Improve Fortios IPv4 policy with logging capabilities and use the backup_filename param (#23544)

* Improve Fortios IPv4 policy with logging capabilities. While there, fix typos in examples. forti_config: use the backup_filename param and dont enforce the the filename value. * forti-typos * Add version_added for new options in the documentation
2017-04-13 18:20:06 +02:00 · 2017-04-13 18:20:06 +02:00 · 811eb66703
parent 92a425a532
commit 811eb66703
2 changed files with 37 additions and 5 deletions
--- a/lib/ansible/module_utils/fortios.py
+++ b/lib/ansible/module_utils/fortios.py
@ -65,12 +65,16 @@ fortios_error_codes = {
 def backup(module,running_config):
    backup_path = module.params['backup_path']
    backup_filename = module.params['backup_filename']
    if not os.path.exists(backup_path):
        try:
            os.mkdir(backup_path)
        except:
            module.fail_json(msg="Can't create directory {0} Permission denied ?".format(backup_path))
    tstamp = time.strftime("%Y-%m-%d@%H:%M:%S", time.localtime(time.time()))
    if 0 < len(backup_filename):
        filename = '%s/%s' % (backup_path, backup_filename)
    else:
        filename = '%s/%s_config.%s' % (backup_path, module.params['host'], tstamp)
    try:
        open(filename, 'w').write(running_config)
--- a/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py
+++ b/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py
@ -117,6 +117,18 @@ options:
  application_list:
    description:
      - Specifies Application Control name.
  logtraffic:
    version_added: "2.4"
    description:
      - Logs sessions that matched policy.
    default: utm
    choices: ['disable', 'utm', 'all']
  logtraffic_start:
    version_added: "2.4"
    description:
      - Logs begining of session as well.
    default: false
    choices: ["true", "false"]
  comment:
    description:
      - free text to describe policy.
@ -131,12 +143,13 @@ EXAMPLES = """
    username: admin
    password: password
    id: 42
-    srcaddr: internal_network
+    src_addr: internal_network
-    dstaddr: all
+    dst_addr: all
    service: dns
    nat: True
    state: present
    policy_action: accept
    logtraffic: disable
 - name: Public Web
  fortios_ipv4_policy:
@ -144,8 +157,8 @@ EXAMPLES = """
    username: admin
    password: password
    id: 42
-    srcaddr: all
+    src_addr: all
-    dstaddr: webservers
+    dst_addr: webservers
    services:
      - http
      - https
@ -197,6 +210,8 @@ def main():
        webfilter_profile         = dict(type='str'),
        ips_sensor                = dict(type='str'),
        application_list          = dict(type='str'),
        logtraffic                = dict(choices=['disable','all','utm'], default='utm'),
        logtraffic_start          = dict(type='bool', default=False),
    )
    #merge global required_if & argument_spec from module_utils/fortios.py
@ -226,6 +241,11 @@ def main():
        if module.params['fixedport']:
            module.fail_json(msg='Fixedport param requires NAT to be true.')
    #log options
    if module.params['logtraffic_start']:
        if not module.params['logtraffic'] == 'all':
            module.fail_json(msg='Logtraffic_start param requires logtraffic to be set to "all".')
    #id must be str(int) for pyFG to work
    policy_id = str(module.params['id'])
@ -260,6 +280,14 @@ def main():
        # action
        new_policy.set_param('action', '%s' % (module.params['policy_action']))
        #logging
        new_policy.set_param('logtraffic', '%s' % (module.params['logtraffic']))
        if module.params['logtraffic'] == 'all':
            if module.params['logtraffic_start']:
                new_policy.set_param('logtraffic-start', 'enable')
            else:
                new_policy.set_param('logtraffic-start', 'disable')
        # Schedule
        new_policy.set_param('schedule', '%s' % (module.params['schedule']))