FortiManager Plugin Module Conversion: fmgr_secprof_waf (#52789)
* Auto Commit for: fmgr_secprof_waf * Auto Commit for: fmgr_secprof_waf * Auto Commit for: fmgr_secprof_waf
This commit is contained in:
ftntcorecse
Nilashish Chakraborty
parent
60c0069fec
commit
7ee7c3cf2c
3 changed files with 431 additions and 636 deletions
|
|
@ -28,6 +28,8 @@ DOCUMENTATION = '''
|
||||||
---
|
---
|
||||||
module: fmgr_secprof_waf
|
module: fmgr_secprof_waf
|
||||||
version_added: "2.8"
|
version_added: "2.8"
|
||||||
|
notes:
|
||||||
|
- Full Documentation at U(https://ftnt-ansible-docs.readthedocs.io/en/latest/).
|
||||||
author:
|
author:
|
||||||
- Luke Weighall (@lweighall)
|
- Luke Weighall (@lweighall)
|
||||||
- Andrew Welsh (@Ghilli3)
|
- Andrew Welsh (@Ghilli3)
|
||||||
|
|
@ -43,21 +45,6 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: root
|
default: root
|
||||||
|
|
||||||
host:
|
|
||||||
description:
|
|
||||||
- The FortiManager's Address.
|
|
||||||
required: true
|
|
||||||
|
|
||||||
username:
|
|
||||||
description:
|
|
||||||
- The username associated with the account.
|
|
||||||
required: true
|
|
||||||
|
|
||||||
password:
|
|
||||||
description:
|
|
||||||
- The password associated with the username account.
|
|
||||||
required: true
|
|
||||||
|
|
||||||
mode:
|
mode:
|
||||||
description:
|
description:
|
||||||
- Sets one of three modes for managing the object.
|
- Sets one of three modes for managing the object.
|
||||||
|
|
@ -1045,18 +1032,12 @@ options:
|
||||||
EXAMPLES = '''
|
EXAMPLES = '''
|
||||||
- name: DELETE Profile
|
- name: DELETE Profile
|
||||||
fmgr_secprof_waf:
|
fmgr_secprof_waf:
|
||||||
host: "{{inventory_hostname}}"
|
|
||||||
username: "{{ username }}"
|
|
||||||
password: "{{ password }}"
|
|
||||||
name: "Ansible_WAF_Profile"
|
name: "Ansible_WAF_Profile"
|
||||||
comment: "Created by Ansible Module TEST"
|
comment: "Created by Ansible Module TEST"
|
||||||
mode: "delete"
|
mode: "delete"
|
||||||
|
|
||||||
- name: CREATE Profile
|
- name: CREATE Profile
|
||||||
fmgr_secprof_waf:
|
fmgr_secprof_waf:
|
||||||
host: "{{inventory_hostname}}"
|
|
||||||
username: "{{ username }}"
|
|
||||||
password: "{{ password }}"
|
|
||||||
name: "Ansible_WAF_Profile"
|
name: "Ansible_WAF_Profile"
|
||||||
comment: "Created by Ansible Module TEST"
|
comment: "Created by Ansible Module TEST"
|
||||||
mode: "set"
|
mode: "set"
|
||||||
|
|
@ -1070,15 +1051,15 @@ api_result:
|
||||||
"""
|
"""
|
||||||
|
|
||||||
from ansible.module_utils.basic import AnsibleModule, env_fallback
|
from ansible.module_utils.basic import AnsibleModule, env_fallback
|
||||||
from ansible.module_utils.network.fortimanager.fortimanager import AnsibleFortiManager
|
from ansible.module_utils.connection import Connection
|
||||||
|
from ansible.module_utils.network.fortimanager.fortimanager import FortiManagerHandler
|
||||||
# check for pyFMG lib
|
from ansible.module_utils.network.fortimanager.common import FMGBaseException
|
||||||
try:
|
from ansible.module_utils.network.fortimanager.common import FMGRCommon
|
||||||
from pyFMG.fortimgr import FortiManager
|
from ansible.module_utils.network.fortimanager.common import FMGRMethods
|
||||||
|
from ansible.module_utils.network.fortimanager.common import DEFAULT_RESULT_OBJ
|
||||||
HAS_PYFMGR = True
|
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
|
||||||
except ImportError:
|
from ansible.module_utils.network.fortimanager.common import prepare_dict
|
||||||
HAS_PYFMGR = False
|
from ansible.module_utils.network.fortimanager.common import scrub_dict
|
||||||
|
|
||||||
|
|
||||||
###############
|
###############
|
||||||
|
|
@ -1086,19 +1067,26 @@ except ImportError:
|
||||||
###############
|
###############
|
||||||
|
|
||||||
|
|
||||||
def fmgr_waf_profile_addsetdelete(fmg, paramgram):
|
def fmgr_waf_profile_modify(fmgr, paramgram):
|
||||||
|
"""
|
||||||
|
:param fmgr: The fmgr object instance from fortimanager.py
|
||||||
|
:type fmgr: class object
|
||||||
|
:param paramgram: The formatted dictionary of options to process
|
||||||
|
:type paramgram: dict
|
||||||
|
:return: The response from the FortiManager
|
||||||
|
:rtype: dict
|
||||||
|
"""
|
||||||
mode = paramgram["mode"]
|
mode = paramgram["mode"]
|
||||||
adom = paramgram["adom"]
|
adom = paramgram["adom"]
|
||||||
# INIT A BASIC OBJECTS
|
# INIT A BASIC OBJECTS
|
||||||
