cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

FortiManager Plugin Module Conversion: fmgr_fwobj_vip (#52774)

Browse source 
* Auto Commit for: fmgr_fwobj_vip

* Auto Commit for: fmgr_fwobj_vip

* Auto Commit for: fmgr_fwobj_vip

* Auto Commit for: fmgr_fwobj_vip
This commit is contained in:
ftntcorecse 2019-02-27 07:41:03 -05:00 committed by Nilashish Chakraborty
parent 79eeea8ea6
commit c37f6bed1c
3 changed files with 2109 additions and 1915 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

242
lib/ansible/modules/network/fortimanager/fmgr_fwobj_vip.py
View file

@ -28,6 +28,8 @@ DOCUMENTATION = '''
---
module: fmgr_fwobj_vip
version_added: "2.8"
notes:
- Full Documentation at U(https://ftnt-ansible-docs.readthedocs.io/en/latest/).
author:
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
@ -43,21 +45,6 @@ options:
required: false
default: root
host:
description:
- The FortiManager's Address.
required: true
username:
description:
- The username associated with the account.
required: true
password:
description:
- The password associated with the username account.
required: true
mode:
description:
- Sets one of three modes for managing the object.
@ -325,7 +312,7 @@ options:
- choice | high | High encryption. Allow only AES and ChaCha.
- choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
- choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
- choice | custom | Custom encryption. Use config ssl-cipher-suites to select the cipher suites that are allow
- choice | custom | Custom encryption. Use config ssl-cipher-suites to select the cipher suites that are allowed.
required: false
choices: ["high", "medium", "low", "custom"]
@ -1703,9 +1690,6 @@ EXAMPLES = '''
# BASIC FULL STATIC NAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP SNAT
fmgr_fwobj_vip:
host: "{{ inventory_hostname }}"
username: "{{ username }}"
password: "{{ password }}"
name: "Basic StaticNAT Map"
mode: "set"
adom: "ansible"
@ -1719,9 +1703,6 @@ EXAMPLES = '''
# BASIC PORT PNAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP PNAT
fmgr_fwobj_vip:
host: "{{ inventory_hostname }}"
username: "{{ username }}"
password: "{{ password }}"
name: "Basic PNAT Map Port 10443"
mode: "set"
adom: "ansible"
@ -1739,9 +1720,6 @@ EXAMPLES = '''
# BASIC DNS TRANSLATION NAT
- name: EDIT FMGR_FIREWALL_DNST
fmgr_fwobj_vip:
host: "{{ inventory_hostname }}"
username: "{{ username }}"
password: "{{ password }}"
name: "Basic DNS Translation"
mode: "set"
adom: "ansible"
@ -1755,9 +1733,6 @@ EXAMPLES = '''
# BASIC FQDN NAT
- name: EDIT FMGR_FIREWALL_FQDN
fmgr_fwobj_vip:
host: "{{ inventory_hostname }}"
username: "{{ username }}"
password: "{{ password }}"
name: "Basic FQDN Translation"
mode: "set"
adom: "ansible"
@ -1769,9 +1744,6 @@ EXAMPLES = '''
# DELETE AN ENTRY
- name: DELETE FMGR_FIREWALL_VIP PNAT
fmgr_fwobj_vip:
host: "{{ inventory_hostname }}"
username: "{{ username }}"
password: "{{ password }}"
name: "Basic PNAT Map Port 10443"
mode: "delete"
adom: "ansible"
@ -1785,38 +1757,38 @@ api_result:
"""
from ansible.module_utils.basic import AnsibleModule, env_fallback
from ansible.module_utils.network.fortimanager.fortimanager import AnsibleFortiManager
# check for pyFMG lib
try:
from pyFMG.fortimgr import FortiManager
HAS_PYFMGR = True
except ImportError:
HAS_PYFMGR = False
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortimanager.fortimanager import FortiManagerHandler
from ansible.module_utils.network.fortimanager.common import FMGBaseException
from ansible.module_utils.network.fortimanager.common import FMGRCommon
from ansible.module_utils.network.fortimanager.common import FMGRMethods
from ansible.module_utils.network.fortimanager.common import DEFAULT_RESULT_OBJ
from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
from ansible.module_utils.network.fortimanager.common import prepare_dict
from ansible.module_utils.network.fortimanager.common import scrub_dict
###############
# START METHODS
###############
def fmgr_firewall_vip_addsetdelete(fmg, paramgram):
def fmgr_firewall_vip_modify(fmgr, paramgram):
"""
fmgr_firewall_vip -- Add/Set/Deletes Firewall Virtual IP Objects
:param fmgr: The fmgr object instance from fortimanager.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
mode = paramgram["mode"]
adom = paramgram["adom"]
# INIT A BASIC OBJECTS
response = (-100000, {"msg": "Illegal or malformed paramgram discovered. System Exception"})
response = DEFAULT_RESULT_OBJ
url = ""
datagram = {}
# EVAL THE MODE PARAMETER FOR SET OR ADD
if mode in ['set', 'add', 'update']:
url = '/pm/config/adom/{adom}/obj/firewall/vip'.format(adom=adom)
datagram = fmgr_del_none(fmgr_prepare_dict(paramgram))
datagram = scrub_dict(prepare_dict(paramgram))
# EVAL THE MODE PARAMETER FOR DELETE
elif mode == "delete":
@ -1824,124 +1796,10 @@ def fmgr_firewall_vip_addsetdelete(fmg, paramgram):
url = '/pm/config/adom/{adom}/obj/firewall/vip/{name}'.format(adom=adom, name=paramgram["name"])
datagram = {}
# IF MODE = SET -- USE THE 'SET' API CALL MODE
if mode == "set":
response = fmg.set(url, datagram)
# IF MODE = UPDATE -- USER THE 'UPDATE' API CALL MODE
elif mode == "update":
response = fmg.update(url, datagram)
# IF MODE = ADD -- USE THE 'ADD' API CALL MODE
elif mode == "add":
response = fmg.add(url, datagram)
# IF MODE = DELETE -- USE THE DELETE URL AND API CALL MODE
elif mode == "delete":
response = fmg.delete(url, datagram)
response = fmgr.process_request(url, datagram, paramgram["mode"])
return response
# ADDITIONAL COMMON FUNCTIONS
def fmgr_logout(fmg, module, msg="NULL", results=(), good_codes=(0,), logout_on_fail=True, logout_on_success=False):
"""
THIS METHOD CONTROLS THE LOGOUT AND ERROR REPORTING AFTER AN METHOD OR FUNCTION RUNS
"""
# VALIDATION ERROR (NO RESULTS, JUST AN EXIT)
if msg != "NULL" and len(results) == 0:
try:
fmg.logout()
except Exception:
pass
module.fail_json(msg=msg)
# SUBMISSION ERROR
if len(results) > 0:
if msg == "NULL":
try:
msg = results[1]['status']['message']
except Exception:
msg = "No status message returned from pyFMG. Possible that this was a GET with a tuple result."
