- source
fmgr_waf_profile_obj.py
- orphan
2.10
- This module is able to configure a FortiManager device by allowing the user to [clone, delete, get, set, update] the following FortiManager json-rpc urls.
- /pm/config/adom/{adom}/obj/waf/profile/{profile}
- /pm/config/global/obj/waf/profile/{profile}
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.0.0
The below requirements are needed on the host that executes this module.
- ansible>=2.10.0
- loose_validation - Do parameter validation in a loose way type: bool required: false default: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom dom
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
- url_params - parameters in url path type: dict required: true
- adom - the domain prefix type: str choices: none, global, custom dom
- profile - the object name type: str
- parameters for method: [clone, set, update] - Web application firewall configuration.
- data - No description for the parameter type: dict
- comment - Comment. type: str
- extended-log - Enable/disable extended logging. type: str choices: [disable, enable]
- external - Disable/Enable external HTTP Inspection. type: str choices: [disable, enable]
- name - WAF Profile name. type: str
- url-access - No description for the parameter type: array
- access-pattern - No description for the parameter type: array
- id - URL access pattern ID. type: int
- negate - Enable/disable match negation. type: str choices: [disable, enable]
- pattern - URL pattern. type: str
- regex - Enable/disable regular expression based pattern match. type: str choices: [disable, enable]
- srcaddr - Source address. type: str
- action - Action. type: str choices: [bypass, permit, block]
- address - Host address. type: str
- id - URL access ID. type: int
- log - Enable/disable logging. type: str choices: [disable, enable]
- severity - Severity. type: str choices: [low, medium, high]
- access-pattern - No description for the parameter type: array
- parameters for method: [delete] - Web application firewall configuration.
- parameters for method: [get] - Web application firewall configuration.
- option - Set fetch option for the request. type: str choices: [object member, chksum, datasrc]
Note
- The module may supports multiple method, every method has different parameters definition
- One method may also have more than one parameter definition collection, each collection is dedicated to one API endpoint
- The module may include domain dependent urls, the domain can be specified in url_params as adom
- To run in workspace mode, the paremeter workspace_locking_adom must be included in the task
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: REQUESTING /PM/CONFIG/OBJ/WAF/PROFILE/{PROFILE}
fmgr_waf_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [clone, set, update]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
data:
comment: <value of string>
extended-log: <value in [disable, enable]>
external: <value in [disable, enable]>
name: <value of string>
url-access:
-
access-pattern:
-
id: <value of integer>
negate: <value in [disable, enable]>
pattern: <value of string>
regex: <value in [disable, enable]>
srcaddr: <value of string>
action: <value in [bypass, permit, block]>
address: <value of string>
id: <value of integer>
log: <value in [disable, enable]>
severity: <value in [low, medium, high]>
- name: REQUESTING /PM/CONFIG/OBJ/WAF/PROFILE/{PROFILE}
fmgr_waf_profile_obj:
loose_validation: False
workspace_locking_adom: <value in [global, custom adom]>
workspace_locking_timeout: 300
method: <value in [get]>
url_params:
adom: <value in [none, global, custom dom]>
profile: <value of string>
params:
-
option: <value in [object member, chksum, datasrc]>
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- return values for method: [clone, delete, set, update]
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/waf/profile/{profile}
- return values for method: [get]
- data
- No description for the parameter type: dict
- comment - Comment. type: str
- extended-log - Enable/disable extended logging. type: str
- external - Disable/Enable external HTTP Inspection. type: str
- name - WAF Profile name. type: str
- url-access - No description for the parameter type: array
- access-pattern - No description for the parameter type: array
- id - URL access pattern ID. type: int
- negate - Enable/disable match negation. type: str
- pattern - URL pattern. type: str
- regex - Enable/disable regular expression based pattern match. type: str
- srcaddr - Source address. type: str
- action - Action. type: str
- address - Host address. type: str
- id - URL access ID. type: int
- log - Enable/disable logging. type: str
- severity - Severity. type: str
- access-pattern - No description for the parameter type: array
- status
- No description for the parameter type: dict
- code - No description for the parameter type: int
- message - No description for the parameter type: str
- url - No description for the parameter type: str example: /pm/config/adom/{adom}/obj/waf/profile/{profile}
- This module is not guaranteed to have a backwards compatible interface.
- Frank Shen (@fshen01)
- Link Zheng (@zhengl)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.