response = (-100000, {"msg": "Illegal or malformed paramgram discovered. System Exception"})
|
response = DEFAULT_RESULT_OBJ
|
||||||
url = ""
|
url = ""
|
||||||
datagram = {}
|
datagram = {}
|
||||||
|
|
||||||
# EVAL THE MODE PARAMETER FOR SET OR ADD
|
# EVAL THE MODE PARAMETER FOR SET OR ADD
|
||||||
if mode in ['set', 'add', 'update']:
|
if mode in ['set', 'add', 'update']:
|
||||||
url = '/pm/config/adom/{adom}/obj/waf/profile'.format(adom=adom)
|
url = '/pm/config/adom/{adom}/obj/waf/profile'.format(adom=adom)
|
||||||
datagram = fmgr_del_none(fmgr_prepare_dict(paramgram))
|
datagram = scrub_dict(prepare_dict(paramgram))
|
||||||
|
|
||||||
# EVAL THE MODE PARAMETER FOR DELETE
|
# EVAL THE MODE PARAMETER FOR DELETE
|
||||||
elif mode == "delete":
|
elif mode == "delete":
|
||||||
|
|
@ -1106,129 +1094,11 @@ def fmgr_waf_profile_addsetdelete(fmg, paramgram):
|
||||||
url = '/pm/config/adom/{adom}/obj/waf/profile/{name}'.format(adom=adom, name=paramgram["name"])
|
url = '/pm/config/adom/{adom}/obj/waf/profile/{name}'.format(adom=adom, name=paramgram["name"])
|
||||||
datagram = {}
|
datagram = {}
|
||||||
|
|
||||||
# IF MODE = SET -- USE THE 'SET' API CALL MODE
|
response = fmgr.process_request(url, datagram, paramgram["mode"])
|
||||||
if mode == "set":
|
|
||||||
response = fmg.set(url, datagram)
|
|
||||||
# IF MODE = UPDATE -- USER THE 'UPDATE' API CALL MODE
|
|
||||||
elif mode == "update":
|
|
||||||
response = fmg.update(url, datagram)
|
|
||||||
# IF MODE = ADD -- USE THE 'ADD' API CALL MODE
|
|
||||||
elif mode == "add":
|
|
||||||
response = fmg.add(url, datagram)
|
|
||||||
# IF MODE = DELETE -- USE THE DELETE URL AND API CALL MODE
|
|
||||||
elif mode == "delete":
|
|
||||||
response = fmg.delete(url, datagram)
|
|
||||||
|
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
# ADDITIONAL COMMON FUNCTIONS
|
|
||||||
# FUNCTION/METHOD FOR LOGGING OUT AND ANALYZING ERROR CODES
|
|
||||||
def fmgr_logout(fmg, module, msg="NULL", results=(), good_codes=(0,), logout_on_fail=True, logout_on_success=False):
|
|
||||||
"""
|
|
||||||
THIS METHOD CONTROLS THE LOGOUT AND ERROR REPORTING AFTER AN METHOD OR FUNCTION RUNS
|
|
||||||
"""
|
|
||||||
# pydevd.settrace('10.0.0.122', port=54654, stdoutToServer=True, stderrToServer=True)
|
|
||||||
# VALIDATION ERROR (NO RESULTS, JUST AN EXIT)
|
|
||||||
if msg != "NULL" and len(results) == 0:
|
|
||||||
try:
|
|
||||||
fmg.logout()
|
|
||||||
except BaseException:
|
|
||||||
pass
|
|
||||||
module.fail_json(msg=msg)
|
|
||||||
|
|
||||||
# SUBMISSION ERROR
|
|
||||||
if len(results) > 0:
|
|
||||||
if msg == "NULL":
|
|
||||||
try:
|
|
||||||
msg = results[1]['status']['message']
|
|
||||||
except BaseException:
|
|
||||||
msg = "No status message returned from pyFMG. Possible that this was a GET with a tuple result."
|
|
||||||
|
|
||||||
if results[0] not in good_codes:
|
|
||||||
if logout_on_fail:
|
|
||||||
fmg.logout()
|
|
||||||
module.fail_json(msg=msg, **results[1])
|
|
||||||
else:
|
|
||||||
return msg
|
|
||||||
else:
|
|
||||||
if logout_on_success:
|
|
||||||
fmg.logout()
|
|
||||||
module.exit_json(msg="API Called worked, but logout handler has been asked to logout on success",
|
|
||||||
**results[1])
|
|
||||||
else:
|
|
||||||
return msg
|
|
||||||
|
|
||||||
|
|
||||||
# FUNCTION/METHOD FOR CONVERTING CIDR TO A NETMASK
|
|
||||||
# DID NOT USE IP ADDRESS MODULE TO KEEP INCLUDES TO A MINIMUM
|
|
||||||
def fmgr_cidr_to_netmask(cidr):
|
|
||||||
cidr = int(cidr)
|
|
||||||
mask = (0xffffffff >> (32 - cidr)) << (32 - cidr)
|
|
||||||
return (str((0xff000000 & mask) >> 24) + '.' +
|
|
||||||
str((0x00ff0000 & mask) >> 16) + '.' +
|
|
||||||
str((0x0000ff00 & mask) >> 8) + '.' +
|
|
||||||
str((0x000000ff & mask)))
|
|
||||||
|
|
||||||
|
|
||||||
# utility function: removing keys wih value of None, nothing in playbook for that key
|
|
||||||
def fmgr_del_none(obj):
|
|
||||||
if isinstance(obj, dict):
|
|
||||||
return type(obj)((fmgr_del_none(k), fmgr_del_none(v))
|
|
||||||
for k, v in obj.items() if k is not None and (v is not None and not fmgr_is_empty_dict(v)))
|
|
||||||
else:
|
|
||||||
return obj
|
|
||||||
|
|
||||||
|
|
||||||
# utility function: remove keys that are need for the logic but the FMG API won't accept them
|
|
||||||
def fmgr_prepare_dict(obj):
|
|
||||||
list_of_elems = ["mode", "adom", "host", "username", "password"]
|
|
||||||
if isinstance(obj, dict):
|
|
||||||
