FortiManager SSL SSH Security Profiles (#47152)

* Initial Commit

* Initial Commit

* Initial Commit

* Fixing syntax errors

* After running sanity tests, fixed pylint and pep8 errors

* After running sanity tests, fixed pylint and pep8 errors

* Fixing more syntax issues

* Fixing more syntax issues

* Adding username to doc block

* PR candidate

* PR candidate

* fixed pep8 and docs issues

* fixed 2.6 function issues

* fixed 2.6 function issues part duex

* Initial commit for security profile group module

* Adding better playbook example to module

* Adding another commit to test shippable tests

* Fixing shippable errors, pep8 in unit test file and doc block problem in main module

* Fixing documentation module error

* Fixing pep8 line too long in unit test

* Fixing utility function with nested dictionaries

* Fixing utility function with pep8 issue

* Adding change to allow for multiple list of dictionaries to be submitted via a single playbook

* Initial commit for FMG Security Profile Web Application Firewall

* adding extra line at bottom for pep8 conditions

* Adding descriptions to documentation

* Fixing more pep8 issues

* New commit for new PR

* Removing todo in documentation

* Changing module name in documentation to match actual module name

* Fixing yaml syntax for long choices list

* Fixing yaml syntax for long choices list

* Initial commit for fmgr web filter security profile

* Initial commit for SSL and SSH security profiles in FMG

* Fixing pep8 syntax issues

* Adding better playbook example

* Fixing review changes

* Adding @ in author names per @Gundalow's request per Ansible's guidelines
This commit is contained in:
ftntcorecse 2018-11-20 22:14:35 -07:00 committed by Sumit Jaiswal
parent 6965cea86a
commit 199cd1bc77
3 changed files with 1432 additions and 0 deletions

