Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
duality-group
duality-group / ansible python
Repository URL to install this package:
|
Version:
6.0.0 ▾
|
#!/usr/bin/python
from __future__ import (absolute_import, division, print_function)
# Copyright: (c) 2022 Fortinet
# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
__metaclass__ = type
ANSIBLE_METADATA = {'status': ['preview'],
'supported_by': 'community',
'metadata_version': '1.1'}
DOCUMENTATION = '''
---
module: fortios_user_setting
short_description: Configure user authentication setting in Fortinet's FortiOS and FortiGate.
description:
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the
user to set and modify user feature and setting category.
Examples include all parameters and values need to be adjusted to datasources before usage.
Tested with FOS v6.0.0
version_added: "2.0.0"
author:
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
notes:
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
requirements:
- ansible>=2.9.0
options:
access_token:
description:
- Token-based authentication.
Generated from GUI of Fortigate.
type: str
required: false
enable_log:
description:
- Enable/Disable logging for task.
type: bool
required: false
default: false
vdom:
description:
- Virtual domain, among those defined previously. A vdom is a
virtual instance of the FortiGate that can be configured and
used as a different unit.
type: str
default: root
member_path:
type: str
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
member_state:
type: str
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
choices:
- present
- absent
user_setting:
description:
- Configure user authentication setting.
default: null
type: dict
suboptions:
auth_blackout_time:
description:
- Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
type: int
auth_ca_cert:
description:
- HTTPS CA certificate for policy authentication. Source vpn.certificate.local.name.
type: str
auth_cert:
description:
- HTTPS server certificate for policy authentication. Source vpn.certificate.local.name.
type: str
auth_http_basic:
description:
- Enable/disable use of HTTP basic authentication for identity-based firewall policies.
type: str
choices:
- enable
- disable
auth_invalid_max:
description:
- Maximum number of failed authentication attempts before the user is blocked.
type: int
auth_lockout_duration:
description:
- Lockout period in seconds after too many login failures.
type: int
auth_lockout_threshold:
description:
- Maximum number of failed login attempts before login lockout is triggered.
type: int
auth_on_demand:
description:
- Always/implicitly trigger firewall authentication on demand.
type: str
choices:
- always
- implicitly
auth_portal_timeout:
description:
- Time in minutes before captive portal user have to re-authenticate (1 - 30 min).
type: int
auth_ports:
description:
- Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET.
type: list
elements: dict
suboptions:
id:
description:
- ID.
required: true
type: int
port:
description:
- Non-standard port for firewall user authentication.
type: int
type:
description:
- Service type.
type: str
choices:
- http
- https
- ftp
- telnet
auth_secure_http:
description:
- Enable/disable redirecting HTTP user authentication to more secure HTTPS.
type: str
choices:
- enable
- disable
auth_src_mac:
description:
- Enable/disable source MAC for user identity.
type: str
choices:
- enable
- disable
auth_ssl_allow_renegotiation:
description:
- Allow/forbid SSL re-negotiation for HTTPS authentication.
type: str
choices:
- enable
- disable
auth_ssl_max_proto_version:
description:
- Maximum supported protocol version for SSL/TLS connections .
type: str
choices:
- sslv3
- tlsv1
- tlsv1-1
- tlsv1-2
- tlsv1-3
auth_ssl_min_proto_version:
description:
- Minimum supported protocol version for SSL/TLS connections .
type: str
choices:
- default
- SSLv3
- TLSv1
- TLSv1-1
- TLSv1-2
auth_ssl_sigalgs:
description:
- Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only).
type: str
choices:
- no-rsa-pss
- all
auth_timeout:
description:
- Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
type: int
auth_timeout_type:
description:
- Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout.
type: str
choices:
- idle-timeout
- hard-timeout
- new-session
auth_type:
description:
- Supported firewall policy authentication protocols/methods.
type: list
elements: str
choices:
- http
- https
- ftp
- telnet
per_policy_disclaimer:
description:
- Enable/disable per policy disclaimer.
type: str
choices:
- enable
- disable
radius_ses_timeout_act:
description:
- Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts.
type: str
choices:
- hard-timeout
- ignore-timeout
'''
EXAMPLES = '''
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure user authentication setting.
fortios_user_setting:
vdom: "{{ vdom }}"
user_setting:
auth_blackout_time: "3"
auth_ca_cert: "<your_own_value> (source vpn.certificate.local.name)"
auth_cert: "<your_own_value> (source vpn.certificate.local.name)"
auth_http_basic: "enable"
auth_invalid_max: "7"
auth_lockout_duration: "8"
auth_lockout_threshold: "9"
auth_on_demand: "always"
auth_portal_timeout: "11"
auth_ports:
-
id: "13"
port: "14"
type: "http"
auth_secure_http: "enable"
auth_src_mac: "enable"
auth_ssl_allow_renegotiation: "enable"
auth_ssl_max_proto_version: "sslv3"
auth_ssl_min_proto_version: "default"
auth_ssl_sigalgs: "no-rsa-pss"
auth_timeout: "22"
auth_timeout_type: "idle-timeout"
auth_type: "http"
per_policy_disclaimer: "enable"
radius_ses_timeout_act: "hard-timeout"
'''
RETURN = '''
build:
description: Build number of the fortigate image
returned: always
type: str
sample: '1547'
http_method:
description: Last method used to provision the content into FortiGate
returned: always
type: str
sample: 'PUT'
http_status:
description: Last result given by FortiGate on last operation applied
returned: always
type: str
sample: "200"
mkey:
description: Master key (id) used in the last call to FortiGate
returned: success
type: str
sample: "id"
name:
description: Name of the table used to fulfill the request
returned: always
type: str
sample: "urlfilter"
path:
description: Path of the table used to fulfill the request
returned: always
type: str
sample: "webfilter"
revision:
description: Internal revision number
returned: always
type: str
sample: "17.0.2.10658"
serial:
description: Serial number of the unit
returned: always
type: str
sample: "FGVMEVYYQT3AB5352"
status:
description: Indication of the operation's result
returned: always
type: str
sample: "success"
vdom:
description: Virtual domain used
returned: always
type: str
sample: "root"
version:
description: Version of the FortiGate
returned: always
type: str
sample: "v5.6.3"
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler
from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi
from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import schema_to_module_spec
from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_schema_versioning
from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG
def filter_user_setting_data(json):
option_list = ['auth_blackout_time', 'auth_ca_cert', 'auth_cert',
'auth_http_basic', 'auth_invalid_max', 'auth_lockout_duration',
'auth_lockout_threshold', 'auth_on_demand', 'auth_portal_timeout',
'auth_ports', 'auth_secure_http', 'auth_src_mac',
'auth_ssl_allow_renegotiation', 'auth_ssl_max_proto_version', 'auth_ssl_min_proto_version',
'auth_ssl_sigalgs', 'auth_timeout', 'auth_timeout_type',
'auth_type', 'per_policy_disclaimer', 'radius_ses_timeout_act']
dictionary = {}
for attribute in option_list:
if attribute in json and json[attribute] is not None:
dictionary[attribute] = json[attribute]
return dictionary
def flatten_single_path(data, path, index):
if not data or index == len(path) or path[index] not in data or not data[path[index]]:
return
if index == len(path) - 1:
data[path[index]] = ' '.join(str(elem) for elem in data[path[index]])
elif isinstance(data[path[index]], list):
for value in data[path[index]]:
flatten_single_path(value, path, index + 1)
else:
flatten_single_path(data[path[index]], path, index + 1)
def flatten_multilists_attributes(data):
multilist_attrs = [
[u'auth_type'],
]
for attr in multilist_attrs:
flatten_single_path(data, attr, 0)
return data
def underscore_to_hyphen(data):
if isinstance(data, list):
for i, elem in enumerate(data):
data[i] = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
def user_setting(data, fos):
vdom = data['vdom']
user_setting_data = data['user_setting']
user_setting_data = flatten_multilists_attributes(user_setting_data)
filtered_data = underscore_to_hyphen(filter_user_setting_data(user_setting_data))
return fos.set('user',
'setting',
data=filtered_data,
vdom=vdom)
def is_successful_status(resp):
return 'status' in resp and resp['status'] == 'success' or \
'http_status' in resp and resp['http_status'] == 200 or \
'http_method' in resp and resp['http_method'] == "DELETE" and resp['http_status'] == 404
def fortios_user(data, fos):
fos.do_member_operation('user', 'setting')
if data['user_setting']:
resp = user_setting(data, fos)
else:
fos._module.fail_json(msg='missing task body: %s' % ('user_setting'))
return not is_successful_status(resp), \
is_successful_status(resp) and \
(resp['revision_changed'] if 'revision_changed' in resp else True), \
resp
versioned_schema = {
"type": "dict",
"children": {
"auth_type": {
"multiple_values": True,
"elements": "str",
"type": "list",
"options": [
{
"value": "http",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
{
"value": "https",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
{
"value": "ftp",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
{
"value": "telnet",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
}
],
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"auth_ssl_allow_renegotiation": {
"type": "string",
"options": [
{
"value": "enable",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
{
"value": "disable",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
}
],
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"auth_lockout_duration": {
"type": "integer",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"auth_lockout_threshold": {
"type": "integer",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"auth_timeout": {
"type": "integer",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"auth_ssl_sigalgs": {
"type": "string",
"options": [
{
"value": "no-rsa-pss",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.5": True,
"v7.0.4": True
}
},
{
"value": "all",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.5": True,
"v7.0.4": True
}
}
],
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": False,
"v7.0.0": False,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": False,
"v6.0.5": False,
"v6.0.0": False,
"v6.4.0": False,
"v6.4.1": False,
"v6.2.0": False,
"v6.2.3": False,
"v6.2.5": False,
"v6.2.7": False,
"v6.0.11": False
}
},
"auth_http_basic": {
"type": "string",
"options": [
{
"value": "enable",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
{
"value": "disable",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
}
],
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"auth_cert": {
"type": "string",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"auth_blackout_time": {
"type": "integer",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"auth_src_mac": {
"type": "string",
"options": [
{
"value": "enable",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
{
"value": "disable",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
}
],
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"auth_on_demand": {
"type": "string",
"options": [
{
"value": "always",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True
}
},
{
"value": "implicitly",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True
}
}
],
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": False,
"v6.0.0": False,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": False
}
},
"auth_secure_http": {
"type": "string",
"options": [
{
"value": "enable",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
{
"value": "disable",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
}
],
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"auth_ssl_min_proto_version": {
"type": "string",
"options": [
{
"value": "default",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True
}
},
{
"value": "SSLv3",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True
}
},
{
"value": "TLSv1",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True
}
},
{
"value": "TLSv1-1",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True
}
},
{
"value": "TLSv1-2",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True
}
}
],
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": False,
"v6.0.0": False,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": False
}
},
"auth_ports": {
"elements": "dict",
"type": "list",
"children": {
"type": {
"type": "string",
"options": [
{
"value": "http",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
{
"value": "https",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
{
"value": "ftp",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
{
"value": "telnet",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
}
],
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"id": {
"type": "integer",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"port": {
"type": "integer",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
}
},
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"auth_ca_cert": {
"type": "string",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"auth_timeout_type": {
"type": "string",
"options": [
{
"value": "idle-timeout",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
{
"value": "hard-timeout",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
{
"value": "new-session",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
}
],
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"radius_ses_timeout_act": {
"type": "string",
"options": [
{
"value": "hard-timeout",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
{
"value": "ignore-timeout",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
}
],
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"auth_portal_timeout": {
"type": "integer",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
},
"per_policy_disclaimer": {
"type": "string",
"options": [
{
"value": "enable",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True
}
},
{
"value": "disable",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True
}
}
],
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": False,
"v6.0.0": False,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": False
}
},
"auth_ssl_max_proto_version": {
"type": "string",
"options": [
{
"value": "sslv3",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.5": True,
"v7.0.4": True
}
},
{
"value": "tlsv1",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.5": True,
"v7.0.4": True
}
},
{
"value": "tlsv1-1",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.5": True,
"v7.0.4": True
}
},
{
"value": "tlsv1-2",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.5": True,
"v7.0.4": True
}
},
{
"value": "tlsv1-3",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.5": True,
"v7.0.4": True
}
}
],
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": False,
"v7.0.0": False,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": False,
"v6.0.5": False,
"v6.0.0": False,
"v6.4.0": False,
"v6.4.1": False,
"v6.2.0": False,
"v6.2.3": False,
"v6.2.5": False,
"v6.2.7": False,
"v6.0.11": False
}
},
"auth_invalid_max": {
"type": "integer",
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
}
},
"revisions": {
"v7.0.3": True,
"v7.0.2": True,
"v7.0.1": True,
"v7.0.0": True,
"v7.0.5": True,
"v7.0.4": True,
"v6.4.4": True,
"v6.0.5": True,
"v6.0.0": True,
"v6.4.0": True,
"v6.4.1": True,
"v6.2.0": True,
"v6.2.3": True,
"v6.2.5": True,
"v6.2.7": True,
"v6.0.11": True
}
}
def main():
module_spec = schema_to_module_spec(versioned_schema)
mkeyname = None
fields = {
"access_token": {"required": False, "type": "str", "no_log": True},
"enable_log": {"required": False, "type": 'bool', "default": False},
"vdom": {"required": False, "type": "str", "default": "root"},
"member_path": {"required": False, "type": "str"},
"member_state": {
"type": "str",
"required": False,
"choices": ["present", "absent"]
},
"user_setting": {
"required": False, "type": "dict", "default": None,
"options": {
}
}
}
for attribute_name in module_spec['options']:
fields["user_setting"]['options'][attribute_name] = module_spec['options'][attribute_name]
if mkeyname and mkeyname == attribute_name:
fields["user_setting"]['options'][attribute_name]['required'] = True
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
check_legacy_fortiosapi(module)
versions_check_result = None
if module._socket_path:
connection = Connection(module._socket_path)
if 'access_token' in module.params:
connection.set_option('access_token', module.params['access_token'])
if 'enable_log' in module.params:
connection.set_option('enable_log', module.params['enable_log'])
else:
connection.set_option('enable_log', False)
fos = FortiOSHandler(connection, module, mkeyname)
versions_check_result = check_schema_versioning(fos, versioned_schema, "user_setting")
is_error, has_changed, result = fortios_user(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
if versions_check_result and versions_check_result['matched'] is False:
module.warn("Ansible has detected version mismatch between FortOS system and your playbook, see more details by specifying option -vvv")
if not is_error:
if versions_check_result and versions_check_result['matched'] is False:
module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result)
else:
module.exit_json(changed=has_changed, meta=result)
else:
if versions_check_result and versions_check_result['matched'] is False:
module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
if __name__ == '__main__':
main()