obj = dict((key, fmgr_prepare_dict(value)) for (key, value) in obj.items() if key not in list_of_elems)
|
|
||||||
return obj
|
|
||||||
|
|
||||||
|
|
||||||
def fmgr_is_empty_dict(obj):
|
|
||||||
return_val = False
|
|
||||||
if isinstance(obj, dict):
|
|
||||||
if len(obj) > 0:
|
|
||||||
for k, v in obj.items():
|
|
||||||
if isinstance(v, dict):
|
|
||||||
if len(v) == 0:
|
|
||||||
return_val = True
|
|
||||||
elif len(v) > 0:
|
|
||||||
for k1, v1 in v.items():
|
|
||||||
if v1 is None:
|
|
||||||
return_val = True
|
|
||||||
elif v1 is not None:
|
|
||||||
return_val = False
|
|
||||||
return return_val
|
|
||||||
elif v is None:
|
|
||||||
return_val = True
|
|
||||||
elif v is not None:
|
|
||||||
return_val = False
|
|
||||||
return return_val
|
|
||||||
elif len(obj) == 0:
|
|
||||||
return_val = True
|
|
||||||
|
|
||||||
return return_val
|
|
||||||
|
|
||||||
|
|
||||||
def fmgr_split_comma_strings_into_lists(obj):
|
|
||||||
if isinstance(obj, dict):
|
|
||||||
if len(obj) > 0:
|
|
||||||
for k, v in obj.items():
|
|
||||||
if isinstance(v, str):
|
|
||||||
new_list = list()
|
|
||||||
if "," in v:
|
|
||||||
new_items = v.split(",")
|
|
||||||
for item in new_items:
|
|
||||||
new_list.append(item.strip())
|
|
||||||
obj[k] = new_list
|
|
||||||
|
|
||||||
return obj
|
|
||||||
|
|
||||||
|
|
||||||
#############
|
#############
|
||||||
# END METHODS
|
# END METHODS
|
||||||
#############
|
#############
|
||||||
|
|
@ -1237,9 +1107,6 @@ def fmgr_split_comma_strings_into_lists(obj):
|
||||||
def main():
|
def main():
|
||||||
argument_spec = dict(
|
argument_spec = dict(
|
||||||
adom=dict(type="str", default="root"),
|
adom=dict(type="str", default="root"),
|
||||||
host=dict(required=True, type="str"),
|
|
||||||
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]), no_log=True, required=True),
|
|
||||||
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]), no_log=True, required=True),
|
|
||||||
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
|
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
|
||||||
|
|
||||||
name=dict(required=False, type="str"),
|
name=dict(required=False, type="str"),
|
||||||
|
|
@ -1414,8 +1281,7 @@ def main():
|
||||||
|
|
||||||
)
|
)
|
||||||
|
|
||||||
module = AnsibleModule(argument_spec, supports_check_mode=False)
|
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
|
||||||
|
|
||||||
# MODULE PARAMGRAM
|
# MODULE PARAMGRAM
|
||||||
paramgram = {
|
paramgram = {
|
||||||
"mode": module.params["mode"],
|
"mode": module.params["mode"],
|
||||||
|
|
@ -1586,44 +1452,30 @@ def main():
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
list_overrides = ['address-list', 'constraint', 'method', 'signature', 'url-access']
|
module.paramgram = paramgram
|
||||||
for list_variable in list_overrides:
|
fmgr = None
|
||||||
override_data = list()
|
if module._socket_path:
|
||||||
try:
|
connection = Connection(module._socket_path)
|
||||||
override_data = module.params[list_variable]
|
fmgr = FortiManagerHandler(connection, module)
|
||||||
except BaseException:
|
fmgr.tools = FMGRCommon()
|
||||||
pass
|
|
||||||
try:
|
|
||||||
if override_data:
|
|
||||||
del paramgram[list_variable]
|
|
||||||
paramgram[list_variable] = override_data
|
|
||||||
except BaseException:
|
|
||||||
pass
|
|
||||||
|
|
||||||
# CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN.
|
|
||||||
host = module.params["host"]
|
|
||||||
password = module.params["password"]
|
|
||||||
username = module.params["username"]
|
|
||||||
if host is None or username is None or password is None:
|
|
||||||
module.fail_json(msg="Host and username and password are required")
|
|
||||||
|
|
||||||
# CHECK IF LOGIN FAILED
|
|
||||||
fmg = AnsibleFortiManager(module, module.params["host"], module.params["username"], module.params["password"])
|
|
||||||
|
|
||||||
response = fmg.login()
|
|
||||||
if response[1]['status']['code'] != 0:
|
|
||||||
module.fail_json(msg="Connection to FortiManager Failed")
|
|
||||||
|
|
||||||
results = fmgr_waf_profile_addsetdelete(fmg, paramgram)
|
|
||||||
if results[0] != 0:
|
|
||||||
fmgr_logout(fmg, module, results=results, good_codes=[0])
|
|
||||||
|
|
||||||
fmg.logout()
|
|
||||||
|
|
||||||
if results is not None:
|
|
||||||
return module.exit_json(**results[1])
|
|
||||||
else:
|
else:
|
||||||
return module.exit_json(msg="No results were returned from the API call.")