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,202 @@
{
"fmgr_firewall_ssl_ssh_profile_addsetdelete": [
{
"paramgram_used": {
"comment": null,
"untrusted-caname": null,
"mapi-over-https": null,
"whitelist": null,
"caname": null,
"ftps": {
"status": null,
"allow-invalid-server-cert": null,
"unsupported-ssl": null,
"client-cert-request": null,
"ports": null,
"untrusted-cert": null
},
"ssl-exemptions-log": null,
"https": {
"status": null,
"allow-invalid-server-cert": null,
"unsupported-ssl": null,
"client-cert-request": null,
"ports": null,
"untrusted-cert": null
},
"imaps": {
"status": null,
"allow-invalid-server-cert": null,
"unsupported-ssl": null,
"client-cert-request": null,
"ports": null,
"untrusted-cert": null
},
"server-cert-mode": null,
"adom": "root",
"ssl-exempt": {
"regex": null,
"wildcard-fqdn": null,
"fortiguard-category": null,
"address6": null,
"address": null,
"type": null
},
"ssl": {
"inspect-all": null,
"allow-invalid-server-cert": null,
"client-cert-request": null,
"untrusted-cert": null,
"unsupported-ssl": null
},
"ssh": {
"status": null,
"inspect-all": null,
"ssh-tun-policy-check": null,
"ssh-policy-check": null,
"ssh-algorithm": null,
"unsupported-version": null,
"ports": null
},
"use-ssl-server": null,
"server-cert": null,
"name": "Ansible_SSL_SSH_Profile",
"ssl-anomalies-log": null,
"ssl-server": {
"pop3s-client-cert-request": null,
"imaps-client-cert-request": null,
"smtps-client-cert-request": null,
"ip": null,
"ssl-other-client-cert-request": null,
"https-client-cert-request": null,
"ftps-client-cert-request": null
},
"smtps": {
"status": null,
"allow-invalid-server-cert": null,
"unsupported-ssl": null,
"client-cert-request": null,
"ports": null,
"untrusted-cert": null
},
"rpc-over-https": null,
"mode": "delete",
"pop3s": {
"status": null,
"allow-invalid-server-cert": null,
"unsupported-ssl": null,
"client-cert-request": null,
"ports": null,
"untrusted-cert": null
}
},
"raw_response": {
"status": {
"message": "OK",
"code": 0
},
"url": "/pm/config/adom/root/obj/firewall/ssl-ssh-profile/Ansible_SSL_SSH_Profile"
},
"post_method": "delete"
},
{
"raw_response": {
"status": {
"message": "OK",
"code": 0
},
"url": "/pm/config/adom/root/obj/firewall/ssl-ssh-profile"
},
"paramgram_used": {
"comment": "Created by Ansible Module TEST",
"untrusted-caname": null,
"mapi-over-https": "enable",
"whitelist": "enable",
"caname": null,
"ftps": {
"status": null,
"allow-invalid-server-cert": null,
"unsupported-ssl": null,
"untrusted-cert": null,
"client-cert-request": null,
"ports": null
},
"ssl-exemptions-log": "enable",
"https": {
"status": null,
"allow-invalid-server-cert": null,
"unsupported-ssl": null,
"untrusted-cert": null,
"client-cert-request": null,
"ports": null
},
"pop3s": {
"status": null,
"allow-invalid-server-cert": null,
"unsupported-ssl": null,
"untrusted-cert": null,
"client-cert-request": null,
"ports": null
},
"server-cert-mode": "replace",
"adom": "root",
"ssl-exempt": {
"regex": null,
"wildcard-fqdn": null,
"fortiguard-category": null,
"address6": null,
"address": null,
"type": null
},
"ssl": {
"unsupported-ssl": null,
"inspect-all": null,
"allow-invalid-server-cert": null,
"untrusted-cert": null,
"client-cert-request": null
},
"ssh": {
"status": null,
"inspect-all": null,
"ssh-tun-policy-check": null,
"ssh-policy-check": null,
"ssh-algorithm": null,
"unsupported-version": null,
"ports": null
},
"server-cert": null,
"name": "Ansible_SSL_SSH_Profile",
"ssl-anomalies-log": "enable",
"ssl-server": {
"pop3s-client-cert-request": null,
"imaps-client-cert-request": null,
"smtps-client-cert-request": null,
"ip": null,
"ssl-other-client-cert-request": null,
"https-client-cert-request": null,
"ftps-client-cert-request": null
},
"smtps": {
"status": null,
"allow-invalid-server-cert": null,
"unsupported-ssl": null,
"untrusted-cert": null,
"client-cert-request": null,
"ports": null
},
"imaps": {
"status": null,
"allow-invalid-server-cert": null,
"unsupported-ssl": null,
"untrusted-cert": null,
"client-cert-request": null,
"ports": null
},
"rpc-over-https": "enable",
"mode": "set",
"use-ssl-server": "enable"
},
"post_method": "set"
}
]
}

