Fortinet's FortiOS user adgrp #52831
Conversation
|
As a maintainer of a module in the same namespace this new module has been submitted to, your vote counts for shipits. Please review this module and add |
|
@mamunozgonzalez, just so you are aware we have a dedicated Working Group for network. |
ansibot
added
affects_2.8
| vdom: "{{ vdom }}" | ||
| https: "False" | ||
| user_adgrp: | ||
| state: "present" |
There was a problem hiding this comment.
Ideally state option shall be used under module (i.e. fortios_user_adgrp), so wanted to verify if here other than user_adgrp param fortios_user_adgrp supports other options as well or its planned in future release, if not then it would be better to use state option in conjunction with the module as:
| state: "present" | |
| - hosts: localhost | |
| vars: | |
| host: "192.168.122.40" | |
| username: "admin" | |
| password: "" | |
| vdom: "root" | |
| tasks: | |
| - name: Configure FSSO groups. | |
| fortios_user_adgrp: | |
| host: "{{ host }}" | |
| username: "{{ username }}" | |
| password: "{{ password }}" | |
| vdom: "{{ vdom }}" | |
| https: "False" | |
| state: "present" | |
| user_adgrp: | |
| name: "default_name_3" | |
| server-name: "<your_own_value> (source user.fsso.name)" |
This is how other ansible modules are written.
There was a problem hiding this comment.
Yes, actually it is planned for the future and other modules already do it: https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/network/fortios/fortios_webfilter.py. There are two 'submodules': webfilter_url and webfilter_content
| password = data['password'] | ||
|
|
||
| fos.debug('on') | ||
| if 'https' in data and not data['https']: |
There was a problem hiding this comment.
Can be modified as:
| if 'https' in data and not data['https']: | |
| fos.https('off') if 'https' in data and not data['https'] else fos.https('on') |
There was a problem hiding this comment.
I am a big fan of oneliners so I really like this suggestion. However we decided to do it the other way because we are always receiving comments about readability and avoid oneliners when possible. If it is not a showstopper could we leave it as it is?
| def flatten_multilists_attributes(data): | ||
| multilist_attrs = [] | ||
|
|
||
| for attr in multilist_attrs: |
There was a problem hiding this comment.
I am not sure why are you trying to iterate over empty list for each fn call.
There was a problem hiding this comment.
We did this intentionally to support different versions of FortiGate. Depending on the version there can be some attributes that change from one version to another. If these attributes end up being "multioptions" they need to be processed by the method "flatten_multilists_attributes" before they are sent to fortiosapi. The user can add the attributes to the list and this way we avoid generating another ansible module for each different version of fortigate.
ansibot
removed
the
needs_triage
|
shipit |
ansibot
added
shipit
ansibot
added
community_review
|
shipit |
ansibot
added
shipit
SUMMARY
Fortinet is adding Ansible support for FortiOS and FortiGate products. This module follows the same structure, guidelines and ideas given in previous approved module for a parallel feature of FortiGate (webfiltering): #37196
In this case we are providing a different functionality: "User Adgrp".
Please note that this will be part of other modules to come for FortiGate, including different functionalities: system, wireless-controller, firewall, webfilter, ips, web-proxy, wanopt, application, dlp spamfilter, log, vpn, certificate, user, dnsfilter, antivirus, report, waf, authentication, switch controller, endpoint-control and router. We plan to follow the same style, structure and usage as in the previous module in order to make it easier to comply with Ansible guidelines.
ISSUE TYPE
COMPONENT NAME
fortios_user_addgrp
ANSIBLE VERSION