1#!/usr/bin/python 2from __future__ import (absolute_import, division, print_function) 3# Copyright 2019 Fortinet, Inc. 4# 5# This program is free software: you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation, either version 3 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <https://www.gnu.org/licenses/>. 17 18__metaclass__ = type 19 20ANSIBLE_METADATA = {'status': ['preview'], 21 'supported_by': 'community', 22 'metadata_version': '1.1'} 23 24DOCUMENTATION = ''' 25--- 26module: fortios_vpn_ssl_web_portal 27short_description: Portal in Fortinet's FortiOS and FortiGate. 28description: 29 - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the 30 user to set and modify vpn_ssl_web feature and portal category. 31 Examples include all parameters and values need to be adjusted to datasources before usage. 32 Tested with FOS v6.0.5 33version_added: "2.8" 34author: 35 - Miguel Angel Munoz (@mamunozgonzalez) 36 - Nicolas Thomas (@thomnico) 37notes: 38 - Requires fortiosapi library developed by Fortinet 39 - Run as a local_action in your playbook 40requirements: 41 - fortiosapi>=0.9.8 42options: 43 host: 44 description: 45 - FortiOS or FortiGate IP address. 46 type: str 47 required: false 48 username: 49 description: 50 - FortiOS or FortiGate username. 51 type: str 52 required: false 53 password: 54 description: 55 - FortiOS or FortiGate password. 56 type: str 57 default: "" 58 vdom: 59 description: 60 - Virtual domain, among those defined previously. A vdom is a 61 virtual instance of the FortiGate that can be configured and 62 used as a different unit. 63 type: str 64 default: root 65 https: 66 description: 67 - Indicates if the requests towards FortiGate must use HTTPS protocol. 68 type: bool 69 default: true 70 ssl_verify: 71 description: 72 - Ensures FortiGate certificate must be verified by a proper CA. 73 type: bool 74 default: true 75 version_added: 2.9 76 state: 77 description: 78 - Indicates whether to create or remove the object. 79 This attribute was present already in previous version in a deeper level. 80 It has been moved out to this outer level. 81 type: str 82 required: false 83 choices: 84 - present 85 - absent 86 version_added: 2.9 87 vpn_ssl_web_portal: 88 description: 89 - Portal. 90 default: null 91 type: dict 92 suboptions: 93 state: 94 description: 95 - B(Deprecated) 96 - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. 97 - HORIZONTALLINE 98 - Indicates whether to create or remove the object. 99 type: str 100 required: false 101 choices: 102 - present 103 - absent 104 allow_user_access: 105 description: 106 - Allow user access to SSL-VPN applications. 107 type: str 108 choices: 109 - web 110 - ftp 111 - smb 112 - telnet 113 - ssh 114 - vnc 115 - rdp 116 - ping 117 - citrix 118 - portforward 119 auto_connect: 120 description: 121 - Enable/disable automatic connect by client when system is up. 122 type: str 123 choices: 124 - enable 125 - disable 126 bookmark_group: 127 description: 128 - Portal bookmark group. 129 type: list 130 suboptions: 131 bookmarks: 132 description: 133 - Bookmark table. 134 type: list 135 suboptions: 136 additional_params: 137 description: 138 - Additional parameters. 139 type: str 140 apptype: 141 description: 142 - Application type. 143 type: str 144 choices: 145 - citrix 146 - ftp 147 - portforward 148 - rdp 149 - smb 150 - ssh 151 - telnet 152 - vnc 153 - web 154 description: 155 description: 156 - Description. 157 type: str 158 folder: 159 description: 160 - Network shared file folder parameter. 161 type: str 162 form_data: 163 description: 164 - Form data. 165 type: list 166 suboptions: 167 name: 168 description: 169 - Name. 170 required: true 171 type: str 172 value: 173 description: 174 - Value. 175 type: str 176 host: 177 description: 178 - Host name/IP parameter. 179 type: str 180 listening_port: 181 description: 182 - Listening port (0 - 65535). 183 type: int 184 load_balancing_info: 185 description: 186 - The load balancing information or cookie which should be provided to the connection broker. 187 type: str 188 logon_password: 189 description: 190 - Logon password. 191 type: str 192 logon_user: 193 description: 194 - Logon user. 195 type: str 196 name: 197 description: 198 - Bookmark name. 199 required: true 200 type: str 201 port: 202 description: 203 - Remote port. 204 type: int 205 preconnection_blob: 206 description: 207 - An arbitrary string which identifies the RDP source. 208 type: str 209 preconnection_id: 210 description: 211 - The numeric ID of the RDP source (0-2147483648). 212 type: int 213 remote_port: 214 description: 215 - Remote port (0 - 65535). 216 type: int 217 security: 218 description: 219 - Security mode for RDP connection. 220 type: str 221 choices: 222 - rdp 223 - nla 224 - tls 225 - any 226 server_layout: 227 description: 228 - Server side keyboard layout. 229 type: str 230 choices: 231 - de-de-qwertz 232 - en-gb-qwerty 233 - en-us-qwerty 234 - es-es-qwerty 235 - fr-fr-azerty 236 - fr-ch-qwertz 237 - it-it-qwerty 238 - ja-jp-qwerty 239 - pt-br-qwerty 240 - sv-se-qwerty 241 - tr-tr-qwerty 242 - failsafe 243 show_status_window: 244 description: 245 - Enable/disable showing of status window. 246 type: str 247 choices: 248 - enable 249 - disable 250 sso: 251 description: 252 - Single Sign-On. 253 type: str 254 choices: 255 - disable 256 - static 257 - auto 258 sso_credential: 259 description: 260 - Single sign-on credentials. 261 type: str 262 choices: 263 - sslvpn-login 264 - alternative 265 sso_credential_sent_once: 266 description: 267 - Single sign-on credentials are only sent once to remote server. 268 type: str 269 choices: 270 - enable 271 - disable 272 sso_password: 273 description: 274 - SSO password. 275 type: str 276 sso_username: 277 description: 278 - SSO user name. 279 type: str 280 url: 281 description: 282 - URL parameter. 283 type: str 284 name: 285 description: 286 - Bookmark group name. 287 required: true 288 type: str 289 custom_lang: 290 description: 291 - Change the web portal display language. Overrides config system global set language. You can use config system custom-language and 292 execute system custom-language to add custom language files. Source system.custom-language.name. 293 type: str 294 customize_forticlient_download_url: 295 description: 296 - Enable support of customized download URL for FortiClient. 297 type: str 298 choices: 299 - enable 300 - disable 301 display_bookmark: 302 description: 303 - Enable to display the web portal bookmark widget. 304 type: str 305 choices: 306 - enable 307 - disable 308 display_connection_tools: 309 description: 310 - Enable to display the web portal connection tools widget. 311 type: str 312 choices: 313 - enable 314 - disable 315 display_history: 316 description: 317 - Enable to display the web portal user login history widget. 318 type: str 319 choices: 320 - enable 321 - disable 322 display_status: 323 description: 324 - Enable to display the web portal status widget. 325 type: str 326 choices: 327 - enable 328 - disable 329 dns_server1: 330 description: 331 - IPv4 DNS server 1. 332 type: str 333 dns_server2: 334 description: 335 - IPv4 DNS server 2. 336 type: str 337 dns_suffix: 338 description: 339 - DNS suffix. 340 type: str 341 exclusive_routing: 342 description: 343 - Enable/disable all traffic go through tunnel only. 344 type: str 345 choices: 346 - enable 347 - disable 348 forticlient_download: 349 description: 350 - Enable/disable download option for FortiClient. 351 type: str 352 choices: 353 - enable 354 - disable 355 forticlient_download_method: 356 description: 357 - FortiClient download method. 358 type: str 359 choices: 360 - direct 361 - ssl-vpn 362 heading: 363 description: 364 - Web portal heading message. 365 type: str 366 hide_sso_credential: 367 description: 368 - Enable to prevent SSO credential being sent to client. 369 type: str 370 choices: 371 - enable 372 - disable 373 host_check: 374 description: 375 - Type of host checking performed on endpoints. 376 type: str 377 choices: 378 - none 379 - av 380 - fw 381 - av-fw 382 - custom 383 host_check_interval: 384 description: 385 - Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. 386 type: int 387 host_check_policy: 388 description: 389 - One or more policies to require the endpoint to have specific security software. 390 type: list 391 suboptions: 392 name: 393 description: 394 - Host check software list name. Source vpn.ssl.web.host-check-software.name. 395 required: true 396 type: str 397 ip_mode: 398 description: 399 - Method by which users of this SSL-VPN tunnel obtain IP addresses. 