View file

@ -0,0 +1,135 @@
# Copyright 2018 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
from pyFMG.fortimgr import FortiManager
import pytest
try:
from ansible.modules.network.fortimanager import fmgr_secprof_ssl_ssh
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
fmg_instance = FortiManager("1.1.1.1", "admin", "")
def load_fixtures():
fixture_path = os.path.join(
os.path.dirname(__file__),
'fixtures') + "/{filename}.json".format(
filename=os.path.splitext(
os.path.basename(__file__))[0])
try:
with open(fixture_path, "r") as fixture_file:
fixture_data = json.load(fixture_file)
except IOError:
return []
return [fixture_data]
@pytest.fixture(scope="function", params=load_fixtures())
def fixture_data(request):
func_name = request.function.__name__.replace("test_", "")
return request.param.get(func_name, None)
def test_fmgr_firewall_ssl_ssh_profile_addsetdelete(fixture_data, mocker):
mocker.patch("pyFMG.fortimgr.FortiManager._post_request", side_effect=fixture_data)
# Fixture sets used:###########################
##################################################
# comment: None
# untrusted-caname: None
# mapi-over-https: None
# whitelist: None
# caname: None
# ftps: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'client-cert-request': None,
# 'ports': None, 'untrusted-cert': None}
# ssl-exemptions-log: None
# https: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'client-cert-request': None,
# 'ports': None, 'untrusted-cert': None}
# imaps: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'client-cert-request': None,
# 'ports': None, 'untrusted-cert': None}
# server-cert-mode: None
# adom: root
# ssl-exempt: {'regex': None, 'wildcard-fqdn': None, 'fortiguard-category': None, 'address6': None,
# 'address': None, 'type': None}
# ssl: {'inspect-all': None, 'allow-invalid-server-cert': None, 'client-cert-request': None,
# 'untrusted-cert': None, 'unsupported-ssl': None}
# ssh: {'status': None, 'inspect-all': None, 'ssh-tun-policy-check': None, 'ssh-policy-check': None,
# 'ssh-algorithm': None, 'unsupported-version': None, 'ports': None}
# use-ssl-server: None
# server-cert: None
# name: Ansible_SSL_SSH_Profile
# ssl-anomalies-log: None
# ssl-server: {'pop3s-client-cert-request': None, 'imaps-client-cert-request': None,
# 'smtps-client-cert-request': None, 'ip': None, 'ssl-other-client-cert-request': None,
# 'https-client-cert-request': None, 'ftps-client-cert-request': None}
# smtps: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'client-cert-request': None,
# 'ports': None, 'untrusted-cert': None}
# rpc-over-https: None
# mode: delete
# pop3s: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'client-cert-request': None,
# 'ports': None, 'untrusted-cert': None}
##################################################
##################################################
# comment: Created by Ansible Module TEST
# untrusted-caname: None
# mapi-over-https: enable
# whitelist: enable
# caname: None
# ftps: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'untrusted-cert': None,
# 'client-cert-request': None, 'ports': None}
# ssl-exemptions-log: enable
# https: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'untrusted-cert': None,
# 'client-cert-request': None, 'ports': None}
# pop3s: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'untrusted-cert': None,
# 'client-cert-request': None, 'ports': None}
# server-cert-mode: replace
# adom: root
# ssl-exempt: {'regex': None, 'wildcard-fqdn': None, 'fortiguard-category': None, 'address6': None,
# 'address': None, 'type': None}
# ssl: {'unsupported-ssl': None, 'inspect-all': None, 'allow-invalid-server-cert': None, 'untrusted-cert': None,
# 'client-cert-request': None}
# ssh: {'status': None, 'inspect-all': None, 'ssh-tun-policy-check': None, 'ssh-policy-check': None,
# 'ssh-algorithm': None, 'unsupported-version': None, 'ports': None}
# server-cert: None
# name: Ansible_SSL_SSH_Profile
# ssl-anomalies-log: enable
# ssl-server: {'pop3s-client-cert-request': None, 'imaps-client-cert-request': None,
# 'smtps-client-cert-request': None, 'ip': None, 'ssl-other-client-cert-request': None,
# 'https-client-cert-request': None, 'ftps-client-cert-request': None}
# smtps: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'untrusted-cert': None,
# 'client-cert-request': None, 'ports': None}
# imaps: {'status': None, 'allow-invalid-server-cert': None, 'unsupported-ssl': None, 'untrusted-cert': None,
# 'client-cert-request': None, 'ports': None}
# rpc-over-https: enable
# mode: set
# use-ssl-server: enable
##################################################
# Test using fixture 1 #
output = fmgr_secprof_ssl_ssh.fmgr_firewall_ssl_ssh_profile_addsetdelete(
fmg_instance, fixture_data[0]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0
# Test using fixture 2 #
output = fmgr_secprof_ssl_ssh.fmgr_firewall_ssl_ssh_profile_addsetdelete(
fmg_instance, fixture_data[1]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0