FortiManager SSL SSH Security Profiles (#47152)
* Initial Commit * Initial Commit * Initial Commit * Fixing syntax errors * After running sanity tests, fixed pylint and pep8 errors * After running sanity tests, fixed pylint and pep8 errors * Fixing more syntax issues * Fixing more syntax issues * Adding username to doc block * PR candidate * PR candidate * fixed pep8 and docs issues * fixed 2.6 function issues * fixed 2.6 function issues part duex * Initial commit for security profile group module * Adding better playbook example to module * Adding another commit to test shippable tests * Fixing shippable errors, pep8 in unit test file and doc block problem in main module * Fixing documentation module error * Fixing pep8 line too long in unit test * Fixing utility function with nested dictionaries * Fixing utility function with pep8 issue * Adding change to allow for multiple list of dictionaries to be submitted via a single playbook * Initial commit for FMG Security Profile Web Application Firewall * adding extra line at bottom for pep8 conditions * Adding descriptions to documentation * Fixing more pep8 issues * New commit for new PR * Removing todo in documentation * Changing module name in documentation to match actual module name * Fixing yaml syntax for long choices list * Fixing yaml syntax for long choices list * Initial commit for fmgr web filter security profile * Initial commit for SSL and SSH security profiles in FMG * Fixing pep8 syntax issues * Adding better playbook example * Fixing review changes * Adding @ in author names per @Gundalow's request per Ansible's guidelines
This commit is contained in:
parent
6965cea86a
commit
199cd1bc77
3 changed files with 1432 additions and 0 deletions
1095
lib/ansible/modules/network/fortimanager/fmgr_secprof_ssl_ssh.py
Normal file
1095
lib/ansible/modules/network/fortimanager/fmgr_secprof_ssl_ssh.py
Normal file
File diff suppressed because it is too large
Load diff
|
@ -0,0 +1,202 @@
|
|||
{
|
||||
"fmgr_firewall_ssl_ssh_profile_addsetdelete": [
|
||||
{
|
||||
"paramgram_used": {
|
||||
"comment": null,
|
||||
"untrusted-caname": null,
|
||||
"mapi-over-https": null,
|
||||
"whitelist": null,
|
||||
"caname": null,
|
||||
"ftps": {
|
||||
"status": null,
|
||||
"allow-invalid-server-cert": null,
|
||||
"unsupported-ssl": null,
|
||||
"client-cert-request": null,
|
||||
"ports": null,
|
||||
"untrusted-cert": null
|
||||
},
|
||||
"ssl-exemptions-log": null,
|
||||
"https": {
|
||||
"status": null,
|
||||
"allow-invalid-server-cert": null,
|
||||
"unsupported-ssl": null,
|
||||
"client-cert-request": null,
|
||||
"ports": null,
|
||||
"untrusted-cert": null
|
||||
},
|
||||
"imaps": {
|
||||
"status": null,
|
||||
"allow-invalid-server-cert": null,
|
||||
"unsupported-ssl": null,
|
||||
"client-cert-request": null,
|
||||
"ports": null,
|
||||
"untrusted-cert": null
|
||||
},
|
||||
"server-cert-mode": null,
|
||||
"adom": "root",
|
||||
"ssl-exempt": {
|
||||
"regex": null,
|
||||
"wildcard-fqdn": null,
|
||||
"fortiguard-category": null,
|
||||
"address6": null,
|
||||
"address": null,
|
||||
"type": null
|
||||
},
|
||||
"ssl": {
|
||||
"inspect-all": null,
|
||||
"allow-invalid-server-cert": null,
|
||||
"client-cert-request": null,
|
||||
"untrusted-cert": null,
|
||||
"unsupported-ssl": null
|
||||
},
|
||||
"ssh": {
|
||||
"status": null,
|
||||