|
module.fail_json(**FAIL_SOCKET_MSG)
|
||||||
|
|
||||||
|
list_overrides = ['address-list', 'constraint', 'method', 'signature', 'url-access']
|
||||||
|
paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
|
||||||
|
paramgram=paramgram, module=module)
|
||||||
|
|
||||||
|
results = DEFAULT_RESULT_OBJ
|
||||||
|
|
||||||
|
try:
|
||||||
|
results = fmgr_waf_profile_modify(fmgr, paramgram)
|
||||||
|
fmgr.govern_response(module=module, results=results,
|
||||||
|
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
|
||||||
|
|
||||||
|
except Exception as err:
|
||||||
|
raise FMGBaseException(err)
|
||||||
|
|
||||||
|
return module.exit_json(**results[1])
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
|
|
|
||||||
|
|
@ -1,360 +1,365 @@
|
||||||
{
|
{
|
||||||
"fmgr_waf_profile_addsetdelete": [
|
"fmgr_waf_profile_modify": [
|
||||||
{
|
{
|
||||||
"paramgram_used": {
|
"paramgram_used": {
|
||||||
"comment": "Created by Ansible Module TEST",
|
"comment": "Created by Ansible Module TEST",
|
||||||
"name": "Ansible_WAF_Profile",
|
"name": "Ansible_WAF_Profile",
|
||||||
"adom": "root",
|
"adom": "root",
|
||||||
"address-list": {
|
"address-list": {
|
||||||
"blocked-address": null,
|
"blocked-address": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"severity": null,
|
"severity": null,
|
||||||
"blocked-log": null,
|
"blocked-log": null,
|
||||||
"trusted-address": null
|
"trusted-address": null
|
||||||
},
|
},
|
||||||
"constraint": {
|
"constraint": {
|
||||||
"header-length": {
|
"header-length": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"length": null,
|
"length": null,
|
||||||
"log": null,
|
"log": null,
|
||||||
"severity": null
|
"severity": null
|
||||||
},
|
},
|
||||||
"content-length": {
|
"content-length": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"length": null,
|
"length": null,
|
||||||
"log": null,
|
"log": null,
|
||||||
"severity": null
|
"severity": null
|
||||||
},
|
},
|
||||||
"max-cookie": {
|
"max-cookie": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"max-cookie": null,
|
"max-cookie": null,
|
||||||
"log": null,
|
"log": null,
|
||||||
"severity": null
|
"severity": null
|
||||||
},
|
},
|
||||||
"url-param-length": {
|
"url-param-length": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"length": null,
|
"length": null,
|
||||||
"log": null,
|
"log": null,
|
||||||
"severity": null
|
"severity": null
|
||||||
},
|
},
|
||||||
"hostname": {
|
"hostname": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"log": null,
|
"log": null,
|
||||||
"severity": null
|
"severity": null
|
||||||
},
|
},
|
||||||
"line-length": {
|
"line-length": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"length": null,
|
"length": null,
|
||||||
"log": null,
|
"log": null,
|
||||||
"severity": null
|
"severity": null
|
||||||
},
|
},
|
||||||
"exception": {
|
"exception": {
|
||||||
"regex": null,
|
"regex": null,
|
||||||
"header-length": null,
|
"header-length": null,
|
||||||
"content-length": null,
|
"content-length": null,
|
||||||
"max-cookie": null,
|
"max-cookie": null,
|
||||||
"pattern": null,
|
"pattern": null,
|
||||||
"hostname": null,
|
"hostname": null,
|
||||||
"line-length": null,
|
"line-length": null,
|
||||||
"max-range-segment": null,
|
"max-range-segment": null,
|
||||||
"url-param-length": null,
|
"url-param-length": null,
|
||||||
"version": null,
|
"version": null,
|
||||||
"param-length": null,
|
"param-length": null,
|
||||||
"malformed": null,
|
"malformed": null,
|
||||||
"address": null,
|
"address": null,
|
||||||
"max-url-param": null,
|
"max-url-param": null,
|
||||||
"max-header-line": null,
|
"max-header-line": null,
|
||||||
"method": null
|
"method": null
|
||||||
},
|
},
|
||||||
"max-range-segment": {
|
"max-range-segment": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"max-range-segment": null,
|
"max-range-segment": null,
|
||||||
"severity": null,
|
"severity": null,
|
||||||
"log": null
|
"log": null
|
||||||
},
|
},
|
||||||
"version": {
|
"version": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"log": null,
|
"log": null,
|
||||||
"severity": null
|
"severity": null
|
||||||
},
|
},
|
||||||
"param-length": {
|
"param-length": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"length": null,
|
"length": null,
|
||||||
"log": null,
|
"log": null,
|
||||||
"severity": null
|
"severity": null
|
||||||
},
|
},
|
||||||
"malformed": {
|
"malformed": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"log": null,
|
"log": null,
|
||||||
"severity": null
|
"severity": null
|
||||||
},
|
},
|
||||||
"max-url-param": {
|
"max-url-param": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"max-url-param": null,
|
"max-url-param": null,
|
||||||
"log": null,
|
"log": null,
|
||||||
"severity": null
|
"severity": null
|
||||||
},
|
},
|
||||||
"max-header-line": {
|
"max-header-line": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"max-header-line": null,
|
"max-header-line": null,
|
||||||
"log": null,
|
