Fortinet's FortiOS voip profile

[migumun]

SUMMARY

Fortinet is adding Ansible support for FortiOS and FortiGate products. This module follows the same structure, guidelines and ideas given in previous approved module for a parallel feature of FortiGate (webfiltering): #37196
In this case we are providing a different functionality: "Voip Profile".

Please note that this will be part of other modules to come for FortiGate, including different functionalities: system, wireless-controller, firewall, webfilter, ips, web-proxy, wanopt, application, dlp spamfilter, log, vpn, certificate, user, dnsfilter, antivirus, report, waf, authentication, switch controller, endpoint-control and router. We plan to follow the same style, structure and usage as in the previous module in order to make it easier to comply with Ansible guidelines.

ISSUE TYPE

• New Module Pull Request

COMPONENT NAME

fortios_voip_profile

ANSIBLE VERSION

ansible 2.8.0.dev0 (new_module ddbbe5dfa5) last updated 2018/09/24 14:54:57 (GMT +200)
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/magonzalez/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /home/magonzalez/ansible/lib/ansible
  executable location = /home/magonzalez/ansible/bin/ansible
  python version = 2.7.15rc1 (default, Apr 15 2018, 21:51:34) [GCC 7.3.0]

[ansibot]

@bjolivot @thomnico

As a maintainer of a module in the same namespace this new module has been submitted to, your vote counts for shipits. Please review this module and add shipit if you would like to see it merged.

click here for bot help

[ansibot]

cc @bjolivot
click here for bot help

[ansibot]

@mamunozgonzalez, just so you are aware we have a dedicated Working Group for network.
You can find other people interested in this in #ansible-network on Freenode IRC
For more information about communities, meetings and agendas see https://github.com/ansible/community

click here for bot help

[justjais]

can be modified as:

Suggested change

	if 'https' in data and not data['https']:
	fos.https('off') if 'https' in data and not data['https'] else fos.https('on')

[migumun]

I am a big fan of oneliners so I really like this suggestion. However we decided to do it the other way because we are always receiving comments about readability and avoid oneliners when possible. If it is not a showstopper could we leave it as it is?

[justjais]

Suggested change

	def voip_profile(data, fos):
	Its always good to provide 2 liner comment, what function does and its output.

[migumun]

Thanks for the suggestion, we'll add some comments for complex functions or hard to understand pieces of code. We'll run an additional code review.

[justjais]

sure.

[justjais]

Some clarifications required

[justjais]

I am not sure, that why are you trying to iterate over empty list, every time the fn shall get called.

[migumun]

We did this intentionally to support different versions of FortiGate. Depending on the version there can be some attributes that change from one version to another. If these attributes end up being "multioptions" they need to be processed by the method "flatten_multilists_attributes" before they are sent to fortiosapi. The user can add the attributes to the list and this way we avoid generating another ansible module for each different version of fortigate.

[justjais]

@mamunozgonzalez I have seen the discussion you had with my colleague @NilashishC, so If I understand it correctly you meant that user shall modify the multilist_attrs list from the code end directly and if that's true that's incorrect and should not be allowed, also I can see in the respective fn. takes data as fn. args but the same is being returned from the fn. without being operated. So, I would suggest to modify the fn. or remove it altogether from this and all other relevant PRs as well.

[migumun]

ok I will remove the code

[justjais]

Thanks, once all the PRs shall be updated. I'll merge the code.

[migumun]

Thanks @justjais , I have added a commit removing this code. Note I have also removed the use of global variables.

[justjais]

Ideally state option shall be used under module (i.e. fortios_voip_profile), so wanted to verify if here other than voip_profile param fortios_voip_profile supports other options as well or its planned in future release, if not then it would be better to use state option in conjunction with the module

[migumun]

Yes, actually it is planned for the future and other modules already do it: https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/network/fortios/fortios_webfilter.py. There are two 'submodules': webfilter_url and webfilter_content

[justjais]

@mamunozgonzalez so, I believe you shall be doing the respective changes in Ansible future release not in 2.8?

[migumun]

Well, if we are on time we would like to improve the code as much as possible before 2.8 to ensure the best user experience. We are putting more efforts now to develop and submit the modules so we are trying our best to do it.

We see that many customers are starting to use these modules (and we are getting good feedback and traction) thus we will put more efforts into improving this as much as possible, now and in the future.

[justjais]

OK, please take a pointer of the same and if at all feasible then I would suggest to cram in 2.8, as coming back to address the issue is always hectic n sometimes forgotten I believe.

[thomnico]

shipit

[thomnico]

shipit

[justjais]

@mamunozgonzalez Thanks for updating the code, but check for the state option correct usage as discussed earlier and try to fix the same as well. Also, please write the unit tests (fyi: its different from ansible integration tests) for all the raised PRs, coz without those we shall not be able to merge the PRs.

[justjais]

Unit tests are mandatory for the PR to be merged in Ansible repo