"inspect-all": null,
|
||||
"ssh-tun-policy-check": null,
|
||||
"ssh-policy-check": null,
|
||||
"ssh-algorithm": null,
|
||||
"unsupported-version": null,
|
||||
"ports": null
|
||||
},
|
||||
"use-ssl-server": null,
|
||||
"server-cert": null,
|
||||
"name": "Ansible_SSL_SSH_Profile",
|
||||
"ssl-anomalies-log": null,
|
||||
"ssl-server": {
|
||||
"pop3s-client-cert-request": null,
|
||||
"imaps-client-cert-request": null,
|
||||
"smtps-client-cert-request": null,
|
||||
"ip": null,
|
||||
"ssl-other-client-cert-request": null,
|
||||
"https-client-cert-request": null,
|
||||
"ftps-client-cert-request": null
|
||||
},
|
||||
"smtps": {
|
||||
"status": null,
|
||||
"allow-invalid-server-cert": null,
|
||||
"unsupported-ssl": null,
|
||||
"client-cert-request": null,
|
||||
"ports": null,
|
||||
"untrusted-cert": null
|
||||
},
|
||||
"rpc-over-https": null,
|
||||
"mode": "delete",
|
||||
"pop3s": {
|
||||
"status": null,
|
||||
"allow-invalid-server-cert": null,
|
||||
"unsupported-ssl": null,
|
||||
"client-cert-request": null,
|
||||
"ports": null,
|
||||
"untrusted-cert": null
|
||||
}
|
||||
},
|
||||
"raw_response": {
|
||||
"status": {
|
||||
"message": "OK",
|
||||
"code": 0
|
||||
},
|
||||
"url": "/pm/config/adom/root/obj/firewall/ssl-ssh-profile/Ansible_SSL_SSH_Profile"
|
||||
},
|
||||
"post_method": "delete"
|
||||
},
|
||||
{
|
||||
"raw_response": {
|
||||
"status": {
|
||||
"message": "OK",
|
||||
"code": 0
|
||||
},
|
||||
"url": "/pm/config/adom/root/obj/firewall/ssl-ssh-profile"
|
||||
},
|
||||
"paramgram_used": {
|
||||
"comment": "Created by Ansible Module TEST",
|
||||
"untrusted-caname": null,
|
||||
"mapi-over-https": "enable",
|
||||
"whitelist": "enable",
|
||||
"caname": null,
|
||||
"ftps": {
|
||||
"status": null,
|
||||
"allow-invalid-server-cert": null,
|
||||
"unsupported-ssl": null,
|
||||
"untrusted-cert": null,
|
||||
"client-cert-request": null,
|
||||
"ports": null
|
||||
},
|
||||
"ssl-exemptions-log": "enable",
|
||||
"https": {
|
||||
"status": null,
|
||||
"allow-invalid-server-cert": null,
|
||||
"unsupported-ssl": null,
|
||||
"untrusted-cert": null,
|
||||
"client-cert-request": null,
|
||||
"ports": null
|
||||
},
|
||||
"pop3s": {
|
||||
"status": null,
|
||||
"allow-invalid-server-cert": null,
|
||||
"unsupported-ssl": null,
|
||||
"untrusted-cert": null,
|
||||
"client-cert-request": null,
|
||||
"ports": null
|
||||
},
|
||||
"server-cert-mode": "replace",
|
||||
"adom": "root",
|
||||
"ssl-exempt": {
|
||||
"regex": null,
|
||||
"wildcard-fqdn": null,
|
||||
"fortiguard-category": null,
|
||||
"address6": null,
|
||||
"address": null,
|
||||
"type": null
|
||||
},
|
||||
"ssl": {
|
||||
"unsupported-ssl": null,
|
||||
"inspect-all": null,
|
||||
"allow-invalid-server-cert": null,
|
||||
"untrusted-cert": null,
|
||||
"client-cert-request": null
|
||||
},
|
||||
"ssh": {
|
||||
"status": null,
|
||||
"inspect-all": null,
|
||||
"ssh-tun-policy-check": null,
|
||||
"ssh-policy-check": null,
|
||||
"ssh-algorithm": null,
|
||||
"unsupported-version": null,
|
||||
"ports": null
|
||||
},
|
||||
"server-cert": null,
|
||||
"name": "Ansible_SSL_SSH_Profile",
|
||||
"ssl-anomalies-log": "enable",
|
||||
"ssl-server": {
|
||||
"pop3s-client-cert-request": null,
|
||||
"imaps-client-cert-request": null,
|
||||
"smtps-client-cert-request": null,
|
||||
"ip": null,
|
||||
