From 37e932c4eef3548cfa0f6dd8a5f86fc85e9ab00d Mon Sep 17 00:00:00 2001
From: ftntcorecse <43451990+ftntcorecse@users.noreply.github.com>
Date: Tue, 20 Nov 2018 22:44:47 -0700
Subject: [PATCH] Fortinet FortiManager IPv4 Policy Module (#47638)
* Needs unit test fix -- the "delete" calls a GET command and another function to get policy ID of a firewall policy before deleting it. Nested functions like this, where a GET occurs to determine a new call, breaks the unitTestGen output. Need to figure out what's going on, and adjust the generator.
* PR Candidate
* PR Candidate (fixes)
* Reverting
* Fixing Edits.
* Fixing Authors - Fixing Requested Changes
---
.../network/fortimanager/fmgr_fwpol_ipv4.py | 1508 +++++++++++++++++
.../fixtures/test_fmgr_fwpol_ipv4.json | 877 ++++++++++
.../fortimanager/test_fmgr_fwpol_ipv4.py | 846 +++++++++
3 files changed, 3231 insertions(+)
create mode 100644 lib/ansible/modules/network/fortimanager/fmgr_fwpol_ipv4.py
create mode 100644 test/units/modules/network/fortimanager/fixtures/test_fmgr_fwpol_ipv4.json
create mode 100644 test/units/modules/network/fortimanager/test_fmgr_fwpol_ipv4.py
diff --git a/lib/ansible/modules/network/fortimanager/fmgr_fwpol_ipv4.py b/lib/ansible/modules/network/fortimanager/fmgr_fwpol_ipv4.py
new file mode 100644
index 00000000000..cdee82865a3
--- /dev/null
+++ b/lib/ansible/modules/network/fortimanager/fmgr_fwpol_ipv4.py
@@ -0,0 +1,1508 @@
+#!/usr/bin/python
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'status': ['preview'],
+ 'supported_by': 'community',
+ 'metadata_version': '1.1'}
+
+DOCUMENTATION = '''
+---
+module: fmgr_fwpol_ipv4
+version_added: "2.8"
+author:
+ - Luke Weighall (@lweighall)
+ - Andrew Welsh (@Ghilli3)
+ - Jim Huber (@p4r4n0y1ng)
+short_description: Allows the add/delete of Firewall Policies on Packages in FortiManager.
+description:
+ - Allows the add/delete of Firewall Policies on Packages in FortiManager.
+
+options:
+ adom:
+ description:
+ - The ADOM the configuration should belong to.
+ required: false
+ default: root
+
+ host:
+ description:
+ - The FortiManager's address.
+ required: true
+
+ username:
+ description:
+ - The username associated with the account.
+ required: true
+
+ password:
+ description:
+ - The password associated with the username account.
+ required: true
+
+ mode:
+ description:
+ - Sets one of three modes for managing the object.
+ - Allows use of soft-adds instead of overwriting existing values
+ choices: ['add', 'set', 'delete', 'update']
+ required: false
+ default: add
+
+ package_name:
+ description:
+ - The policy package you want to modify
+ required: false
+ default: "default"
+
+ wsso:
+ description:
+ - Enable/disable WiFi Single Sign On (WSSO).
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ webfilter_profile:
+ description:
+ - Name of an existing Web filter profile.
+ required: false
+
+ webcache_https:
+ description:
+ - Enable/disable web cache for HTTPS.
+ - choice | disable | Disable web cache for HTTPS.
+ - choice | enable | Enable web cache for HTTPS.
+ required: false
+ choices: ["disable", "enable"]
+
+ webcache:
+ description:
+ - Enable/disable web cache.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ wccp:
+ description:
+ - Enable/disable forwarding traffic matching this policy to a configured WCCP server.
+ - choice | disable | Disable WCCP setting.
+ - choice | enable | Enable WCCP setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ wanopt_profile:
+ description:
+ - WAN optimization profile.
+ required: false
+
+ wanopt_peer:
+ description:
+ - WAN optimization peer.
+ required: false
+
+ wanopt_passive_opt:
+ description:
+ - WAN optimization passive mode options. This option decides what IP address will be used to connect server.
+ - choice | default | Allow client side WAN opt peer to decide.
+ - choice | transparent | Use address of client to connect to server.
+ - choice | non-transparent | Use local FortiGate address to connect to server.
+ required: false
+ choices: ["default", "transparent", "non-transparent"]
+
+ wanopt_detection:
+ description:
+ - WAN optimization auto-detection mode.
+ - choice | active | Active WAN optimization peer auto-detection.
+ - choice | passive | Passive WAN optimization peer auto-detection.
+ - choice | off | Turn off WAN optimization peer auto-detection.
+ required: false
+ choices: ["active", "passive", "off"]
+
+ wanopt:
+ description:
+ - Enable/disable WAN optimization.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ waf_profile:
+ description:
+ - Name of an existing Web application firewall profile.
+ required: false
+
+ vpntunnel:
+ description:
+ - Policy-based IPsec VPN | name of the IPsec VPN Phase 1.
+ required: false
+
+ voip_profile:
+ description:
+ - Name of an existing VoIP profile.
+ required: false
+
+ vlan_filter:
+ description:
+ - Set VLAN filters.
+ required: false
+
+ vlan_cos_rev:
+ description:
+ - VLAN reverse direction user priority | 255 passthrough, 0 lowest, 7 highest..
+ required: false
+
+ vlan_cos_fwd:
+ description:
+ - VLAN forward direction user priority | 255 passthrough, 0 lowest, 7 highest.
+ required: false
+
+ utm_status:
+ description:
+ - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ users:
+ description:
+ - Names of individual users that can authenticate with this policy.
+ required: false
+
+ url_category:
+ description:
+ - URL category ID list.
+ required: false
+
+ traffic_shaper_reverse:
+ description:
+ - Reverse traffic shaper.
+ required: false
+
+ traffic_shaper:
+ description:
+ - Traffic shaper.
+ required: false
+
+ timeout_send_rst:
+ description:
+ - Enable/disable sending RST packets when TCP sessions expire.
+ - choice | disable | Disable sending of RST packet upon TCP session expiration.
+ - choice | enable | Enable sending of RST packet upon TCP session expiration.
+ required: false
+ choices: ["disable", "enable"]
+
+ tcp_session_without_syn:
+ description:
+ - Enable/disable creation of TCP session without SYN flag.
+ - choice | all | Enable TCP session without SYN.
+ - choice | data-only | Enable TCP session data only.
+ - choice | disable | Disable TCP session without SYN.
+ required: false
+ choices: ["all", "data-only", "disable"]
+
+ tcp_mss_sender:
+ description:
+ - Sender TCP maximum segment size (MSS).
+ required: false
+
+ tcp_mss_receiver:
+ description:
+ - Receiver TCP maximum segment size (MSS).
+ required: false
+
+ status:
+ description:
+ - Enable or disable this policy.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ ssl_ssh_profile:
+ description:
+ - Name of an existing SSL SSH profile.
+ required: false
+
+ ssl_mirror_intf:
+ description:
+ - SSL mirror interface name.
+ required: false
+
+ ssl_mirror:
+ description:
+ - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring).
+ - choice | disable | Disable SSL mirror.
+ - choice | enable | Enable SSL mirror.
+ required: false
+ choices: ["disable", "enable"]
+
+ ssh_filter_profile:
+ description:
+ - Name of an existing SSH filter profile.
+ required: false
+
+ srcintf:
+ description:
+ - Incoming (ingress) interface.
+ required: false
+
+ srcaddr_negate:
+ description:
+ - When enabled srcaddr specifies what the source address must NOT be.
+ - choice | disable | Disable source address negate.
+ - choice | enable | Enable source address negate.
+ required: false
+ choices: ["disable", "enable"]
+
+ srcaddr:
+ description:
+ - Source address and address group names.
+ required: false
+
+ spamfilter_profile:
+ description:
+ - Name of an existing Spam filter profile.
+ required: false
+
+ session_ttl:
+ description:
+ - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
+ required: false
+
+ service_negate:
+ description:
+ - When enabled service specifies what the service must NOT be.
+ - choice | disable | Disable negated service match.
+ - choice | enable | Enable negated service match.
+ required: false
+ choices: ["disable", "enable"]
+
+ service:
+ description:
+ - Service and service group names.
+ required: false
+
+ send_deny_packet:
+ description:
+ - Enable to send a reply when a session is denied or blocked by a firewall policy.
+ - choice | disable | Disable deny-packet sending.
+ - choice | enable | Enable deny-packet sending.
+ required: false
+ choices: ["disable", "enable"]
+
+ schedule_timeout:
+ description:
+ - Enable to force current sessions to end when the schedule object times out.
+ - choice | disable | Disable schedule timeout.
+ - choice | enable | Enable schedule timeout.
+ required: false
+ choices: ["disable", "enable"]
+
+ schedule:
+ description:
+ - Schedule name.
+ required: false
+
+ scan_botnet_connections:
+ description:
+ - Block or monitor connections to Botnet servers or disable Botnet scanning.
+ - choice | disable | Do not scan connections to botnet servers.
+ - choice | block | Block connections to botnet servers.
+ - choice | monitor | Log connections to botnet servers.
+ required: false
+ choices: ["disable", "block", "monitor"]
+
+ rtp_nat:
+ description:
+ - Enable Real Time Protocol (RTP) NAT.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ rtp_addr:
+ description:
+ - Address names if this is an RTP NAT policy.
+ required: false
+
+ rsso:
+ description:
+ - Enable/disable RADIUS single sign-on (RSSO).
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ replacemsg_override_group:
+ description:
+ - Override the default replacement message group for this policy.
+ required: false
+
+ redirect_url:
+ description:
+ - URL users are directed to after seeing and accepting the disclaimer or authenticating.
+ required: false
+
+ radius_mac_auth_bypass:
+ description:
+ - Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server.
+ - choice | disable | Disable MAC authentication bypass.
+ - choice | enable | Enable MAC authentication bypass.
+ required: false
+ choices: ["disable", "enable"]
+
+ profile_type:
+ description:
+ - Determine whether the firewall policy allows security profile groups or single profiles only.
+ - choice | single | Do not allow security profile groups.
+ - choice | group | Allow security profile groups.
+ required: false
+ choices: ["single", "group"]
+
+ profile_protocol_options:
+ description:
+ - Name of an existing Protocol options profile.
+ required: false
+
+ profile_group:
+ description:
+ - Name of profile group.
+ required: false
+
+ poolname:
+ description:
+ - IP Pool names.
+ required: false
+
+ policyid:
+ description:
+ - Policy ID.
+ required: false
+
+ permit_stun_host:
+ description:
+ - Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ permit_any_host:
+ description:
+ - Accept UDP packets from any host.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ per_ip_shaper:
+ description:
+ - Per-IP traffic shaper.
+ required: false
+
+ outbound:
+ description:
+ - Policy-based IPsec VPN | only traffic from the internal network can initiate a VPN.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ ntlm_guest:
+ description:
+ - Enable/disable NTLM guest user access.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ ntlm_enabled_browsers:
+ description:
+ - HTTP-User-Agent value of supported browsers.
+ required: false
+
+ ntlm:
+ description:
+ - Enable/disable NTLM authentication.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ np_acceleration:
+ description:
+ - Enable/disable UTM Network Processor acceleration.
+ - choice | disable | Disable UTM Network Processor acceleration.
+ - choice | enable | Enable UTM Network Processor acceleration.
+ required: false
+ choices: ["disable", "enable"]
+
+ natoutbound:
+ description:
+ - Policy-based IPsec VPN | apply source NAT to outbound traffic.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ natip:
+ description:
+ - Policy-based IPsec VPN | source NAT IP address for outgoing traffic.
+ required: false
+
+ natinbound:
+ description:
+ - Policy-based IPsec VPN | apply destination NAT to inbound traffic.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ nat:
+ description:
+ - Enable/disable source NAT.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ name:
+ description:
+ - Policy name.
+ required: false
+
+ mms_profile:
+ description:
+ - Name of an existing MMS profile.
+ required: false
+
+ match_vip:
+ description:
+ - Enable to match packets that have had their destination addresses changed by a VIP.
+ - choice | disable | Do not match DNATed packet.
+ - choice | enable | Match DNATed packet.
+ required: false
+ choices: ["disable", "enable"]
+
+ logtraffic_start:
+ description:
+ - Record logs when a session starts and ends.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ logtraffic:
+ description:
+ - Enable or disable logging. Log all sessions or security profile sessions.
+ - choice | disable | Disable all logging for this policy.
+ - choice | all | Log all sessions accepted or denied by this policy.
+ - choice | utm | Log traffic that has a security profile applied to it.
+ required: false
+ choices: ["disable", "all", "utm"]
+
+ learning_mode:
+ description:
+ - Enable to allow everything, but log all of the meaningful data for security information gathering.
+ - choice | disable | Disable learning mode in firewall policy.