if results[0] not in good_codes:
if logout_on_fail:
fmg.logout()
module.fail_json(msg=msg, **results[1])
else:
if logout_on_success:
fmg.logout()
module.exit_json(msg="API Called worked, but logout handler has been asked to logout on success",
**results[1])
return msg
# FUNCTION/METHOD FOR CONVERTING CIDR TO A NETMASK
# DID NOT USE IP ADDRESS MODULE TO KEEP INCLUDES TO A MINIMUM
def fmgr_cidr_to_netmask(cidr):
cidr = int(cidr)
mask = (0xffffffff >> (32 - cidr)) << (32 - cidr)
return (str((0xff000000 & mask) >> 24) + '.' +
str((0x00ff0000 & mask) >> 16) + '.' +
str((0x0000ff00 & mask) >> 8) + '.' +
str((0x000000ff & mask)))
# utility function: removing keys wih value of None, nothing in playbook for that key
def fmgr_del_none(obj):
if isinstance(obj, dict):
return type(obj)((fmgr_del_none(k), fmgr_del_none(v))
for k, v in obj.items() if k is not None and (v is not None and not fmgr_is_empty_dict(v)))
else:
return obj
# utility function: remove keys that are need for the logic but the FMG API won't accept them
def fmgr_prepare_dict(obj):
list_of_elems = ["mode", "adom", "host", "username", "password"]
if isinstance(obj, dict):
obj = dict((key, fmgr_prepare_dict(value)) for (key, value) in obj.items() if key not in list_of_elems)
return obj
def fmgr_is_empty_dict(obj):
return_val = False
if isinstance(obj, dict):
if len(obj) > 0:
for k, v in obj.items():
if isinstance(v, dict):
if len(v) == 0:
return_val = True
elif len(v) > 0:
for k1, v1 in v.items():
if v1 is None:
return_val = True
elif v1 is not None:
return_val = False
return return_val
elif v is None:
return_val = True
elif v is not None:
return_val = False
return return_val
elif len(obj) == 0:
return_val = True
return return_val
def fmgr_split_comma_strings_into_lists(obj):
if isinstance(obj, dict):
if len(obj) > 0:
for k, v in obj.items():
if isinstance(v, str):
new_list = list()
if "," in v:
new_items = v.split(",")
for item in new_items:
new_list.append(item.strip())
obj[k] = new_list
return obj
#############
# END METHODS
#############
@ -1950,9 +1808,6 @@ def fmgr_split_comma_strings_into_lists(obj):
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
host=dict(required=True, type="str"),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]), no_log=True, required=True),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]), no_log=True, required=True),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
websphere_server=dict(required=False, type="str", choices=["disable", "enable"]),
@ -2361,8 +2216,7 @@ def main():
)
module = AnsibleModule(argument_spec, supports_check_mode=False)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
@ -2546,45 +2400,29 @@ def main():
"versions": module.params["ssl_server_cipher_suites_versions"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['dynamic_mapping', 'realservers', 'ssl-cipher-suites', 'ssl-server-cipher-suites']
for list_variable in list_overrides:
override_data = list()
paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
override_data = module.params[list_variable]
except Exception:
pass
try:
if override_data:
del paramgram[list_variable]
paramgram[list_variable] = override_data
except Exception:
pass
results = fmgr_firewall_vip_modify(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
# CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN.
host = module.params["host"]
password = module.params["password"]
username = module.params["username"]
if host is None or username is None or password is None:
module.fail_json(msg="Host and username and password are required")
except Exception as err:
raise FMGBaseException(err)
# CHECK IF LOGIN FAILED
fmg = AnsibleFortiManager(module, module.params["host"], module.params["username"], module.params["password"])
response = fmg.login()
if response[1]['status']['code'] != 0:
module.fail_json(msg="Connection to FortiManager Failed")
results = fmgr_firewall_vip_addsetdelete(fmg, paramgram)
if results[0] != 0:
fmgr_logout(fmg, module, results=results, good_codes=[0, -3])
fmg.logout()
if results is not None:
return module.exit_json(**results[1])
else:
return module.exit_json(msg="No results were returned from the API call.")