"log": null,
|
||||||
"severity": null
|
"severity": null
|
||||||
},
|
},
|
||||||
"method": {
|
"method": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"log": null,
|
"log": null,
|
||||||
"severity": null
|
"severity": null
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"extended-log": null,
|
"extended-log": null,
|
||||||
"url-access": {
|
"url-access": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"address": null,
|
"address": null,
|
||||||
"severity": null,
|
"severity": null,
|
||||||
"access-pattern": {
|
"access-pattern": {
|
||||||
"negate": null,
|
"negate": null,
|
||||||
"pattern": null,
|
"pattern": null,
|
||||||
"srcaddr": null,
|
"srcaddr": null,
|
||||||
"regex": null
|
"regex": null
|
||||||
},
|
},
|
||||||
"log": null
|
"log": null
|
||||||
},
|
},
|
||||||
"external": null,
|
"external": null,
|
||||||
"signature": {
|
"signature": {
|
||||||
"custom-signature": {
|
"custom-signature": {
|
||||||
"status": null,
|
"status": null,
|
||||||
"direction": null,
|
"direction": null,
|
||||||
"target": null,
|
"target": null,
|
||||||
"severity": null,
|
"severity": null,
|
||||||
"case-sensitivity": null,
|
"case-sensitivity": null,
|
||||||
"name": null,
|
"name": null,
|
||||||
"pattern": null,
|
"pattern": null,
|
||||||
"action": null,
|
"action": null,
|
||||||
"log": null
|
"log": null
|
||||||
},
|
},
|
||||||
"credit-card-detection-threshold": null,
|
"credit-card-detection-threshold": null,
|
||||||
"main-class": {
|
"main-class": {
|
||||||
"action": null,
|
"action": null,
|
||||||
"status": null,
|
"status": null,
|
||||||
"log": null,
|
"log": null,
|
||||||
"severity": null
|
"severity": null
|
||||||
},
|
},
|
||||||
"disabled-signature": null,
|
"disabled-signature": null,
|
||||||
"disabled-sub-class": null
|
"disabled-sub-class": null
|
||||||
},
|
},
|
||||||
"method": {
|
"method": {
|
||||||
"status": null,
|
"status": null,
|
||||||
"severity": null,
|
"severity": null,
|
||||||
"default-allowed-methods": null,
|
"default-allowed-methods": null,
|
||||||
"log": null,
|
"log": null,
|
||||||
"method-policy": {
|
"method-policy": {
|
||||||
"regex": null,
|
"regex": null,
|
||||||
"pattern": null,
|
"pattern": null,
|
||||||
"allowed-methods": null,
|
"allowed-methods": null,
|
||||||
"address": null
|
"address": null
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"mode": "delete"
|
"mode": "delete"
|
||||||
},
|
},
|
||||||
"raw_response": {
|
"datagram_sent": {},
|
||||||
"status": {
|
"raw_response": {
|
||||||
"message": "OK",
|
"status": {
|
||||||
"code": 0
|
"message": "OK",
|
||||||
},
|
"code": 0
|
||||||
"url": "/pm/config/adom/root/obj/waf/profile/Ansible_WAF_Profile"
|
},
|
||||||
},
|
"url": "/pm/config/adom/root/obj/waf/profile/Ansible_WAF_Profile"
|
||||||
"post_method": "delete"
|
},
|
||||||
},
|
"post_method": "delete"
|
||||||
{
|
},
|
||||||
"raw_response": {
|
{
|
||||||
"status": {
|
"raw_response": {
|
||||||
"message": "OK",
|
"status": {
|
||||||
"code": 0
|
"message": "OK",
|
||||||
},
|
"code": 0
|
||||||
"url": "/pm/config/adom/root/obj/waf/profile"
|
},
|
||||||
},
|
"url": "/pm/config/adom/root/obj/waf/profile"
|
||||||
"paramgram_used": {
|
},
|
||||||
"comment": "Created by Ansible Module TEST",
|
"datagram_sent": {
|
||||||
"adom": "root",
|
"comment": "Created by Ansible Module TEST",
|
||||||
"address-list": {
|
"name": "Ansible_WAF_Profile"
|
||||||
"blocked-address": null,
|
},
|
||||||
"status": null,
|
"paramgram_used": {
|
||||||
"severity": null,
|
"comment": "Created by Ansible Module TEST",
|
||||||
"blocked-log": null,
|
"adom": "root",
|
||||||
"trusted-address": null
|
"address-list": {
|
||||||
},
|
"blocked-address": null,
|
||||||
"extended-log": null,
|
"status": null,
|
||||||
"url-access": {
|
"severity": null,
|
||||||
"action": null,
|
"blocked-log": null,
|
||||||
"severity": null,
|
"trusted-address": null
|
||||||
"log": null,
|
},
|
||||||
"access-pattern": {
|
"extended-log": null,
|
||||||
"negate": null,
|
"url-access": {
|
||||||
"pattern": null,
|
"action": null,
|
||||||
"srcaddr": null,
|
"severity": null,
|
||||||
"regex": null
|
"log": null,
|
||||||
},
|
"access-pattern": {
|
||||||
"address": null
|
"negate": null,
|
||||||
},
|
"pattern": null,
|
||||||
"external": null,
|
"srcaddr": null,
|
||||||
"name": "Ansible_WAF_Profile",
|
"regex": null
|
||||||
"constraint": {
|
},
|
||||||
"content-length": {
|
"address": null
|
||||||
"action": null,
|
},
|
||||||
"status": null,
|
"external": null,
|
||||||
"length": null,
|
"name": "Ansible_WAF_Profile",
|
||||||
"log": null,
|
"constraint": {
|
||||||
"severity": null
|
"content-length": {
|
||||||
},
|
"action": null,
|
||||||
"max-cookie": {
|
"status": null,
|
||||||
"action": null,
|
"length": null,
|
||||||
"status": null,
|
"log": null,
|
||||||
"max-cookie": null,
|
"severity": null
|
||||||
"log": null,
|
},
|
||||||
"severity": null
|
"max-cookie": {
|
||||||
},
|
"action": null,
|
||||||
"line-length": {
|
"status": null,
|
||||||
"action": null,
