fmgr_secprof_profile_group¶
Metadata¶
Name: fmgr_secprof_profile_group
Description: Manage security profile group which allows you to create a group of security profiles and apply that to a policy.
Author(s):
- Luke Weighall (github: @lweighall)
- Andrew Welsh (github: @Ghilli3)
- Jim Huber (github: @p4r4n0y1ng)
Ansible Version Added/Required: 2.8
Dev Status: COMPLETED/MERGED
Owning Developer: Andrew Welsh
Module Github Link
Parameters¶
adom¶
- Description: The ADOM the configuration should belong to.
- Required: False
- default: root
application_list¶
- Description: Name of an existing Application list.
- Required: False
av_profile¶
- Description: Name of an existing Antivirus profile.
- Required: False
dlp_sensor¶
- Description: Name of an existing DLP sensor.
- Required: False
dnsfilter_profile¶
- Description: Name of an existing DNS filter profile.
- Required: False
icap_profile¶
- Description: Name of an existing ICAP profile.
- Required: False
ips_sensor¶
- Description: Name of an existing IPS sensor.
- Required: False
mms_profile¶
- Description: Name of an existing MMS profile.
- Required: False
mode¶
Description: Sets one of three modes for managing the object.
Allows use of soft-adds instead of overwriting existing values.
Required: False
default: add
choices: [‘add’, ‘set’, ‘delete’, ‘update’]
name¶
- Description: Profile group name.
- Required: False
profile_protocol_options¶
- Description: Name of an existing Protocol options profile.
- Required: False
spamfilter_profile¶
- Description: Name of an existing Spam filter profile.
- Required: False
ssh_filter_profile¶
- Description: Name of an existing SSH filter profile.
- Required: False
ssl_ssh_profile¶
- Description: Name of an existing SSL SSH profile.
- Required: False
voip_profile¶
- Description: Name of an existing VoIP profile.
- Required: False
waf_profile¶
- Description: Name of an existing Web application firewall profile.
- Required: False
webfilter_profile¶
- Description: Name of an existing Web filter profile.
- Required: False
Functions¶
- fmgr_firewall_profile_group_modify
def fmgr_firewall_profile_group_modify(fmgr, paramgram): """ :param fmgr: The fmgr object instance from fortimanager.py :type fmgr: class object :param paramgram: The formatted dictionary of options to process :type paramgram: dict :return: The response from the FortiManager :rtype: dict """ mode = paramgram["mode"] adom = paramgram["adom"] url = "" datagram = {} response = DEFAULT_RESULT_OBJ # EVAL THE MODE PARAMETER FOR SET OR ADD if mode in ['set', 'add', 'update']: url = '/pm/config/adom/{adom}/obj/firewall/profile-group'.format(adom=adom) datagram = scrub_dict(prepare_dict(paramgram)) # EVAL THE MODE PARAMETER FOR DELETE elif mode == "delete": # SET THE CORRECT URL FOR DELETE url = '/pm/config/adom/{adom}/obj/firewall/profile-group/{name}'.format(adom=adom, name=paramgram["name"]) datagram = {} response = fmgr.process_request(url, datagram, paramgram["mode"]) return response ############# # END METHODS #############
- main
def main(): argument_spec = dict( adom=dict(type="str", default="root"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), webfilter_profile=dict(required=False, type="str"), waf_profile=dict(required=False, type="str"), voip_profile=dict(required=False, type="str"), ssl_ssh_profile=dict(required=False, type="str"), ssh_filter_profile=dict(required=False, type="str"), spamfilter_profile=dict(required=False, type="str"), profile_protocol_options=dict(required=False, type="str"), name=dict(required=False, type="str"), mms_profile=dict(required=False, type="str"), ips_sensor=dict(required=False, type="str"), icap_profile=dict(required=False, type="str"), dnsfilter_profile=dict(required=False, type="str"), dlp_sensor=dict(required=False, type="str"), av_profile=dict(required=False, type="str"), application_list=dict(required=False, type="str"), ) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, ) # MODULE PARAMGRAM paramgram = { "mode": module.params["mode"], "adom": module.params["adom"], "webfilter-profile": module.params["webfilter_profile"], "waf-profile": module.params["waf_profile"], "voip-profile": module.params["voip_profile"], "ssl-ssh-profile": module.params["ssl_ssh_profile"], "ssh-filter-profile": module.params["ssh_filter_profile"], "spamfilter-profile": module.params["spamfilter_profile"], "profile-protocol-options": module.params["profile_protocol_options"], "name": module.params["name"], "mms-profile": module.params["mms_profile"], "ips-sensor": module.params["ips_sensor"], "icap-profile": module.params["icap_profile"], "dnsfilter-profile": module.params["dnsfilter_profile"], "dlp-sensor": module.params["dlp_sensor"], "av-profile": module.params["av_profile"], "application-list": module.params["application_list"], } module.paramgram = paramgram fmgr = None if module._socket_path: connection = Connection(module._socket_path) fmgr = FortiManagerHandler(connection, module) fmgr.tools = FMGRCommon() else: module.fail_json(**FAIL_SOCKET_MSG) results = DEFAULT_RESULT_OBJ try: results = fmgr_firewall_profile_group_modify(fmgr, paramgram) fmgr.govern_response(module=module, results=results, ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram)) except Exception as err: raise FMGBaseException(err) return module.exit_json(**results[1])
Module Source Code¶
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'status': ['preview'],
'supported_by': 'community',
'metadata_version': '1.1'}
DOCUMENTATION = '''
---
module: fmgr_secprof_profile_group
version_added: "2.8"
notes:
- Full Documentation at U(https://ftnt-ansible-docs.readthedocs.io/en/latest/).
author:
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
- Jim Huber (@p4r4n0y1ng)
short_description: Manage security profiles within FortiManager
description:
- Manage security profile group which allows you to create a group of security profiles and apply that to a policy.
options:
adom:
description:
- The ADOM the configuration should belong to.
required: false
default: root
mode:
description:
- Sets one of three modes for managing the object.