+ - choice | enable | Enable learning mode in firewall policy.
+ required: false
+ choices: ["disable", "enable"]
+
+ label:
+ description:
+ - Label for the policy that appears when the GUI is in Section View mode.
+ required: false
+
+ ips_sensor:
+ description:
+ - Name of an existing IPS sensor.
+ required: false
+
+ ippool:
+ description:
+ - Enable to use IP Pools for source NAT.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ internet_service_src_negate:
+ description:
+ - When enabled internet-service-src specifies what the service must NOT be.
+ - choice | disable | Disable negated Internet Service source match.
+ - choice | enable | Enable negated Internet Service source match.
+ required: false
+ choices: ["disable", "enable"]
+
+ internet_service_src_id:
+ description:
+ - Internet Service source ID.
+ required: false
+
+ internet_service_src_custom:
+ description:
+ - Custom Internet Service source name.
+ required: false
+
+ internet_service_src:
+ description:
+ - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.
+ - choice | disable | Disable use of Internet Services source in policy.
+ - choice | enable | Enable use of Internet Services source in policy.
+ required: false
+ choices: ["disable", "enable"]
+
+ internet_service_negate:
+ description:
+ - When enabled internet-service specifies what the service must NOT be.
+ - choice | disable | Disable negated Internet Service match.
+ - choice | enable | Enable negated Internet Service match.
+ required: false
+ choices: ["disable", "enable"]
+
+ internet_service_id:
+ description:
+ - Internet Service ID.
+ required: false
+
+ internet_service_custom:
+ description:
+ - Custom Internet Service name.
+ required: false
+
+ internet_service:
+ description:
+ - Enable/disable use of Internet Services for this policy. If enabled, dstaddr and service are not used.
+ - choice | disable | Disable use of Internet Services in policy.
+ - choice | enable | Enable use of Internet Services in policy.
+ required: false
+ choices: ["disable", "enable"]
+
+ inbound:
+ description:
+ - Policy-based IPsec VPN | only traffic from the remote network can initiate a VPN.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ identity_based_route:
+ description:
+ - Name of identity-based routing rule.
+ required: false
+
+ icap_profile:
+ description:
+ - Name of an existing ICAP profile.
+ required: false
+
+ gtp_profile:
+ description:
+ - GTP profile.
+ required: false
+
+ groups:
+ description:
+ - Names of user groups that can authenticate with this policy.
+ required: false
+
+ global_label:
+ description:
+ - Label for the policy that appears when the GUI is in Global View mode.
+ required: false
+
+ fsso_agent_for_ntlm:
+ description:
+ - FSSO agent to use for NTLM authentication.
+ required: false
+
+ fsso:
+ description:
+ - Enable/disable Fortinet Single Sign-On.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ fixedport:
+ description:
+ - Enable to prevent source NAT from changing a session's source port.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ firewall_session_dirty:
+ description:
+ - How to handle sessions if the configuration of this firewall policy changes.
+ - choice | check-all | Flush all current sessions accepted by this policy.
+ - choice | check-new | Continue to allow sessions already accepted by this policy.
+ required: false
+ choices: ["check-all", "check-new"]
+
+ dstintf:
+ description:
+ - Outgoing (egress) interface.
+ required: false
+
+ dstaddr_negate:
+ description:
+ - When enabled dstaddr specifies what the destination address must NOT be.
+ - choice | disable | Disable destination address negate.
+ - choice | enable | Enable destination address negate.
+ required: false
+ choices: ["disable", "enable"]
+
+ dstaddr:
+ description:
+ - Destination address and address group names.
+ required: false
+
+ dsri:
+ description:
+ - Enable DSRI to ignore HTTP server responses.
+ - choice | disable | Disable DSRI.
+ - choice | enable | Enable DSRI.
+ required: false
+ choices: ["disable", "enable"]
+
+ dscp_value:
+ description:
+ - DSCP value.
+ required: false
+
+ dscp_negate:
+ description:
+ - Enable negated DSCP match.
+ - choice | disable | Disable DSCP negate.
+ - choice | enable | Enable DSCP negate.
+ required: false
+ choices: ["disable", "enable"]
+
+ dscp_match:
+ description:
+ - Enable DSCP check.
+ - choice | disable | Disable DSCP check.
+ - choice | enable | Enable DSCP check.
+ required: false
+ choices: ["disable", "enable"]
+
+ dnsfilter_profile:
+ description:
+ - Name of an existing DNS filter profile.
+ required: false
+
+ dlp_sensor:
+ description:
+ - Name of an existing DLP sensor.
+ required: false
+
+ disclaimer:
+ description:
+ - Enable/disable user authentication disclaimer.
+ - choice | disable | Disable user authentication disclaimer.
+ - choice | enable | Enable user authentication disclaimer.
+ required: false
+ choices: ["disable", "enable"]
+
+ diffservcode_rev:
+ description:
+ - Change packet's reverse (reply) DiffServ to this value.
+ required: false
+
+ diffservcode_forward:
+ description:
+ - Change packet's DiffServ to this value.
+ required: false
+
+ diffserv_reverse:
+ description:
+ - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ diffserv_forward:
+ description:
+ - Enable to change packet's DiffServ values to the specified diffservcode-forward value.
+ - choice | disable | Disable WAN optimization.
+ - choice | enable | Enable WAN optimization.
+ required: false
+ choices: ["disable", "enable"]
+
+ devices:
+ description:
+ - Names of devices or device groups that can be matched by the policy.
+ required: false
+
+ delay_tcp_npu_session:
+ description:
+ - Enable TCP NPU session delay to guarantee packet order of 3-way handshake.
+ - choice | disable | Disable TCP NPU session delay in order to guarantee packet order of 3-way handshake.
+ - choice | enable | Enable TCP NPU session delay in order to guarantee packet order of 3-way handshake.
+ required: false
+ choices: ["disable", "enable"]
+
+ custom_log_fields:
+ description:
+ - Custom fields to append to log messages for this policy.
+ required: false
+
+ comments:
+ description:
+ - Comment.
+ required: false
+
+ capture_packet:
+ description:
+ - Enable/disable capture packets.
+ - choice | disable | Disable capture packets.
+ - choice | enable | Enable capture packets.
+ required: false
+ choices: ["disable", "enable"]
+
+ captive_portal_exempt:
+ description:
+ - Enable to exempt some users from the captive portal.
+ - choice | disable | Disable exemption of captive portal.
+ - choice | enable | Enable exemption of captive portal.
+ required: false
+ choices: ["disable", "enable"]
+
+ block_notification:
+ description:
+ - Enable/disable block notification.
+ - choice | disable | Disable setting.
+ - choice | enable | Enable setting.
+ required: false
+ choices: ["disable", "enable"]
+
+ av_profile:
+ description:
+ - Name of an existing Antivirus profile.
+ required: false
+
+ auto_asic_offload:
+ description:
+ - Enable/disable offloading security profile processing to CP processors.
+ - choice | disable | Disable ASIC offloading.
+ - choice | enable | Enable auto ASIC offloading.
+ required: false
+ choices: ["disable", "enable"]
+
+ auth_redirect_addr:
+ description:
+ - HTTP-to-HTTPS redirect address for firewall authentication.
+ required: false
+
+ auth_path:
+ description:
+ - Enable/disable authentication-based routing.
+ - choice | disable | Disable authentication-based routing.
+ - choice | enable | Enable authentication-based routing.
+ required: false
+ choices: ["disable", "enable"]
+
+ auth_cert:
+ description:
+ - HTTPS server certificate for policy authentication.
+ required: false
+
+ application_list:
+ description:
+ - Name of an existing Application list.
+ required: false
+
+ application:
+ description:
+ - Application ID list.
+ required: false
+
+ app_group:
+ description:
+ - Application group names.
+ required: false
+
+ app_category:
+ description:
+ - Application category ID list.
+ required: false
+
+ action:
+ description:
+ - Policy action (allow/deny/ipsec).
+ - choice | deny | Blocks sessions that match the firewall policy.
+ - choice | accept | Allows session that match the firewall policy.
+ - choice | ipsec | Firewall policy becomes a policy-based IPsec VPN policy.
+ required: false
+ choices: ["deny", "accept", "ipsec"]
+
+ vpn_dst_node:
+ description:
+ - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
+ - List of multiple child objects to be added. Expects a list of dictionaries.
+ - Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
+ - If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options.
+ - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
+ required: false
+
+ vpn_dst_node_host:
+ description:
+ - VPN Destination Node Host.
+ required: false
+
+ vpn_dst_node_seq:
+ description:
+ - VPN Destination Node Seq.
+ required: false
+
+ vpn_dst_node_subnet:
+ description:
+ - VPN Destination Node Seq.
+ required: false
+
+ vpn_src_node:
+ description:
+ - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
+ - List of multiple child objects to be added. Expects a list of dictionaries.
+ - Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
+ - If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options.
+ - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
+ required: false
+
+ vpn_src_node_host:
+ description:
+ - VPN Source Node Host.
+ required: false
+
+ vpn_src_node_seq:
+ description:
+ - VPN Source Node Seq.
+ required: false
+
+ vpn_src_node_subnet:
+ description:
+ - VPN Source Node.
+ required: false
+
+
+'''
+
+EXAMPLES = '''
+- name: ADD VERY BASIC IPV4 POLICY WITH NO NAT (WIDE OPEN)
+ fmgr_fwpol_ipv4:
+ host: "{{ inventory_hostname }}"
+ username: "{{ username }}"
+ password: "{{ password }}"
+ mode: "set"
+ adom: "ansible"
+ package_name: "default"
+ name: "Basic_IPv4_Policy"
+ comments: "Created by Ansible"
+ action: "accept"
+ dstaddr: "all"
+ srcaddr: "all"
+ dstintf: "any"
+ srcintf: "any"
+ logtraffic: "utm"
+ service: "ALL"
+ schedule: "always"
+
+- name: ADD VERY BASIC IPV4 POLICY WITH NAT AND MULTIPLE ENTRIES
+ fmgr_fwpol_ipv4:
+ host: "{{ inventory_hostname }}"
+ username: "{{ username }}"
+ password: "{{ password }}"
+ mode: "set"
+ adom: "ansible"
+ package_name: "default"
+ name: "Basic_IPv4_Policy_2"
+ comments: "Created by Ansible"
+ action: "accept"
+ dstaddr: "google-play"
+ srcaddr: "all"
+ dstintf: "any"
+ srcintf: "any"
+ logtraffic: "utm"
+ service: "HTTP, HTTPS"
+ schedule: "always"
+ nat: "enable"
+ users: "karen, kevin"
+
+- name: ADD VERY BASIC IPV4 POLICY WITH NAT AND MULTIPLE ENTRIES AND SEC PROFILES
+ fmgr_fwpol_ipv4:
+ host: "{{ inventory_hostname }}"
+ username: "{{ username }}"
+ password: "{{ password }}"
+ mode: "set"
+ adom: "ansible"
+ package_name: "default"
+ name: "Basic_IPv4_Policy_3"
+ comments: "Created by Ansible"
+ action: "accept"
+ dstaddr: "google-play, autoupdate.opera.com"
+ srcaddr: "corp_internal"
+ dstintf: "zone_wan1, zone_wan2"
+ srcintf: "zone_int1"
+ logtraffic: "utm"
+ service: "HTTP, HTTPS"
+ schedule: "always"
+ nat: "enable"
+ users: "karen, kevin"
+ av_profile: "sniffer-profile"
+ ips_sensor: "default"
+
+'''
+
+RETURN = """
+api_result:
+ description: full API response, includes status code and message
+ returned: always
+ type: string
+"""
+
+from ansible.module_utils.basic import AnsibleModule, env_fallback
+from ansible.module_utils.network.fortimanager.fortimanager import AnsibleFortiManager
+
+# check for pyFMG lib
+try:
+ from pyFMG.fortimgr import FortiManager
+
+ HAS_PYFMGR = True
+except ImportError:
+ HAS_PYFMGR = False
+
+###############
+# START METHODS
+###############
+
+
+def fmgr_firewall_policy_addsetdelete(fmg, paramgram):
+ """
+ fmgr_firewall_policy -- Add/Set/Deletes Firewall Policy Objects defined in the "paramgram"
+ """
+
+ mode = paramgram["mode"]
+ adom = paramgram["adom"]
+ # INIT A BASIC OBJECTS
+ response = (-100000, {"msg": "Illegal or malformed paramgram discovered. System Exception"})
+ url = ""
+ datagram = {}
+
+ # EVAL THE MODE PARAMETER FOR SET OR ADD
+ if mode in ['set', 'add', 'update']:
+ url = '/pm/config/adom/{adom}/pkg/{pkg}/firewall/policy'.format(adom=adom, pkg=paramgram["package_name"])
+ datagram = fmgr_del_none(fmgr_prepare_dict(paramgram))
+ del datagram["package_name"]
+ datagram = fmgr_split_comma_strings_into_lists(datagram)
+
+ # EVAL THE MODE PARAMETER FOR DELETE
+ elif mode == "delete":
+
+ # WE NEED TO GET THE POLICY ID FROM THE NAME OF THE POLICY
+ url = '/pm/config/adom/{adom}/pkg/{pkg}/firewall' \
+ '/policy/{policyid}'.format(adom=paramgram["adom"],
+ pkg=paramgram["package_name"],
+ policyid=paramgram["policyid"])
+ datagram = {
+ "policyid": paramgram["policyid"]
+ }
+
+ # IF MODE = SET -- USE THE 'SET' API CALL MODE
+ if mode == "set":
+ response = fmg.set(url, datagram)
+ # IF MODE = UPDATE -- USER THE 'UPDATE' API CALL MODE
+ elif mode == "update":
+ response = fmg.update(url, datagram)
+ # IF MODE = ADD -- USE THE 'ADD' API CALL MODE
+ elif mode == "add":
+ response = fmg.add(url, datagram)
+ # IF MODE = DELETE -- USE THE DELETE URL AND API CALL MODE
+ elif mode == "delete":
+ response = fmg.delete(url, datagram)
+
+ return response
+
+
+# ADDITIONAL COMMON FUNCTIONS
+# FUNCTION/METHOD FOR LOGGING OUT AND ANALYZING ERROR CODES
+def fmgr_logout(fmg, module, msg="NULL", results=(), good_codes=(0,), logout_on_fail=True, logout_on_success=False):
+ """
+ THIS METHOD CONTROLS THE LOGOUT AND ERROR REPORTING AFTER AN METHOD OR FUNCTION RUNS
+ """
+
+ # VALIDATION ERROR (NO RESULTS, JUST AN EXIT)
+ if msg != "NULL" and len(results) == 0:
+ try:
+ fmg.logout()
+ except:
+ pass
+ module.fail_json(msg=msg)
+
+ # SUBMISSION ERROR
+ if len(results) > 0:
+ if msg == "NULL":
+ try:
+ msg = results[1]['status']['message']
+ except:
+ msg = "No status message returned from pyFMG. Possible that this was a GET with a tuple result."