|
"max-cookie": null,
|
||||||
"status": null,
|
"log": null,
|
||||||
"length": null,
|
"severity": null
|
||||||
"log": null,
|
},
|
||||||
"severity": null
|
"line-length": {
|
||||||
},
|
"action": null,
|
||||||
"max-range-segment": {
|
"status": null,
|
||||||
"action": null,
|
"length": null,
|
||||||
"severity": null,
|
"log": null,
|
||||||
"status": null,
|
"severity": null
|
||||||
"log": null,
|
},
|
||||||
"max-range-segment": null
|
"max-range-segment": {
|
||||||
},
|
"action": null,
|
||||||
"param-length": {
|
"severity": null,
|
||||||
"action": null,
|
"status": null,
|
||||||
"status": null,
|
"log": null,
|
||||||
"length": null,
|
"max-range-segment": null
|
||||||
"log": null,
|
},
|
||||||
"severity": null
|
"param-length": {
|
||||||
},
|
"action": null,
|
||||||
"malformed": {
|
"status": null,
|
||||||
"action": null,
|
"length": null,
|
||||||
"status": null,
|
"log": null,
|
||||||
"log": null,
|
"severity": null
|
||||||
"severity": null
|
},
|
||||||
},
|
"malformed": {
|
||||||
"max-url-param": {
|
"action": null,
|
||||||
"action": null,
|
"status": null,
|
||||||
"status": null,
|
"log": null,
|
||||||
"max-url-param": null,
|
"severity": null
|
||||||
"log": null,
|
},
|
||||||
"severity": null
|
"max-url-param": {
|
||||||
},
|
"action": null,
|
||||||
"header-length": {
|
"status": null,
|
||||||
"action": null,
|
"max-url-param": null,
|
||||||
"status": null,
|
"log": null,
|
||||||
"length": null,
|
"severity": null
|
||||||
"log": null,
|
},
|
||||||
"severity": null
|
"header-length": {
|
||||||
},
|
"action": null,
|
||||||
"exception": {
|
"status": null,
|
||||||
"regex": null,
|
"length": null,
|
||||||
"header-length": null,
|
"log": null,
|
||||||
"content-length": null,
|
"severity": null
|
||||||
"max-cookie": null,
|
},
|
||||||
"pattern": null,
|
"exception": {
|
||||||
"hostname": null,
|
"regex": null,
|
||||||
"line-length": null,
|
"header-length": null,
|
||||||
"max-range-segment": null,
|
"content-length": null,
|
||||||
"url-param-length": null,
|
"max-cookie": null,
|
||||||
"version": null,
|
"pattern": null,
|
||||||
"param-length": null,
|
"hostname": null,
|
||||||
"malformed": null,
|
"line-length": null,
|
||||||
"address": null,
|
"max-range-segment": null,
|
||||||
"max-url-param": null,
|
"url-param-length": null,
|
||||||
"max-header-line": null,
|
"version": null,
|
||||||
"method": null
|
"param-length": null,
|
||||||
},
|
"malformed": null,
|
||||||
"hostname": {
|
"address": null,
|
||||||
"action": null,
|
"max-url-param": null,
|
||||||
"status": null,
|
"max-header-line": null,
|
||||||
"log": null,
|
"method": null
|
||||||
"severity": null
|
},
|
||||||
},
|
"hostname": {
|
||||||
"url-param-length": {
|
"action": null,
|
||||||
"action": null,
|
"status": null,
|
||||||
"status": null,
|
"log": null,
|
||||||
"length": null,
|
"severity": null
|
||||||
"log": null,
|
},
|
||||||
"severity": null
|
"url-param-length": {
|
||||||
},
|
"action": null,
|
||||||
"version": {
|
"status": null,
|
||||||
"action": null,
|
"length": null,
|
||||||
"status": null,
|
"log": null,
|
||||||
"log": null,
|
"severity": null
|
||||||
"severity": null
|
},
|
||||||
},
|
"version": {
|
||||||
"max-header-line": {
|
"action": null,
|
||||||
"action": null,
|
"status": null,
|
||||||
"status": null,
|
"log": null,
|
||||||
"max-header-line": null,
|
"severity": null
|
||||||
"log": null,
|
},
|
||||||
"severity": null
|
"max-header-line": {
|
||||||
},
|
"action": null,
|
||||||
"method": {
|
"status": null,
|
||||||
"action": null,
|
"max-header-line": null,
|
||||||
"status": null,
|
"log": null,
|
||||||
"log": null,
|
"severity": null
|
||||||
"severity": null
|
},
|
||||||
}
|
"method": {
|
||||||
},
|
"action": null,
|
||||||
"mode": "set",
|
"status": null,
|
||||||
"signature": {
|
"log": null,
|
||||||
"custom-signature": {
|
"severity": null
|
||||||
"status": null,
|
}
|
||||||
"direction": null,
|
},
|
||||||
"log": null,
|
"mode": "set",
|
||||||
"severity": null,
|
"signature": {
|
||||||
"target": null,
|
"custom-signature": {
|
||||||
"action": null,
|
"status": null,
|
||||||
"pattern": null,
|
"direction": null,
|
||||||
"case-sensitivity": null,
|
"log": null,
|
||||||
"name": null
|
"severity": null,
|
||||||
},
|
"target": null,
|
||||||
"credit-card-detection-threshold": null,
|
"action": null,
|
||||||
"main-class": {
|
"pattern": null,
|
||||||
"action": null,
|
"case-sensitivity": null,
|
||||||
"status": null,
|
"name": null
|
||||||
"log": null,
|
},
|
||||||
"severity": null
|
"credit-card-detection-threshold": null,
|
||||||
},
|
"main-class": {
|
||||||
"disabled-signature": null,
|
"action": null,
|
||||||
"disabled-sub-class": null
|
"status": null,
|
||||||
},
|
"log": null,
|
||||||
"method": {
|
"severity": null
|
||||||
"status": null,
|
},
|
||||||
"default-allowed-methods": null,
|
"disabled-signature": null,
|
||||||
"method-policy": {
|
"disabled-sub-class": null
|
||||||
"regex": null,
|
},
|
||||||
"pattern": null,
|
