1#!/usr/bin/python 2from __future__ import (absolute_import, division, print_function) 3# Copyright 2019 Fortinet, Inc. 4# 5# This program is free software: you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation, either version 3 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <https://www.gnu.org/licenses/>. 17 18__metaclass__ = type 19 20ANSIBLE_METADATA = {'status': ['preview'], 21 'supported_by': 'community', 22 'metadata_version': '1.1'} 23 24DOCUMENTATION = ''' 25--- 26module: fortios_switch_controller_storm_control 27short_description: Configure FortiSwitch storm control in Fortinet's FortiOS and FortiGate. 28description: 29 - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the 30 user to set and modify switch_controller feature and storm_control category. 31 Examples include all parameters and values need to be adjusted to datasources before usage. 32 Tested with FOS v6.0.5 33version_added: "2.9" 34author: 35 - Miguel Angel Munoz (@mamunozgonzalez) 36 - Nicolas Thomas (@thomnico) 37notes: 38 - Requires fortiosapi library developed by Fortinet 39 - Run as a local_action in your playbook 40requirements: 41 - fortiosapi>=0.9.8 42options: 43 host: 44 description: 45 - FortiOS or FortiGate IP address. 46 type: str 47 required: false 48 username: 49 description: 50 - FortiOS or FortiGate username. 51 type: str 52 required: false 53 password: 54 description: 55 - FortiOS or FortiGate password. 56 type: str 57 default: "" 58 vdom: 59 description: 60 - Virtual domain, among those defined previously. A vdom is a 61 virtual instance of the FortiGate that can be configured and 62 used as a different unit. 63 type: str 64 default: root 65 https: 66 description: 67 - Indicates if the requests towards FortiGate must use HTTPS protocol. 68 type: bool 69 default: true 70 ssl_verify: 71 description: 72 - Ensures FortiGate certificate must be verified by a proper CA. 73 type: bool 74 default: true 75 switch_controller_storm_control: 76 description: 77 - Configure FortiSwitch storm control. 78 default: null 79 type: dict 80 suboptions: 81 broadcast: 82 description: 83 - Enable/disable storm control to drop broadcast traffic. 84 type: str 85 choices: 86 - enable 87 - disable 88 rate: 89 description: 90 - Rate in packets per second at which storm traffic is controlled (1 - 10000000). Storm control drops excess traffic data rates beyond 91 this threshold. 92 type: int 93 unknown_multicast: 94 description: 95 - Enable/disable storm control to drop unknown multicast traffic. 96 type: str 97 choices: 98 - enable 99 - disable 100 unknown_unicast: 101 description: 102 - Enable/disable storm control to drop unknown unicast traffic. 103 type: str 104 choices: 105 - enable 106 - disable 107''' 108 109EXAMPLES = ''' 110- hosts: localhost 111 vars: 112 host: "192.168.122.40" 113 username: "admin" 114 password: "" 115 vdom: "root" 116 ssl_verify: "False" 117 tasks: 118 - name: Configure FortiSwitch storm control. 119 fortios_switch_controller_storm_control: 120 host: "{{ host }}" 121 username: "{{ username }}" 122 password: "{{ password }}" 123 vdom: "{{ vdom }}" 124 https: "False" 125 switch_controller_storm_control: 126 broadcast: "enable" 127 rate: "4" 128 unknown_multicast: "enable" 129 unknown_unicast: "enable" 130''' 131 132RETURN = ''' 133build: 134 description: Build number of the fortigate image 135 returned: always 136 type: str 137 sample: '1547' 138http_method: 139 description: Last method used to provision the content into FortiGate 140 returned: always 141 type: str 142 sample: 'PUT' 143http_status: 144 description: Last result given by FortiGate on last operation applied 145 returned: always 146 type: str 147 sample: "200" 148mkey: 149 description: Master key (id) used in the last call to FortiGate 150 returned: success 151 type: str 152 sample: "id" 153name: 154 description: Name of the table used to fulfill the request 155 returned: always 156 type: str 157 sample: "urlfilter" 158path: 159 description: Path of the table used to fulfill the request 160 returned: always 161 type: str 162 sample: "webfilter" 163revision: 164 description: Internal revision number 165 returned: always 166 type: str 167 sample: "17.0.2.10658" 168serial: 169 description: Serial number of the unit 170 returned: always 171 type: str 172 sample: "FGVMEVYYQT3AB5352" 173status: 174 description: Indication of the operation's