if __name__ == "__main__":

303
test/units/modules/network/fortimanager/fixtures/test_fmgr_fwobj_vip.json
View file

@ -1,5 +1,210 @@
{
"fmgr_firewall_vip_addsetdelete": [
"fmgr_firewall_vip_modify": [
{
"raw_response": {
"status": {
"message": "OK",
"code": 0
},
"url": "/pm/config/adom/ansible/obj/firewall/vip"
},
"datagram_sent": {
"comment": "Created by Ansible",
"extip": "82.72.192.185",
"protocol": "tcp",
"name": "Basic PNAT Map Port 10443",
"color": 17,
"extport": "10443",
"mappedip": "10.7.220.25",
"portforward": "enable",
"type": "static-nat",
"extintf": "any",
"mappedport": "443"
},
"paramgram_used": {
"comment": "Created by Ansible",
"ssl-send-empty-frags": null,
"srcintf-filter": null,
"ssl-max-version": null,
"ssl-server-session-state-max": null,
"ssl-hpkp": null,
"mapped-addr": null,
"ssl-client-session-state-timeout": null,
"src-filter": null,
"server-type": null,
"ssl-hpkp-include-subdomains": null,
"ssl-http-location-conversion": null,
"https-cookie-secure": null,
"mappedip": "10.7.220.25",
"ssl-server-cipher-suites": {
"priority": null,
"cipher": null,
"versions": null
},
"protocol": "tcp",
"ssl-hpkp-backup": null,
"ssl-dh-bits": null,
"dns-mapping-ttl": null,
"ssl-hsts-age": null,
"extaddr": null,
"ssl-client-renegotiation": null,
"monitor": null,
"service": null,
"ssl-hpkp-age": null,
"http-cookie-age": null,
"weblogic-server": null,
"http-cookie-share": null,
"color": 17,
"ssl-mode": null,
"portforward": "enable",
"http-multiplex": null,
"http-cookie-generation": null,
"ssl-client-fallback": null,
"extip": "82.72.192.185",
"extintf": "any",
"persistence": null,
"websphere-server": null,
"nat-source-vip": null,
"portmapping-type": null,
"dynamic_mapping": {
"comment": null,
"ssl-send-empty-frags": null,
"srcintf-filter": null,
"ssl-max-version": null,
"protocol": null,
"ssl-hpkp": null,
"color": null,
"src-filter": null,
"ldb-method": null,
"server-type": null,
"ssl-hpkp-include-subdomains": null,
"ssl-client-renegotiation": null,
"ssl-http-location-conversion": null,
"https-cookie-secure": null,
"mappedip": null,
"ssl-server-session-state-max": null,
"ssl-hpkp-backup": null,
"extip": null,
"dns-mapping-ttl": null,
"ssl-hsts-age": null,
"extaddr": null,
"monitor": null,
"service": null,
"ssl-hpkp-age": null,
"http-cookie-age": null,
"http-cookie-share": null,
"ssl-server-session-state-timeout": null,
"mapped-addr": null,
"ssl-mode": null,
"portforward": null,
"http-cookie-generation": null,
"http-cookie-domain": null,
"ssl-hpkp-report-uri": null,
"type": null,
"extintf": null,
"gratuitous-arp-interval": null,
"websphere-server": null,
"nat-source-vip": null,
"portmapping-type": null,
"weblogic-server": null,
"ssl-client-session-state-max": null,
"http-ip-header": null,
"http-ip-header-name": null,
"ssl-hsts": null,
"arp-reply": null,
"extport": null,
"ssl-min-version": null,
"ssl-server-algorithm": null,
"ssl-certificate": null,
"ssl-server-min-version": null,
"ssl-client-fallback": null,
"mappedport": null,
"ssl-http-match-host": null,
"ssl-dh-bits": null,
"ssl-cipher-suites": {
"cipher": null,
"versions": null
},
"ssl-hpkp-primary": null,
"outlook-web-access": null,
"ssl-server-session-state-type": null,
"ssl-client-session-state-type": null,
"realservers": {
"status": null,
"http-host": null,
"client-ip": null,
"seq": null,
"weight": null,
"ip": null,
"holddown-interval": null,
"healthcheck": null,
"max-connections": null,
"port": null,
"monitor": null
},
"ssl-server-max-version": null,
"ssl-client-session-state-timeout": null,
"http-cookie-domain-from-host": null,
"ssl-algorithm": null,
"ssl-hsts-include-subdomains": null,
"max-embryonic-connections": null,
"persistence": null,
"http-cookie-path": null,
"ssl-pfs": null,
"http-multiplex": null
},
"adom": "ansible",
"ssl-client-session-state-max": null,
"http-ip-header": null,
"http-ip-header-name": null,
"ssl-certificate": null,
"ssl-hsts": null,
"arp-reply": null,
"ssl-hsts-include-subdomains": null,
"ssl-min-version": null,
"ldb-method": null,
"ssl-server-session-state-timeout": null,
"ssl-server-min-version": null,
"http-cookie-domain": null,
"mappedport": "443",
"name": "Basic PNAT Map Port 10443",
"ssl-cipher-suites": {
"cipher": null,
"versions": null
},
"ssl-hpkp-primary": null,
"outlook-web-access": null,
"ssl-server-session-state-type": null,
"ssl-client-session-state-type": null,
"type": "static-nat",
"ssl-http-match-host": null,
"realservers": {
"status": null,
"http-host": null,
"client-ip": null,
"seq": null,
"weight": null,
"ip": null,
"holddown-interval": null,
"healthcheck": null,
"max-connections": null,
"port": null,
"monitor": null
},
"ssl-server-max-version": null,
"ssl-hpkp-report-uri": null,
"http-cookie-domain-from-host": null,
"ssl-algorithm": null,
"gratuitous-arp-interval": null,
"extport": "10443",
"max-embryonic-connections": null,
"mode": "set",
"http-cookie-path": null,
"ssl-pfs": null,
"ssl-server-algorithm": null
},
"post_method": "set"
},
{
"paramgram_used": {
"comment": "Created by Ansible",
@ -183,10 +388,19 @@
"ssl-algorithm": null,
"http-multiplex": null
},
"datagram_sent": {
"comment": "Created by Ansible",
"name": "Basic DNS Translation",
"color": 12,
"mappedip": "3.3.3.0/24, 4.0.0.0/24",
"extip": "192.168.0.1-192.168.0.100",
"type": "dns-translation",
"extintf": "dmz"
},
"raw_response": {
"status": {
"message": "OK",
"code": 0
"message": "datasrc invalid. object: firewall vip extintf Basic DNS Translation. detail: dmz. solution: data not exist",
"code": -10131
},
"url": "/pm/config/adom/ansible/obj/firewall/vip"
},
@ -200,6 +414,13 @@
},
"url": "/pm/config/adom/ansible/obj/firewall/vip"
},
"datagram_sent": {
"comment": "Created by Ansible",
"mapped-addr": "google-play",
"type": "fqdn",
"name": "Basic FQDN Translation",
"color": 5
},
"paramgram_used": {
"comment": "Created by Ansible",
"ssl-send-empty-frags": null,
@ -207,7 +428,7 @@
"ssl-max-version": null,
"ssl-server-session-state-max": null,
"ssl-hpkp": null,
"mapped-addr": null,
"mapped-addr": "google-play",
"ssl-client-session-state-timeout": null,
"src-filter": null,
"ldb-method": null,
@ -216,7 +437,7 @@
"ssl-client-renegotiation": null,
"ssl-http-location-conversion": null,
"https-cookie-secure": null,
"mappedip": "10.7.220.25",
"mappedip": null,
"ssl-server-cipher-suites": {
"priority": null,
"cipher": null,
@ -234,13 +455,13 @@
"http-cookie-age": null,
"weblogic-server": null,
"http-cookie-share": null,
"color": 17,
"color": 5,
"ssl-mode": null,
"portforward": null,
"http-cookie-generation": null,
"ssl-client-fallback": null,
"extip": "82.72.192.185",
"extintf": "any",
"extip": null,
"extintf": null,
"persistence": null,
"websphere-server": null,
"nat-source-vip": null,
@ -346,7 +567,7 @@
"ssl-server-min-version": null,
"http-cookie-domain": null,
"mappedport": null,
"name": "Basic StaticNAT Map",
"name": "Basic FQDN Translation",
"ssl-cipher-suites": {
"cipher": null,
"versions": null
@ -355,7 +576,7 @@
"outlook-web-access": null,
"ssl-server-session-state-type": null,
"ssl-client-session-state-type": null,
"type": "static-nat",
"type": "fqdn",
"ssl-http-match-host": null,
"realservers": {
"status": null,
@ -397,7 +618,7 @@
"server-type": null,
"mode": "set",
"ssl-hpkp-include-subdomains": null,
"extport": "10443",
"extport": null,
"ssl-http-location-conversion": null,
"https-cookie-secure": null,
"mappedip": "10.7.220.25",
@ -406,7 +627,7 @@
"cipher": null,
"versions": null
},
"protocol": "tcp",
"protocol": null,
"ssl-hpkp-backup": null,
"ssl-dh-bits": null,
"dns-mapping-ttl": null,
@ -422,7 +643,7 @@
"ssl-server-session-state-timeout": null,
"color": 17,
"ssl-mode": null,
"portforward": "enable",
"portforward": null,
"http-cookie-generation": null,
"max-embryonic-connections": null,
"ssl-client-fallback": null,
@ -532,14 +753,14 @@
"ssl-certificate": null,
"ssl-server-min-version": null,
"http-cookie-domain": null,
"mappedport": "443",
"mappedport": null,
"outlook-web-access": null,
"ssl-cipher-suites": {
"cipher": null,
"versions": null
},
"ssl-hpkp-primary": null,
"name": "Basic PNAT Map Port 10443",
"name": "Basic StaticNAT Map",
"ssl-server-session-state-type": null,
"ssl-client-session-state-type": null,
"type": "static-nat",
@ -567,6 +788,15 @@
"ssl-algorithm": null,
"http-multiplex": null
},
"datagram_sent": {
"comment": "Created by Ansible",
"name": "Basic StaticNAT Map",
"color": 17,
"mappedip": "10.7.220.25",
"extip": "82.72.192.185",
"type": "static-nat",
"extintf": "any"
},
"raw_response": {
"status": {
"message": "OK",
@ -584,6 +814,19 @@
},
"url": "/pm/config/adom/ansible/obj/firewall/vip"
},
"datagram_sent": {
"comment": "Created by Ansible",
"extip": "82.72.192.185",
"protocol": "tcp",
"name": "Basic PNAT Map Port 10443",
"color": 17,
"extport": "10443",
"mappedip": "10.7.220.25",
"portforward": "enable",
"type": "static-nat",
"extintf": "any",
"mappedport": "443"
},
"paramgram_used": {
"comment": "Created by Ansible",
"ssl-send-empty-frags": null,
@ -591,7 +834,7 @@
"ssl-max-version": null,
"ssl-server-session-state-max": null,
"ssl-hpkp": null,
"mapped-addr": "google-play",
"mapped-addr": null,
"ssl-client-session-state-timeout": null,
"src-filter": null,
"server-type": null,
@ -599,13 +842,13 @@
"ssl-client-renegotiation": null,
"ssl-http-location-conversion": null,
"https-cookie-secure": null,
"mappedip": null,
"mappedip": "10.7.220.25",
"ssl-server-cipher-suites": {
"priority": null,
"cipher": null,
"versions": null
},
"protocol": null,
"protocol": "tcp",
"ssl-hpkp-backup": null,
"ssl-dh-bits": null,
"dns-mapping-ttl": null,
@ -617,13 +860,13 @@
"http-cookie-age": null,
"weblogic-server": null,
"http-cookie-share": null,
"color": 5,
"color": 17,
"ssl-mode": null,
"portforward": null,
"portforward": "enable",
"http-cookie-generation": null,
"ssl-client-fallback": null,
"extip": null,
"extintf": null,
"extip": "82.72.192.185",
"extintf": "any",
"persistence": null,
"websphere-server": null,
"nat-source-vip": null,
@ -729,8 +972,8 @@
"ssl-server-session-state-timeout": null,
"ssl-server-min-version": null,
"http-cookie-domain": null,
"mappedport": null,
"name": "Basic FQDN Translation",
"mappedport": "443",
"name": "Basic PNAT Map Port 10443",
"ssl-cipher-suites": {
"cipher": null,
"versions": null
@ -739,7 +982,7 @@
"outlook-web-access": null,
"ssl-server-session-state-type": null,
"ssl-client-session-state-type": null,
"type": "fqdn",
"type": "static-nat",
"ssl-http-match-host": null,
"realservers": {
"status": null,
@ -759,7 +1002,7 @@
"http-cookie-domain-from-host": null,
"ssl-algorithm": null,
"gratuitous-arp-interval": null,
"extport": null,
"extport": "10443",
"max-embryonic-connections": null,
"mode": "set",
"http-cookie-path": null,
@ -951,6 +1194,7 @@
"ssl-algorithm": null,
"ssl-min-version": null
},
"datagram_sent": {},
"raw_response": {
"status": {
"message": "OK",
@ -968,6 +1212,7 @@
},
"url": "/pm/config/adom/ansible/obj/firewall/vip/Basic StaticNAT Map"
},
"datagram_sent": {},
"paramgram_used": {
"comment": null,
"ssl-send-empty-frags": null,
@ -1335,10 +1580,11 @@
"ssl-algorithm": null,
"ssl-min-version": null
},
"datagram_sent": {},
"raw_response": {
"status": {
"message": "OK",
"code": 0
"message": "Object does not exist",
"code": -3
},
"url": "/pm/config/adom/ansible/obj/firewall/vip/Basic DNS Translation"
},
@ -1352,6 +1598,7 @@
},
"url": "/pm/config/adom/ansible/obj/firewall/vip/Basic FQDN Translation"
},
"datagram_sent": {},
"paramgram_used": {
"ldb-method": null,
"ssl-send-empty-frags": null,

457
test/units/modules/network/fortimanager/test_fmgr_fwobj_vip.py
View file

@ -19,7 +19,7 @@ __metaclass__ = type
import os
import json
from pyFMG.fortimgr import FortiManager
from ansible.module_utils.network.fortimanager.fortimanager import FortiManagerHandler
import pytest
try:
@ -27,8 +27,6 @@ try:
except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True)
fmg_instance = FortiManager("1.1.1.1", "admin", "")
def load_fixtures():
fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures') + "/{filename}.json".format(
@ -41,16 +39,109 @@ def load_fixtures():
return [fixture_data]
@pytest.fixture(autouse=True)
def module_mock(mocker):
connection_class_mock = mocker.patch('ansible.module_utils.basic.AnsibleModule')
return connection_class_mock
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortimanager.fmgr_fwobj_vip.Connection')
return connection_class_mock
@pytest.fixture(scope="function", params=load_fixtures())
def fixture_data(request):
func_name = request.function.__name__.replace("test_", "")
return request.param.get(func_name, None)
def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
mocker.patch("pyFMG.fortimgr.FortiManager._post_request", side_effect=fixture_data)
fmg_instance = FortiManagerHandler(connection_mock, module_mock)
def test_fmgr_firewall_vip_modify(fixture_data, mocker):
mocker.patch("ansible.module_utils.network.fortimanager.fortimanager.FortiManagerHandler.process_request",
side_effect=fixture_data)
# Fixture sets used:###########################
##################################################
# comment: Created by Ansible
# ssl-send-empty-frags: None
# srcintf-filter: None
# ssl-max-version: None
# ssl-server-session-state-max: None
# ssl-hpkp: None
# mapped-addr: None
# ssl-client-session-state-timeout: None
# src-filter: None
# server-type: None
# ssl-hpkp-include-subdomains: None
# ssl-http-location-conversion: None
# https-cookie-secure: None
# mappedip: 10.7.220.25
# ssl-server-cipher-suites: {'priority': None, 'cipher': None, 'versions': None}
# protocol: tcp
# ssl-hpkp-backup: None
# ssl-dh-bits: None
# dns-mapping-ttl: None
# ssl-hsts-age: None
# extaddr: None
# ssl-client-renegotiation: None
# monitor: None
# service: None
# ssl-hpkp-age: None
# http-cookie-age: None
# weblogic-server: None
# http-cookie-share: None
# color: 17
# ssl-mode: None
# portforward: enable
# http-multiplex: None
# http-cookie-generation: None
# ssl-client-fallback: None
# extip: 82.72.192.185
# extintf: any
# persistence: None
# websphere-server: None
# nat-source-vip: None
# portmapping-type: None
# adom: ansible
# ssl-client-session-state-max: None
# http-ip-header: None
# http-ip-header-name: None
# ssl-certificate: None
# ssl-hsts: None
# arp-reply: None
# ssl-hsts-include-subdomains: None
# ssl-min-version: None
# ldb-method: None
# ssl-server-session-state-timeout: None
# ssl-server-min-version: None
# http-cookie-domain: None
# mappedport: 443
# name: Basic PNAT Map Port 10443
# ssl-cipher-suites: {'cipher': None, 'versions': None}
# ssl-hpkp-primary: None
# outlook-web-access: None
# ssl-server-session-state-type: None
# ssl-client-session-state-type: None
# ssl-http-match-host: None
# ssl-server-max-version: None
# ssl-hpkp-report-uri: None
# http-cookie-domain-from-host: None
# ssl-algorithm: None
# gratuitous-arp-interval: None
# extport: 10443
# max-embryonic-connections: None
# mode: set
# http-cookie-path: None
# ssl-pfs: None
# ssl-server-algorithm: None
##################################################
##################################################
# comment: Created by Ansible
# ssl-send-empty-frags: None
@ -98,6 +189,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
# weblogic-server: None
# ssl-client-session-state-max: None
# http-ip-header: None
# ssl-hsts: None
# arp-reply: None
# extaddr: None
@ -113,8 +205,9 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
# name: Basic DNS Translation
# ssl-server-session-state-type: None
# ssl-client-session-state-type: None
# # type: "dns-translation"
# ssl-http-match-host: None
# ssl-pfs: None
# ssl-server-max-version: None
# ssl-client-session-state-timeout: None
@ -133,159 +226,10 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
# ssl-max-version: None
# ssl-server-session-state-max: None
# ssl-hpkp: None
# mapped-addr: None
# ssl-client-session-state-timeout: None
# src-filter: None
# ldb-method: None
# server-type: None
# ssl-hpkp-include-subdomains: None
# ssl-client-renegotiation: None
# ssl-http-location-conversion: None
# https-cookie-secure: None
# mappedip: 10.7.220.25
# ssl-server-cipher-suites: {'priority': None, 'cipher': None, 'versions': None}
# protocol: None
# ssl-hpkp-backup: None
# ssl-dh-bits: None
# dns-mapping-ttl: None
# ssl-hsts-age: None
# extaddr: None
# monitor: None
# service: None
# ssl-hpkp-age: None
# http-cookie-age: None
# weblogic-server: None
# http-cookie-share: None
# color: 17
# ssl-mode: None
# portforward: None
# http-cookie-generation: None
# ssl-client-fallback: None
# extip: 82.72.192.185
# extintf: any
# persistence: None
# websphere-server: None
# nat-source-vip: None
# portmapping-type: None
# adom: ansible
# ssl-client-session-state-max: None
# http-ip-header: None
# http-ip-header-name: None
# ssl-certificate: None
# ssl-hsts: None
# arp-reply: None
# extport: None
# ssl-min-version: None
# ssl-server-algorithm: None
# ssl-server-session-state-timeout: None
# ssl-server-min-version: None
# http-cookie-domain: None
# mappedport: None
# name: Basic StaticNAT Map
# ssl-cipher-suites: {'cipher': None, 'versions': None}
# ssl-hpkp-primary: None
# outlook-web-access: None
# ssl-server-session-state-type: None
# ssl-client-session-state-type: None
# # type: static-nat
# ssl-http-match-host: None
# ssl-server-max-version: None
# ssl-hpkp-report-uri: None
# http-cookie-domain-from-host: None
# ssl-algorithm: None
# gratuitous-arp-interval: None
# ssl-hsts-include-subdomains: None
# max-embryonic-connections: None
# mode: set
# http-cookie-path: None
# ssl-pfs: None
# http-multiplex: None
##################################################
##################################################
# comment: Created by Ansible
# ssl-send-empty-frags: None
# srcintf-filter: None
# ssl-max-version: None
# ssl-server-session-state-max: None
# ssl-hpkp: None
# mapped-addr: None
# src-filter: None
# server-type: None
# mode: set
# ssl-hpkp-include-subdomains: None
# extport: 10443
# ssl-http-location-conversion: None
# https-cookie-secure: None
# mappedip: 10.7.220.25
# ssl-server-cipher-suites: {'priority': None, 'cipher': None, 'versions': None}
# protocol: tcp
# ssl-hpkp-backup: None
# ssl-dh-bits: None
# dns-mapping-ttl: None
# ssl-hsts-age: None
# ssl-server-algorithm: None
# extaddr: None
# monitor: None
# service: None
# ssl-hpkp-age: None
# http-cookie-age: None
# adom: ansible
# http-cookie-share: None
# ssl-server-session-state-timeout: None
# color: 17
# ssl-mode: None
# portforward: enable
# http-cookie-generation: None
# max-embryonic-connections: None
# ssl-client-fallback: None
# ssl-hpkp-report-uri: None
# extip: 82.72.192.185
# extintf: any
# persistence: None
# websphere-server: None
# nat-source-vip: None
# portmapping-type: None
# http-ip-header-name: None
# weblogic-server: None
# ssl-client-session-state-max: None
# http-ip-header: None
# ssl-hsts: None
# arp-reply: None
# ssl-client-renegotiation: None
# ssl-min-version: None
# ldb-method: None
# ssl-certificate: None
# ssl-server-min-version: None
# http-cookie-domain: None
# mappedport: 443
# outlook-web-access: None
# ssl-cipher-suites: {'cipher': None, 'versions': None}
# ssl-hpkp-primary: None
# name: Basic PNAT Map Port 10443
# ssl-server-session-state-type: None
# ssl-client-session-state-type: None
# # type: static-nat
# ssl-http-match-host: None
# ssl-pfs: None
# ssl-client-session-state-timeout: None
# http-cookie-domain-from-host: None
# ssl-hsts-include-subdomains: None
# ssl-server-max-version: None
# gratuitous-arp-interval: None
# http-cookie-path: None
# ssl-algorithm: None
# http-multiplex: None
##################################################
##################################################
# comment: Created by Ansible
# ssl-send-empty-frags: None
# srcintf-filter: None
# ssl-max-version: None
# ssl-server-session-state-max: None
# ssl-hpkp: None
# mapped-addr: google-play
# ssl-client-session-state-timeout: None
# src-filter: None
# ldb-method: None
# server-type: None
# ssl-hpkp-include-subdomains: None
# ssl-client-renegotiation: None
@ -316,6 +260,160 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
# websphere-server: None
# nat-source-vip: None
# portmapping-type: None
# adom: ansible
# ssl-client-session-state-max: None
# http-ip-header: None
# http-ip-header-name: None
# ssl-certificate: None
# ssl-hsts: None
# arp-reply: None
# extport: None
# ssl-min-version: None
# ssl-server-algorithm: None
# ssl-server-session-state-timeout: None
# ssl-server-min-version: None
# http-cookie-domain: None
# mappedport: None
# name: Basic FQDN Translation
# ssl-cipher-suites: {'cipher': None, 'versions': None}
# ssl-hpkp-primary: None
# outlook-web-access: None
# ssl-server-session-state-type: None
# ssl-client-session-state-type: None
# ssl-http-match-host: None
# ssl-server-max-version: None
# ssl-hpkp-report-uri: None
# http-cookie-domain-from-host: None
# ssl-algorithm: None
# gratuitous-arp-interval: None
# ssl-hsts-include-subdomains: None
# max-embryonic-connections: None
# mode: set
# http-cookie-path: None
# ssl-pfs: None
# http-multiplex: None
##################################################
##################################################
# comment: Created by Ansible
# ssl-send-empty-frags: None
# srcintf-filter: None
# ssl-max-version: None
# ssl-server-session-state-max: None
# ssl-hpkp: None
# mapped-addr: None
# src-filter: None
# server-type: None
# mode: set
# ssl-hpkp-include-subdomains: None
# extport: None
# ssl-http-location-conversion: None
# https-cookie-secure: None
# mappedip: 10.7.220.25
# ssl-server-cipher-suites: {'priority': None, 'cipher': None, 'versions': None}
# protocol: None
# ssl-hpkp-backup: None
# ssl-dh-bits: None
# dns-mapping-ttl: None
# ssl-hsts-age: None
# ssl-server-algorithm: None
# extaddr: None
# monitor: None
# service: None
# ssl-hpkp-age: None
# http-cookie-age: None
# adom: ansible
# http-cookie-share: None
# ssl-server-session-state-timeout: None
# color: 17
# ssl-mode: None
# portforward: None
# http-cookie-generation: None
# max-embryonic-connections: None
# ssl-client-fallback: None
# ssl-hpkp-report-uri: None
# extip: 82.72.192.185
# extintf: any
# persistence: None
# websphere-server: None
# nat-source-vip: None
# portmapping-type: None
# http-ip-header-name: None
# weblogic-server: None
# ssl-client-session-state-max: None
# http-ip-header: None
# ssl-hsts: None
# arp-reply: None
# ssl-client-renegotiation: None
# ssl-min-version: None
# ldb-method: None
# ssl-certificate: None
# ssl-server-min-version: None
# http-cookie-domain: None
# mappedport: None
# outlook-web-access: None
# ssl-cipher-suites: {'cipher': None, 'versions': None}
# ssl-hpkp-primary: None
# name: Basic StaticNAT Map
# ssl-server-session-state-type: None
# ssl-client-session-state-type: None
# ssl-http-match-host: None
# ssl-pfs: None
# ssl-client-session-state-timeout: None
# http-cookie-domain-from-host: None
# ssl-hsts-include-subdomains: None
# ssl-server-max-version: None
# gratuitous-arp-interval: None
# http-cookie-path: None
# ssl-algorithm: None
# http-multiplex: None
##################################################
##################################################
# comment: Created by Ansible
# ssl-send-empty-frags: None
# srcintf-filter: None
# ssl-max-version: None
# ssl-server-session-state-max: None
# ssl-hpkp: None
# mapped-addr: None
# ssl-client-session-state-timeout: None
# src-filter: None
# server-type: None
# ssl-hpkp-include-subdomains: None
# ssl-client-renegotiation: None
# ssl-http-location-conversion: None
# https-cookie-secure: None
# mappedip: 10.7.220.25
# ssl-server-cipher-suites: {'priority': None, 'cipher': None, 'versions': None}
# protocol: tcp
# ssl-hpkp-backup: None
# ssl-dh-bits: None
# dns-mapping-ttl: None
# ssl-hsts-age: None
# extaddr: None
# monitor: None
# service: None
# ssl-hpkp-age: None
# http-cookie-age: None
# weblogic-server: None
# http-cookie-share: None
# color: 17
# ssl-mode: None
# portforward: enable
# http-cookie-generation: None
# ssl-client-fallback: None
# extip: 82.72.192.185
# extintf: any
# persistence: None
# websphere-server: None
# nat-source-vip: None
# portmapping-type: None
# adom: ansible
# ssl-client-session-state-max: None
# http-ip-header: None
@ -330,21 +428,22 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
# ssl-server-session-state-timeout: None
# ssl-server-min-version: None
# http-cookie-domain: None
# mappedport: None
# name: Basic FQDN Translation
# mappedport: 443
# name: Basic PNAT Map Port 10443
# ssl-cipher-suites: {'cipher': None, 'versions': None}
# ssl-hpkp-primary: None
# outlook-web-access: None
# ssl-server-session-state-type: None
# ssl-client-session-state-type: None
# # type: fqdn
# ssl-http-match-host: None
# ssl-server-max-version: None
# ssl-hpkp-report-uri: None
# http-cookie-domain-from-host: None
# ssl-algorithm: None
# gratuitous-arp-interval: None
# extport: None
# extport: 10443
# max-embryonic-connections: None
# mode: set
# http-cookie-path: None
@ -398,6 +497,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
# weblogic-server: None
# ssl-client-session-state-max: None
# http-ip-header: None
# ssl-hsts: None
# arp-reply: None
# ssl-client-renegotiation: None
@ -413,8 +513,9 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
# name: Basic PNAT Map Port 10443
# ssl-server-session-state-type: None
# ssl-client-session-state-type: None
# # type: None
# ssl-http-match-host: None
# ssl-pfs: None
# ssl-server-max-version: None
# ssl-client-session-state-timeout: None
@ -467,6 +568,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
# websphere-server: None
# nat-source-vip: None
# portmapping-type: None
# adom: ansible
# ssl-client-session-state-max: None
# http-ip-header: None
@ -487,8 +589,9 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
# outlook-web-access: None
# ssl-server-session-state-type: None
# ssl-client-session-state-type: None
# # type: None
# ssl-http-match-host: None
# ssl-server-max-version: None
# ssl-hpkp-report-uri: None
# http-cookie-domain-from-host: None
@ -549,7 +652,8 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
# http-ip-header-name: None
# weblogic-server: None
# ssl-client-session-state-max: None
# http-ip-header: None # ssl-hsts: None
# http-ip-header: None
# ssl-hsts: None
# arp-reply: None
# extaddr: None
# ssl-hpkp-primary: None
@ -563,7 +667,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
# ssl-client-session-state-type: None
# name: Basic DNS Translation
# ssl-server-session-state-type: None
# # type: None
# ssl-http-match-host: None
# ssl-pfs: None
# ssl-client-session-state-timeout: None
@ -612,7 +716,7 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
# portforward: None
# http-cookie-generation: None
# ssl-client-fallback: None
# # type: None
# http-ip-header: None
# persistence: None
# websphere-server: None
@ -637,6 +741,8 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
# ssl-cipher-suites: {'cipher': None, 'versions': None}
# ssl-client-session-state-type: None
# ssl-http-match-host: None
# ssl-client-session-state-timeout: None
# comment: None
# ssl-hpkp-report-uri: None
# http-cookie-domain-from-host: None
@ -651,26 +757,29 @@ def test_fmgr_firewall_vip_addsetdelete(fixture_data, mocker):
##################################################
# Test using fixture 1 #
output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[0]['paramgram_used'])
output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[0]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0
# Test using fixture 2 #
output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[1]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0
output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[1]['paramgram_used'])
assert output['raw_response']['status']['code'] == -10131
# Test using fixture 3 #
output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[2]['paramgram_used'])
output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[2]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0
# Test using fixture 4 #
output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[3]['paramgram_used'])
output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[3]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0
# Test using fixture 5 #
output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[4]['paramgram_used'])
output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[4]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0
# Test using fixture 6 #
output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[5]['paramgram_used'])
output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[5]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0
# Test using fixture 7 #
output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[6]['paramgram_used'])
output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[6]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0
# Test using fixture 8 #
output = fmgr_fwobj_vip.fmgr_firewall_vip_addsetdelete(fmg_instance, fixture_data[7]['paramgram_used'])
output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[7]['paramgram_used'])
assert output['raw_response']['status']['code'] == -3
# Test using fixture 9 #
output = fmgr_fwobj_vip.fmgr_firewall_vip_modify(fmg_instance, fixture_data[8]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0