400 type: str 401 choices: 402 - range 403 - user-group 404 ip_pools: 405 description: 406 - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. 407 type: list 408 suboptions: 409 name: 410 description: 411 - Address name. Source firewall.address.name firewall.addrgrp.name. 412 required: true 413 type: str 414 ipv6_dns_server1: 415 description: 416 - IPv6 DNS server 1. 417 type: str 418 ipv6_dns_server2: 419 description: 420 - IPv6 DNS server 2. 421 type: str 422 ipv6_exclusive_routing: 423 description: 424 - Enable/disable all IPv6 traffic go through tunnel only. 425 type: str 426 choices: 427 - enable 428 - disable 429 ipv6_pools: 430 description: 431 - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. 432 type: list 433 suboptions: 434 name: 435 description: 436 - Address name. Source firewall.address6.name firewall.addrgrp6.name. 437 required: true 438 type: str 439 ipv6_service_restriction: 440 description: 441 - Enable/disable IPv6 tunnel service restriction. 442 type: str 443 choices: 444 - enable 445 - disable 446 ipv6_split_tunneling: 447 description: 448 - Enable/disable IPv6 split tunneling. 449 type: str 450 choices: 451 - enable 452 - disable 453 ipv6_split_tunneling_routing_address: 454 description: 455 - IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. 456 type: list 457 suboptions: 458 name: 459 description: 460 - Address name. Source firewall.address6.name firewall.addrgrp6.name. 461 required: true 462 type: str 463 ipv6_tunnel_mode: 464 description: 465 - Enable/disable IPv6 SSL-VPN tunnel mode. 466 type: str 467 choices: 468 - enable 469 - disable 470 ipv6_wins_server1: 471 description: 472 - IPv6 WINS server 1. 473 type: str 474 ipv6_wins_server2: 475 description: 476 - IPv6 WINS server 2. 477 type: str 478 keep_alive: 479 description: 480 - Enable/disable automatic reconnect for FortiClient connections. 481 type: str 482 choices: 483 - enable 484 - disable 485 limit_user_logins: 486 description: 487 - Enable to limit each user to one SSL-VPN session at a time. 488 type: str 489 choices: 490 - enable 491 - disable 492 mac_addr_action: 493 description: 494 - Client MAC address action. 495 type: str 496 choices: 497 - allow 498 - deny 499 mac_addr_check: 500 description: 501 - Enable/disable MAC address host checking. 502 type: str 503 choices: 504 - enable 505 - disable 506 mac_addr_check_rule: 507 description: 508 - Client MAC address check rule. 509 type: list 510 suboptions: 511 mac_addr_list: 512 description: 513 - Client MAC address list. 514 type: list 515 suboptions: 516 addr: 517 description: 518 - Client MAC address. 519 required: true 520 type: str 521 mac_addr_mask: 522 description: 523 - Client MAC address mask. 524 type: int 525 name: 526 description: 527 - Client MAC address check rule name. 528 required: true 529 type: str 530 macos_forticlient_download_url: 531 description: 532 - Download URL for Mac FortiClient. 533 type: str 534 name: 535 description: 536 - Portal name. 537 required: true 538 type: str 539 os_check: 540 description: 541 - Enable to let the FortiGate decide action based on client OS. 542 type: str 543 choices: 544 - enable 545 - disable 546 os_check_list: 547 description: 548 - SSL VPN OS checks. 549 type: list 550 suboptions: 551 action: 552 description: 553 - OS check options. 554 type: str 555 choices: 556 - deny 557 - allow 558 - check-up-to-date 559 latest_patch_level: 560 description: 561 - Latest OS patch level. 562 type: str 563 name: 564 description: 565 - Name. 566 required: true 567 type: str 568 tolerance: 569 description: 570 - OS patch level tolerance. 571 type: int 572 redir_url: 573 description: 574 - Client login redirect URL. 575 type: str 576 save_password: 577 description: 578 - Enable/disable FortiClient saving the user's password. 579 type: str 580 choices: 581 - enable 582 - disable 583 service_restriction: 584 description: 585 - Enable/disable tunnel service restriction. 586 type: str 587 choices: 588 - enable 589 - disable 590 skip_check_for_unsupported_browser: 591 description: 592 - Enable to skip host check if browser does not support it. 593 type: str 594 choices: 595 - enable 596 - disable 597 skip_check_for_unsupported_os: 598 description: 599 - Enable to skip host check if client OS does not support it. 600 type: str 601 choices: 602 - enable 603 - disable 604 smb_ntlmv1_auth: 605 description: 606 - Enable support of NTLMv1 for Samba authentication. 