FortiManager Plugin Module Conversion: fmgr_secprof_waf (#52789)
* Auto Commit for: fmgr_secprof_waf * Auto Commit for: fmgr_secprof_waf * Auto Commit for: fmgr_secprof_waf
This commit is contained in:
ftntcorecse
Nilashish Chakraborty
parent
60c0069fec
commit
7ee7c3cf2c
3 changed files with 431 additions and 636 deletions
|
|
@ -28,6 +28,8 @@ DOCUMENTATION = '''
|
|||
---
|
||||
module: fmgr_secprof_waf
|
||||
version_added: "2.8"
|
||||
notes:
|
||||
- Full Documentation at U(https://ftnt-ansible-docs.readthedocs.io/en/latest/).
|
||||
author:
|
||||
- Luke Weighall (@lweighall)
|
||||
- Andrew Welsh (@Ghilli3)
|
||||
|
|
@ -43,21 +45,6 @@ options:
|
|||
required: false
|
||||
default: root
|
||||
|
||||
host:
|
||||
description:
|
||||
- The FortiManager's Address.
|
||||
required: true
|
||||
|
||||
username:
|
||||
description:
|
||||
- The username associated with the account.
|
||||
required: true
|
||||
|
||||
password:
|
||||
description:
|
||||
- The password associated with the username account.
|
||||
required: true
|
||||
|
||||
mode:
|
||||
description:
|
||||
- Sets one of three modes for managing the object.
|
||||
|
|
@ -1045,18 +1032,12 @@ options:
|
|||
EXAMPLES = '''
|
||||
- name: DELETE Profile
|
||||
fmgr_secprof_waf:
|
||||
host: "{{inventory_hostname}}"
|
||||
username: "{{ username }}"
|
||||
password: "{{ password }}"
|
||||
name: "Ansible_WAF_Profile"
|
||||
comment: "Created by Ansible Module TEST"
|
||||
mode: "delete"
|
||||
|
||||
- name: CREATE Profile
|
||||
fmgr_secprof_waf:
|
||||
host: "{{inventory_hostname}}"
|
||||
username: "{{ username }}"
|
||||
password: "{{ password }}"
|
||||
name: "Ansible_WAF_Profile"
|
||||
comment: "Created by Ansible Module TEST"
|
||||
mode: "set"
|
||||
|
|
@ -1070,15 +1051,15 @@ api_result:
|
|||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule, env_fallback
|
||||
from ansible.module_utils.network.fortimanager.fortimanager import AnsibleFortiManager
|
||||
|
||||
# check for pyFMG lib
|
||||
try:
|
||||
from pyFMG.fortimgr import FortiManager
|
||||
|
||||
HAS_PYFMGR = True
|
||||
except ImportError:
|
||||
HAS_PYFMGR = False
|
||||
from ansible.module_utils.connection import Connection
|
||||
from ansible.module_utils.network.fortimanager.fortimanager import FortiManagerHandler
|
||||
from ansible.module_utils.network.fortimanager.common import FMGBaseException
|
||||
from ansible.module_utils.network.fortimanager.common import FMGRCommon
|
||||
from ansible.module_utils.network.fortimanager.common import FMGRMethods
|
||||
from ansible.module_utils.network.fortimanager.common import DEFAULT_RESULT_OBJ
|
||||
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
|
||||
from ansible.module_utils.network.fortimanager.common import prepare_dict
|
||||
from ansible.module_utils.network.fortimanager.common import scrub_dict
|
||||
|
||||
|
||||
###############
|
||||
|
|
@ -1086,19 +1067,26 @@ except ImportError:
|
|||
###############
|
||||
|
||||
|
||||
def fmgr_waf_profile_addsetdelete(fmg, paramgram):
|
||||
|
||||
def fmgr_waf_profile_modify(fmgr, paramgram):
|
||||
"""
|
||||
:param fmgr: The fmgr object instance from fortimanager.py
|
||||
:type fmgr: class object
|
||||
:param paramgram: The formatted dictionary of options to process
|
||||
:type paramgram: dict
|
||||
:return: The response from the FortiManager
|
||||
:rtype: dict
|
||||
"""
|
||||
mode = paramgram["mode"]
|
||||
adom = paramgram["adom"]
|
||||
# INIT A BASIC OBJECTS
|
||||
response = (-100000, {"msg": "Illegal or malformed paramgram discovered. System Exception"})
|
||||
response = DEFAULT_RESULT_OBJ
|
||||
url = ""
|
||||
datagram = {}
|
||||
|
||||
# EVAL THE MODE PARAMETER FOR SET OR ADD
|
||||
if mode in ['set', 'add', 'update']:
|
||||
url = '/pm/config/adom/{adom}/obj/waf/profile'.format(adom=adom)
|
||||
datagram = fmgr_del_none(fmgr_prepare_dict(paramgram))
|
||||
datagram = scrub_dict(prepare_dict(paramgram))
|
||||
|
||||
# EVAL THE MODE PARAMETER FOR DELETE
|
||||
elif mode == "delete":
|
||||
|
|
@ -1106,129 +1094,11 @@ def fmgr_waf_profile_addsetdelete(fmg, paramgram):
|
|||
url = '/pm/config/adom/{adom}/obj/waf/profile/{name}'.format(adom=adom, name=paramgram["name"])
|
||||
datagram = {}
|
||||
|
||||
# IF MODE = SET -- USE THE 'SET' API CALL MODE
|
||||
if mode == "set":
|
||||
response = fmg.set(url, datagram)
|
||||
# IF MODE = UPDATE -- USER THE 'UPDATE' API CALL MODE
|
||||
elif mode == "update":
|
||||
response = fmg.update(url, datagram)
|
||||
# IF MODE = ADD -- USE THE 'ADD' API CALL MODE
|
||||
elif mode == "add":
|
||||
response = fmg.add(url, datagram)
|
||||
# IF MODE = DELETE -- USE THE DELETE URL AND API CALL MODE
|
||||
elif mode == "delete":
|
||||
response = fmg.delete(url, datagram)
|
||||
response = fmgr.process_request(url, datagram, paramgram["mode"])
|
||||
|
||||
return response
|
||||
|
||||
|
||||
# ADDITIONAL COMMON FUNCTIONS
|
||||
# FUNCTION/METHOD FOR LOGGING OUT AND ANALYZING ERROR CODES
|
||||
def fmgr_logout(fmg, module, msg="NULL", results=(), good_codes=(0,), logout_on_fail=True, logout_on_success=False):
|
||||
"""
|
||||
THIS METHOD CONTROLS THE LOGOUT AND ERROR REPORTING AFTER AN METHOD OR FUNCTION RUNS
|
||||
"""
|
||||
# pydevd.settrace('10.0.0.122', port=54654, stdoutToServer=True, stderrToServer=True)
|
||||
# VALIDATION ERROR (NO RESULTS, JUST AN EXIT)
|
||||
if msg != "NULL" and len(results) == 0:
|
||||
try:
|
||||
fmg.logout()
|
||||
except BaseException:
|
||||
pass
|
||||
module.fail_json(msg=msg)
|
||||
|
||||
# SUBMISSION ERROR
|
||||
if len(results) > 0:
|
||||
if msg == "NULL":
|
||||
try:
|
||||
msg = results[1]['status']['message']
|
||||
except BaseException:
|
||||
msg = "No status message returned from pyFMG. Possible that this was a GET with a tuple result."
|
||||
|
||||
if results[0] not in good_codes:
|
||||
if logout_on_fail:
|
||||
fmg.logout()
|
||||
module.fail_json(msg=msg, **results[1])
|
||||
else:
|
||||
return msg
|
||||
else:
|
||||
if logout_on_success:
|
||||
fmg.logout()
|
||||
module.exit_json(msg="API Called worked, but logout handler has been asked to logout on success",
|
||||
**results[1])
|
||||
else:
|
||||
return msg
|
||||
|
||||
|
||||
# FUNCTION/METHOD FOR CONVERTING CIDR TO A NETMASK
|
||||
# DID NOT USE IP ADDRESS MODULE TO KEEP INCLUDES TO A MINIMUM
|
||||
def fmgr_cidr_to_netmask(cidr):
|
||||
cidr = int(cidr)
|
||||
mask = (0xffffffff >> (32 - cidr)) << (32 - cidr)
|
||||
return (str((0xff000000 & mask) >> 24) + '.' +
|
||||
str((0x00ff0000 & mask) >> 16) + '.' +
|
||||
str((0x0000ff00 & mask) >> 8) + '.' +
|
||||
str((0x000000ff & mask)))
|
||||
|
||||
|
||||
# utility function: removing keys wih value of None, nothing in playbook for that key
|
||||
def fmgr_del_none(obj):
|
||||
if isinstance(obj, dict):
|
||||
return type(obj)((fmgr_del_none(k), fmgr_del_none(v))
|
||||
for k, v in obj.items() if k is not None and (v is not None and not fmgr_is_empty_dict(v)))
|
||||
else:
|
||||
return obj
|
||||
|
||||
|
||||
# utility function: remove keys that are need for the logic but the FMG API won't accept them
|
||||
def fmgr_prepare_dict(obj):
|
||||
list_of_elems = ["mode", "adom", "host", "username", "password"]
|
||||
if isinstance(obj, dict):
|
||||
obj = dict((key, fmgr_prepare_dict(value)) for (key, value) in obj.items() if key not in list_of_elems)
|
||||
return obj
|
||||
|
||||
|
||||
def fmgr_is_empty_dict(obj):
|
||||
return_val = False
|
||||
if isinstance(obj, dict):
|
||||
if len(obj) > 0:
|
||||
for k, v in obj.items():
|
||||
if isinstance(v, dict):
|
||||
if len(v) == 0:
|
||||
return_val = True
|
||||
elif len(v) > 0:
|
||||
for k1, v1 in v.items():
|
||||
if v1 is None:
|
||||
return_val = True
|
||||
elif v1 is not None:
|
||||
return_val = False
|
||||
return return_val
|
||||
elif v is None:
|
||||
return_val = True
|
||||
elif v is not None:
|
||||
return_val = False
|
||||
return return_val
|
||||
elif len(obj) == 0:
|
||||
return_val = True
|
||||
|
||||
return return_val
|
||||
|
||||
|
||||
def fmgr_split_comma_strings_into_lists(obj):
|
||||
if isinstance(obj, dict):
|
||||
if len(obj) > 0:
|
||||
for k, v in obj.items():
|
||||
if isinstance(v, str):
|
||||
new_list = list()
|
||||
if "," in v:
|
||||
new_items = v.split(",")
|
||||
for item in new_items:
|
||||
new_list.append(item.strip())
|
||||
obj[k] = new_list
|
||||
|
||||
return obj
|
||||
|
||||
|
||||
#############
|
||||
# END METHODS
|
||||
#############
|
||||
|
|
@ -1237,9 +1107,6 @@ def fmgr_split_comma_strings_into_lists(obj):
|
|||
def main():
|
||||
argument_spec = dict(
|
||||
adom=dict(type="str", default="root"),
|
||||
host=dict(required=True, type="str"),
|
||||
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]), no_log=True, required=True),
|
||||
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]), no_log=True, required=True),
|
||||
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
|
||||
|
||||
name=dict(required=False, type="str"),
|
||||
|
|
@ -1414,8 +1281,7 @@ def main():
|
|||
|
||||
)
|
||||
|
||||
module = AnsibleModule(argument_spec, supports_check_mode=False)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
|
||||
# MODULE PARAMGRAM
|
||||
paramgram = {
|
||||
"mode": module.params["mode"],
|
||||
|
|
@ -1586,44 +1452,30 @@ def main():
|
|||
}
|
||||
}
|
||||
|
||||
list_overrides = ['address-list', 'constraint', 'method', 'signature', 'url-access']
|
||||
for list_variable in list_overrides:
|
||||
override_data = list()
|
||||
try:
|
||||
override_data = module.params[list_variable]
|
||||
except BaseException:
|
||||
pass
|
||||
try:
|
||||
if override_data:
|
||||
del paramgram[list_variable]
|
||||
paramgram[list_variable] = override_data
|
||||
except BaseException:
|
||||
pass
|
||||
|
||||
# CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN.
|
||||
host = module.params["host"]
|
||||
password = module.params["password"]
|
||||
username = module.params["username"]
|
||||
if host is None or username is None or password is None:
|
||||
module.fail_json(msg="Host and username and password are required")
|
||||
|
||||
# CHECK IF LOGIN FAILED
|
||||
fmg = AnsibleFortiManager(module, module.params["host"], module.params["username"], module.params["password"])
|
||||
|
||||
response = fmg.login()
|
||||
if response[1]['status']['code'] != 0:
|
||||
module.fail_json(msg="Connection to FortiManager Failed")
|
||||
|
||||
results = fmgr_waf_profile_addsetdelete(fmg, paramgram)
|
||||
if results[0] != 0:
|
||||
fmgr_logout(fmg, module, results=results, good_codes=[0])
|
||||
|
||||
fmg.logout()
|
||||
|
||||
if results is not None:
|
||||
return module.exit_json(**results[1])
|
||||
module.paramgram = paramgram
|
||||
fmgr = None
|
||||
if module._socket_path:
|
||||
connection = Connection(module._socket_path)
|
||||
fmgr = FortiManagerHandler(connection, module)
|
||||
fmgr.tools = FMGRCommon()
|
||||
else:
|
||||
return module.exit_json(msg="No results were returned from the API call.")
|
||||
module.fail_json(**FAIL_SOCKET_MSG)
|
||||
|
||||
list_overrides = ['address-list', 'constraint', 'method', 'signature', 'url-access']
|
||||
paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
|
||||
paramgram=paramgram, module=module)
|
||||
|
||||
results = DEFAULT_RESULT_OBJ
|
||||
|
||||
try:
|
||||
results = fmgr_waf_profile_modify(fmgr, paramgram)
|
||||
fmgr.govern_response(module=module, results=results,
|
||||
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
|
||||
|
||||
except Exception as err:
|
||||
raise FMGBaseException(err)
|
||||
|
||||
return module.exit_json(**results[1])
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
|
|
|||
|
|
@ -1,360 +1,365 @@
|
|||
{
|
||||
"fmgr_waf_profile_addsetdelete": [
|
||||
{
|
||||
"paramgram_used": {
|
||||
"comment": "Created by Ansible Module TEST",
|
||||
"name": "Ansible_WAF_Profile",
|
||||
"adom": "root",
|
||||
"address-list": {
|
||||
"blocked-address": null,
|
||||
"status": null,
|
||||
"severity": null,
|
||||
"blocked-log": null,
|
||||
"trusted-address": null
|
||||
"fmgr_waf_profile_modify": [
|
||||
{
|
||||
"paramgram_used": {
|
||||
"comment": "Created by Ansible Module TEST",
|
||||
"name": "Ansible_WAF_Profile",
|
||||
"adom": "root",
|
||||
"address-list": {
|
||||
"blocked-address": null,
|
||||
"status": null,
|
||||
"severity": null,
|
||||
"blocked-log": null,
|
||||
"trusted-address": null
|
||||
},
|
||||
"constraint": {
|
||||
"header-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"content-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"max-cookie": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"max-cookie": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"url-param-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"hostname": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"line-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"exception": {
|
||||
"regex": null,
|
||||
"header-length": null,
|
||||
"content-length": null,
|
||||
"max-cookie": null,
|
||||
"pattern": null,
|
||||
"hostname": null,
|
||||
"line-length": null,
|
||||
"max-range-segment": null,
|
||||
"url-param-length": null,
|
||||
"version": null,
|
||||
"param-length": null,
|
||||
"malformed": null,
|
||||
"address": null,
|
||||
"max-url-param": null,
|
||||
"max-header-line": null,
|
||||
"method": null
|
||||
},
|
||||
"max-range-segment": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"max-range-segment": null,
|
||||
"severity": null,
|
||||
"log": null
|
||||
},
|
||||
"version": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"param-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"malformed": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"max-url-param": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"max-url-param": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"max-header-line": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"max-header-line": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"method": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
}
|
||||
},
|
||||
"extended-log": null,
|
||||
"url-access": {
|
||||
"action": null,
|
||||
"address": null,
|
||||
"severity": null,
|
||||
"access-pattern": {
|
||||
"negate": null,
|
||||
"pattern": null,
|
||||
"srcaddr": null,
|
||||
"regex": null
|
||||
},
|
||||
"log": null
|
||||
},
|
||||
"external": null,
|
||||
"signature": {
|
||||
"custom-signature": {
|
||||
"status": null,
|
||||
"direction": null,
|
||||
"target": null,
|
||||
"severity": null,
|
||||
"case-sensitivity": null,
|
||||
"name": null,
|
||||
"pattern": null,
|
||||
"action": null,
|
||||
"log": null
|
||||
},
|
||||
"credit-card-detection-threshold": null,
|
||||
"main-class": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"disabled-signature": null,
|
||||
"disabled-sub-class": null
|
||||
},
|
||||
"method": {
|
||||
"status": null,
|
||||
"severity": null,
|
||||
"default-allowed-methods": null,
|
||||
"log": null,
|
||||
"method-policy": {
|
||||
"regex": null,
|
||||
"pattern": null,
|
||||
"allowed-methods": null,
|
||||
"address": null
|
||||
}
|
||||
},
|
||||
"mode": "delete"
|
||||
},
|
||||
"constraint": {
|
||||
"header-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"content-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"max-cookie": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"max-cookie": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"url-param-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"hostname": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"line-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"exception": {
|
||||
"regex": null,
|
||||
"header-length": null,
|
||||
"content-length": null,
|
||||
"max-cookie": null,
|
||||
"pattern": null,
|
||||
"hostname": null,
|
||||
"line-length": null,
|
||||
"max-range-segment": null,
|
||||
"url-param-length": null,
|
||||
"version": null,
|
||||
"param-length": null,
|
||||
"malformed": null,
|
||||
"address": null,
|
||||
"max-url-param": null,
|
||||
"max-header-line": null,
|
||||
"method": null
|
||||
},
|
||||
"max-range-segment": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"max-range-segment": null,
|
||||
"severity": null,
|
||||
"log": null
|
||||
},
|
||||
"version": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"param-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"malformed": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"max-url-param": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"max-url-param": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"max-header-line": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"max-header-line": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"method": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
}
|
||||
"datagram_sent": {},
|
||||
"raw_response": {
|
||||
"status": {
|
||||
"message": "OK",
|
||||
"code": 0
|
||||
},
|
||||
"url": "/pm/config/adom/root/obj/waf/profile/Ansible_WAF_Profile"
|
||||
},
|
||||
"extended-log": null,
|
||||
"url-access": {
|
||||
"action": null,
|
||||
"address": null,
|
||||
"severity": null,
|
||||
"access-pattern": {
|
||||
"negate": null,
|
||||
"pattern": null,
|
||||
"srcaddr": null,
|
||||
"regex": null
|
||||
},
|
||||
"log": null
|
||||
"post_method": "delete"
|
||||
},
|
||||
{
|
||||
"raw_response": {
|
||||
"status": {
|
||||
"message": "OK",
|
||||
"code": 0
|
||||
},
|
||||
"url": "/pm/config/adom/root/obj/waf/profile"
|
||||
},
|
||||
"external": null,
|
||||
"signature": {
|
||||
"custom-signature": {
|
||||
"status": null,
|
||||
"direction": null,
|
||||
"target": null,
|
||||
"severity": null,
|
||||
"case-sensitivity": null,
|
||||
"name": null,
|
||||
"pattern": null,
|
||||
"action": null,
|
||||
"log": null
|
||||
},
|
||||
"credit-card-detection-threshold": null,
|
||||
"main-class": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"disabled-signature": null,
|
||||
"disabled-sub-class": null
|
||||
"datagram_sent": {
|
||||
"comment": "Created by Ansible Module TEST",
|
||||
"name": "Ansible_WAF_Profile"
|
||||
},
|
||||
"method": {
|
||||
"status": null,
|
||||
"severity": null,
|
||||
"default-allowed-methods": null,
|
||||
"log": null,
|
||||
"method-policy": {
|
||||
"regex": null,
|
||||
"pattern": null,
|
||||
"allowed-methods": null,
|
||||
"address": null
|
||||
}
|
||||
"paramgram_used": {
|
||||
"comment": "Created by Ansible Module TEST",
|
||||
"adom": "root",
|
||||
"address-list": {
|
||||
"blocked-address": null,
|
||||
"status": null,
|
||||
"severity": null,
|
||||
"blocked-log": null,
|
||||
"trusted-address": null
|
||||
},
|
||||
"extended-log": null,
|
||||
"url-access": {
|
||||
"action": null,
|
||||
"severity": null,
|
||||
"log": null,
|
||||
"access-pattern": {
|
||||
"negate": null,
|
||||
"pattern": null,
|
||||
"srcaddr": null,
|
||||
"regex": null
|
||||
},
|
||||
"address": null
|
||||
},
|
||||
"external": null,
|
||||
"name": "Ansible_WAF_Profile",
|
||||
"constraint": {
|
||||
"content-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"max-cookie": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"max-cookie": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"line-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"max-range-segment": {
|
||||
"action": null,
|
||||
"severity": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"max-range-segment": null
|
||||
},
|
||||
"param-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"malformed": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"max-url-param": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"max-url-param": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"header-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"exception": {
|
||||
"regex": null,
|
||||
"header-length": null,
|
||||
"content-length": null,
|
||||
"max-cookie": null,
|
||||
"pattern": null,
|
||||
"hostname": null,
|
||||
"line-length": null,
|
||||
"max-range-segment": null,
|
||||
"url-param-length": null,
|
||||
"version": null,
|
||||
"param-length": null,
|
||||
"malformed": null,
|
||||
"address": null,
|
||||
"max-url-param": null,
|
||||
"max-header-line": null,
|
||||
"method": null
|
||||
},
|
||||
"hostname": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"url-param-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"version": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"max-header-line": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"max-header-line": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"method": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
}
|
||||
},
|
||||
"mode": "set",
|
||||
"signature": {
|
||||
"custom-signature": {
|
||||
"status": null,
|
||||
"direction": null,
|
||||
"log": null,
|
||||
"severity": null,
|
||||
"target": null,
|
||||
"action": null,
|
||||
"pattern": null,
|
||||
"case-sensitivity": null,
|
||||
"name": null
|
||||
},
|
||||
"credit-card-detection-threshold": null,
|
||||
"main-class": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"disabled-signature": null,
|
||||
"disabled-sub-class": null
|
||||
},
|
||||
"method": {
|
||||
"status": null,
|
||||
"default-allowed-methods": null,
|
||||
"method-policy": {
|
||||
"regex": null,
|
||||
"pattern": null,
|
||||
"allowed-methods": null,
|
||||
"address": null
|
||||
},
|
||||
"log": null,
|
||||
"severity": null
|
||||
}
|
||||
},
|
||||
"mode": "delete"
|
||||
},
|
||||
"raw_response": {
|
||||
"status": {
|
||||
"message": "OK",
|
||||
"code": 0
|
||||
},
|
||||
"url": "/pm/config/adom/root/obj/waf/profile/Ansible_WAF_Profile"
|
||||
},
|
||||
"post_method": "delete"
|
||||
},
|
||||
{
|
||||
"raw_response": {
|
||||
"status": {
|
||||
"message": "OK",
|
||||
"code": 0
|
||||
},
|
||||
"url": "/pm/config/adom/root/obj/waf/profile"
|
||||
},
|
||||
"paramgram_used": {
|
||||
"comment": "Created by Ansible Module TEST",
|
||||
"adom": "root",
|
||||
"address-list": {
|
||||
"blocked-address": null,
|
||||
"status": null,
|
||||
"severity": null,
|
||||
"blocked-log": null,
|
||||
"trusted-address": null
|
||||
},
|
||||
"extended-log": null,
|
||||
"url-access": {
|
||||
"action": null,
|
||||
"severity": null,
|
||||
"log": null,
|
||||
"access-pattern": {
|
||||
"negate": null,
|
||||
"pattern": null,
|
||||
"srcaddr": null,
|
||||
"regex": null
|
||||
},
|
||||
"address": null
|
||||
},
|
||||
"external": null,
|
||||
"name": "Ansible_WAF_Profile",
|
||||
"constraint": {
|
||||
"content-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"max-cookie": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"max-cookie": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"line-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"max-range-segment": {
|
||||
"action": null,
|
||||
"severity": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"max-range-segment": null
|
||||
},
|
||||
"param-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"malformed": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"max-url-param": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"max-url-param": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"header-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"exception": {
|
||||
"regex": null,
|
||||
"header-length": null,
|
||||
"content-length": null,
|
||||
"max-cookie": null,
|
||||
"pattern": null,
|
||||
"hostname": null,
|
||||
"line-length": null,
|
||||
"max-range-segment": null,
|
||||
"url-param-length": null,
|
||||
"version": null,
|
||||
"param-length": null,
|
||||
"malformed": null,
|
||||
"address": null,
|
||||
"max-url-param": null,
|
||||
"max-header-line": null,
|
||||
"method": null
|
||||
},
|
||||
"hostname": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"url-param-length": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"length": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"version": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"max-header-line": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"max-header-line": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"method": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
}
|
||||
},
|
||||
"mode": "set",
|
||||
"signature": {
|
||||
"custom-signature": {
|
||||
"status": null,
|
||||
"direction": null,
|
||||
"log": null,
|
||||
"severity": null,
|
||||
"target": null,
|
||||
"action": null,
|
||||
"pattern": null,
|
||||
"case-sensitivity": null,
|
||||
"name": null
|
||||
},
|
||||
"credit-card-detection-threshold": null,
|
||||
"main-class": {
|
||||
"action": null,
|
||||
"status": null,
|
||||
"log": null,
|
||||
"severity": null
|
||||
},
|
||||
"disabled-signature": null,
|
||||
"disabled-sub-class": null
|
||||
},
|
||||
"method": {
|
||||
"status": null,
|
||||
"default-allowed-methods": null,
|
||||
"method-policy": {
|
||||
"regex": null,
|
||||
"pattern": null,
|
||||
"allowed-methods": null,
|
||||
"address": null
|
||||
},
|
||||
"log": null,
|
||||
"severity": null
|
||||
}
|
||||
},
|
||||
"post_method": "set"
|
||||
}
|
||||
]
|
||||
"post_method": "set"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ __metaclass__ = type
|
|||
|
||||
import os
|
||||
import json
|
||||
from pyFMG.fortimgr import FortiManager
|
||||
from ansible.module_utils.network.fortimanager.fortimanager import FortiManagerHandler
|
||||
import pytest
|
||||
|
||||
try:
|
||||
|
|
@ -27,15 +27,10 @@ try:
|
|||
except ImportError:
|
||||
pytest.skip("Could not load required modules for testing", allow_module_level=True)
|
||||
|
||||
fmg_instance = FortiManager("1.1.1.1", "admin", "")
|
||||
|
||||
|
||||
def load_fixtures():
|
||||
fixture_path = os.path.join(
|
||||
os.path.dirname(__file__),
|
||||
'fixtures') + "/{filename}.json".format(
|
||||
filename=os.path.splitext(
|
||||
os.path.basename(__file__))[0])
|
||||
fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures') + "/{filename}.json".format(
|
||||
filename=os.path.splitext(os.path.basename(__file__))[0])
|
||||
try:
|
||||
with open(fixture_path, "r") as fixture_file:
|
||||
fixture_data = json.load(fixture_file)
|
||||
|
|
@ -44,88 +39,31 @@ def load_fixtures():
|
|||
return [fixture_data]
|
||||
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def module_mock(mocker):
|
||||
connection_class_mock = mocker.patch('ansible.module_utils.basic.AnsibleModule')
|
||||
return connection_class_mock
|
||||
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def connection_mock(mocker):
|
||||
connection_class_mock = mocker.patch('ansible.modules.network.fortimanager.fmgr_secprof_waf.Connection')
|
||||
return connection_class_mock
|
||||
|
||||
|
||||
@pytest.fixture(scope="function", params=load_fixtures())
|
||||
def fixture_data(request):
|
||||
func_name = request.function.__name__.replace("test_", "")
|
||||
return request.param.get(func_name, None)
|
||||
|
||||
|
||||
def test_fmgr_waf_profile_addsetdelete(fixture_data, mocker):
|
||||
mocker.patch("pyFMG.fortimgr.FortiManager._post_request", side_effect=fixture_data)
|
||||
# Fixture sets used:###########################
|
||||
fmg_instance = FortiManagerHandler(connection_mock, module_mock)
|
||||
|
||||
##################################################
|
||||
# comment: Created by Ansible Module TEST
|
||||
# name: Ansible_WAF_Profile
|
||||
# adom: root
|
||||
# address-list: {'blocked-address': None, 'status': None, 'severity': None, 'blocked-log': None,
|
||||
# 'trusted-address': None}
|
||||
# constraint: {'header-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
||||
# 'content-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
||||
# 'max-cookie': {'action': None, 'status': None, 'max-cookie': None, 'log': None, 'severity': None},
|
||||
# 'url-param-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
||||
# 'hostname': {'action': None, 'status': None, 'log': None, 'severity': None},
|
||||
# 'line-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
||||
# 'exception': {'regex': None, 'header-length': None, 'content-length': None, 'max-cookie': None, 'pattern': None,
|
||||
# 'hostname': None, 'line-length': None, 'max-range-segment': None, 'url-param-length': None, 'version': None,
|
||||
# 'param-length': None, 'malformed': None, 'address': None, 'max-url-param': None, 'max-header-line': None,
|
||||
# 'method': None}, 'max-range-segment': {'action': None, 'status': None, 'max-range-segment': None,
|
||||
# 'severity': None, 'log': None}, 'version': {'action': None, 'status': None, 'log': None, 'severity': None},
|
||||
# 'param-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
||||
# 'malformed': {'action': None, 'status': None, 'log': None, 'severity': None}, 'max-url-param': {'action': None,
|
||||
# 'status': None, 'max-url-param': None, 'log': None, 'severity': None}, 'max-header-line': {'action': None,
|
||||
# 'status': None, 'max-header-line': None, 'log': None, 'severity': None}, 'method': {'action': None,
|
||||
# 'status': None, 'log': None, 'severity': None}}
|
||||
# extended-log: None
|
||||
# url-access: {'action': None, 'address': None, 'severity': None, 'access-pattern': {'negate': None,
|
||||
# 'pattern': None, 'srcaddr': None, 'regex': None}, 'log': None}
|
||||
# external: None
|
||||
# signature: {'custom-signature': {'status': None, 'direction': None, 'target': None, 'severity': None,
|
||||
# 'case-sensitivity': None, 'name': None, 'pattern': None, 'action': None, 'log': None},
|
||||
# 'credit-card-detection-threshold': None, 'main-class': {'action': None, 'status': None, 'log': None,
|
||||
# 'severity': None}, 'disabled-signature': None, 'disabled-sub-class': None}
|
||||
# method: {'status': None, 'severity': None, 'default-allowed-methods': None, 'log': None,
|
||||
# 'method-policy': {'regex': None, 'pattern': None, 'allowed-methods': None, 'address': None}}
|
||||
# mode: delete
|
||||
##################################################
|
||||
##################################################
|
||||
# comment: Created by Ansible Module TEST
|
||||
# adom: root
|
||||
# address-list: {'blocked-address': None, 'status': None, 'severity': None, 'blocked-log': None,
|
||||
# 'trusted-address': None}
|
||||
# extended-log: None
|
||||
# url-access: {'action': None, 'severity': None, 'log': None, 'access-pattern': {'negate': None, 'pattern': None,
|
||||
# 'srcaddr': None, 'regex': None}, 'address': None}
|
||||
# external: None
|
||||
# name: Ansible_WAF_Profile
|
||||
# constraint: {'content-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
||||
# 'max-cookie': {'action': None, 'status': None, 'max-cookie': None, 'log': None, 'severity': None},
|
||||
# 'line-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
||||
# 'max-range-segment': {'action': None, 'severity': None, 'status': None, 'log': None, 'max-range-segment': None},
|
||||
# 'param-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
||||
# 'malformed': {'action': None, 'status': None, 'log': None, 'severity': None}, 'max-url-param': {'action': None,
|
||||
# 'status': None, 'max-url-param': None, 'log': None, 'severity': None}, 'header-length': {'action': None,
|
||||
# 'status': None, 'length': None, 'log': None, 'severity': None}, 'exception': {'regex': None,
|
||||
# 'header-length': None, 'content-length': None, 'max-cookie': None, 'pattern': None, 'hostname': None,
|
||||
# 'line-length': None, 'max-range-segment': None, 'url-param-length': None, 'version': None, 'param-length': None,
|
||||
# 'malformed': None, 'address': None, 'max-url-param': None, 'max-header-line': None, 'method': None},
|
||||
# 'hostname': {'action': None, 'status': None, 'log': None, 'severity': None},
|
||||
# 'url-param-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
|
||||
# 'version': {'action': None, 'status': None, 'log': None, 'severity': None}, 'max-header-line': {'action': None,
|
||||
# 'status': None, 'max-header-line': None, 'log': None, 'severity': None}, 'method': {'action': None,
|
||||
# 'status': None, 'log': None, 'severity': None}}
|
||||
# mode: set
|
||||
# signature: {'custom-signature': {'status': None, 'direction': None, 'log': None, 'severity': None, 'target': None,
|
||||
# 'action': None, 'pattern': None, 'case-sensitivity': None, 'name': None},
|
||||
# 'credit-card-detection-threshold': None, 'main-class': {'action': None, 'status': None, 'log': None,
|
||||
# 'severity': None}, 'disabled-signature': None, 'disabled-sub-class': None}
|
||||
# method: {'status': None, 'default-allowed-methods': None, 'method-policy': {'regex': None, 'pattern': None,
|
||||
# 'allowed-methods': None, 'address': None}, 'log': None, 'severity': None}
|
||||
##################################################
|
||||
|
||||
# Test using fixture 1 #
|
||||
output = fmgr_secprof_waf.fmgr_waf_profile_addsetdelete(fmg_instance, fixture_data[0]['paramgram_used'])
|
||||
def test_fmgr_waf_profile_modify(fixture_data, mocker):
|
||||
mocker.patch("ansible.module_utils.network.fortimanager.fortimanager.FortiManagerHandler.process_request",
|
||||
side_effect=fixture_data)
|
||||
output = fmgr_secprof_waf.fmgr_waf_profile_modify(fmg_instance, fixture_data[0]['paramgram_used'])
|
||||
assert output['raw_response']['status']['code'] == 0
|
||||
# Test using fixture 2 #
|
||||
output = fmgr_secprof_waf.fmgr_waf_profile_addsetdelete(fmg_instance, fixture_data[1]['paramgram_used'])
|
||||
output = fmgr_secprof_waf.fmgr_waf_profile_modify(fmg_instance, fixture_data[1]['paramgram_used'])
|
||||
assert output['raw_response']['status']['code'] == 0
|
||||
|
|
|
|||
Loading…
Reference in a new issue