+
+ if results[0] not in good_codes:
+ if logout_on_fail:
+ fmg.logout()
+ module.fail_json(msg=msg, **results[1])
+ else:
+ if logout_on_success:
+ fmg.logout()
+ module.exit_json(msg="API Called worked, but logout handler has been asked to logout on success",
+ **results[1])
+
+ return msg
+
+
+# FUNCTION/METHOD FOR CONVERTING CIDR TO A NETMASK
+# DID NOT USE IP ADDRESS MODULE TO KEEP INCLUDES TO A MINIMUM
+def fmgr_cidr_to_netmask(cidr):
+ cidr = int(cidr)
+ mask = (0xffffffff >> (32 - cidr)) << (32 - cidr)
+ return (str((0xff000000 & mask) >> 24) + '.' +
+ str((0x00ff0000 & mask) >> 16) + '.' +
+ str((0x0000ff00 & mask) >> 8) + '.' +
+ str((0x000000ff & mask)))
+
+
+# utility function: removing keys wih value of None, nothing in playbook for that key
+def fmgr_del_none(obj):
+ if isinstance(obj, dict):
+ return type(obj)((fmgr_del_none(k), fmgr_del_none(v))
+ for k, v in obj.items() if k is not None and (v is not None and not fmgr_is_empty_dict(v)))
+ else:
+ return obj
+
+
+# utility function: remove keys that are need for the logic but the FMG API won't accept them
+def fmgr_prepare_dict(obj):
+ list_of_elems = ["mode", "adom", "host", "username", "password"]
+ if isinstance(obj, dict):
+ obj = dict((key, fmgr_prepare_dict(value)) for (key, value) in obj.items() if key not in list_of_elems)
+ return obj
+
+
+def fmgr_is_empty_dict(obj):
+ return_val = False
+ if isinstance(obj, dict):
+ if len(obj) > 0:
+ for k, v in obj.items():
+ if isinstance(v, dict):
+ if len(v) == 0:
+ return_val = True
+ elif len(v) > 0:
+ for k1, v1 in v.items():
+ if v1 is None:
+ return_val = True
+ elif v1 is not None:
+ return_val = False
+ return return_val
+ elif v is None:
+ return_val = True
+ elif v is not None:
+ return_val = False
+ return return_val
+ elif len(obj) == 0:
+ return_val = True
+
+ return return_val
+
+
+def fmgr_split_comma_strings_into_lists(obj):
+ if isinstance(obj, dict):
+ if len(obj) > 0:
+ for k, v in obj.items():
+ if isinstance(v, str):
+ new_list = list()
+ if "," in v:
+ new_items = v.split(",")
+ for item in new_items:
+ new_list.append(item.strip())
+ obj[k] = new_list
+
+ return obj
+
+
+#############
+# END METHODS
+#############
+
+
+def main():
+ argument_spec = dict(
+ adom=dict(type="str", default="root"),
+ host=dict(required=True, type="str"),
+ password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]), no_log=True, required=True),
+ username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]), no_log=True, required=True),
+ mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
+ package_name=dict(type="str", required=False, default="default"),
+
+ wsso=dict(required=False, type="str", choices=["disable", "enable"]),
+ webfilter_profile=dict(required=False, type="str"),
+ webcache_https=dict(required=False, type="str", choices=["disable", "enable"]),
+ webcache=dict(required=False, type="str", choices=["disable", "enable"]),
+ wccp=dict(required=False, type="str", choices=["disable", "enable"]),
+ wanopt_profile=dict(required=False, type="str"),
+ wanopt_peer=dict(required=False, type="str"),
+ wanopt_passive_opt=dict(required=False, type="str", choices=["default", "transparent", "non-transparent"]),
+ wanopt_detection=dict(required=False, type="str", choices=["active", "passive", "off"]),
+ wanopt=dict(required=False, type="str", choices=["disable", "enable"]),
+ waf_profile=dict(required=False, type="str"),
+ vpntunnel=dict(required=False, type="str"),
+ voip_profile=dict(required=False, type="str"),
+ vlan_filter=dict(required=False, type="str"),
+ vlan_cos_rev=dict(required=False, type="int"),
+ vlan_cos_fwd=dict(required=False, type="int"),
+ utm_status=dict(required=False, type="str", choices=["disable", "enable"]),
+ users=dict(required=False, type="str"),
+ url_category=dict(required=False, type="str"),
+ traffic_shaper_reverse=dict(required=False, type="str"),
+ traffic_shaper=dict(required=False, type="str"),
+ timeout_send_rst=dict(required=False, type="str", choices=["disable", "enable"]),
+ tcp_session_without_syn=dict(required=False, type="str", choices=["all", "data-only", "disable"]),
+ tcp_mss_sender=dict(required=False, type="int"),
+ tcp_mss_receiver=dict(required=False, type="int"),
+ status=dict(required=False, type="str", choices=["disable", "enable"]),
+ ssl_ssh_profile=dict(required=False, type="str"),
+ ssl_mirror_intf=dict(required=False, type="str"),
+ ssl_mirror=dict(required=False, type="str", choices=["disable", "enable"]),
+ ssh_filter_profile=dict(required=False, type="str"),
+ srcintf=dict(required=False, type="str"),
+ srcaddr_negate=dict(required=False, type="str", choices=["disable", "enable"]),
+ srcaddr=dict(required=False, type="str"),
+ spamfilter_profile=dict(required=False, type="str"),
+ session_ttl=dict(required=False, type="int"),
+ service_negate=dict(required=False, type="str", choices=["disable", "enable"]),
+ service=dict(required=False, type="str"),
+ send_deny_packet=dict(required=False, type="str", choices=["disable", "enable"]),
+ schedule_timeout=dict(required=False, type="str", choices=["disable", "enable"]),
+ schedule=dict(required=False, type="str"),
+ scan_botnet_connections=dict(required=False, type="str", choices=["disable", "block", "monitor"]),
+ rtp_nat=dict(required=False, type="str", choices=["disable", "enable"]),
+ rtp_addr=dict(required=False, type="str"),
+ rsso=dict(required=False, type="str", choices=["disable", "enable"]),
+ replacemsg_override_group=dict(required=False, type="str"),
+ redirect_url=dict(required=False, type="str"),
+ radius_mac_auth_bypass=dict(required=False, type="str", choices=["disable", "enable"]),
+ profile_type=dict(required=False, type="str", choices=["single", "group"]),
+ profile_protocol_options=dict(required=False, type="str"),
+ profile_group=dict(required=False, type="str"),
+ poolname=dict(required=False, type="str"),
+ policyid=dict(required=False, type="str"),
+ permit_stun_host=dict(required=False, type="str", choices=["disable", "enable"]),
+ permit_any_host=dict(required=False, type="str", choices=["disable", "enable"]),
+ per_ip_shaper=dict(required=False, type="str"),
+ outbound=dict(required=False, type="str", choices=["disable", "enable"]),
+ ntlm_guest=dict(required=False, type="str", choices=["disable", "enable"]),
+ ntlm_enabled_browsers=dict(required=False, type="str"),
+ ntlm=dict(required=False, type="str", choices=["disable", "enable"]),
+ np_acceleration=dict(required=False, type="str", choices=["disable", "enable"]),
+ natoutbound=dict(required=False, type="str", choices=["disable", "enable"]),
+ natip=dict(required=False, type="str"),
+ natinbound=dict(required=False, type="str", choices=["disable", "enable"]),
+ nat=dict(required=False, type="str", choices=["disable", "enable"]),
+ name=dict(required=False, type="str"),
+ mms_profile=dict(required=False, type="str"),
+ match_vip=dict(required=False, type="str", choices=["disable", "enable"]),
+ logtraffic_start=dict(required=False, type="str", choices=["disable", "enable"]),
+ logtraffic=dict(required=False, type="str", choices=["disable", "all", "utm"]),
+ learning_mode=dict(required=False, type="str", choices=["disable", "enable"]),
+ label=dict(required=False, type="str"),
+ ips_sensor=dict(required=False, type="str"),
+ ippool=dict(required=False, type="str", choices=["disable", "enable"]),
+ internet_service_src_negate=dict(required=False, type="str", choices=["disable", "enable"]),
+ internet_service_src_id=dict(required=False, type="str"),
+ internet_service_src_custom=dict(required=False, type="str"),
+ internet_service_src=dict(required=False, type="str", choices=["disable", "enable"]),
+ internet_service_negate=dict(required=False, type="str", choices=["disable", "enable"]),
+ internet_service_id=dict(required=False, type="str"),
+ internet_service_custom=dict(required=False, type="str"),
+ internet_service=dict(required=False, type="str", choices=["disable", "enable"]),
+ inbound=dict(required=False, type="str", choices=["disable", "enable"]),
+ identity_based_route=dict(required=False, type="str"),
+ icap_profile=dict(required=False, type="str"),
+ gtp_profile=dict(required=False, type="str"),
+ groups=dict(required=False, type="str"),
+ global_label=dict(required=False, type="str"),
+ fsso_agent_for_ntlm=dict(required=False, type="str"),
+ fsso=dict(required=False, type="str", choices=["disable", "enable"]),
+ fixedport=dict(required=False, type="str", choices=["disable", "enable"]),
+ firewall_session_dirty=dict(required=False, type="str", choices=["check-all", "check-new"]),
+ dstintf=dict(required=False, type="str"),
+ dstaddr_negate=dict(required=False, type="str", choices=["disable", "enable"]),
+ dstaddr=dict(required=False, type="str"),
+ dsri=dict(required=False, type="str", choices=["disable", "enable"]),
+ dscp_value=dict(required=False, type="str"),
+ dscp_negate=dict(required=False, type="str", choices=["disable", "enable"]),
+ dscp_match=dict(required=False, type="str", choices=["disable", "enable"]),
+ dnsfilter_profile=dict(required=False, type="str"),
+ dlp_sensor=dict(required=False, type="str"),
+ disclaimer=dict(required=False, type="str", choices=["disable", "enable"]),
+ diffservcode_rev=dict(required=False, type="str"),
+ diffservcode_forward=dict(required=False, type="str"),
+ diffserv_reverse=dict(required=False, type="str", choices=["disable", "enable"]),
+ diffserv_forward=dict(required=False, type="str", choices=["disable", "enable"]),
+ devices=dict(required=False, type="str"),
+ delay_tcp_npu_session=dict(required=False, type="str", choices=["disable", "enable"]),
+ custom_log_fields=dict(required=False, type="str"),
+ comments=dict(required=False, type="str"),
+ capture_packet=dict(required=False, type="str", choices=["disable", "enable"]),
+ captive_portal_exempt=dict(required=False, type="str", choices=["disable", "enable"]),
+ block_notification=dict(required=False, type="str", choices=["disable", "enable"]),
+ av_profile=dict(required=False, type="str"),
+ auto_asic_offload=dict(required=False, type="str", choices=["disable", "enable"]),
+ auth_redirect_addr=dict(required=False, type="str"),
+ auth_path=dict(required=False, type="str", choices=["disable", "enable"]),
+ auth_cert=dict(required=False, type="str"),
+ application_list=dict(required=False, type="str"),
+ application=dict(required=False, type="str"),
+ app_group=dict(required=False, type="str"),
+ app_category=dict(required=False, type="str"),
+ action=dict(required=False, type="str", choices=["deny", "accept", "ipsec"]),
+ vpn_dst_node=dict(required=False, type="list"),
+ vpn_dst_node_host=dict(required=False, type="str"),
+ vpn_dst_node_seq=dict(required=False, type="str"),
+ vpn_dst_node_subnet=dict(required=False, type="str"),
+ vpn_src_node=dict(required=False, type="list"),
+ vpn_src_node_host=dict(required=False, type="str"),
+ vpn_src_node_seq=dict(required=False, type="str"),
+ vpn_src_node_subnet=dict(required=False, type="str"),
+
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=False)
+
+ # MODULE PARAMGRAM
+ paramgram = {
+ "mode": module.params["mode"],
+ "adom": module.params["adom"],
+ "package_name": module.params["package_name"],
+ "wsso": module.params["wsso"],
+ "webfilter-profile": module.params["webfilter_profile"],
+ "webcache-https": module.params["webcache_https"],
+ "webcache": module.params["webcache"],
+ "wccp": module.params["wccp"],
+ "wanopt-profile": module.params["wanopt_profile"],
+ "wanopt-peer": module.params["wanopt_peer"],
+ "wanopt-passive-opt": module.params["wanopt_passive_opt"],
+ "wanopt-detection": module.params["wanopt_detection"],
+ "wanopt": module.params["wanopt"],
+ "waf-profile": module.params["waf_profile"],
+ "vpntunnel": module.params["vpntunnel"],
+ "voip-profile": module.params["voip_profile"],
+ "vlan-filter": module.params["vlan_filter"],
+ "vlan-cos-rev": module.params["vlan_cos_rev"],
+ "vlan-cos-fwd": module.params["vlan_cos_fwd"],
+ "utm-status": module.params["utm_status"],
+ "users": module.params["users"],
+ "url-category": module.params["url_category"],
+ "traffic-shaper-reverse": module.params["traffic_shaper_reverse"],
+ "traffic-shaper": module.params["traffic_shaper"],
+ "timeout-send-rst": module.params["timeout_send_rst"],
+ "tcp-session-without-syn": module.params["tcp_session_without_syn"],
+ "tcp-mss-sender": module.params["tcp_mss_sender"],
+ "tcp-mss-receiver": module.params["tcp_mss_receiver"],
+ "status": module.params["status"],
+ "ssl-ssh-profile": module.params["ssl_ssh_profile"],
+ "ssl-mirror-intf": module.params["ssl_mirror_intf"],
+ "ssl-mirror": module.params["ssl_mirror"],
+ "ssh-filter-profile": module.params["ssh_filter_profile"],
+ "srcintf": module.params["srcintf"],
+ "srcaddr-negate": module.params["srcaddr_negate"],
+ "srcaddr": module.params["srcaddr"],
+ "spamfilter-profile": module.params["spamfilter_profile"],
+ "session-ttl": module.params["session_ttl"],
+ "service-negate": module.params["service_negate"],
+ "service": module.params["service"],
+ "send-deny-packet": module.params["send_deny_packet"],
+ "schedule-timeout": module.params["schedule_timeout"],
+ "schedule": module.params["schedule"],
+ "scan-botnet-connections": module.params["scan_botnet_connections"],
+ "rtp-nat": module.params["rtp_nat"],
+ "rtp-addr": module.params["rtp_addr"],
+ "rsso": module.params["rsso"],
+ "replacemsg-override-group": module.params["replacemsg_override_group"],
+ "redirect-url": module.params["redirect_url"],
+ "radius-mac-auth-bypass": module.params["radius_mac_auth_bypass"],
+ "profile-type": module.params["profile_type"],
+ "profile-protocol-options": module.params["profile_protocol_options"],
+ "profile-group": module.params["profile_group"],
+ "poolname": module.params["poolname"],
+ "policyid": module.params["policyid"],
+ "permit-stun-host": module.params["permit_stun_host"],
+ "permit-any-host": module.params["permit_any_host"],
+ "per-ip-shaper": module.params["per_ip_shaper"],
+ "outbound": module.params["outbound"],
+ "ntlm-guest": module.params["ntlm_guest"],
+ "ntlm-enabled-browsers": module.params["ntlm_enabled_browsers"],
+ "ntlm": module.params["ntlm"],
+ "np-acceleration": module.params["np_acceleration"],
+ "natoutbound": module.params["natoutbound"],
+ "natip": module.params["natip"],
+ "natinbound": module.params["natinbound"],
+ "nat": module.params["nat"],
+ "name": module.params["name"],
+ "mms-profile": module.params["mms_profile"],
+ "match-vip": module.params["match_vip"],
+ "logtraffic-start": module.params["logtraffic_start"],
+ "logtraffic": module.params["logtraffic"],
+ "learning-mode": module.params["learning_mode"],
+ "label": module.params["label"],
+ "ips-sensor": module.params["ips_sensor"],
+ "ippool": module.params["ippool"],
+ "internet-service-src-negate": module.params["internet_service_src_negate"],
+ "internet-service-src-id": module.params["internet_service_src_id"],
+ "internet-service-src-custom": module.params["internet_service_src_custom"],
+ "internet-service-src": module.params["internet_service_src"],
+ "internet-service-negate": module.params["internet_service_negate"],
+ "internet-service-id": module.params["internet_service_id"],
+ "internet-service-custom": module.params["internet_service_custom"],
+ "internet-service": module.params["internet_service"],
+ "inbound": module.params["inbound"],
+ "identity-based-route": module.params["identity_based_route"],
+ "icap-profile": module.params["icap_profile"],
+ "gtp-profile": module.params["gtp_profile"],
+ "groups": module.params["groups"],
+ "global-label": module.params["global_label"],
+ "fsso-agent-for-ntlm": module.params["fsso_agent_for_ntlm"],
+ "fsso": module.params["fsso"],
+ "fixedport": module.params["fixedport"],
+ "firewall-session-dirty": module.params["firewall_session_dirty"],
+ "dstintf": module.params["dstintf"],
+ "dstaddr-negate": module.params["dstaddr_negate"],
+ "dstaddr": module.params["dstaddr"],
+ "dsri": module.params["dsri"],
+ "dscp-value": module.params["dscp_value"],
+ "dscp-negate": module.params["dscp_negate"],
+ "dscp-match": module.params["dscp_match"],
+ "dnsfilter-profile": module.params["dnsfilter_profile"],
+ "dlp-sensor": module.params["dlp_sensor"],
+ "disclaimer": module.params["disclaimer"],
+ "diffservcode-rev": module.params["diffservcode_rev"],
+ "diffservcode-forward": module.params["diffservcode_forward"],
+ "diffserv-reverse": module.params["diffserv_reverse"],
+ "diffserv-forward": module.params["diffserv_forward"],
+ "devices": module.params["devices"],
+ "delay-tcp-npu-session": module.params["delay_tcp_npu_session"],
+ "custom-log-fields": module.params["custom_log_fields"],
+ "comments": module.params["comments"],
+ "capture-packet": module.params["capture_packet"],
+ "captive-portal-exempt": module.params["captive_portal_exempt"],
+ "block-notification": module.params["block_notification"],
+ "av-profile": module.params["av_profile"],
+ "auto-asic-offload": module.params["auto_asic_offload"],
+ "auth-redirect-addr": module.params["auth_redirect_addr"],
+ "auth-path": module.params["auth_path"],
+ "auth-cert": module.params["auth_cert"],
+ "application-list": module.params["application_list"],
+ "application": module.params["application"],
+ "app-group": module.params["app_group"],
+ "app-category": module.params["app_category"],
+ "action": module.params["action"],
+ "vpn_dst_node": {
+ "host": module.params["vpn_dst_node_host"],
+ "seq": module.params["vpn_dst_node_seq"],
+ "subnet": module.params["vpn_dst_node_subnet"],
+ },
+ "vpn_src_node": {
+ "host": module.params["vpn_src_node_host"],
+ "seq": module.params["vpn_src_node_seq"],
+ "subnet": module.params["vpn_src_node_subnet"],
+ }
+ }
+ list_overrides = ['vpn_dst_node', 'vpn_src_node']
+ for list_variable in list_overrides:
+ override_data = list()
+ try:
+ override_data = module.params[list_variable]
+ except:
+ pass
+ try:
+ if override_data:
+ del paramgram[list_variable]
+ paramgram[list_variable] = override_data
+ except:
+ pass
+
+ # CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN.
+ host = module.params["host"]
+ password = module.params["password"]
+ username = module.params["username"]
+ if host is None or username is None or password is None:
+ module.fail_json(msg="Host and username and password are required")
+
+ # CHECK IF LOGIN FAILED
+ fmg = AnsibleFortiManager(module, module.params["host"], module.params["username"], module.params["password"])
+
+ response = fmg.login()
+ if response[1]['status']['code'] != 0:
+ module.fail_json(msg="Connection to FortiManager Failed")
+
+ if paramgram["mode"] == "delete":
+ # WE NEED TO GET THE POLICY ID FROM THE NAME OF THE POLICY TO DELETE IT
+ url = '/pm/config/adom/{adom}/pkg/{pkg}/firewall' \
+ '/policy/'.format(adom=paramgram["adom"],
+ pkg=paramgram["package_name"])
+ datagram = {
+ "filter": ["name", "==", paramgram["name"]]
+ }
+ response = fmg.get(url, datagram)
+ try:
+ if response[1][0]["policyid"]:
+ policy_id = response[1][0]["policyid"]
+ paramgram["policyid"] = policy_id
+ except:
+ fmgr_logout(fmg, module, results=response, msg="Couldn't get Policy ID from name, delete failed")
+
+ results = fmgr_firewall_policy_addsetdelete(fmg, paramgram)
+ if results[0] == -10131:
+ fmgr_logout(fmg, module, results=results, good_codes=[0, -9998, ],
+ msg=str(results[0]) + " - Object Dependency Failed. Do the objects named in parameters exist?!")
+ elif results[0] == -3:
+ fmgr_logout(fmg, module, results=results, good_codes=[0, -3],
+ msg="Couldn't Delete - Policy Doesn't Exist")
+ elif results[0] == 0:
+ fmgr_logout(fmg, module, results=results, good_codes=[0, -9998],
+ msg="Successfully Set FW Policy")
+ elif results[0] not in [0, -9998]:
+ fmgr_logout(fmg, module, results=results, good_codes=[0, -9998],
+ msg=str(results[0]) + "Could not set FW policy.")
+
+ fmg.logout()
+
+ if results is not None:
+ return module.exit_json(**results[1])
+ else:
+ return module.exit_json(msg="No results were returned from the API call.")
+
+
+if __name__ == "__main__":
+ main()
diff --git a/test/units/modules/network/fortimanager/fixtures/test_fmgr_fwpol_ipv4.json b/test/units/modules/network/fortimanager/fixtures/test_fmgr_fwpol_ipv4.json
new file mode 100644
index 00000000000..d86f49b76b0
--- /dev/null
+++ b/test/units/modules/network/fortimanager/fixtures/test_fmgr_fwpol_ipv4.json
@@ -0,0 +1,877 @@
+{
+ "fmgr_firewall_policy_addsetdelete": [
+ {
+ "url": "/pm/config/adom/ansible/pkg/default/firewall/policy",
+ "paramgram_used": {
+ "wanopt-passive-opt": null,
+ "package_name": "default",
+ "wanopt-detection": null,
+ "scan-botnet-connections": null,
+ "profile-group": null,
+ "wanopt-peer": null,
+ "dscp-match": null,
+ "replacemsg-override-group": null,
+ "internet-service-negate": null,
+ "np-acceleration": null,
+ "learning-mode": null,
+ "session-ttl": null,
+ "ntlm-guest": null,
+ "ips-sensor": null,
+ "diffservcode-rev": null,
+ "match-vip": null,
+ "natip": null,
+ "dlp-sensor": null,
+ "traffic-shaper": null,
+ "groups": null,
+ "schedule-timeout": null,
+ "name": "Basic_IPv4_Policy",
+ "tcp-session-without-syn": null,
+ "ntlm": null,
+ "permit-stun-host": null,
+ "diffservcode-forward": null,
+ "internet-service-src-custom": null,
+ "mode": "set",
+ "disclaimer": null,
+ "rtp-nat": null,
+ "auth-cert": null,
+ "timeout-send-rst": null,
+ "auth-redirect-addr": null,
+ "ssl-mirror-intf": null,
+ "identity-based-route": null,
+ "natoutbound": null,
+ "wanopt-profile": null,
+ "per-ip-shaper": null,
+ "profile-protocol-options": null,
+ "diffserv-forward": null,
+ "poolname": null,
+ "comments": "Created by Ansible",
+ "label": null,
+ "global-label": null,
+ "firewall-session-dirty": null,
+ "wanopt": null,
+ "schedule": "always",
+ "internet-service-id": null,
+ "auth-path": null,
+ "vlan-cos-fwd": null,
+ "custom-log-fields": null,
+ "dstintf": "any",
+ "srcintf": "any",
+ "block-notification": null,
+ "internet-service-src-id": null,
+ "redirect-url": null,
+ "waf-profile": null,
+ "ntlm-enabled-browsers": null,
+ "dscp-negate": null,
+ "action": "accept",
+ "fsso-agent-for-ntlm": null,
+ "logtraffic": "utm",
+ "vlan-filter": null,
+ "policyid": null,
+ "logtraffic-start": null,
+ "webcache-https": null,
+ "webfilter-profile": null,
+ "internet-service-src": null,
+ "webcache": null,
+ "utm-status": null,
+ "vpn_src_node": {
+ "subnet": null,
+ "host": null,
+ "seq": null
+ },
+ "ippool": null,
+ "service": "ALL",
+ "wccp": null,
+ "auto-asic-offload": null,
+ "dscp-value": null,
+ "url-category": null,
+ "capture-packet": null,
+ "adom": "ansible",
+ "inbound": null,
+ "internet-service": null,
+ "profile-type": null,
+ "ssl-mirror": null,
+ "srcaddr-negate": null,
+ "gtp-profile": null,
+ "mms-profile": null,
+ "send-deny-packet": null,
+ "devices": null,
+ "permit-any-host": null,
+ "av-profile": null,
+ "internet-service-src-negate": null,
+ "service-negate": null,
+ "rsso": null,
+ "app-group": null,
+ "tcp-mss-sender": null,
+ "natinbound": null,
+ "fixedport": null,
+ "ssl-ssh-profile": null,
+ "outbound": null,
+ "spamfilter-profile": null,
+ "application-list": null,
+ "application": null,
+ "dnsfilter-profile": null,
+ "nat": null,
+ "fsso": null,
+ "vlan-cos-rev": null,
+ "status": null,
+ "dsri": null,
+ "users": null,
+ "voip-profile": null,
+ "dstaddr-negate": null,
+ "traffic-shaper-reverse": null,
+ "internet-service-custom": null,
+ "diffserv-reverse": null,
+ "srcaddr": "all",
+ "ssh-filter-profile": null,
+ "delay-tcp-npu-session": null,
+ "icap-profile": null,
+ "captive-portal-exempt": null,
+ "vpn_dst_node": {
+ "subnet": null,
+ "host": null,
+ "seq": null
+ },
+ "app-category": null,
+ "rtp-addr": null,
+ "wsso": null,
+ "tcp-mss-receiver": null,
+ "dstaddr": "all",
+ "radius-mac-auth-bypass": null,
+ "vpntunnel": null
+ },
+ "raw_response": {
+ "policyid": 25
+ },
+ "post_method": "set"
+ },
+ {
+ "url": "/pm/config/adom/ansible/pkg/default/firewall/policy",
+ "raw_response": {
+ "policyid": 26
+ },
+ "paramgram_used": {
+ "package_name": "default",
+ "wanopt-detection": null,
+ "scan-botnet-connections": null,
+ "profile-group": null,
+ "dlp-sensor": null,
+ "dscp-match": null,
+ "replacemsg-override-group": null,
+ "internet-service-negate": null,
+ "np-acceleration": null,
+ "learning-mode": null,
+ "session-ttl": null,
+ "ntlm-guest": null,
+ "ips-sensor": null,
+ "diffservcode-rev": null,
+ "match-vip": null,
+ "natip": null,
+ "wanopt-peer": null,
+ "traffic-shaper": null,
+ "groups": null,
+ "schedule-timeout": null,
+ "name": "Basic_IPv4_Policy_2",
+ "tcp-session-without-syn": null,
+ "rtp-nat": null,
+ "permit-stun-host": null,
+ "natoutbound": null,
+ "internet-service-src-custom": null,
+ "mode": "set",
+ "logtraffic": "utm",
+ "ntlm": null,
+ "auth-cert": null,
+ "timeout-send-rst": null,
+ "auth-redirect-addr": null,
+ "ssl-mirror-intf": null,
+ "identity-based-route": null,
+ "diffservcode-forward": null,
+ "wanopt-profile": null,
+ "per-ip-shaper": null,
+ "users": null,
+ "diffserv-forward": null,
+ "poolname": null,
+ "comments": "Created by Ansible",
+ "label": null,
+ "global-label": null,
+ "firewall-session-dirty": null,
+ "wanopt": null,
+ "schedule": "always",
+ "internet-service-id": null,
+ "auth-path": null,
+ "vlan-cos-fwd": null,
+ "custom-log-fields": null,
+ "dstintf": "any",
+ "srcintf": "any",
+ "block-notification": null,
+ "internet-service-src-id": null,
+ "redirect-url": null,
+ "waf-profile": null,
+ "ntlm-enabled-browsers": null,
+ "dscp-negate": null,
+ "action": "accept",
+ "fsso-agent-for-ntlm": null,
+ "disclaimer": null,
+ "vlan-filter": null,
+ "dstaddr-negate": null,
+ "logtraffic-start": null,
+ "webcache-https": null,
+ "webfilter-profile": null,
+ "internet-service-src": null,
+ "webcache": null,
+ "utm-status": null,
+ "vpn_src_node": {
+ "subnet": null,
+ "host": null,
+ "seq": null
+ },
+ "ippool": null,
+ "service": "HTTP, HTTPS",
+ "wccp": null,
+ "auto-asic-offload": null,
+ "dscp-value": null,
+ "url-category": null,
+ "capture-packet": null,
+ "adom": "ansible",
+ "inbound": null,
+ "internet-service": null,
+ "profile-type": null,
+ "ssl-mirror": null,
+ "srcaddr-negate": null,
+ "gtp-profile": null,
+ "mms-profile": null,
+ "send-deny-packet": null,
+ "devices": null,
+ "permit-any-host": null,
+ "av-profile": null,
+ "internet-service-src-negate": null,
+ "service-negate": null,
+ "rsso": null,
+ "application-list": null,
+ "app-group": null,
+ "tcp-mss-sender": null,
+ "natinbound": null,
+ "fixedport": null,
+ "ssl-ssh-profile": null,
+ "outbound": null,
+ "spamfilter-profile": null,
+ "wanopt-passive-opt": null,
+ "application": null,
+ "dnsfilter-profile": null,
+ "nat": "enable",
+ "fsso": null,
+ "vlan-cos-rev": null,
+ "status": null,
+ "dsri": null,
+ "profile-protocol-options": null,
+ "voip-profile": null,
+ "policyid": null,
+ "traffic-shaper-reverse": null,
+ "internet-service-custom": null,
+ "diffserv-reverse": null,
+ "srcaddr": "all",
+ "dstaddr": "google-play",
+ "delay-tcp-npu-session": null,
+ "icap-profile": null,
+ "captive-portal-exempt": null,
+ "vpn_dst_node": {
+ "subnet": null,
+ "host": null,
+ "seq": null
+ },
+ "app-category": null,
+ "rtp-addr": null,
+ "wsso": null,
+ "tcp-mss-receiver": null,
+ "ssh-filter-profile": null,
+ "radius-mac-auth-bypass": null,
+ "vpntunnel": null
+ },
+ "post_method": "set"
+ },
+ {
+ "url": "/pm/config/adom/ansible/pkg/default/firewall/policy",
+ "paramgram_used": {
+ "wanopt-passive-opt": null,
+ "package_name": "default",
+ "wanopt-detection": null,
+ "scan-botnet-connections": null,
+ "profile-group": null,
+ "wanopt-peer": null,
+ "dscp-match": null,
+ "replacemsg-override-group": null,
+ "internet-service-negate": null,
+ "np-acceleration": null,
+ "learning-mode": null,
+ "session-ttl": null,
+ "ntlm-guest": null,
+ "ips-sensor": "default",
+ "diffservcode-rev": null,
+ "match-vip": null,
+ "natip": null,
+ "dlp-sensor": null,
+ "traffic-shaper": null,
+ "groups": null,
+ "schedule-timeout": null,
+ "name": "Basic_IPv4_Policy_3",
+ "tcp-session-without-syn": null,
+ "ntlm": null,
+ "permit-stun-host": null,
+ "diffservcode-forward": null,
+ "internet-service-src-custom": null,
+ "mode": "set",
+ "disclaimer": null,
+ "rtp-nat": null,
+ "auth-cert": null,
+ "timeout-send-rst": null,
+ "auth-redirect-addr": null,
+ "ssl-mirror-intf": null,
+ "identity-based-route": null,
+ "natoutbound": null,
+ "wanopt-profile": null,
+ "per-ip-shaper": null,
+ "profile-protocol-options": null,
+ "diffserv-forward": null,
+ "poolname": null,
+ "comments": "Created by Ansible",
+ "label": null,
+ "global-label": null,
+ "firewall-session-dirty": null,
+ "wanopt": null,
+ "schedule": "always",
+ "internet-service-id": null,
+ "auth-path": null,
+ "vlan-cos-fwd": null,
+ "custom-log-fields": null,
+ "dstintf": "zone_wan1, zone_wan2",
+ "srcintf": "zone_int1",
+ "block-notification": null,
+ "internet-service-src-id": null,
+ "redirect-url": null,
+ "waf-profile": null,
+ "ntlm-enabled-browsers": null,
+ "dscp-negate": null,
+ "action": "accept",
+ "fsso-agent-for-ntlm": null,
+ "logtraffic": "utm",
+ "vlan-filter": null,
+ "policyid": null,
+ "logtraffic-start": null,
+ "webcache-https": null,
+ "webfilter-profile": null,
+ "internet-service-src": null,
+ "webcache": null,
+ "utm-status": null,
+ "vpn_src_node": {
+ "subnet": null,
+ "host": null,
+ "seq": null
+ },
+ "ippool": null,
+ "service": "HTTP, HTTPS",
+ "wccp": null,
+ "auto-asic-offload": null,
+ "dscp-value": null,
+ "url-category": null,
+ "capture-packet": null,
+ "adom": "ansible",
+ "inbound": null,
+ "internet-service": null,
+ "profile-type": null,
+ "ssl-mirror": null,
+ "srcaddr-negate": null,
+ "gtp-profile": null,
+ "mms-profile": null,
+ "send-deny-packet": null,
+ "devices": null,
+ "permit-any-host": null,
+ "av-profile": "sniffer-profile",
+ "internet-service-src-negate": null,
+ "service-negate": null,
+ "rsso": null,
+ "app-group": null,
+ "tcp-mss-sender": null,
+ "natinbound": null,
+ "fixedport": null,
+ "ssl-ssh-profile": null,
+ "outbound": null,
+ "spamfilter-profile": null,
+ "application-list": null,
+ "application": null,
+ "dnsfilter-profile": null,
+ "nat": "enable",
+ "fsso": null,
+ "vlan-cos-rev": null,
+ "status": null,
+ "dsri": null,
+ "users": null,
+ "voip-profile": null,
+ "dstaddr-negate": null,
+ "traffic-shaper-reverse": null,
+ "internet-service-custom": null,
+ "diffserv-reverse": null,
+ "srcaddr": "corp_internal",
+ "ssh-filter-profile": null,
+ "delay-tcp-npu-session": null,
+ "icap-profile": null,
+ "captive-portal-exempt": null,
+ "vpn_dst_node": {
+ "subnet": null,
+ "host": null,
+ "seq": null
+ },
+ "app-category": null,
+ "rtp-addr": null,
+ "wsso": null,
+ "tcp-mss-receiver": null,
+ "dstaddr": "google-play, autoupdate.opera.com",
+ "radius-mac-auth-bypass": null,
+ "vpntunnel": null
+ },
+ "raw_response": {
+ "policyid": 27
+ },
+ "post_method": "set"
+ },
+ {
+ "raw_response": {
+ "status": {
+ "message": "OK",
+ "code": 0
+ },
+ "url": "/pm/config/adom/ansible/pkg/default/firewall/policy/25"
+ },
+ "paramgram_used": {
+ "package_name": "default",
+ "wanopt-detection": null,
+ "scan-botnet-connections": null,
+ "profile-group": null,
+ "dlp-sensor": null,
+ "dscp-match": null,
+ "replacemsg-override-group": null,
+ "internet-service-negate": null,
+ "np-acceleration": null,
+ "learning-mode": null,
+ "session-ttl": null,
+ "ntlm-guest": null,
+ "ips-sensor": null,
+ "diffservcode-rev": null,
+ "match-vip": null,
+ "natip": null,
+ "wanopt-peer": null,
+ "traffic-shaper": null,
+ "groups": null,
+ "schedule-timeout": null,
+ "name": "Basic_IPv4_Policy",
+ "tcp-session-without-syn": null,
+ "rtp-nat": null,
+ "permit-stun-host": null,
+ "natoutbound": null,
+ "internet-service-src-custom": null,
+ "mode": "delete",
+ "logtraffic": null,
+ "ntlm": null,
+ "auth-cert": null,
+ "timeout-send-rst": null,
+ "auth-redirect-addr": null,
+ "ssl-mirror-intf": null,
+ "identity-based-route": null,
+ "diffservcode-forward": null,
+ "wanopt-profile": null,
+ "per-ip-shaper": null,
+ "users": null,
+ "diffserv-forward": null,
+ "poolname": null,
+ "comments": null,
+ "label": null,
+ "global-label": null,
+ "firewall-session-dirty": null,
+ "wanopt": null,
+ "schedule": null,
+ "internet-service-id": null,
+ "auth-path": null,
+ "vlan-cos-fwd": null,
+ "custom-log-fields": null,
+ "dstintf": null,
+ "srcintf": null,
+ "block-notification": null,
+ "internet-service-src-id": null,
+ "redirect-url": null,
+ "waf-profile": null,
+ "ntlm-enabled-browsers": null,
+ "dscp-negate": null,
+ "action": null,
+ "fsso-agent-for-ntlm": null,
+ "disclaimer": null,
+ "vlan-filter": null,
+ "dstaddr-negate": null,
+ "logtraffic-start": null,
+ "webcache-https": null,
+ "webfilter-profile": null,
+ "internet-service-src": null,
+ "webcache": null,
+ "utm-status": null,
+ "vpn_src_node": {
+ "subnet": null,
+ "host": null,
+ "seq": null
+ },
+ "ippool": null,
+ "service": null,
+ "wccp": null,
+ "auto-asic-offload": null,
+ "dscp-value": null,
+ "url-category": null,
+ "capture-packet": null,
+ "adom": "ansible",
+ "inbound": null,
+ "internet-service": null,
+ "profile-type": null,
+ "ssl-mirror": null,
+ "srcaddr-negate": null,
+ "gtp-profile": null,
+ "mms-profile": null,
+ "send-deny-packet": null,
+ "devices": null,
+ "permit-any-host": null,
+ "av-profile": null,
+ "internet-service-src-negate": null,
+ "service-negate": null,
+ "rsso": null,
+ "application-list": null,
+ "app-group": null,
+ "tcp-mss-sender": null,
+ "natinbound": null,
+ "fixedport": null,
+ "ssl-ssh-profile": null,
+ "outbound": null,
+ "spamfilter-profile": null,
+ "wanopt-passive-opt": null,
+ "application": null,
+ "dnsfilter-profile": null,
+ "nat": null,
+ "fsso": null,
+ "vlan-cos-rev": null,
+ "status": null,
+ "dsri": null,
+ "profile-protocol-options": null,
+ "voip-profile": null,
+ "policyid": 25,
+ "traffic-shaper-reverse": null,
+ "internet-service-custom": null,
+ "diffserv-reverse": null,
+ "srcaddr": null,
+ "dstaddr": null,
+ "delay-tcp-npu-session": null,
+ "icap-profile": null,
+ "captive-portal-exempt": null,
+ "vpn_dst_node": {
+ "subnet": null,
+ "host": null,
+ "seq": null
+ },
+ "app-category": null,
+ "rtp-addr": null,
+ "wsso": null,
+ "tcp-mss-receiver": null,
+ "ssh-filter-profile": null,
+ "radius-mac-auth-bypass": null,
+ "vpntunnel": null
+ },
+ "post_method": "delete"
+ },
+ {
+ "paramgram_used": {
+ "wanopt-passive-opt": null,
+ "package_name": "default",
+ "wanopt-detection": null,
+ "scan-botnet-connections": null,
+ "profile-group": null,
+ "wanopt-peer": null,
+ "dscp-match": null,
+ "replacemsg-override-group": null,
+ "internet-service-negate": null,
+ "np-acceleration": null,
+ "learning-mode": null,
+ "session-ttl": null,
+ "ntlm-guest": null,
+ "ips-sensor": null,
+ "diffservcode-rev": null,
+ "match-vip": null,
+ "natip": null,
+ "dlp-sensor": null,
+ "traffic-shaper": null,
+ "groups": null,
+ "schedule-timeout": null,
+ "name": "Basic_IPv4_Policy_2",
+ "tcp-session-without-syn": null,
+ "ntlm": null,
+ "permit-stun-host": null,
+ "diffservcode-forward": null,
+ "internet-service-src-custom": null,
+ "mode": "delete",
+ "disclaimer": null,
+ "rtp-nat": null,
+ "auth-cert": null,
+ "timeout-send-rst": null,
+ "auth-redirect-addr": null,
+ "ssl-mirror-intf": null,
+ "identity-based-route": null,
+ "natoutbound": null,
+ "wanopt-profile": null,
+ "per-ip-shaper": null,
+ "profile-protocol-options": null,
+ "diffserv-forward": null,
+ "poolname": null,
+ "comments": null,
+ "label": null,
+ "global-label": null,
+ "firewall-session-dirty": null,
+ "wanopt": null,
+ "schedule": null,
+ "internet-service-id": null,
+ "auth-path": null,
+ "vlan-cos-fwd": null,
+ "custom-log-fields": null,
+ "dstintf": null,
+ "srcintf": null,
+ "block-notification": null,
+ "internet-service-src-id": null,
+ "redirect-url": null,
+ "waf-profile": null,
+ "ntlm-enabled-browsers": null,
+ "dscp-negate": null,
+ "action": null,
+ "fsso-agent-for-ntlm": null,
+ "logtraffic": null,
+ "vlan-filter": null,
+ "policyid": 26,
+ "logtraffic-start": null,
+ "webcache-https": null,
+ "webfilter-profile": null,
+ "internet-service-src": null,
+ "webcache": null,
+ "utm-status": null,
+ "vpn_src_node": {
+ "subnet": null,
+ "host": null,
+ "seq": null
+ },
+ "ippool": null,
+ "service": null,
+ "wccp": null,
+ "auto-asic-offload": null,
+ "dscp-value": null,
+ "url-category": null,
+ "capture-packet": null,
+ "adom": "ansible",
+ "inbound": null,
+ "internet-service": null,
+ "profile-type": null,
+ "ssl-mirror": null,
+ "srcaddr-negate": null,
+ "gtp-profile": null,
+ "mms-profile": null,
+ "send-deny-packet": null,
+ "devices": null,
+ "permit-any-host": null,
+ "av-profile": null,
+ "internet-service-src-negate": null,
+ "service-negate": null,
+ "rsso": null,
+ "app-group": null,
+ "tcp-mss-sender": null,
+ "natinbound": null,
+ "fixedport": null,
+ "ssl-ssh-profile": null,
+ "outbound": null,
+ "spamfilter-profile": null,
+ "application-list": null,
+ "application": null,
+ "dnsfilter-profile": null,
+ "nat": null,
+ "fsso": null,
+ "vlan-cos-rev": null,
+ "status": null,
+ "dsri": null,
+ "users": null,
+ "voip-profile": null,
+ "dstaddr-negate": null,
+ "traffic-shaper-reverse": null,
+ "internet-service-custom": null,
+ "diffserv-reverse": null,
+ "srcaddr": null,
+ "ssh-filter-profile": null,
+ "delay-tcp-npu-session": null,
+ "icap-profile": null,
+ "captive-portal-exempt": null,
+ "vpn_dst_node": {
+ "subnet": null,
+ "host": null,
+ "seq": null
+ },
+ "app-category": null,
+ "rtp-addr": null,
+ "wsso": null,
+ "tcp-mss-receiver": null,
+ "dstaddr": null,
+ "radius-mac-auth-bypass": null,
+ "vpntunnel": null
+ },
+ "raw_response": {
+ "status": {
+ "message": "OK",
+ "code": 0
+ },
+ "url": "/pm/config/adom/ansible/pkg/default/firewall/policy/26"
+ },
+ "post_method": "delete"
+ },
+ {
+ "raw_response": {
+ "status": {
+ "message": "OK",
+ "code": 0
+ },
+ "url": "/pm/config/adom/ansible/pkg/default/firewall/policy/27"
+ },
+ "paramgram_used": {
+ "package_name": "default",
+ "wanopt-detection": null,
+ "scan-botnet-connections": null,
+ "profile-group": null,
+ "dlp-sensor": null,
+ "dscp-match": null,
+ "replacemsg-override-group": null,
+ "internet-service-negate": null,
+ "np-acceleration": null,
+ "learning-mode": null,
+ "session-ttl": null,
+ "ntlm-guest": null,
+ "ips-sensor": null,
+ "diffservcode-rev": null,
+ "match-vip": null,
+ "natip": null,
+ "wanopt-peer": null,
+ "traffic-shaper": null,
+ "groups": null,
+ "schedule-timeout": null,
+ "name": "Basic_IPv4_Policy_3",
+ "tcp-session-without-syn": null,
+ "rtp-nat": null,
+ "permit-stun-host": null,
+ "natoutbound": null,
+ "internet-service-src-custom": null,
+ "mode": "delete",
+ "logtraffic": null,
+ "ntlm": null,
+ "auth-cert": null,
+ "timeout-send-rst": null,
+ "auth-redirect-addr": null,
+ "ssl-mirror-intf": null,
+ "identity-based-route": null,
+ "diffservcode-forward": null,
+ "wanopt-profile": null,
+ "per-ip-shaper": null,
+ "users": null,
+ "diffserv-forward": null,
+ "poolname": null,
+ "comments": null,
+ "label": null,
+ "global-label": null,
+ "firewall-session-dirty": null,
+ "wanopt": null,
+ "schedule": null,
+ "internet-service-id": null,
+ "auth-path": null,
+ "vlan-cos-fwd": null,
+ "custom-log-fields": null,
+ "dstintf": null,
+ "srcintf": null,
+ "block-notification": null,
+ "internet-service-src-id": null,
+ "redirect-url": null,
+ "waf-profile": null,
+ "ntlm-enabled-browsers": null,
+ "dscp-negate": null,
+ "action": null,
+ "fsso-agent-for-ntlm": null,
+ "disclaimer": null,
+ "vlan-filter": null,
+ "dstaddr-negate": null,
+ "logtraffic-start": null,
+ "webcache-https": null,
+ "webfilter-profile": null,
+ "internet-service-src": null,
+ "webcache": null,
+ "utm-status": null,
+ "vpn_src_node": {
+ "subnet": null,
+ "host": null,
+ "seq": null
+ },
+ "ippool": null,
+ "service": null,
+ "wccp": null,
+ "auto-asic-offload": null,
+ "dscp-value": null,
+ "url-category": null,
+ "capture-packet": null,
+ "adom": "ansible",
+ "internet-service": null,
+ "inbound": null,
+ "profile-type": null,
+ "ssl-mirror": null,
+ "srcaddr-negate": null,
+ "gtp-profile": null,
+ "mms-profile": null,
+ "send-deny-packet": null,
+ "devices": null,
+ "permit-any-host": null,
+ "av-profile": null,
+ "internet-service-src-negate": null,
+ "service-negate": null,
+ "rsso": null,
+ "application-list": null,
+ "app-group": null,
+ "tcp-mss-sender": null,
+ "natinbound": null,
+ "fixedport": null,
+ "ssl-ssh-profile": null,
+ "outbound": null,
+ "spamfilter-profile": null,
+ "wanopt-passive-opt": null,
+ "application": null,
+ "dnsfilter-profile": null,
+ "nat": null,
+ "fsso": null,
+ "vlan-cos-rev": null,
+ "status": null,
+ "dsri": null,
+ "profile-protocol-options": null,
+ "voip-profile": null,
+ "policyid": 27,
+ "traffic-shaper-reverse": null,
+ "internet-service-custom": null,
+ "diffserv-reverse": null,
+ "srcaddr": null,
+ "dstaddr": null,
+ "delay-tcp-npu-session": null,
+ "icap-profile": null,
+ "captive-portal-exempt": null,
+ "vpn_dst_node": {
+ "subnet": null,
+ "host": null,
+ "seq": null
+ },
+ "app-category": null,
+ "rtp-addr": null,
+ "wsso": null,
+ "tcp-mss-receiver": null,
+ "ssh-filter-profile": null,
+ "radius-mac-auth-bypass": null,
+ "vpntunnel": null
+ },
+ "post_method": "delete"
+ }
+ ]
+}
diff --git a/test/units/modules/network/fortimanager/test_fmgr_fwpol_ipv4.py b/test/units/modules/network/fortimanager/test_fmgr_fwpol_ipv4.py
new file mode 100644
index 00000000000..42bb7c3d99f
--- /dev/null
+++ b/test/units/modules/network/fortimanager/test_fmgr_fwpol_ipv4.py
@@ -0,0 +1,846 @@