607 type: str 608 choices: 609 - enable 610 - disable 611 smbv1: 612 description: 613 - Enable/disable support of SMBv1 for Samba. 614 type: str 615 choices: 616 - enable 617 - disable 618 split_dns: 619 description: 620 - Split DNS for SSL VPN. 621 type: list 622 suboptions: 623 dns_server1: 624 description: 625 - DNS server 1. 626 type: str 627 dns_server2: 628 description: 629 - DNS server 2. 630 type: str 631 domains: 632 description: 633 - Split DNS domains used for SSL-VPN clients separated by comma(,). 634 type: str 635 id: 636 description: 637 - ID. 638 required: true 639 type: int 640 ipv6_dns_server1: 641 description: 642 - IPv6 DNS server 1. 643 type: str 644 ipv6_dns_server2: 645 description: 646 - IPv6 DNS server 2. 647 type: str 648 split_tunneling: 649 description: 650 - Enable/disable IPv4 split tunneling. 651 type: str 652 choices: 653 - enable 654 - disable 655 split_tunneling_routing_address: 656 description: 657 - IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. 658 type: list 659 suboptions: 660 name: 661 description: 662 - Address name. Source firewall.address.name firewall.addrgrp.name. 663 required: true 664 type: str 665 theme: 666 description: 667 - Web portal color scheme. 668 type: str 669 choices: 670 - blue 671 - green 672 - red 673 - melongene 674 - mariner 675 tunnel_mode: 676 description: 677 - Enable/disable IPv4 SSL-VPN tunnel mode. 678 type: str 679 choices: 680 - enable 681 - disable 682 user_bookmark: 683 description: 684 - Enable to allow web portal users to create their own bookmarks. 685 type: str 686 choices: 687 - enable 688 - disable 689 user_group_bookmark: 690 description: 691 - Enable to allow web portal users to create bookmarks for all users in the same user group. 692 type: str 693 choices: 694 - enable 695 - disable 696 web_mode: 697 description: 698 - Enable/disable SSL VPN web mode. 699 type: str 700 choices: 701 - enable 702 - disable 703 windows_forticlient_download_url: 704 description: 705 - Download URL for Windows FortiClient. 706 type: str 707 wins_server1: 708 description: 709 - IPv4 WINS server 1. 710 type: str 711 wins_server2: 712 description: 713 - IPv4 WINS server 1. 714 type: str 715''' 716 717EXAMPLES = ''' 718- hosts: localhost 719 vars: 720 host: "192.168.122.40" 721 username: "admin" 722 password: "" 723 vdom: "root" 724 ssl_verify: "False" 725 tasks: 726 - name: Portal. 727 fortios_vpn_ssl_web_portal: 728 host: "{{ host }}" 729 username: "{{ username }}" 730 password: "{{ password }}" 731 vdom: "{{ vdom }}" 732 https: "False" 733 state: "present" 734 vpn_ssl_web_portal: 735 allow_user_access: "web" 736 auto_connect: "enable" 737 bookmark_group: 738 - 739 bookmarks: 740 - 741 additional_params: "<your_own_value>" 742 apptype: "citrix" 743 description: "<your_own_value>" 744 folder: "<your_own_value>" 745 form_data: 746 - 747 name: "default_name_12" 748 value: "<your_own_value>" 749 host: "<your_own_value>" 750 listening_port: "15" 751 load_balancing_info: "<your_own_value>" 752 logon_password: "<your_own_value>" 753 logon_user: "<your_own_value>" 754 name: "default_name_19" 755 port: "20" 756 preconnection_blob: "<your_own_value>" 757 preconnection_id: "22" 758 remote_port: "23" 759 security: "rdp" 760 server_layout: "de-de-qwertz" 761 show_status_window: "enable" 762 sso: "disable" 763 sso_credential: "sslvpn-login" 764 sso_credential_sent_once: "enable" 765 sso_password: "<your_own_value>" 766 sso_username: "<your_own_value>" 767 url: "myurl.com" 768 name: "default_name_33" 769 custom_lang: "<your_own_value> (source system.custom-language.name)" 770 customize_forticlient_download_url: "enable" 771 display_bookmark: "enable" 772 display_connection_tools: "enable" 773 display_history: "enable" 774 display_status: "enable" 775 dns_server1: "<your_own_value>" 776 dns_server2: "<your_own_value>" 777 dns_suffix: "<your_own_value>" 778 exclusive_routing: "enable" 779 forticlient_download: "enable" 780 forticlient_download_method: "direct" 781 heading: "<your_own_value>" 782 hide_sso_credential: "enable" 783 host_check: "none" 784 host_check_interval: "49" 785 host_check_policy: 786 - 787 name: "default_name_51 (source vpn.ssl.web.host-check-software.name)" 788 ip_mode: "range" 789 ip_pools: 790 - 791 name: "default_name_54 (source firewall.address.name