Skip to content
Permalink
Browse files

New HTTPAPI plugin for FortiOS (#56870)

* New HTTPAPI plugin for FortiOS

* Remove special char

* Updates after review - Comments from Qalthos
  • Loading branch information...
mamunozgonzalez authored and Qalthos committed Jun 22, 2019
1 parent fbdf6e5 commit 64c3b4fbb51beb9423e292423d24a2c7166f10f7
Showing with 231 additions and 1 deletion.
  1. +106 −1 lib/ansible/module_utils/network/fortios/fortios.py
  2. +125 −0 lib/ansible/plugins/httpapi/fortios.py
@@ -4,7 +4,8 @@
# still belong to the author of the module, and may assign their own license
# to the complete work.
#
# Copyright (c), Benjamin Jolivot <bjolivot@gmail.com>, 2014
# Copyright (c), Benjamin Jolivot <bjolivot@gmail.com>, 2014,
# Miguel Angel Munoz <magonzalez@fortinet.com>, 2019
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -33,6 +34,9 @@
from ansible.module_utils._text import to_native
from ansible.module_utils.basic import env_fallback

import json

# BEGIN DEPRECATED

# check for pyFG lib
try:
@@ -72,6 +76,105 @@
'-61': "Command error"
}

# END DEPRECATED


class FortiOSHandler(object):

def __init__(self, conn):
self._conn = conn

def cmdb_url(self, path, name, vdom=None, mkey=None):

url = '/api/v2/cmdb/' + path + '/' + name
if mkey:
url = url + '/' + str(mkey)
if vdom:
if vdom == "global":
url += '?global=1'
else:
url += '?vdom=' + vdom
return url

def schema(self, path, name, vdom=None):
if vdom is None:
url = self.cmdb_url(path, name) + "?action=schema"
else:
url = self.cmdb_url(path, name, vdom=vdom) + "&action=schema"

status, result_data = self._conn.send_request(url=url)

if status == 200:
if vdom == "global":
return json.loads(result_data.decode('utf-8'))[0]['results']
else:
return json.loads(result_data.decode('utf-8'))['results']
else:
return json.loads(result_data.decode('utf-8'))

def get_mkeyname(self, path, name, vdom=None):
schema = self.schema(path, name, vdom=vdom)
try:
keyname = schema['mkey']
except KeyError:
return False
return keyname

def get_mkey(self, path, name, data, vdom=None):

keyname = self.get_mkeyname(path, name, vdom)
if not keyname:
return None
else:
try:
mkey = data[keyname]
except KeyError:
return None
return mkey

def set(self, path, name, data, mkey=None, vdom=None, parameters=None):

if not mkey:
mkey = self.get_mkey(path, name, data, vdom=vdom)
url = self.cmdb_url(path, name, vdom, mkey)

status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='PUT')

if status == 404 or status == 405 or status == 500:
return self.post(path, name, data, vdom, mkey)
else:
return self.formatresponse(result_data, vdom=vdom)

def post(self, path, name, data, vdom=None,
mkey=None, parameters=None):

if mkey:
mkeyname = self.get_mkeyname(path, name, vdom)
data[mkeyname] = mkey

url = self.cmdb_url(path, name, vdom, mkey=None)

status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='POST')

return self.formatresponse(result_data, vdom=vdom)

def delete(self, path, name, vdom=None, mkey=None, parameters=None, data=None):
if not mkey:
mkey = self.get_mkey(path, name, data, vdom=vdom)
url = self.cmdb_url(path, name, vdom, mkey)
status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='DELETE')
return self.formatresponse(result_data, vdom=vdom)

def formatresponse(self, res, vdom=None):
if vdom == "global":
resp = json.loads(res.decode('utf-8'))[0]
resp['vdom'] = "global"
else:
resp = json.loads(res.decode('utf-8'))
return resp

# BEGIN DEPRECATED


def backup(module, running_config):
backup_path = module.params['backup_path']
@@ -198,3 +301,5 @@ def get_error_infos(self, cli_errors):

def get_empty_configuration_block(self, block_name, block_type):
return FortiConfig(block_name, block_type)

# END DEPRECATED
@@ -0,0 +1,125 @@
# This code is part of Ansible, but is an independent component.
# This particular file snippet, and this file snippet only, is BSD licensed.
# Modules you write using this snippet, which is embedded dynamically by Ansible
# still belong to the author of the module, and may assign their own license
# to the complete work.
#
# (c) 2019 Fortinet, Inc
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


from __future__ import (absolute_import, division, print_function)
__metaclass__ = type

DOCUMENTATION = """
---
author:
- Miguel Angel Muñoz (@magonzalez)
httpapi : fortios
short_description: HttpApi Plugin for Fortinet FortiOS Appliance or VM
description:
- This HttpApi plugin provides methods to connect to Fortinet FortiOS Appliance or VM via REST API
version_added: "2.9"
"""

from ansible.plugins.httpapi import HttpApiBase
from ansible.module_utils.basic import to_text
import urllib
import json
import re


class HttpApi(HttpApiBase):
def __init__(self, connection):
super(HttpApi, self).__init__(connection)

self._ccsrftoken = ''

def set_become(self, become_context):
"""
Elevation is not required on Fortinet devices - Skipped
:param become_context: Unused input.
:return: None
"""
return None

def login(self, username, password):
"""Call a defined login endpoint to receive an authentication token."""

data = "username=" + urllib.parse.quote(username) + "&secretkey=" + urllib.parse.quote(password) + "&ajax=1"
dummy, result_data = self.send_request(url='/logincheck', data=data, method='POST')
if result_data[0] != '1':
raise Exception('Wrong credentials. Please check')

def logout(self):
""" Call to implement session logout."""

self.send_request(url='/logout', method="POST")

def update_auth(self, response, response_text):
"""
Get cookies and obtain value for csrftoken that will be used on next requests
:param response: Response given by the server.
:param response_text Unused_input.
:return: Dictionary containing headers
"""

headers = {}

for attr, val in response.getheaders():
if attr == 'Set-Cookie' and 'APSCOOKIE_' in val:
headers['Cookie'] = val

elif attr == 'Set-Cookie' and 'ccsrftoken=' in val:
csrftoken_search = re.search('\"(.*)\"', val)
if csrftoken_search:
self._ccsrftoken = csrftoken_search.group(1)

headers['x-csrftoken'] = self._ccsrftoken

return headers

def handle_httperror(self, exc):
"""
Not required on Fortinet devices - Skipped
:param exc: Unused input.
:return: exc
"""
return exc

def send_request(self, **message_kwargs):
"""
Responsible for actual sending of data to the connection httpapi base plugin.
:param message_kwargs: A formatted dictionary containing request info: url, data, method
:return: Status code and response data.
"""
url = message_kwargs.get('url', '/')
data = message_kwargs.get('data', '')
method = message_kwargs.get('method', 'GET')

try:
response, response_data = self.connection.send(url, data, method=method)

return response.status, to_text(response_data.getvalue())
except Exception as err:
raise Exception(err)

0 comments on commit 64c3b4f

Please sign in to comment.
You can’t perform that action at this time.