- Allows use of soft-adds instead of overwriting existing values.
choices: ['add', 'set', 'delete', 'update']
required: false
default: add
webfilter_profile:
type: str
description:
- Name of an existing Web filter profile.
required: false
waf_profile:
type: str
description:
- Name of an existing Web application firewall profile.
required: false
voip_profile:
type: str
description:
- Name of an existing VoIP profile.
required: false
ssl_ssh_profile:
type: str
description:
- Name of an existing SSL SSH profile.
required: false
ssh_filter_profile:
type: str
description:
- Name of an existing SSH filter profile.
required: false
spamfilter_profile:
type: str
description:
- Name of an existing Spam filter profile.
required: false
profile_protocol_options:
type: str
description:
- Name of an existing Protocol options profile.
required: false
name:
type: str
description:
- Profile group name.
required: false
mms_profile:
type: str
description:
- Name of an existing MMS profile.
required: false
ips_sensor:
type: str
description:
- Name of an existing IPS sensor.
required: false
icap_profile:
type: str
description:
- Name of an existing ICAP profile.
required: false
dnsfilter_profile:
type: str
description:
- Name of an existing DNS filter profile.
required: false
dlp_sensor:
type: str
description:
- Name of an existing DLP sensor.
required: false
av_profile:
type: str
description:
- Name of an existing Antivirus profile.
required: false
application_list:
type: str
description:
- Name of an existing Application list.
required: false
'''
EXAMPLES = '''
- name: DELETE Profile
fmgr_secprof_profile_group:
name: "Ansible_TEST_Profile_Group"
mode: "delete"
- name: CREATE Profile
fmgr_secprof_profile_group:
name: "Ansible_TEST_Profile_Group"
mode: "set"
av_profile: "Ansible_AV_Profile"
profile_protocol_options: "default"
'''
RETURN = """
api_result:
description: full API response, includes status code and message
returned: always
type: str
"""
from ansible.module_utils.basic import AnsibleModule, env_fallback
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortimanager.fortimanager import FortiManagerHandler
from ansible.module_utils.network.fortimanager.common import FMGBaseException
from ansible.module_utils.network.fortimanager.common import FMGRCommon
from ansible.module_utils.network.fortimanager.common import FMGRMethods
from ansible.module_utils.network.fortimanager.common import DEFAULT_RESULT_OBJ
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
from ansible.module_utils.network.fortimanager.common import prepare_dict
from ansible.module_utils.network.fortimanager.common import scrub_dict
###############
# START METHODS
###############
def fmgr_firewall_profile_group_modify(fmgr, paramgram):
"""
:param fmgr: The fmgr object instance from fortimanager.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
mode = paramgram["mode"]
adom = paramgram["adom"]
url = ""
datagram = {}
response = DEFAULT_RESULT_OBJ
# EVAL THE MODE PARAMETER FOR SET OR ADD
if mode in ['set', 'add', 'update']:
url = '/pm/config/adom/{adom}/obj/firewall/profile-group'.format(adom=adom)
datagram = scrub_dict(prepare_dict(paramgram))
# EVAL THE MODE PARAMETER FOR DELETE
elif mode == "delete":
# SET THE CORRECT URL FOR DELETE
url = '/pm/config/adom/{adom}/obj/firewall/profile-group/{name}'.format(adom=adom, name=paramgram["name"])
datagram = {}
response = fmgr.process_request(url, datagram, paramgram["mode"])
return response
#############
# END METHODS
#############
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
webfilter_profile=dict(required=False, type="str"),
waf_profile=dict(required=False, type="str"),
voip_profile=dict(required=False, type="str"),
ssl_ssh_profile=dict(required=False, type="str"),
ssh_filter_profile=dict(required=False, type="str"),
spamfilter_profile=dict(required=False, type="str"),
profile_protocol_options=dict(required=False, type="str"),
name=dict(required=False, type="str"),
mms_profile=dict(required=False, type="str"),
ips_sensor=dict(required=False, type="str"),
icap_profile=dict(required=False, type="str"),
dnsfilter_profile=dict(required=False, type="str"),
dlp_sensor=dict(required=False, type="str"),
av_profile=dict(required=False, type="str"),
application_list=dict(required=False, type="str"),
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"webfilter-profile": module.params["webfilter_profile"],
"waf-profile": module.params["waf_profile"],
"voip-profile": module.params["voip_profile"],
"ssl-ssh-profile": module.params["ssl_ssh_profile"],
"ssh-filter-profile": module.params["ssh_filter_profile"],
"spamfilter-profile": module.params["spamfilter_profile"],
"profile-protocol-options": module.params["profile_protocol_options"],
"name": module.params["name"],
"mms-profile": module.params["mms_profile"],
"ips-sensor": module.params["ips_sensor"],
"icap-profile": module.params["icap_profile"],
"dnsfilter-profile": module.params["dnsfilter_profile"],
"dlp-sensor": module.params["dlp_sensor"],
"av-profile": module.params["av_profile"],
"application-list": module.params["application_list"],
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_firewall_profile_group_modify(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
if __name__ == "__main__":
main()