-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fortinet's FortiOS user adgrp #52831
Fortinet's FortiOS user adgrp #52831
Conversation
As a maintainer of a module in the same namespace this new module has been submitted to, your vote counts for shipits. Please review this module and add |
@mamunozgonzalez, just so you are aware we have a dedicated Working Group for network. |
vdom: "{{ vdom }}" | ||
https: "False" | ||
user_adgrp: | ||
state: "present" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally state
option shall be used under module (i.e. fortios_user_adgrp), so wanted to verify if here other than user_adgrp
param fortios_user_adgrp
supports other options as well or its planned in future release, if not then it would be better to use state
option in conjunction with the module as:
state: "present" | |
- hosts: localhost | |
vars: | |
host: "192.168.122.40" | |
username: "admin" | |
password: "" | |
vdom: "root" | |
tasks: | |
- name: Configure FSSO groups. | |
fortios_user_adgrp: | |
host: "{{ host }}" | |
username: "{{ username }}" | |
password: "{{ password }}" | |
vdom: "{{ vdom }}" | |
https: "False" | |
state: "present" | |
user_adgrp: | |
name: "default_name_3" | |
server-name: "<your_own_value> (source user.fsso.name)" |
This is how other ansible modules are written.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, actually it is planned for the future and other modules already do it: https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/network/fortios/fortios_webfilter.py. There are two 'submodules': webfilter_url and webfilter_content
password = data['password'] | ||
|
||
fos.debug('on') | ||
if 'https' in data and not data['https']: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can be modified as:
if 'https' in data and not data['https']: | |
fos.https('off') if 'https' in data and not data['https'] else fos.https('on') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am a big fan of oneliners so I really like this suggestion. However we decided to do it the other way because we are always receiving comments about readability and avoid oneliners when possible. If it is not a showstopper could we leave it as it is?
def flatten_multilists_attributes(data): | ||
multilist_attrs = [] | ||
|
||
for attr in multilist_attrs: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure why are you trying to iterate over empty list for each fn call.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We did this intentionally to support different versions of FortiGate. Depending on the version there can be some attributes that change from one version to another. If these attributes end up being "multioptions" they need to be processed by the method "flatten_multilists_attributes" before they are sent to fortiosapi. The user can add the attributes to the list and this way we avoid generating another ansible module for each different version of fortigate.
shipit |
shipit |
SUMMARY
Fortinet is adding Ansible support for FortiOS and FortiGate products. This module follows the same structure, guidelines and ideas given in previous approved module for a parallel feature of FortiGate (webfiltering): #37196
In this case we are providing a different functionality: "User Adgrp".
Please note that this will be part of other modules to come for FortiGate, including different functionalities: system, wireless-controller, firewall, webfilter, ips, web-proxy, wanopt, application, dlp spamfilter, log, vpn, certificate, user, dnsfilter, antivirus, report, waf, authentication, switch controller, endpoint-control and router. We plan to follow the same style, structure and usage as in the previous module in order to make it easier to comply with Ansible guidelines.
ISSUE TYPE
COMPONENT NAME
fortios_user_addgrp
ANSIBLE VERSION