-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fortinet's FortiOS voip profile #52833
Fortinet's FortiOS voip profile #52833
Conversation
As a maintainer of a module in the same namespace this new module has been submitted to, your vote counts for shipits. Please review this module and add |
@mamunozgonzalez, just so you are aware we have a dedicated Working Group for network. |
password = data['password'] | ||
|
||
fos.debug('on') | ||
if 'https' in data and not data['https']: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can be modified as:
if 'https' in data and not data['https']: | |
fos.https('off') if 'https' in data and not data['https'] else fos.https('on') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am a big fan of oneliners so I really like this suggestion. However we decided to do it the other way because we are always receiving comments about readability and avoid oneliners when possible. If it is not a showstopper could we leave it as it is?
return data | ||
|
||
|
||
def voip_profile(data, fos): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
def voip_profile(data, fos): | |
Its always good to provide 2 liner comment, what function does and its output. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the suggestion, we'll add some comments for complex functions or hard to understand pieces of code. We'll run an additional code review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some clarifications required
def flatten_multilists_attributes(data): | ||
multilist_attrs = [] | ||
|
||
for attr in multilist_attrs: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure, that why are you trying to iterate over empty list, every time the fn shall get called.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We did this intentionally to support different versions of FortiGate. Depending on the version there can be some attributes that change from one version to another. If these attributes end up being "multioptions" they need to be processed by the method "flatten_multilists_attributes" before they are sent to fortiosapi. The user can add the attributes to the list and this way we avoid generating another ansible module for each different version of fortigate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mamunozgonzalez I have seen the discussion you had with my colleague @NilashishC, so If I understand it correctly you meant that user shall modify the multilist_attrs
list from the code end directly and if that's true that's incorrect and should not be allowed, also I can see in the respective fn. takes data
as fn. args but the same is being returned from the fn. without being operated. So, I would suggest to modify the fn. or remove it altogether from this and all other relevant PRs as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok I will remove the code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, once all the PRs shall be updated. I'll merge the code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @justjais , I have added a commit removing this code. Note I have also removed the use of global variables.
- Configure VoIP profiles. | ||
default: null | ||
suboptions: | ||
state: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally state
option shall be used under module (i.e. fortios_voip_profile), so wanted to verify if here other than voip_profile
param fortios_voip_profile
supports other options as well or its planned in future release, if not then it would be better to use state
option in conjunction with the module
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, actually it is planned for the future and other modules already do it: https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/network/fortios/fortios_webfilter.py. There are two 'submodules': webfilter_url and webfilter_content
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mamunozgonzalez so, I believe you shall be doing the respective changes in Ansible future release not in 2.8
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, if we are on time we would like to improve the code as much as possible before 2.8 to ensure the best user experience. We are putting more efforts now to develop and submit the modules so we are trying our best to do it.
We see that many customers are starting to use these modules (and we are getting good feedback and traction) thus we will put more efforts into improving this as much as possible, now and in the future.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, please take a pointer of the same and if at all feasible then I would suggest to cram in 2.8
, as coming back to address the issue is always hectic n sometimes forgotten I believe.
shipit |
shipit |
@mamunozgonzalez Thanks for updating the code, but check for the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unit tests are mandatory for the PR to be merged in Ansible repo
SUMMARY
Fortinet is adding Ansible support for FortiOS and FortiGate products. This module follows the same structure, guidelines and ideas given in previous approved module for a parallel feature of FortiGate (webfiltering): #37196
In this case we are providing a different functionality: "Voip Profile".
Please note that this will be part of other modules to come for FortiGate, including different functionalities: system, wireless-controller, firewall, webfilter, ips, web-proxy, wanopt, application, dlp spamfilter, log, vpn, certificate, user, dnsfilter, antivirus, report, waf, authentication, switch controller, endpoint-control and router. We plan to follow the same style, structure and usage as in the previous module in order to make it easier to comply with Ansible guidelines.
ISSUE TYPE
COMPONENT NAME
fortios_voip_profile
ANSIBLE VERSION