"ssl-other-client-cert-request": null,
|
||||
"https-client-cert-request": null,
|
||||
"ftps-client-cert-request": null
|
||||
},
|
||||
"smtps": {
|
||||
"status": null,
|
||||
"allow-invalid-server-cert": null,
|
||||
"unsupported-ssl": null,
|
||||
"untrusted-cert": null,
|
||||
"client-cert-request": null,
|
||||
"ports": null
|
||||
},
|
||||
"imaps": {
|
||||
"status": null,
|
||||
"allow-invalid-server-cert": null,
|
||||
"unsupported-ssl": null,
|
||||
"untrusted-cert": null,
|
||||
"client-cert-request": null,
|
||||
"ports": null
|
||||
},
|
||||
"rpc-over-https": "enable",
|
||||
"mode": "set",
|
||||
"use-ssl-server": "enable"
|
||||
},
|
||||
"post_method": "set"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,135 @@
|
|||
# Copyright 2018 Fortinet, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
# Make coding more python3-ish
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
__metaclass__ = type
|
||||
|
||||
import os
|
||||
import json
|
||||
from pyFMG.fortimgr import FortiManager
|
||||
import pytest
|
||||
|
||||
try:
|
||||
from ansible.modules.network.fortimanager import fmgr_secprof_ssl_ssh
|
||||
except ImportError:
|
||||
pytest.skip("Could not load required modules for testing", allow_module_level=True)
|
||||
|
||||
fmg_instance = FortiManager("1.1.1.1", "admin", "")
|
||||
|
||||
|
||||
def load_fixtures():
|
||||
fixture_path = os.path.join(
|
||||
os.path.dirname(__file__),
|
||||
'fixtures') + "/{filename}.json".format(
|
||||
filename=os.path.splitext(
|
||||
os.path.basename(__file__))[0])
|
||||
try:
|
||||
with open(fixture_path, "r") as fixture_file:
|
||||
fixture_data = json.load(fixture_file)
|
||||
except IOError:
|
||||
return []
|
||||
return [fixture_data]
|
||||
|
||||
|
||||
@pytest.fixture(scope="function", params=load_fixtures())
|
||||
def fixture_data(request):
|
||||
func_name = request.function.__name__.replace("test_", "")
|
||||
return request.param.get(func_name, None)
|
||||
|
||||
|
||||
def test_fmgr_firewall_ssl_ssh_profile_addsetdelete(fixture_data, mocker):
|
||||
mocker.patch("pyFMG.fortimgr.FortiManager._post_request", side_effect=fixture_data)
|
||||
# Fixture sets used:###########################
|
||||
|
||||
##################################################
|
||||
# comment: None
|
||||
# untrusted-caname: None
|
||||
# mapi-over-https: None
|
||||
# whitelist: None
|
||||
# caname: None
|
||||
# ftps: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'client-cert-request': None,
|
||||
# 'ports': None, 'untrusted-cert': None}
|
||||
# ssl-exemptions-log: None
|
||||
# https: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'client-cert-request': None,
|
||||
# 'ports': None, 'untrusted-cert': None}
|
||||
# imaps: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'client-cert-request': None,
|
||||
# 'ports': None, 'untrusted-cert': None}
|
||||
# server-cert-mode: None
|
||||
# adom: root
|
||||
# ssl-exempt: {'regex': None, 'wildcard-fqdn': None, 'fortiguard-category': None, 'address6': None,
|
||||
# 'address': None, 'type': None}
|
||||
# ssl: {'inspect-all': None, 'allow-invalid-server-cert': None, 'client-cert-request': None,
|
||||
# 'untrusted-cert': None, 'unsupported-ssl': None}
|
||||
# ssh: {'status': None, 'inspect-all': None, 'ssh-tun-policy-check': None, 'ssh-policy-check': None,
|
||||
# 'ssh-algorithm': None, 'unsupported-version': None, 'ports': None}
|
||||
# use-ssl-server: None
|
||||
# server-cert: None
|
||||
# name: Ansible_SSL_SSH_Profile
|
||||
# ssl-anomalies-log: None
|
||||
# ssl-server: {'pop3s-client-cert-request': None, 'imaps-client-cert-request': None,
|
||||
# 'smtps-client-cert-request': None, 'ip': None, 'ssl-other-client-cert-request': None,
|
||||
# 'https-client-cert-request': None, 'ftps-client-cert-request': None}
|
||||
# smtps: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'client-cert-request': None,
|
||||
# 'ports': None, 'untrusted-cert': None}
|
||||
# rpc-over-https: None
|
||||
# mode: delete
|
||||
# pop3s: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'client-cert-request': None,
|
||||
# 'ports': None, 'untrusted-cert': None}
|
||||
##################################################
|
||||
##################################################
|
||||
# comment: Created by Ansible Module TEST
|
||||
# untrusted-caname: None
|
||||
# mapi-over-https: enable
|
||||
# whitelist: enable
|
||||
# caname: None
|
||||
# ftps: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'untrusted-cert': None,
|
||||
# 'client-cert-request': None, 'ports': None}
|
||||
# ssl-exemptions-log: enable
|
||||
# https: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'untrusted-cert': None,
|
||||
# 'client-cert-request': None, 'ports': None}
|
||||
# pop3s: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'untrusted-cert': None,
|
||||
# 'client-cert-request': None, 'ports': None}
|
||||
# server-cert-mode: replace
|
||||
# adom: root
|
||||
# ssl-exempt: {'regex': None, 'wildcard-fqdn': None, 'fortiguard-category': None, 'address6': None,
|
||||
# 'address': None, 'type': None}
|
||||
# ssl: {'unsupported-ssl': None, 'inspect-all': None, 'allow-invalid-server-cert': None, 'untrusted-cert': None,
|
||||
# 'client-cert-request': None}
|
||||
# ssh: {'status': None, 'inspect-all': None, 'ssh-tun-policy-check': None, 'ssh-policy-check': None,
|
||||
# 'ssh-algorithm': None, 'unsupported-version': None, 'ports': None}
|
||||
# server-cert: None
|
||||
# name: Ansible_SSL_SSH_Profile
|
||||
# ssl-anomalies-log: enable
|
||||
# ssl-server: {'pop3s-client-cert-request': None, 'imaps-client-cert-request': None,
|
||||
# 'smtps-client-cert-request': None, 'ip': None, 'ssl-other-client-cert-request': None,
|
||||
# 'https-client-cert-request': None, 'ftps-client-cert-request': None}
|
||||
# smtps: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'untrusted-cert': None,
|
||||
# 'client-cert-request': None, 'ports': None}
|
||||
# imaps: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'untrusted-cert': None,
|
||||
# 'client-cert-request': None, 'ports': None}
|
||||
# rpc-over-https: enable
|
||||
# mode: set
|
||||
# use-ssl-server: enable
|
||||
##################################################
|
||||
|
||||
# Test using fixture 1 #
|
||||
output = fmgr_secprof_ssl_ssh.fmgr_firewall_ssl_ssh_profile_addsetdelete(
|
||||
fmg_instance, fixture_data[0]['paramgram_used'])
|
||||
assert output['raw_response']['status']['code'] == 0
|
||||
# Test using fixture 2 #
|
||||
output = fmgr_secprof_ssl_ssh.fmgr_firewall_ssl_ssh_profile_addsetdelete(
|
||||
fmg_instance, fixture_data[1]['paramgram_used'])
|
||||
assert output['raw_response']['status']['code'] == 0
|
Loading…
Reference in a new issue