"method": {
|
||||||
"allowed-methods": null,
|
"status": null,
|
||||||
"address": null
|
"default-allowed-methods": null,
|
||||||
},
|
"method-policy": {
|
||||||
"log": null,
|
"regex": null,
|
||||||
"severity": null
|
"pattern": null,
|
||||||
}
|
"allowed-methods": null,
|
||||||
},
|
"address": null
|
||||||
"post_method": "set"
|
},
|
||||||
}
|
"log": null,
|
||||||
]
|
"severity": null
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"post_method": "set"
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ __metaclass__ = type
|
||||||
|
|
||||||
import os
|
import os
|
||||||
import json
|
import json
|
||||||
from pyFMG.fortimgr import FortiManager
|
from ansible.module_utils.network.fortimanager.fortimanager import FortiManagerHandler
|
||||||
import pytest
|
import pytest
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
@ -27,15 +27,10 @@ try:
|
||||||
except ImportError:
|
except ImportError:
|
||||||
pytest.skip("Could not load required modules for testing", allow_module_level=True)
|
pytest.skip("Could not load required modules for testing", allow_module_level=True)
|
||||||
|
|
||||||
fmg_instance = FortiManager("1.1.1.1", "admin", "")
|
|
||||||
|
|
||||||
|
|
||||||
def load_fixtures():
|
def load_fixtures():
|
||||||
fixture_path = os.path.join(
|
fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures') + "/{filename}.json".format(
|
||||||
os.path.dirname(__file__),
|
filename=os.path.splitext(os.path.basename(__file__))[0])
|
||||||
'fixtures') + "/{filename}.json".format(
|
|
||||||
filename=os.path.splitext(
|
|
||||||
os.path.basename(__file__))[0])
|
|
||||||
try:
|
try:
|
||||||
with open(fixture_path, "r") as fixture_file:
|
with open(fixture_path, "r") as fixture_file:
|
||||||
fixture_data = json.load(fixture_file)
|
fixture_data = json.load(fixture_file)
|
||||||
|
|
@ -44,88 +39,31 @@ def load_fixtures():
|
||||||
return [fixture_data]
|
return [fixture_data]
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture(autouse=True)
|
||||||
|
def module_mock(mocker):
|
||||||
|
connection_class_mock = mocker.patch('ansible.module_utils.basic.AnsibleModule')
|
||||||
|
return connection_class_mock
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture(autouse=True)
|
||||||
|
def connection_mock(mocker):
|
||||||
|
connection_class_mock = mocker.patch('ansible.modules.network.fortimanager.fmgr_secprof_waf.Connection')
|
||||||
|
return connection_class_mock
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture(scope="function", params=load_fixtures())
|
@pytest.fixture(scope="function", params=load_fixtures())
|
||||||
def fixture_data(request):
|
def fixture_data(request):
|
||||||
func_name = request.function.__name__.replace("test_", "")
|
func_name = request.function.__name__.replace("test_", "")
|
||||||
return request.param.get(func_name, None)
|
return request.param.get(func_name, None)
|
||||||
|
|
||||||
|
|
||||||
def test_fmgr_waf_profile_addsetdelete(fixture_data, mocker):
|
fmg_instance = FortiManagerHandler(connection_mock, module_mock)
|
||||||
mocker.patch("pyFMG.fortimgr.FortiManager._post_request", side_effect=fixture_data)
|
|
||||||
# Fixture sets used:###########################
|
|
||||||
|
|
||||||
##################################################
|
|
||||||
# comment: Created by Ansible Module TEST
|
|
||||||
# name: Ansible_WAF_Profile
|
|
||||||
# adom: root
|
|
||||||
# address-list: {'blocked-address': None, 'status': None, 'severity': None, 'blocked-log': None,
|
|
||||||
# 'trusted-address': None}
|
|
||||||
# constraint: {'header-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
|
||||||
# 'content-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
|
||||||
# 'max-cookie': {'action': None, 'status': None, 'max-cookie': None, 'log': None, 'severity': None},
|
|
||||||
# 'url-param-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
|
||||||
# 'hostname': {'action': None, 'status': None, 'log': None, 'severity': None},
|
|
||||||
# 'line-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
|
||||||
# 'exception': {'regex': None, 'header-length': None, 'content-length': None, 'max-cookie': None, 'pattern': None,
|
|
||||||
# 'hostname': None, 'line-length': None, 'max-range-segment': None, 'url-param-length': None, 'version': None,
|
|
||||||
# 'param-length': None, 'malformed': None, 'address': None, 'max-url-param': None, 'max-header-line': None,
|
|
||||||
# 'method': None}, 'max-range-segment': {'action': None, 'status': None, 'max-range-segment': None,
|
|
||||||
# 'severity': None, 'log': None}, 'version': {'action': None, 'status': None, 'log': None, 'severity': None},
|
|
||||||
# 'param-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
|
||||||
# 'malformed': {'action': None, 'status': None, 'log': None, 'severity': None}, 'max-url-param': {'action': None,
|
|
||||||
# 'status': None, 'max-url-param': None, 'log': None, 'severity': None}, 'max-header-line': {'action': None,
|
|
||||||