firewall.addrgrp.name)" 792 ipv6_dns_server1: "<your_own_value>" 793 ipv6_dns_server2: "<your_own_value>" 794 ipv6_exclusive_routing: "enable" 795 ipv6_pools: 796 - 797 name: "default_name_59 (source firewall.address6.name firewall.addrgrp6.name)" 798 ipv6_service_restriction: "enable" 799 ipv6_split_tunneling: "enable" 800 ipv6_split_tunneling_routing_address: 801 - 802 name: "default_name_63 (source firewall.address6.name firewall.addrgrp6.name)" 803 ipv6_tunnel_mode: "enable" 804 ipv6_wins_server1: "<your_own_value>" 805 ipv6_wins_server2: "<your_own_value>" 806 keep_alive: "enable" 807 limit_user_logins: "enable" 808 mac_addr_action: "allow" 809 mac_addr_check: "enable" 810 mac_addr_check_rule: 811 - 812 mac_addr_list: 813 - 814 addr: "<your_own_value>" 815 mac_addr_mask: "74" 816 name: "default_name_75" 817 macos_forticlient_download_url: "<your_own_value>" 818 name: "default_name_77" 819 os_check: "enable" 820 os_check_list: 821 - 822 action: "deny" 823 latest_patch_level: "<your_own_value>" 824 name: "default_name_82" 825 tolerance: "83" 826 redir_url: "<your_own_value>" 827 save_password: "enable" 828 service_restriction: "enable" 829 skip_check_for_unsupported_browser: "enable" 830 skip_check_for_unsupported_os: "enable" 831 smb_ntlmv1_auth: "enable" 832 smbv1: "enable" 833 split_dns: 834 - 835 dns_server1: "<your_own_value>" 836 dns_server2: "<your_own_value>" 837 domains: "<your_own_value>" 838 id: "95" 839 ipv6_dns_server1: "<your_own_value>" 840 ipv6_dns_server2: "<your_own_value>" 841 split_tunneling: "enable" 842 split_tunneling_routing_address: 843 - 844 name: "default_name_100 (source firewall.address.name firewall.addrgrp.name)" 845 theme: "blue" 846 tunnel_mode: "enable" 847 user_bookmark: "enable" 848 user_group_bookmark: "enable" 849 web_mode: "enable" 850 windows_forticlient_download_url: "<your_own_value>" 851 wins_server1: "<your_own_value>" 852 wins_server2: "<your_own_value>" 853''' 854 855RETURN = ''' 856build: 857 description: Build number of the fortigate image 858 returned: always 859 type: str 860 sample: '1547' 861http_method: 862 description: Last method used to provision the content into FortiGate 863 returned: always 864 type: str 865 sample: 'PUT' 866http_status: 867 description: Last result given by FortiGate on last operation applied 868 returned: always 869 type: str 870 sample: "200" 871mkey: 872 description: Master key (id) used in the last call to FortiGate 873 returned: success 874 type: str 875 sample: "id" 876name: 877 description: Name of the table used to fulfill the request 878 returned: always 879 type: str 880 sample: "urlfilter" 881path: 882 description: Path of the table used to fulfill the request 883 returned: always 884 type: str 885 sample: "webfilter" 886revision: 887 description: Internal revision number 888 returned: always 889 type: str 890 sample: "17.0.2.10658" 891serial: 892 description: Serial number of the unit 893 returned: always 894 type: str 895 sample: "FGVMEVYYQT3AB5352" 896status: 897 description: Indication of the operation's result 898 returned: always 899 type: str 900 sample: "success" 901vdom: 902 description: Virtual domain used 903 returned: always 904 type: str 905 sample: "root" 906version: 907 description: Version of the FortiGate 908 returned: always 909 type: str 910 sample: "v5.6.3" 911 912''' 913 914from ansible.module_utils.basic import AnsibleModule 915from ansible.module_utils.connection import Connection 916from ansible.module_utils.network.fortios.fortios import FortiOSHandler 917from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG 918 919 920def login(data, fos): 921 host = data['host'] 922 username = data['username'] 923 password = data['password'] 924 ssl_verify = data['ssl_verify'] 925 926 fos.debug('on') 927 if 'https' in data and not data['https']: 928 fos.https('off') 929 else: 930 fos.https('on') 931 932 fos.login(host, username, password, verify=ssl_verify) 933 934 935def filter_vpn_ssl_web_portal_data(json): 936 option_list = ['allow_user_access', 'auto_connect', 'bookmark_group', 937 'custom_lang', 'customize_forticlient_download_url', 'display_bookmark', 938 'display_connection_tools', 'display_history', 'display_status', 939 'dns_server1', 'dns_server2', 'dns_suffix', 940 'exclusive_routing', 'forticlient_download', 'forticlient_download_method', 941 'heading', 'hide_sso_credential', 'host_check', 942 'host_check_interval', 'host_check_policy', 'ip_mode', 943 'ip_pools', 'ipv6_dns_server1', 'ipv6_dns_server2', 944 'ipv6_exclusive_routing', 'ipv6_pools', 'ipv6_service_restriction', 945 'ipv6_split_tunneling', 'ipv6_split_tunneling_routing_address', 'ipv6_tunnel_mode', 946 'ipv6_wins_server1', 'ipv6_wins_server2', 'keep_alive', 947 'limit_user_logins', 'mac_addr_action', 'mac_addr_check', 948 'mac_addr_check_rule', 'macos_forticlient_download_url', 'name', 949 'os_check', 'os_check_list', 'redir_url', 950 'save_password', 'service_restriction', 'skip_check_for_unsupported_browser', 951 'skip_check_for_unsupported_os', 'smb_ntlmv1_auth', 'smbv1', 952 'split_dns', 'split_tunneling', 'split_tunneling_routing_address', 953 'theme', 'tunnel_mode', 'user_bookmark', 954 'user_group_bookmark', 'web_mode', 'windows_forticlient_download_url', 955 'wins_server1', 'wins_server2'] 956 dictionary = {} 957 958 for attribute in option_list: 959 if attribute in json and json[attribute] is not None: 960 dictionary[attribute] = json[attribute] 961 962 return dictionary 963 964 965def underscore_to_hyphen(data): 966 if isinstance(data, list): 967 for elem in data: 968 elem = underscore_to_hyphen(elem) 969 elif isinstance(data, dict): 970 new_data = {} 971 for k, v in data.items(): 972 new_data[k.replace('_', '-')] = underscore_to_hyphen(v) 973 data = new_data 974 975 return data 976 977 978def vpn_ssl_web_portal(data, fos): 979 vdom = data['vdom'] 980 if 'state' in data and data['state']: 981 state = data['state'] 982 elif 'state' in data['vpn_ssl_web_portal'] and data['vpn_ssl_web_portal']: 983 state = data['vpn_ssl_web_portal']['state'] 984 else: 985 state = True 986 vpn_ssl_web_portal_data = data['vpn_ssl_web_portal'] 987 filtered_data = underscore_to_hyphen(filter_vpn_ssl_web_portal_data(vpn_ssl_web_portal_data)) 988 989 if state == "present": 990 return fos.set('vpn.ssl.web', 991 'portal', 992 data=filtered_data, 993 vdom=vdom) 994 995 elif state == "absent": 996 return fos.delete('vpn.ssl.web', 997 'portal', 998 mkey=filtered_data['name'], 999 vdom=vdom) 1000 1001 1002def is_successful_status(status): 1003 return status['status'] == "success" or \ 1004 status['http_method'] == "DELETE" and status['http_status'] == 404 1005 1006 1007def fortios_vpn_ssl_web(data, fos): 1008 1009 if data['vpn_ssl_web_portal']: 1010 resp = vpn_ssl_web_portal(data, fos) 1011 1012 return not is_successful_status(resp), \ 1013 resp['status'] == "success", \ 1014 resp 1015 1016 1017def main(): 1018 fields = { 1019 "host": {"required": False, "type": "str"}, 1020 "username": {"required": False, "type": "str"}, 1021 "password": {"required": False, "type": "str", "default": "", "no_log": True}, 1022 "vdom": {"required": False, "type": "str", "default": "root"}, 1023 "https": {"required": False, "type": "bool", "default": True}, 1024 "ssl_verify": {"required": False, "type": "bool", "default": True}, 1025 "state": {"required": False, "type": "str", 1026 "choices": ["present", "absent"]}, 1027 "vpn_ssl_web_portal": { 1028 "required": False, "type": "dict", "default": None, 1029 "options": { 1030 "state": {"required": False, "type": "str", 1031 "choices": ["present", "absent"]}, 1032 "allow_user_access": {"required": False, "type": "str", 1033 "choices": ["web", "ftp", "smb", 1034 "telnet", "ssh", "vnc", 1035 "rdp", "ping", "citrix", 1036 "portforward"]}, 1037 "auto_connect": {"required": False, "type": "str", 1038 "choices": ["enable", "disable"]}, 1039 "bookmark_group": {"required": False, "type": "list", 1040 "options": { 1041 "bookmarks": {"required": False, "type": "list", 1042 "options": { 1043 "additional_params": {"required": False, "type": "str"}, 1044 "apptype": {"required": False, "type": "str", 1045 "choices": ["citrix", "ftp", "portforward", 1046 "rdp", "smb", "ssh", 1047 "telnet", "vnc", "web"]}, 1048 "description": {"required": False, "type": "str"}, 1049 "folder": {"required": False, "type": "str"}, 1050 "form_data": {"required": False, "type": "list", 1051 "options": { 1052 "name": {"required": True, "type": "str"}, 1053 "value": {"required": False, "type": "str"} 1054 }}, 1055 "host": {"required": False, "type": "str"}, 1056 "listening_port": {"required": False, "type": "int"}, 1057 "load_balancing_info": {"required": False, "type": "str"}, 1058 "logon_password": {"required": False, "type": "str", "no_log": True}, 1059 "logon_user": {"required": False, "type": "str"}, 1060 "name": {"required": True, "type": "str"}, 1061 "port": {"required": False, "type": "int"}, 1062 "preconnection_blob": {"required": False, "type": "str"}, 1063 "preconnection_id": {"required": False, "type": "int"}, 1064 "remote_port": {"required": False, "type": "int"}, 1065 "security": {"required": False, "type": "str", 1066 "choices": ["rdp", "nla", "tls", 1067 "any"]}, 1068 "server_layout": {"required": False, "type": "str", 1069 "choices": ["de-de-qwertz", "en-gb-qwerty", "en-us-qwerty", 1070 "es-es-qwerty", "fr-fr-azerty", "fr-ch-qwertz", 1071 "it-it-qwerty", "ja-jp-qwerty", "pt-br-qwerty", 1072 "sv-se-qwerty", "tr-tr-qwerty", "failsafe"]}, 1073 "show_status_window": {"required": False, "type": "str", 1074 "choices": ["enable", "disable"]}, 1075 "sso": {"required": False, "type": "str", 1076 "choices": ["disable", "static", "auto"]}, 1077 "sso_credential": {"required": False, "type": "str", 1078 "choices": ["sslvpn-login", "alternative"]}, 1079 "sso_credential_sent_once": {"required": False, "type": "str", 1080 "choices": ["enable", "disable"]}, 1081 "sso_password": {"required": False, "type": "str", "no_log": True}, 1082 "sso_username": {"required": False, "type": "str"}, 1083 "url": {"required": False, "type": "str"} 1084 }}, 1085 "name": {"required": True, "type": "str"} 1086 }}, 1087 "custom_lang": {"required": False, "type": "str"}, 1088 "customize_forticlient_download_url": {"required": False, "type": "str", 1089 "choices": ["enable", "disable"]}, 1090 "display_bookmark": {"required": False, "type": "str", 1091 "choices": ["enable", "disable"]}, 1092 "display_connection_tools": {"required": False, "type": "str", 1093 "choices": ["enable", "disable"]}, 1094 "display_history": {"required": False, "type": "str", 1095 "choices": ["enable", "disable"]}, 1096 "display_status": {"required": False, "type": "str", 1097 "choices": ["enable", "disable"]}, 1098 "dns_server1": {"required": False, "type": "str"}, 1099 "dns_server2": {"required": False, "type": "str"}, 1100 "dns_suffix": {"required": False, "type": "str"}, 1101 "exclusive_routing": {"required": False, "type": "str", 1102 "choices": ["enable", "disable"]}, 1103 "forticlient_download": {"required": False, "type": "str", 1104 "choices": ["enable", "disable"]}, 1105 "forticlient_download_method": {"required": False, "type": "str", 1106 "choices": ["direct", "ssl-vpn"]}, 1107 "heading": {"required": False, "type": "str"}, 1108 "hide_sso_credential": {"required": False, "type": "str", 1109 "choices": ["enable", "disable"]}, 1110 "host_check": {"required": False, "type": "str", 1111 "choices": ["none", "av", "fw", 1112 "av-fw", "custom"]}, 1113 "host_check_interval": {"required": False, "type": "int"}, 1114 "host_check_policy": {"required": False, "type": "list", 1115 "options": { 1116 "name": {"required": True, "type": "str"} 1117 }}, 1118 "ip_mode": {"required": False, "type": "str", 1119 "choices": ["range", "user-group"]}, 1120 "ip_pools": {"required": False, "type": "list", 1121 "options": { 1122 "name": {"required": True, "type": "str"} 1123 }}, 1124 "ipv6_dns_server1": {"required": False, "type": "str"}, 1125 "ipv6_dns_server2": {"required": False, "type": "str"}, 1126 "ipv6_exclusive_routing": {"required": False, "type": "str", 1127 "choices": ["enable", "disable"]}, 1128 "ipv6_pools": {"required": False, "type": "list", 1129 "options": { 1130 "name": {"required": True, "type": "str"} 1131 }}, 1132 "ipv6_service_restriction": {"required": False, "type": "str", 1133 "choices": ["enable", "disable"]}, 1134 "ipv6_split_tunneling": {"required": False, "type": "str", 1135 "choices": ["enable", "disable"]}, 1136 "ipv6_split_tunneling_routing_address": {"required": False, "type": "list", 1137 "options": { 1138 "name": {"required": True, "type": "str"} 1139 }}, 1140 "ipv6_tunnel_mode": {"required": False, "type": "str", 1141 "choices": ["enable", "disable"]}, 1142 "ipv6_wins_server1": {"required": False, "type": "str"}, 1143 "ipv6_wins_server2": {"required": False, "type": "str"}, 1144 "keep_alive": {"required": False, "type": "str", 1145 "choices": ["enable", "disable"]}, 1146 "limit_user_logins": {"required": False, "type": "str", 1147 "choices": ["enable", "disable"]}, 1148 "mac_addr_action": {"required": False, "type": "str", 1149 "choices": ["allow", "deny"]}, 1150 "mac_addr_check": {"required": False, "type": "str", 1151 "choices": ["enable", "disable"]}, 1152 "mac_addr_check_rule": {"required": False, "type": "list", 1153 "options": { 1154 "mac_addr_list": {"required": False, "type": "list", 1155 "options": { 1156 "addr": {"required": True, "type": "str"} 1157 }}, 1158 "mac_addr_mask": {"required": False, "type": "int"}, 1159 "name": {"required": True, "type": "str"} 1160 }}, 1161 "macos_forticlient_download_url": {"required": False, "type": "str"}, 1162 "name": {"required": True, "type": "str"}, 1163 "os_check": {"required": False, "type": "str", 1164 "choices": ["enable", "disable"]}, 1165 "os_check_list": {"required": False, "type": "list", 1166 "options": { 1167 "action": {"required": False, "type": "str", 1168 "choices": ["deny", "allow", "check-up-to-date"]}, 1169 "latest_patch_level": {"required": False, "type": "str"}, 1170 "name": {"required": True, "type": "str"}, 1171 "tolerance": {"required": False, "type": "int"} 1172 }}, 1173 "redir_url": {"required": False, "type": "str"}, 1174 "save_password": {"required": False, "type": "str", 1175 "choices": ["enable", "disable"]}, 1176 "service_restriction": {"required": False, "type": "str", 1177 "choices": ["enable", "disable"]}, 1178 "skip_check_for_unsupported_browser": {"required": False, "type": "str", 1179 "choices": ["enable", "disable"]}, 1180 "skip_check_for_unsupported_os": {"required": False, "type": "str", 1181 "choices": ["enable", "disable"]}, 1182 "smb_ntlmv1_auth": {"required": False, "type": "str", 1183 "choices": ["enable", "disable"]}, 1184 "smbv1": {"required": False, "type": "str", 1185 "choices": ["enable", "disable"]}, 1186 "split_dns": {"required": False, "type": "list", 1187 "options": { 1188 "dns_server1": {"required": False, "type": "str"}, 1189 "dns_server2": {"required": False, "type": "str"}, 1190 "domains": {"required": False, "type": "str"}, 1191 "id": {"required": True, "type": "int"}, 1192 "ipv6_dns_server1": {"required": False, "type": "str"}, 1193 "ipv6_dns_server2": {"required": False, "type": "str"} 1194 }}, 1195 "split_tunneling": {"required": False, "type": "str", 1196 "choices": ["enable", "disable"]}, 1197 "split_tunneling_routing_address": {"required": False, "type": "list", 1198 "options": { 1199 "name": {"required": True, "type": "str"} 1200 }}, 1201 "theme": {"required": False, "type": "str", 1202 "choices": ["blue", "green", "red", 1203 "melongene", "mariner"]}, 1204 "tunnel_mode": {"required": False, "type": "str", 1205 "choices": ["enable", "disable"]}, 1206 "user_bookmark": {"required": False, "type": "str", 1207 "choices": ["enable", "disable"]}, 1208 "user_group_bookmark": {"required": False, "type": "str", 1209 "choices": ["enable", "disable"]}, 1210 "web_mode": {"required": False, "type": "str", 1211 "choices": ["enable", "disable"]}, 1212 "windows_forticlient_download_url": {"required": False, "type": "str"}, 1213 "wins_server1": {"required": False, "type": "str"}, 1214 "wins_server2": {"required": False, "type": "str"} 1215 1216 } 1217 } 1218 } 1219 1220 module = AnsibleModule(argument_spec=fields, 1221 supports_check_mode=False) 1222 1223 # legacy_mode refers to using fortiosapi instead of HTTPAPI 1224 legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 1225 'username' in module.params and module.params['username'] is not None and \ 1226 'password' in module.params and module.params['password'] is not None 1227 1228 if not legacy_mode: 1229 if module._socket_path: 1230 connection = Connection(module._socket_path) 1231 fos = FortiOSHandler(connection) 1232 1233 is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) 1234 else: 1235 module.fail_json(**FAIL_SOCKET_MSG) 1236 else: 1237 try: 1238 from fortiosapi import FortiOSAPI 1239 except ImportError: 1240 module.fail_json(msg="fortiosapi module is required") 1241 1242 fos = FortiOSAPI() 1243 1244 login(module.params, fos) 1245 is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) 1246 fos.logout() 1247 1248 if not is_error: 1249 module.exit_json(changed=has_changed, meta=result) 1250 else: 1251 module.fail_json(msg="Error in repo", meta=result) 1252 1253 1254if __name__ == '__main__': 1255 main() 1256