result 175 returned: always 176 type: str 177 sample: "success" 178vdom: 179 description: Virtual domain used 180 returned: always 181 type: str 182 sample: "root" 183version: 184 description: Version of the FortiGate 185 returned: always 186 type: str 187 sample: "v5.6.3" 188 189''' 190 191from ansible.module_utils.basic import AnsibleModule 192from ansible.module_utils.connection import Connection 193from ansible.module_utils.network.fortios.fortios import FortiOSHandler 194from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG 195 196 197def login(data, fos): 198 host = data['host'] 199 username = data['username'] 200 password = data['password'] 201 ssl_verify = data['ssl_verify'] 202 203 fos.debug('on') 204 if 'https' in data and not data['https']: 205 fos.https('off') 206 else: 207 fos.https('on') 208 209 fos.login(host, username, password, verify=ssl_verify) 210 211 212def filter_switch_controller_storm_control_data(json): 213 option_list = ['broadcast', 'rate', 'unknown_multicast', 214 'unknown_unicast'] 215 dictionary = {} 216 217 for attribute in option_list: 218 if attribute in json and json[attribute] is not None: 219 dictionary[attribute] = json[attribute] 220 221 return dictionary 222 223 224def underscore_to_hyphen(data): 225 if isinstance(data, list): 226 for elem in data: 227 elem = underscore_to_hyphen(elem) 228 elif isinstance(data, dict): 229 new_data = {} 230 for k, v in data.items(): 231 new_data[k.replace('_', '-')] = underscore_to_hyphen(v) 232 data = new_data 233 234 return data 235 236 237def switch_controller_storm_control(data, fos): 238 vdom = data['vdom'] 239 switch_controller_storm_control_data = data['switch_controller_storm_control'] 240 filtered_data = underscore_to_hyphen(filter_switch_controller_storm_control_data(switch_controller_storm_control_data)) 241 242 return fos.set('switch-controller', 243 'storm-control', 244 data=filtered_data, 245 vdom=vdom) 246 247 248def is_successful_status(status): 249 return status['status'] == "success" or \ 250 status['http_method'] == "DELETE" and status['http_status'] == 404 251 252 253def fortios_switch_controller(data, fos): 254 255 if data['switch_controller_storm_control']: 256 resp = switch_controller_storm_control(data, fos) 257 258 return not is_successful_status(resp), \ 259 resp['status'] == "success", \ 260 resp 261 262 263def main(): 264 fields = { 265 "host": {"required": False, "type": "str"}, 266 "username": {"required": False, "type": "str"}, 267 "password": {"required": False, "type": "str", "default": "", "no_log": True}, 268 "vdom": {"required": False, "type": "str", "default": "root"}, 269 "https": {"required": False, "type": "bool", "default": True}, 270 "ssl_verify": {"required": False, "type": "bool", "default": True}, 271 "switch_controller_storm_control": { 272 "required": False, "type": "dict", "default": None, 273 "options": { 274 "broadcast": {"required": False, "type": "str", 275 "choices": ["enable", "disable"]}, 276 "rate": {"required": False, "type": "int"}, 277 "unknown_multicast": {"required": False, "type": "str", 278 "choices": ["enable", "disable"]}, 279 "unknown_unicast": {"required": False, "type": "str", 280 "choices": ["enable", "disable"]} 281 282 } 283 } 284 } 285 286 module = AnsibleModule(argument_spec=fields, 287 supports_check_mode=False) 288 289 # legacy_mode refers to using fortiosapi instead of HTTPAPI 290 legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 291 'username' in module.params and module.params['username'] is not None and \ 292 'password' in module.params and module.params['password'] is not None 293 294 if not legacy_mode: 295 if module._socket_path: 296 connection = Connection(module._socket_path) 297 fos = FortiOSHandler(connection) 298 299 is_error, has_changed, result = fortios_switch_controller(module.params, fos) 300 else: 301 module.fail_json(**FAIL_SOCKET_MSG) 302 else: 303 try: 304 from fortiosapi import FortiOSAPI 305 except ImportError: 306 module.fail_json(msg="fortiosapi module is required") 307 308 fos = FortiOSAPI() 309 310 login(module.params, fos) 311 is_error, has_changed, result = fortios_switch_controller(module.params, fos) 312 fos.logout() 313 314 if not is_error: 315 module.exit_json(changed=has_changed, meta=result) 316 else: 317 module.fail_json(msg="Error in repo", meta=result) 318 319 320if __name__ == '__main__': 321 main() 322