# 'status': None, 'max-header-line': None, 'log': None, 'severity': None}, 'method': {'action': None,
|
|
||||||
# 'status': None, 'log': None, 'severity': None}}
|
|
||||||
# extended-log: None
|
|
||||||
# url-access: {'action': None, 'address': None, 'severity': None, 'access-pattern': {'negate': None,
|
|
||||||
# 'pattern': None, 'srcaddr': None, 'regex': None}, 'log': None}
|
|
||||||
# external: None
|
|
||||||
# signature: {'custom-signature': {'status': None, 'direction': None, 'target': None, 'severity': None,
|
|
||||||
# 'case-sensitivity': None, 'name': None, 'pattern': None, 'action': None, 'log': None},
|
|
||||||
# 'credit-card-detection-threshold': None, 'main-class': {'action': None, 'status': None, 'log': None,
|
|
||||||
# 'severity': None}, 'disabled-signature': None, 'disabled-sub-class': None}
|
|
||||||
# method: {'status': None, 'severity': None, 'default-allowed-methods': None, 'log': None,
|
|
||||||
# 'method-policy': {'regex': None, 'pattern': None, 'allowed-methods': None, 'address': None}}
|
|
||||||
# mode: delete
|
|
||||||
##################################################
|
|
||||||
##################################################
|
|
||||||
# comment: Created by Ansible Module TEST
|
|
||||||
# adom: root
|
|
||||||
# address-list: {'blocked-address': None, 'status': None, 'severity': None, 'blocked-log': None,
|
|
||||||
# 'trusted-address': None}
|
|
||||||
# extended-log: None
|
|
||||||
# url-access: {'action': None, 'severity': None, 'log': None, 'access-pattern': {'negate': None, 'pattern': None,
|
|
||||||
# 'srcaddr': None, 'regex': None}, 'address': None}
|
|
||||||
# external: None
|
|
||||||
# name: Ansible_WAF_Profile
|
|
||||||
# constraint: {'content-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
|
||||||
# 'max-cookie': {'action': None, 'status': None, 'max-cookie': None, 'log': None, 'severity': None},
|
|
||||||
# 'line-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
|
||||||
# 'max-range-segment': {'action': None, 'severity': None, 'status': None, 'log': None, 'max-range-segment': None},
|
|
||||||
# 'param-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
|
||||||
# 'malformed': {'action': None, 'status': None, 'log': None, 'severity': None}, 'max-url-param': {'action': None,
|
|
||||||
# 'status': None, 'max-url-param': None, 'log': None, 'severity': None}, 'header-length': {'action': None,
|
|
||||||
# 'status': None, 'length': None, 'log': None, 'severity': None}, 'exception': {'regex': None,
|
|
||||||
# 'header-length': None, 'content-length': None, 'max-cookie': None, 'pattern': None, 'hostname': None,
|
|
||||||
# 'line-length': None, 'max-range-segment': None, 'url-param-length': None, 'version': None, 'param-length': None,
|
|
||||||
# 'malformed': None, 'address': None, 'max-url-param': None, 'max-header-line': None, 'method': None},
|
|
||||||
# 'hostname': {'action': None, 'status': None, 'log': None, 'severity': None},
|
|
||||||
# 'url-param-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
|
||||||
# 'version': {'action': None, 'status': None, 'log': None, 'severity': None}, 'max-header-line': {'action': None,
|
|
||||||
# 'status': None, 'max-header-line': None, 'log': None, 'severity': None}, 'method': {'action': None,
|
|
||||||
# 'status': None, 'log': None, 'severity': None}}
|
|
||||||
# mode: set
|
|
||||||
# signature: {'custom-signature': {'status': None, 'direction': None, 'log': None, 'severity': None, 'target': None,
|
|
||||||
# 'action': None, 'pattern': None, 'case-sensitivity': None, 'name': None},
|
|
||||||
# 'credit-card-detection-threshold': None, 'main-class': {'action': None, 'status': None, 'log': None,
|
|
||||||
# 'severity': None}, 'disabled-signature': None, 'disabled-sub-class': None}
|
|
||||||
# method: {'status': None, 'default-allowed-methods': None, 'method-policy': {'regex': None, 'pattern': None,
|
|
||||||
# 'allowed-methods': None, 'address': None}, 'log': None, 'severity': None}
|
|
||||||
##################################################
|
|
||||||
|
|
||||||
# Test using fixture 1 #
|
def test_fmgr_waf_profile_modify(fixture_data, mocker):
|
||||||
output = fmgr_secprof_waf.fmgr_waf_profile_addsetdelete(fmg_instance, fixture_data[0]['paramgram_used'])
|
mocker.patch("ansible.module_utils.network.fortimanager.fortimanager.FortiManagerHandler.process_request",
|
||||||
|
side_effect=fixture_data)
|
||||||
|
output = fmgr_secprof_waf.fmgr_waf_profile_modify(fmg_instance, fixture_data[0]['paramgram_used'])
|
||||||
assert output['raw_response']['status']['code'] == 0
|
assert output['raw_response']['status']['code'] == 0
|
||||||
# Test using fixture 2 #
|
output = fmgr_secprof_waf.fmgr_waf_profile_modify(fmg_instance, fixture_data[1]['paramgram_used'])
|
||||||
output = fmgr_secprof_waf.fmgr_waf_profile_addsetdelete(fmg_instance, fixture_data[1]['paramgram_used'])
|
|
||||||
assert output['raw_response']['status']['code'] == 0
|
assert output['raw_response']['status']['code'] == 0
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue