New HTTPAPI plugin for FortiOS (#56870)

* New HTTPAPI plugin for FortiOS * Remove special char * Updates after review - Comments from Qalthos
2019-06-23 01:31:21 +02:00 · 2019-06-23 01:31:21 +02:00 · 64c3b4fbb5
commit 64c3b4fbb5
parent fbdf6e59f2
2 changed files with 231 additions and 1 deletions
--- a/lib/ansible/module_utils/network/fortios/fortios.py
+++ b/lib/ansible/module_utils/network/fortios/fortios.py
@ -4,7 +4,8 @@
 # still belong to the author of the module, and may assign their own license
 # to the complete work.
 #
-# Copyright (c), Benjamin Jolivot <bjolivot@gmail.com>, 2014
+# Copyright (c), Benjamin Jolivot <bjolivot@gmail.com>, 2014,
+# Miguel Angel Munoz <magonzalez@fortinet.com>, 2019
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without modification,
@ -33,6 +34,9 @@ import traceback
 from ansible.module_utils._text import to_native
 from ansible.module_utils.basic import env_fallback

+import json
+
+# BEGIN DEPRECATED

 # check for pyFG lib
 try:
@ -72,6 +76,105 @@ fortios_error_codes = {
    '-61': "Command error"
 }

+# END DEPRECATED
+
+
+class FortiOSHandler(object):
+
+    def __init__(self, conn):
+        self._conn = conn
+
+    def cmdb_url(self, path, name, vdom=None, mkey=None):
+
+        url = '/api/v2/cmdb/' + path + '/' + name
+        if mkey:
+            url = url + '/' + str(mkey)
+        if vdom:
+            if vdom == "global":
+                url += '?global=1'
+            else:
+                url += '?vdom=' + vdom
+        return url
+
+    def schema(self, path, name, vdom=None):
+        if vdom is None:
+            url = self.cmdb_url(path, name) + "?action=schema"
+        else:
+            url = self.cmdb_url(path, name, vdom=vdom) + "&action=schema"
+
+        status, result_data = self._conn.send_request(url=url)
+
+        if status == 200:
+            if vdom == "global":
+                return json.loads(result_data.decode('utf-8'))[0]['results']
+            else:
+                return json.loads(result_data.decode('utf-8'))['results']
+        else:
+            return json.loads(result_data.decode('utf-8'))
+
+    def get_mkeyname(self, path, name, vdom=None):
+        schema = self.schema(path, name, vdom=vdom)
+        try:
+            keyname = schema['mkey']
+        except KeyError:
+            return False
+        return keyname
+
+    def get_mkey(self, path, name, data, vdom=None):
+
+        keyname = self.get_mkeyname(path, name, vdom)
+        if not keyname:
+            return None
+        else:
+            try:
+                mkey = data[keyname]
+            except KeyError:
+                return None
+        return mkey
+
+    def set(self, path, name, data, mkey=None, vdom=None, parameters=None):
+
+        if not mkey:
+            mkey = self.get_mkey(path, name, data, vdom=vdom)
+        url = self.cmdb_url(path, name, vdom, mkey)
+
+        status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='PUT')
+
+        if status == 404 or status == 405 or status == 500:
+            return self.post(path, name, data, vdom, mkey)
+        else:
+            return self.formatresponse(result_data, vdom=vdom)
+
+    def post(self, path, name, data, vdom=None,
+             mkey=None, parameters=None):
+
+        if mkey:
+            mkeyname = self.get_mkeyname(path, name, vdom)
+            data[mkeyname] = mkey
+
+        url = self.cmdb_url(path, name, vdom, mkey=None)
+
+        status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='POST')
+
+        return self.formatresponse(result_data, vdom=vdom)
+
+    def delete(self, path, name, vdom=None, mkey=None, parameters=None, data=None):
+        if not mkey:
+            mkey = self.get_mkey(path, name, data, vdom=vdom)
+        url = self.cmdb_url(path, name, vdom, mkey)
+        status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='DELETE')
+        return self.formatresponse(result_data, vdom=vdom)
+
+    def formatresponse(self, res, vdom=None):
+        if vdom == "global":
+            resp = json.loads(res.decode('utf-8'))[0]
+            resp['vdom'] = "global"
+        else:
+            resp = json.loads(res.decode('utf-8'))
+        return resp
+
+# BEGIN DEPRECATED
+

 def backup(module, running_config):
    backup_path = module.params['backup_path']
@ -198,3 +301,5 @@ class AnsibleFortios(object):

    def get_empty_configuration_block(self, block_name, block_type):
        return FortiConfig(block_name, block_type)
+
+# END DEPRECATED
--- a/lib/ansible/plugins/httpapi/fortios.py
+++ b/lib/ansible/plugins/httpapi/fortios.py
@ -0,0 +1,125 @@
+# This code is part of Ansible, but is an independent component.
+# This particular file snippet, and this file snippet only, is BSD licensed.
+# Modules you write using this snippet, which is embedded dynamically by Ansible
+# still belong to the author of the module, and may assign their own license
+# to the complete work.
+#
+# (c) 2019 Fortinet, Inc
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above copyright notice,
+#      this list of conditions and the following disclaimer in the documentation
+#      and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = """
+---
+author:
+    - Miguel Angel Muñoz (@magonzalez)
+httpapi : fortios
+short_description: HttpApi Plugin for Fortinet FortiOS Appliance or VM
+description:
+  - This HttpApi plugin provides methods to connect to Fortinet FortiOS Appliance or VM via REST API
+version_added: "2.9"
+"""
+
+from ansible.plugins.httpapi import HttpApiBase
+from ansible.module_utils.basic import to_text
+import urllib
+import json
+import re
+
+
+class HttpApi(HttpApiBase):
+    def __init__(self, connection):
+        super(HttpApi, self).__init__(connection)
+
+        self._ccsrftoken = ''
+
+    def set_become(self, become_context):
+        """
+        Elevation is not required on Fortinet devices - Skipped
+        :param become_context: Unused input.
+        :return: None
+        """
+        return None
+
+    def login(self, username, password):
+        """Call a defined login endpoint to receive an authentication token."""
+
+        data = "username=" + urllib.parse.quote(username) + "&secretkey=" + urllib.parse.quote(password) + "&ajax=1"
+        dummy, result_data = self.send_request(url='/logincheck', data=data, method='POST')
+        if result_data[0] != '1':
+            raise Exception('Wrong credentials. Please check')
+
+    def logout(self):
+        """ Call to implement session logout."""
+
+        self.send_request(url='/logout', method="POST")
+
+    def update_auth(self, response, response_text):
+        """
+        Get cookies and obtain value for csrftoken that will be used on next requests
+        :param response: Response given by the server.
+        :param response_text Unused_input.
+        :return: Dictionary containing headers
+        """
+
+        headers = {}
+
+        for attr, val in response.getheaders():
+            if attr == 'Set-Cookie' and 'APSCOOKIE_' in val:
+                headers['Cookie'] = val
+
+            elif attr == 'Set-Cookie' and 'ccsrftoken=' in val:
+                csrftoken_search = re.search('\"(.*)\"', val)
+                if csrftoken_search:
+                    self._ccsrftoken = csrftoken_search.group(1)
+
+        headers['x-csrftoken'] = self._ccsrftoken
+
+        return headers
+
+    def handle_httperror(self, exc):
+        """
+        Not required on Fortinet devices - Skipped
+        :param exc: Unused input.
+        :return: exc
+        """
+        return exc
+
+    def send_request(self, **message_kwargs):
+        """
+        Responsible for actual sending of data to the connection httpapi base plugin.
+        :param message_kwargs: A formatted dictionary containing request info: url, data, method
+
+        :return: Status code and response data.
+        """
+        url = message_kwargs.get('url', '/')
+        data = message_kwargs.get('data', '')
+        method = message_kwargs.get('method', 'GET')
+
+        try:
+            response, response_data = self.connection.send(url, data, method=method)
+
+            return response.status, to_text(response_data.getvalue())
+        except Exception as err:
+            raise Exception(err)