "v6.4.0": True, 914 "v6.4.1": True, 915 "v6.2.0": True, 916 "v6.2.3": True, 917 "v6.2.5": True, 918 "v6.2.7": True 919 } 920 }, 921 "device_ip": { 922 "type": "string", 923 "revisions": { 924 "v6.0.0": True, 925 "v7.0.0": True, 926 "v6.0.5": True, 927 "v6.4.4": True, 928 "v6.4.0": True, 929 "v6.4.1": True, 930 "v6.2.0": True, 931 "v6.2.3": True, 932 "v6.2.5": True, 933 "v6.2.7": True, 934 "v6.0.11": True 935 } 936 }, 937 "device_type": { 938 "type": "string", 939 "options": [ 940 { 941 "value": "fortimail", 942 "revisions": { 943 "v6.0.11": True, 944 "v6.0.0": True, 945 "v6.0.5": True 946 } 947 } 948 ], 949 "revisions": { 950 "v6.0.0": True, 951 "v7.0.0": False, 952 "v6.0.5": True, 953 "v6.4.4": False, 954 "v6.4.0": False, 955 "v6.4.1": False, 956 "v6.2.0": False, 957 "v6.2.3": False, 958 "v6.2.5": False, 959 "v6.2.7": False, 960 "v6.0.11": True 961 } 962 }, 963 "login": { 964 "type": "string", 965 "revisions": { 966 "v6.0.0": True, 967 "v7.0.0": False, 968 "v6.0.5": True, 969 "v6.4.4": False, 970 "v6.4.0": False, 971 "v6.4.1": False, 972 "v6.2.0": False, 973 "v6.2.3": False, 974 "v6.2.5": False, 975 "v6.2.7": False, 976 "v6.0.11": True 977 } 978 }, 979 "password": { 980 "type": "string", 981 "revisions": { 982 "v6.0.0": True, 983 "v7.0.0": False, 984 "v6.0.5": True, 985 "v6.4.4": False, 986 "v6.4.0": False, 987 "v6.4.1": False, 988 "v6.2.0": False, 989 "v6.2.3": False, 990 "v6.2.5": False, 991 "v6.2.7": False, 992 "v6.0.11": True 993 } 994 }, 995 "https_port": { 996 "type": "integer", 997 "revisions": { 998 "v7.0.0": True, 999 "v6.4.4": True, 1000 "v6.4.0": True, 1001 "v6.4.1": True, 1002 "v6.2.0": True, 1003 "v6.2.3": True, 1004 "v6.2.5": True, 1005 "v6.2.7": True 1006 } 1007 } 1008 }, 1009 "revisions": { 1010 "v6.0.0": True, 1011 "v7.0.0": True, 1012 "v6.0.5": True, 1013 "v6.4.4": True, 1014 "v6.4.0": True, 1015 "v6.4.1": True, 1016 "v6.2.0": True, 1017 "v6.2.3": True, 1018 "v6.2.5": True, 1019 "v6.2.7": True, 1020 "v6.0.11": True 1021 } 1022 }, 1023 "management_ip": { 1024 "type": "string", 1025 "revisions": { 1026 "v6.0.0": True, 1027 "v7.0.0": False, 1028 "v6.0.5": True, 1029 "v6.4.4": True, 1030 "v6.4.0": True, 1031 "v6.4.1": True, 1032 "v6.2.0": True, 1033 "v6.2.3": True, 1034 "v6.2.5": True, 1035 "v6.2.7": True, 1036 "v6.0.11": True 1037 } 1038 }, 1039 "accept_auth_by_cert": { 1040 "type": "string", 1041 "options": [ 1042 { 1043 "value": "disable", 1044 "revisions": { 1045 "v6.4.4": True, 1046 "v7.0.0": True, 1047 "v6.4.0": True 1048 } 1049 }, 1050 { 1051 "value": "enable", 1052 "revisions": { 1053 "v6.4.4": True, 1054 "v7.0.0": True, 1055 "v6.4.0": True 1056 } 1057 } 1058 ], 1059 "revisions": { 1060 "v6.4.4": True, 1061 "v7.0.0": True, 1062 "v6.4.0": True, 1063 "v6.4.1": False 1064 } 1065 }, 1066 "downstream_accprofile": { 1067 "type": "string", 1068 "revisions": { 1069 "v7.0.0": True 1070 } 1071 }, 1072 "configuration_sync": { 1073 "type": "string", 1074 "options": [ 1075 { 1076 "value": "default", 1077 "revisions": { 1078 "v6.0.0": True, 1079 "v7.0.0": True, 1080 "v6.0.5": True, 1081 "v6.4.4": True, 1082 "v6.4.0": True, 1083 "v6.4.1": True, 1084 "v6.2.0": True, 1085 "v6.2.3": True, 1086 "v6.2.5": True, 1087 "v6.2.7": True, 1088 "v6.0.11": True 1089 } 1090 }, 1091 { 1092 "value": "local", 1093 "revisions": { 1094 "v6.0.0": True, 1095 "v7.0.0": True, 1096 "v6.0.5": True, 1097 "v6.4.4": True, 1098 "v6.4.0": True, 1099 "v6.4.1": True, 1100 "v6.2.0": True, 1101 "v6.2.3": True, 1102 "v6.2.5": True, 1103 "v6.2.7": True, 1104 "v6.0.11": True 1105 } 1106 } 1107 ], 1108 "revisions": { 1109 "v6.0.0": True, 1110 "v7.0.0": True, 1111 "v6.0.5": True, 1112 "v6.4.4": True, 1113 "v6.4.0": True, 1114 "v6.4.1": True, 1115 "v6.2.0": True, 1116 "v6.2.3": True, 1117 "v6.2.5": True, 1118 "v6.2.7": True, 1119 "v6.0.11": True 1120 } 1121 }, 1122 "upstream_ip": { 1123 "type": "string", 1124 "revisions": { 1125 "v6.0.0": True, 1126 "v7.0.0": True, 1127 "v6.0.5": True, 1128 "v6.4.4": True, 1129 "v6.4.0": True, 1130 "v6.4.1": True, 1131 "v6.2.0": True, 1132 "v6.2.3": True, 1133 "v6.2.5": True, 1134 "v6.2.7": True, 1135 "v6.0.11": True 1136 } 1137 }, 1138 "group_password": { 1139 "type": "string", 1140 "revisions": { 1141 "v6.0.0": True, 1142 "v7.0.0": True, 1143 "v6.0.5": True, 1144 "v6.4.4": True, 1145 "v6.4.0": True, 1146 "v6.4.1": True, 1147 "v6.2.0": True, 1148 "v6.2.3": True, 1149 "v6.2.5": True, 1150 "v6.2.7": True, 1151 "v6.0.11": True 1152 } 1153 }, 1154 "fabric_connector": { 1155 "type": "list", 1156 "children": { 1157 "serial": { 1158 "type": "string", 1159 "revisions": { 1160 "v7.0.0": True 1161 } 1162 }, 1163 "accprofile": { 1164 "type": "string", 1165 "revisions": { 1166 "v7.0.0": True 1167 } 1168 }, 1169 "configuration_write_access": { 1170 "type": "string", 1171 "options": [ 1172 { 1173 "value": "enable", 1174 "revisions": { 1175 "v7.0.0": True 1176 } 1177 }, 1178 { 1179 "value": "disable", 1180 "revisions": { 1181 "v7.0.0": True 1182 } 1183 } 1184 ], 1185 "revisions": { 1186 "v7.0.0": True 1187 } 1188 } 1189 }, 1190 "revisions": { 1191 "v7.0.0": True 1192 } 1193 }, 1194 "downstream_access": { 1195 "type": "string", 1196 "options": [ 1197 { 1198 "value": "enable", 1199 "revisions": { 1200 "v7.0.0": True 1201 } 1202 }, 1203 { 1204 "value": "disable", 1205 "revisions": { 1206 "v7.0.0": True 1207 } 1208 } 1209 ], 1210 "revisions": { 1211 "v7.0.0": True 1212 } 1213 } 1214 }, 1215 "revisions": { 1216 "v6.0.0": True, 1217 "v7.0.0": True, 1218 "v6.0.5": True, 1219 "v6.4.4": True, 1220 "v6.4.0": True, 1221 "v6.4.1": True, 1222 "v6.2.0": True, 1223 "v6.2.3": True, 1224 "v6.2.5": True, 1225 "v6.2.7": True, 1226 "v6.0.11": True 1227 } 1228} 1229 1230 1231def main(): 1232 module_spec = schema_to_module_spec(versioned_schema) 1233 mkeyname = None 1234 fields = { 1235 "access_token": {"required": False, "type": "str", "no_log": True}, 1236 "enable_log": {"required": False, "type": bool}, 1237 "vdom": {"required": False, "type": "str", "default": "root"}, 1238 "system_csf": { 1239 "required": False, "type": "dict", "default": None, 1240 "options": { 1241 } 1242 } 1243 } 1244 for attribute_name in module_spec['options']: 1245 fields["system_csf"]['options'][attribute_name] = module_spec['options'][attribute_name] 1246 if mkeyname and mkeyname == attribute_name: 1247 fields["system_csf"]['options'][attribute_name]['required'] = True 1248 1249 check_legacy_fortiosapi() 1250 module = AnsibleModule(argument_spec=fields, 1251 supports_check_mode=False) 1252 1253 versions_check_result = None 1254 if module._socket_path: 1255 connection = Connection(module._socket_path) 1256 if 'access_token' in module.params: 1257 connection.set_option('access_token', module.params['access_token']) 1258 1259 if 'enable_log' in module.params: 1260 connection.set_option('enable_log', module.params['enable_log']) 1261 else: 1262 connection.set_option('enable_log', False) 1263 fos = FortiOSHandler(connection, module, mkeyname) 1264 versions_check_result = check_schema_versioning(fos, versioned_schema, "system_csf") 1265 1266 is_error, has_changed, result = fortios_system(module.params, fos) 1267 1268 else: 1269 module.fail_json(**FAIL_SOCKET_MSG) 1270 1271 if versions_check_result and versions_check_result['matched'] is False: 1272 module.warn("Ansible has detected version mismatch between FortOS system and your playbook, see more details by specifying option -vvv") 1273 1274 if not is_error: 1275 if versions_check_result and versions_check_result['matched'] is False: 1276 module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) 1277 else: 1278 module.exit_json(changed=has_changed, meta=result) 1279 else: 1280 if versions_check_result and versions_check_result['matched'] is False: 1281 module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) 1282 else: 1283 module.fail_json(msg="Error in repo", meta=result) 1284 1285 1286if __name__ == '__main__': 1287 main() 1288