+# Copyright 2018 Fortinet, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+from pyFMG.fortimgr import FortiManager
+import pytest
+
+try:
+ from ansible.modules.network.fortimanager import fmgr_fwpol_ipv4
+except ImportError:
+ pytest.skip("Could not load required modules for testing", allow_module_level=True)
+
+fmg_instance = FortiManager("1.1.1.1", "admin", "")
+
+
+def load_fixtures():
+ fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures') + "/{filename}.json".format(
+ filename=os.path.splitext(os.path.basename(__file__))[0])
+ try:
+ with open(fixture_path, "r") as fixture_file:
+ fixture_data = json.load(fixture_file)
+ except IOError:
+ return []
+ return [fixture_data]
+
+
+@pytest.fixture(scope="function", params=load_fixtures())
+def fixture_data(request):
+ func_name = request.function.__name__.replace("test_", "")
+ return request.param.get(func_name, None)
+
+
+def test_fmgr_firewall_policy_addsetdelete(fixture_data, mocker):
+ mocker.patch("pyFMG.fortimgr.FortiManager._post_request", side_effect=fixture_data)
+ # Fixture sets used:###########################
+
+ ##################################################
+ # wanopt-passive-opt: None
+ # package_name: default
+ # wanopt-detection: None
+ # scan-botnet-connections: None
+ # profile-group: None
+ # wanopt-peer: None
+ # dscp-match: None
+ # replacemsg-override-group: None
+ # internet-service-negate: None
+ # np-acceleration: None
+ # learning-mode: None
+ # session-ttl: None
+ # ntlm-guest: None
+ # ips-sensor: None
+ # diffservcode-rev: None
+ # match-vip: None
+ # natip: None
+ # dlp-sensor: None
+ # traffic-shaper: None
+ # groups: None
+ # schedule-timeout: None
+ # name: Basic_IPv4_Policy
+ # tcp-session-without-syn: None
+ # ntlm: None
+ # permit-stun-host: None
+ # diffservcode-forward: None
+ # internet-service-src-custom: None
+ # mode: set
+ # disclaimer: None
+ # rtp-nat: None
+ # auth-cert: None
+ # timeout-send-rst: None
+ # auth-redirect-addr: None
+ # ssl-mirror-intf: None
+ # identity-based-route: None
+ # natoutbound: None
+ # wanopt-profile: None
+ # per-ip-shaper: None
+ # profile-protocol-options: None
+ # diffserv-forward: None
+ # poolname: None
+ # comments: Created by Ansible
+ # label: None
+ # global-label: None
+ # firewall-session-dirty: None
+ # wanopt: None
+ # schedule: always
+ # internet-service-id: None
+ # auth-path: None
+ # vlan-cos-fwd: None
+ # custom-log-fields: None
+ # dstintf: any
+ # srcintf: any
+ # block-notification: None
+ # internet-service-src-id: None
+ # redirect-url: None
+ # waf-profile: None
+ # ntlm-enabled-browsers: None
+ # dscp-negate: None
+ # action: accept
+ # fsso-agent-for-ntlm: None
+ # logtraffic: utm
+ # vlan-filter: None
+ # policyid: None
+ # logtraffic-start: None
+ # webcache-https: None
+ # webfilter-profile: None
+ # internet-service-src: None
+ # webcache: None
+ # utm-status: None
+ # vpn_src_node: {'subnet': None, 'host': None, 'seq': None}
+ # ippool: None
+ # service: ALL
+ # wccp: None
+ # auto-asic-offload: None
+ # dscp-value: None
+ # url-category: None
+ # capture-packet: None
+ # adom: ansible
+ # inbound: None
+ # internet-service: None
+ # profile-type: None
+ # ssl-mirror: None
+ # srcaddr-negate: None
+ # gtp-profile: None
+ # mms-profile: None
+ # send-deny-packet: None
+ # devices: None
+ # permit-any-host: None
+ # av-profile: None
+ # internet-service-src-negate: None
+ # service-negate: None
+ # rsso: None
+ # app-group: None
+ # tcp-mss-sender: None
+ # natinbound: None
+ # fixedport: None
+ # ssl-ssh-profile: None
+ # outbound: None
+ # spamfilter-profile: None
+ # application-list: None
+ # application: None
+ # dnsfilter-profile: None
+ # nat: None
+ # fsso: None
+ # vlan-cos-rev: None
+ # status: None
+ # dsri: None
+ # users: None
+ # voip-profile: None
+ # dstaddr-negate: None
+ # traffic-shaper-reverse: None
+ # internet-service-custom: None
+ # diffserv-reverse: None
+ # srcaddr: all
+ # ssh-filter-profile: None
+ # delay-tcp-npu-session: None
+ # icap-profile: None
+ # captive-portal-exempt: None
+ # vpn_dst_node: {'subnet': None, 'host': None, 'seq': None}
+ # app-category: None
+ # rtp-addr: None
+ # wsso: None
+ # tcp-mss-receiver: None
+ # dstaddr: all
+ # radius-mac-auth-bypass: None
+ # vpntunnel: None
+ ##################################################
+ ##################################################
+ # package_name: default
+ # wanopt-detection: None
+ # scan-botnet-connections: None
+ # profile-group: None
+ # dlp-sensor: None
+ # dscp-match: None
+ # replacemsg-override-group: None
+ # internet-service-negate: None
+ # np-acceleration: None
+ # learning-mode: None
+ # session-ttl: None
+ # ntlm-guest: None
+ # ips-sensor: None
+ # diffservcode-rev: None
+ # match-vip: None
+ # natip: None
+ # wanopt-peer: None
+ # traffic-shaper: None
+ # groups: None
+ # schedule-timeout: None
+ # name: Basic_IPv4_Policy_2
+ # tcp-session-without-syn: None
+ # rtp-nat: None
+ # permit-stun-host: None
+ # natoutbound: None
+ # internet-service-src-custom: None
+ # mode: set
+ # logtraffic: utm
+ # ntlm: None
+ # auth-cert: None
+ # timeout-send-rst: None
+ # auth-redirect-addr: None
+ # ssl-mirror-intf: None
+ # identity-based-route: None
+ # diffservcode-forward: None
+ # wanopt-profile: None
+ # per-ip-shaper: None
+ # users: None
+ # diffserv-forward: None
+ # poolname: None
+ # comments: Created by Ansible
+ # label: None
+ # global-label: None
+ # firewall-session-dirty: None
+ # wanopt: None
+ # schedule: always
+ # internet-service-id: None
+ # auth-path: None
+ # vlan-cos-fwd: None
+ # custom-log-fields: None
+ # dstintf: any
+ # srcintf: any
+ # block-notification: None
+ # internet-service-src-id: None
+ # redirect-url: None
+ # waf-profile: None
+ # ntlm-enabled-browsers: None
+ # dscp-negate: None
+ # action: accept
+ # fsso-agent-for-ntlm: None
+ # disclaimer: None
+ # vlan-filter: None
+ # dstaddr-negate: None
+ # logtraffic-start: None
+ # webcache-https: None
+ # webfilter-profile: None
+ # internet-service-src: None
+ # webcache: None
+ # utm-status: None
+ # vpn_src_node: {'subnet': None, 'host': None, 'seq': None}
+ # ippool: None
+ # service: HTTP, HTTPS
+ # wccp: None
+ # auto-asic-offload: None
+ # dscp-value: None
+ # url-category: None
+ # capture-packet: None
+ # adom: ansible
+ # inbound: None
+ # internet-service: None
+ # profile-type: None
+ # ssl-mirror: None
+ # srcaddr-negate: None
+ # gtp-profile: None
+ # mms-profile: None
+ # send-deny-packet: None
+ # devices: None
+ # permit-any-host: None
+ # av-profile: None
+ # internet-service-src-negate: None
+ # service-negate: None
+ # rsso: None
+ # application-list: None
+ # app-group: None
+ # tcp-mss-sender: None
+ # natinbound: None
+ # fixedport: None
+ # ssl-ssh-profile: None
+ # outbound: None
+ # spamfilter-profile: None
+ # wanopt-passive-opt: None
+ # application: None
+ # dnsfilter-profile: None
+ # nat: enable
+ # fsso: None
+ # vlan-cos-rev: None
+ # status: None
+ # dsri: None
+ # profile-protocol-options: None
+ # voip-profile: None
+ # policyid: None
+ # traffic-shaper-reverse: None
+ # internet-service-custom: None
+ # diffserv-reverse: None
+ # srcaddr: all
+ # dstaddr: google-play
+ # delay-tcp-npu-session: None
+ # icap-profile: None
+ # captive-portal-exempt: None
+ # vpn_dst_node: {'subnet': None, 'host': None, 'seq': None}
+ # app-category: None
+ # rtp-addr: None
+ # wsso: None
+ # tcp-mss-receiver: None
+ # ssh-filter-profile: None
+ # radius-mac-auth-bypass: None
+ # vpntunnel: None
+ ##################################################
+ ##################################################
+ # wanopt-passive-opt: None
+ # package_name: default
+ # wanopt-detection: None
+ # scan-botnet-connections: None
+ # profile-group: None
+ # wanopt-peer: None
+ # dscp-match: None
+ # replacemsg-override-group: None
+ # internet-service-negate: None
+ # np-acceleration: None
+ # learning-mode: None
+ # session-ttl: None
+ # ntlm-guest: None
+ # ips-sensor: default
+ # diffservcode-rev: None
+ # match-vip: None
+ # natip: None
+ # dlp-sensor: None
+ # traffic-shaper: None
+ # groups: None
+ # schedule-timeout: None
+ # name: Basic_IPv4_Policy_3
+ # tcp-session-without-syn: None
+ # ntlm: None
+ # permit-stun-host: None
+ # diffservcode-forward: None
+ # internet-service-src-custom: None
+ # mode: set
+ # disclaimer: None
+ # rtp-nat: None
+ # auth-cert: None
+ # timeout-send-rst: None
+ # auth-redirect-addr: None
+ # ssl-mirror-intf: None
+ # identity-based-route: None
+ # natoutbound: None
+ # wanopt-profile: None
+ # per-ip-shaper: None
+ # profile-protocol-options: None
+ # diffserv-forward: None
+ # poolname: None
+ # comments: Created by Ansible
+ # label: None
+ # global-label: None
+ # firewall-session-dirty: None
+ # wanopt: None
+ # schedule: always
+ # internet-service-id: None
+ # auth-path: None
+ # vlan-cos-fwd: None
+ # custom-log-fields: None
+ # dstintf: zone_wan1, zone_wan2
+ # srcintf: zone_int1
+ # block-notification: None
+ # internet-service-src-id: None
+ # redirect-url: None
+ # waf-profile: None
+ # ntlm-enabled-browsers: None
+ # dscp-negate: None
+ # action: accept
+ # fsso-agent-for-ntlm: None
+ # logtraffic: utm
+ # vlan-filter: None
+ # policyid: None
+ # logtraffic-start: None
+ # webcache-https: None
+ # webfilter-profile: None
+ # internet-service-src: None
+ # webcache: None
+ # utm-status: None
+ # vpn_src_node: {'subnet': None, 'host': None, 'seq': None}
+ # ippool: None
+ # service: HTTP, HTTPS
+ # wccp: None
+ # auto-asic-offload: None
+ # dscp-value: None
+ # url-category: None
+ # capture-packet: None
+ # adom: ansible
+ # inbound: None
+ # internet-service: None
+ # profile-type: None
+ # ssl-mirror: None
+ # srcaddr-negate: None
+ # gtp-profile: None
+ # mms-profile: None
+ # send-deny-packet: None
+ # devices: None
+ # permit-any-host: None
+ # av-profile: sniffer-profile
+ # internet-service-src-negate: None
+ # service-negate: None
+ # rsso: None
+ # app-group: None
+ # tcp-mss-sender: None
+ # natinbound: None
+ # fixedport: None
+ # ssl-ssh-profile: None
+ # outbound: None
+ # spamfilter-profile: None
+ # application-list: None
+ # application: None
+ # dnsfilter-profile: None
+ # nat: enable
+ # fsso: None
+ # vlan-cos-rev: None
+ # status: None
+ # dsri: None
+ # users: None
+ # voip-profile: None
+ # dstaddr-negate: None
+ # traffic-shaper-reverse: None
+ # internet-service-custom: None
+ # diffserv-reverse: None
+ # srcaddr: corp_internal
+ # ssh-filter-profile: None
+ # delay-tcp-npu-session: None
+ # icap-profile: None
+ # captive-portal-exempt: None
+ # vpn_dst_node: {'subnet': None, 'host': None, 'seq': None}
+ # app-category: None
+ # rtp-addr: None
+ # wsso: None
+ # tcp-mss-receiver: None
+ # dstaddr: google-play, autoupdate.opera.com
+ # radius-mac-auth-bypass: None
+ # vpntunnel: None
+ ##################################################
+ ##################################################
+ # package_name: default
+ # wanopt-detection: None
+ # scan-botnet-connections: None
+ # profile-group: None
+ # dlp-sensor: None
+ # dscp-match: None
+ # replacemsg-override-group: None
+ # internet-service-negate: None
+ # np-acceleration: None
+ # learning-mode: None
+ # session-ttl: None
+ # ntlm-guest: None
+ # ips-sensor: None
+ # diffservcode-rev: None
+ # match-vip: None
+ # natip: None
+ # wanopt-peer: None
+ # traffic-shaper: None
+ # groups: None
+ # schedule-timeout: None
+ # name: Basic_IPv4_Policy
+ # tcp-session-without-syn: None
+ # rtp-nat: None
+ # permit-stun-host: None
+ # natoutbound: None
+ # internet-service-src-custom: None
+ # mode: delete
+ # logtraffic: None
+ # ntlm: None
+ # auth-cert: None
+ # timeout-send-rst: None
+ # auth-redirect-addr: None
+ # ssl-mirror-intf: None
+ # identity-based-route: None
+ # diffservcode-forward: None
+ # wanopt-profile: None
+ # per-ip-shaper: None
+ # users: None
+ # diffserv-forward: None
+ # poolname: None
+ # comments: None
+ # label: None
+ # global-label: None
+ # firewall-session-dirty: None
+ # wanopt: None
+ # schedule: None
+ # internet-service-id: None
+ # auth-path: None
+ # vlan-cos-fwd: None
+ # custom-log-fields: None
+ # dstintf: None
+ # srcintf: None
+ # block-notification: None
+ # internet-service-src-id: None
+ # redirect-url: None
+ # waf-profile: None
+ # ntlm-enabled-browsers: None
+ # dscp-negate: None
+ # action: None
+ # fsso-agent-for-ntlm: None
+ # disclaimer: None
+ # vlan-filter: None
+ # dstaddr-negate: None
+ # logtraffic-start: None
+ # webcache-https: None
+ # webfilter-profile: None
+ # internet-service-src: None
+ # webcache: None
+ # utm-status: None
+ # vpn_src_node: {'subnet': None, 'host': None, 'seq': None}
+ # ippool: None
+ # service: None
+ # wccp: None
+ # auto-asic-offload: None
+ # dscp-value: None
+ # url-category: None
+ # capture-packet: None
+ # adom: ansible
+ # inbound: None
+ # internet-service: None
+ # profile-type: None
+ # ssl-mirror: None
+ # srcaddr-negate: None
+ # gtp-profile: None
+ # mms-profile: None
+ # send-deny-packet: None
+ # devices: None
+ # permit-any-host: None
+ # av-profile: None
+ # internet-service-src-negate: None
+ # service-negate: None
+ # rsso: None
+ # application-list: None
+ # app-group: None
+ # tcp-mss-sender: None
+ # natinbound: None
+ # fixedport: None
+ # ssl-ssh-profile: None
+ # outbound: None
+ # spamfilter-profile: None
+ # wanopt-passive-opt: None
+ # application: None
+ # dnsfilter-profile: None
+ # nat: None
+ # fsso: None
+ # vlan-cos-rev: None
+ # status: None
+ # dsri: None
+ # profile-protocol-options: None
+ # voip-profile: None
+ # policyid: 25
+ # traffic-shaper-reverse: None
+ # internet-service-custom: None
+ # diffserv-reverse: None
+ # srcaddr: None
+ # dstaddr: None
+ # delay-tcp-npu-session: None
+ # icap-profile: None
+ # captive-portal-exempt: None
+ # vpn_dst_node: {'subnet': None, 'host': None, 'seq': None}
+ # app-category: None
+ # rtp-addr: None
+ # wsso: None
+ # tcp-mss-receiver: None
+ # ssh-filter-profile: None
+ # radius-mac-auth-bypass: None
+ # vpntunnel: None
+ ##################################################
+ ##################################################
+ # wanopt-passive-opt: None
+ # package_name: default
+ # wanopt-detection: None
+ # scan-botnet-connections: None
+ # profile-group: None
+ # wanopt-peer: None
+ # dscp-match: None
+ # replacemsg-override-group: None
+ # internet-service-negate: None
+ # np-acceleration: None
+ # learning-mode: None
+ # session-ttl: None
+ # ntlm-guest: None
+ # ips-sensor: None
+ # diffservcode-rev: None
+ # match-vip: None
+ # natip: None
+ # dlp-sensor: None
+ # traffic-shaper: None
+ # groups: None
+ # schedule-timeout: None
+ # name: Basic_IPv4_Policy_2
+ # tcp-session-without-syn: None
+ # ntlm: None
+ # permit-stun-host: None
+ # diffservcode-forward: None
+ # internet-service-src-custom: None
+ # mode: delete
+ # disclaimer: None
+ # rtp-nat: None
+ # auth-cert: None
+ # timeout-send-rst: None
+ # auth-redirect-addr: None
+ # ssl-mirror-intf: None
+ # identity-based-route: None
+ # natoutbound: None
+ # wanopt-profile: None
+ # per-ip-shaper: None
+ # profile-protocol-options: None
+ # diffserv-forward: None
+ # poolname: None
+ # comments: None
+ # label: None
+ # global-label: None
+ # firewall-session-dirty: None
+ # wanopt: None
+ # schedule: None
+ # internet-service-id: None
+ # auth-path: None
+ # vlan-cos-fwd: None
+ # custom-log-fields: None
+ # dstintf: None
+ # srcintf: None
+ # block-notification: None
+ # internet-service-src-id: None
+ # redirect-url: None
+ # waf-profile: None
+ # ntlm-enabled-browsers: None
+ # dscp-negate: None
+ # action: None
+ # fsso-agent-for-ntlm: None
+ # logtraffic: None
+ # vlan-filter: None
+ # policyid: 26
+ # logtraffic-start: None
+ # webcache-https: None
+ # webfilter-profile: None
+ # internet-service-src: None
+ # webcache: None
+ # utm-status: None
+ # vpn_src_node: {'subnet': None, 'host': None, 'seq': None}
+ # ippool: None
+ # service: None
+ # wccp: None
+ # auto-asic-offload: None
+ # dscp-value: None
+ # url-category: None
+ # capture-packet: None
+ # adom: ansible
+ # inbound: None
+ # internet-service: None
+ # profile-type: None
+ # ssl-mirror: None
+ # srcaddr-negate: None
+ # gtp-profile: None
+ # mms-profile: None
+ # send-deny-packet: None
+ # devices: None
+ # permit-any-host: None
+ # av-profile: None
+ # internet-service-src-negate: None
+ # service-negate: None
+ # rsso: None
+ # app-group: None
+ # tcp-mss-sender: None
+ # natinbound: None
+ # fixedport: None
+ # ssl-ssh-profile: None
+ # outbound: None
+ # spamfilter-profile: None
+ # application-list: None
+ # application: None
+ # dnsfilter-profile: None
+ # nat: None
+ # fsso: None
+ # vlan-cos-rev: None
+ # status: None
+ # dsri: None
+ # users: None
+ # voip-profile: None
+ # dstaddr-negate: None
+ # traffic-shaper-reverse: None
+ # internet-service-custom: None
+ # diffserv-reverse: None
+ # srcaddr: None
+ # ssh-filter-profile: None
+ # delay-tcp-npu-session: None
+ # icap-profile: None
+ # captive-portal-exempt: None
+ # vpn_dst_node: {'subnet': None, 'host': None, 'seq': None}
+ # app-category: None
+ # rtp-addr: None
+ # wsso: None
+ # tcp-mss-receiver: None
+ # dstaddr: None
+ # radius-mac-auth-bypass: None
+ # vpntunnel: None
+ ##################################################
+ ##################################################
+ # package_name: default
+ # wanopt-detection: None
+ # scan-botnet-connections: None
+ # profile-group: None
+ # dlp-sensor: None
+ # dscp-match: None
+ # replacemsg-override-group: None
+ # internet-service-negate: None
+ # np-acceleration: None
+ # learning-mode: None
+ # session-ttl: None
+ # ntlm-guest: None
+ # ips-sensor: None
+ # diffservcode-rev: None
+ # match-vip: None
+ # natip: None
+ # wanopt-peer: None
+ # traffic-shaper: None
+ # groups: None
+ # schedule-timeout: None
+ # name: Basic_IPv4_Policy_3
+ # tcp-session-without-syn: None
+ # rtp-nat: None
+ # permit-stun-host: None
+ # natoutbound: None
+ # internet-service-src-custom: None
+ # mode: delete
+ # logtraffic: None
+ # ntlm: None
+ # auth-cert: None
+ # timeout-send-rst: None
+ # auth-redirect-addr: None
+ # ssl-mirror-intf: None
+ # identity-based-route: None
+ # diffservcode-forward: None
+ # wanopt-profile: None
+ # per-ip-shaper: None
+ # users: None
+ # diffserv-forward: None
+ # poolname: None
+ # comments: None
+ # label: None
+ # global-label: None
+ # firewall-session-dirty: None
+ # wanopt: None
+ # schedule: None
+ # internet-service-id: None
+ # auth-path: None
+ # vlan-cos-fwd: None
+ # custom-log-fields: None
+ # dstintf: None
+ # srcintf: None
+ # block-notification: None
+ # internet-service-src-id: None
+ # redirect-url: None
+ # waf-profile: None
+ # ntlm-enabled-browsers: None
+ # dscp-negate: None
+ # action: None
+ # fsso-agent-for-ntlm: None
+ # disclaimer: None
+ # vlan-filter: None
+ # dstaddr-negate: None
+ # logtraffic-start: None
+ # webcache-https: None
+ # webfilter-profile: None
+ # internet-service-src: None
+ # webcache: None
+ # utm-status: None
+ # vpn_src_node: {'subnet': None, 'host': None, 'seq': None}
+ # ippool: None
+ # service: None
+ # wccp: None
+ # auto-asic-offload: None
+ # dscp-value: None
+ # url-category: None
+ # capture-packet: None
+ # adom: ansible
+ # internet-service: None
+ # inbound: None
+ # profile-type: None
+ # ssl-mirror: None
+ # srcaddr-negate: None
+ # gtp-profile: None
+ # mms-profile: None
+ # send-deny-packet: None
+ # devices: None
+ # permit-any-host: None
+ # av-profile: None
+ # internet-service-src-negate: None
+ # service-negate: None
+ # rsso: None
+ # application-list: None
+ # app-group: None
+ # tcp-mss-sender: None
+ # natinbound: None
+ # fixedport: None
+ # ssl-ssh-profile: None
+ # outbound: None
+ # spamfilter-profile: None
+ # wanopt-passive-opt: None
+ # application: None
+ # dnsfilter-profile: None
+ # nat: None
+ # fsso: None
+ # vlan-cos-rev: None
+ # status: None
+ # dsri: None
+ # profile-protocol-options: None
+ # voip-profile: None
+ # policyid: 27
+ # traffic-shaper-reverse: None
+ # internet-service-custom: None
+ # diffserv-reverse: None
+ # srcaddr: None
+ # dstaddr: None
+ # delay-tcp-npu-session: None
+ # icap-profile: None
+ # captive-portal-exempt: None
+ # vpn_dst_node: {'subnet': None, 'host': None, 'seq': None}
+ # app-category: None
+ # rtp-addr: None
+ # wsso: None
+ # tcp-mss-receiver: None
+ # ssh-filter-profile: None
+ # radius-mac-auth-bypass: None
+ # vpntunnel: None
+ ##################################################
+
+ # Test using fixture 1 #
+ output = fmgr_fwpol_ipv4.fmgr_firewall_policy_addsetdelete(fmg_instance, fixture_data[0]['paramgram_used'])
+ assert isinstance(output['raw_response'], dict) is True
+ # Test using fixture 2 #
+ output = fmgr_fwpol_ipv4.fmgr_firewall_policy_addsetdelete(fmg_instance, fixture_data[1]['paramgram_used'])
+ assert isinstance(output['raw_response'], dict) is True
+ # Test using fixture 3 #
+ output = fmgr_fwpol_ipv4.fmgr_firewall_policy_addsetdelete(fmg_instance, fixture_data[2]['paramgram_used'])
+ assert isinstance(output['raw_response'], dict) is True
+ # Test using fixture 4 #
+ output = fmgr_fwpol_ipv4.fmgr_firewall_policy_addsetdelete(fmg_instance, fixture_data[3]['paramgram_used'])
+ assert output['raw_response']['status']['code'] == 0
+ # Test using fixture 5 #
+ output = fmgr_fwpol_ipv4.fmgr_firewall_policy_addsetdelete(fmg_instance, fixture_data[4]['paramgram_used'])
+ assert output['raw_response']['status']['code'] == 0
+ # Test using fixture 6 #
+ output = fmgr_fwpol_ipv4.fmgr_firewall_policy_addsetdelete(fmg_instance, fixture_data[5]['paramgram_used'])
+ assert output['raw_response']['status']['code'] == 0