FortiManager Plugin Module Conversion: fmgr_secprof_waf (#52789)

* Auto Commit for: fmgr_secprof_waf

* Auto Commit for: fmgr_secprof_waf

* Auto Commit for: fmgr_secprof_waf
This commit is contained in:
ftntcorecse 2019-03-05 01:23:30 -08:00 committed by Nilashish Chakraborty
parent 60c0069fec
commit 7ee7c3cf2c
3 changed files with 431 additions and 636 deletions

View file

@ -28,6 +28,8 @@ DOCUMENTATION = '''
--- ---
module: fmgr_secprof_waf module: fmgr_secprof_waf
version_added: "2.8" version_added: "2.8"
notes:
- Full Documentation at U(https://ftnt-ansible-docs.readthedocs.io/en/latest/).
author: author:
- Luke Weighall (@lweighall) - Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3) - Andrew Welsh (@Ghilli3)
@ -43,21 +45,6 @@ options:
required: false required: false
default: root default: root
host:
description:
- The FortiManager's Address.
required: true
username:
description:
- The username associated with the account.
required: true
password:
description:
- The password associated with the username account.
required: true
mode: mode:
description: description:
- Sets one of three modes for managing the object. - Sets one of three modes for managing the object.
@ -1045,18 +1032,12 @@ options:
EXAMPLES = ''' EXAMPLES = '''
- name: DELETE Profile - name: DELETE Profile
fmgr_secprof_waf: fmgr_secprof_waf:
host: "{{inventory_hostname}}"
username: "{{ username }}"
password: "{{ password }}"
name: "Ansible_WAF_Profile" name: "Ansible_WAF_Profile"
comment: "Created by Ansible Module TEST" comment: "Created by Ansible Module TEST"
mode: "delete" mode: "delete"
- name: CREATE Profile - name: CREATE Profile
fmgr_secprof_waf: fmgr_secprof_waf:
host: "{{inventory_hostname}}"
username: "{{ username }}"
password: "{{ password }}"
name: "Ansible_WAF_Profile" name: "Ansible_WAF_Profile"
comment: "Created by Ansible Module TEST" comment: "Created by Ansible Module TEST"
mode: "set" mode: "set"
@ -1070,15 +1051,15 @@ api_result:
""" """
from ansible.module_utils.basic import AnsibleModule, env_fallback from ansible.module_utils.basic import AnsibleModule, env_fallback
from ansible.module_utils.network.fortimanager.fortimanager import AnsibleFortiManager from ansible.module_utils.connection import Connection
from ansible.module_utils.network.fortimanager.fortimanager import FortiManagerHandler
# check for pyFMG lib from ansible.module_utils.network.fortimanager.common import FMGBaseException
try: from ansible.module_utils.network.fortimanager.common import FMGRCommon
from pyFMG.fortimgr import FortiManager from ansible.module_utils.network.fortimanager.common import FMGRMethods
from ansible.module_utils.network.fortimanager.common import DEFAULT_RESULT_OBJ
HAS_PYFMGR = True from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG
except ImportError: from ansible.module_utils.network.fortimanager.common import prepare_dict
HAS_PYFMGR = False from ansible.module_utils.network.fortimanager.common import scrub_dict
############### ###############
@ -1086,19 +1067,26 @@ except ImportError:
############### ###############
def fmgr_waf_profile_addsetdelete(fmg, paramgram): def fmgr_waf_profile_modify(fmgr, paramgram):
"""
:param fmgr: The fmgr object instance from fortimanager.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
mode = paramgram["mode"] mode = paramgram["mode"]
adom = paramgram["adom"] adom = paramgram["adom"]
# INIT A BASIC OBJECTS # INIT A BASIC OBJECTS
response = (-100000, {"msg": "Illegal or malformed paramgram discovered. System Exception"}) response = DEFAULT_RESULT_OBJ
url = "" url = ""
datagram = {} datagram = {}
# EVAL THE MODE PARAMETER FOR SET OR ADD # EVAL THE MODE PARAMETER FOR SET OR ADD
if mode in ['set', 'add', 'update']: if mode in ['set', 'add', 'update']:
url = '/pm/config/adom/{adom}/obj/waf/profile'.format(adom=adom) url = '/pm/config/adom/{adom}/obj/waf/profile'.format(adom=adom)
datagram = fmgr_del_none(fmgr_prepare_dict(paramgram)) datagram = scrub_dict(prepare_dict(paramgram))
# EVAL THE MODE PARAMETER FOR DELETE # EVAL THE MODE PARAMETER FOR DELETE
elif mode == "delete": elif mode == "delete":
@ -1106,129 +1094,11 @@ def fmgr_waf_profile_addsetdelete(fmg, paramgram):
url = '/pm/config/adom/{adom}/obj/waf/profile/{name}'.format(adom=adom, name=paramgram["name"]) url = '/pm/config/adom/{adom}/obj/waf/profile/{name}'.format(adom=adom, name=paramgram["name"])
datagram = {} datagram = {}
# IF MODE = SET -- USE THE 'SET' API CALL MODE response = fmgr.process_request(url, datagram, paramgram["mode"])
if mode == "set":
response = fmg.set(url, datagram)
# IF MODE = UPDATE -- USER THE 'UPDATE' API CALL MODE
elif mode == "update":
response = fmg.update(url, datagram)
# IF MODE = ADD -- USE THE 'ADD' API CALL MODE
elif mode == "add":
response = fmg.add(url, datagram)
# IF MODE = DELETE -- USE THE DELETE URL AND API CALL MODE
elif mode == "delete":
response = fmg.delete(url, datagram)
return response return response
# ADDITIONAL COMMON FUNCTIONS
# FUNCTION/METHOD FOR LOGGING OUT AND ANALYZING ERROR CODES
def fmgr_logout(fmg, module, msg="NULL", results=(), good_codes=(0,), logout_on_fail=True, logout_on_success=False):
"""
THIS METHOD CONTROLS THE LOGOUT AND ERROR REPORTING AFTER AN METHOD OR FUNCTION RUNS
"""
# pydevd.settrace('10.0.0.122', port=54654, stdoutToServer=True, stderrToServer=True)
# VALIDATION ERROR (NO RESULTS, JUST AN EXIT)
if msg != "NULL" and len(results) == 0:
try:
fmg.logout()
except BaseException:
pass
module.fail_json(msg=msg)
# SUBMISSION ERROR
if len(results) > 0:
if msg == "NULL":
try:
msg = results[1]['status']['message']
except BaseException:
msg = "No status message returned from pyFMG. Possible that this was a GET with a tuple result."
if results[0] not in good_codes:
if logout_on_fail:
fmg.logout()
module.fail_json(msg=msg, **results[1])
else:
return msg
else:
if logout_on_success:
fmg.logout()
module.exit_json(msg="API Called worked, but logout handler has been asked to logout on success",
**results[1])
else:
return msg
# FUNCTION/METHOD FOR CONVERTING CIDR TO A NETMASK
# DID NOT USE IP ADDRESS MODULE TO KEEP INCLUDES TO A MINIMUM
def fmgr_cidr_to_netmask(cidr):
cidr = int(cidr)
mask = (0xffffffff >> (32 - cidr)) << (32 - cidr)
return (str((0xff000000 & mask) >> 24) + '.' +
str((0x00ff0000 & mask) >> 16) + '.' +
str((0x0000ff00 & mask) >> 8) + '.' +
str((0x000000ff & mask)))
# utility function: removing keys wih value of None, nothing in playbook for that key
def fmgr_del_none(obj):
if isinstance(obj, dict):
return type(obj)((fmgr_del_none(k), fmgr_del_none(v))
for k, v in obj.items() if k is not None and (v is not None and not fmgr_is_empty_dict(v)))
else:
return obj
# utility function: remove keys that are need for the logic but the FMG API won't accept them
def fmgr_prepare_dict(obj):
list_of_elems = ["mode", "adom", "host", "username", "password"]
if isinstance(obj, dict):
obj = dict((key, fmgr_prepare_dict(value)) for (key, value) in obj.items() if key not in list_of_elems)
return obj
def fmgr_is_empty_dict(obj):
return_val = False
if isinstance(obj, dict):
if len(obj) > 0:
for k, v in obj.items():
if isinstance(v, dict):
if len(v) == 0:
return_val = True
elif len(v) > 0:
for k1, v1 in v.items():
if v1 is None:
return_val = True
elif v1 is not None:
return_val = False
return return_val
elif v is None:
return_val = True
elif v is not None:
return_val = False
return return_val
elif len(obj) == 0:
return_val = True
return return_val
def fmgr_split_comma_strings_into_lists(obj):
if isinstance(obj, dict):
if len(obj) > 0:
for k, v in obj.items():
if isinstance(v, str):
new_list = list()
if "," in v:
new_items = v.split(",")
for item in new_items:
new_list.append(item.strip())
obj[k] = new_list
return obj
############# #############
# END METHODS # END METHODS
############# #############
@ -1237,9 +1107,6 @@ def fmgr_split_comma_strings_into_lists(obj):
def main(): def main():
argument_spec = dict( argument_spec = dict(
adom=dict(type="str", default="root"), adom=dict(type="str", default="root"),
host=dict(required=True, type="str"),
password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]), no_log=True, required=True),
username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]), no_log=True, required=True),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
name=dict(required=False, type="str"), name=dict(required=False, type="str"),
@ -1414,8 +1281,7 @@ def main():
) )
module = AnsibleModule(argument_spec, supports_check_mode=False) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
# MODULE PARAMGRAM # MODULE PARAMGRAM
paramgram = { paramgram = {
"mode": module.params["mode"], "mode": module.params["mode"],
@ -1586,44 +1452,30 @@ def main():
} }
} }
list_overrides = ['address-list', 'constraint', 'method', 'signature', 'url-access'] module.paramgram = paramgram
for list_variable in list_overrides: fmgr = None
override_data = list() if module._socket_path:
try: connection = Connection(module._socket_path)
override_data = module.params[list_variable] fmgr = FortiManagerHandler(connection, module)
except BaseException: fmgr.tools = FMGRCommon()
pass
try:
if override_data:
del paramgram[list_variable]
paramgram[list_variable] = override_data
except BaseException:
pass
# CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN.
host = module.params["host"]
password = module.params["password"]
username = module.params["username"]
if host is None or username is None or password is None:
module.fail_json(msg="Host and username and password are required")
# CHECK IF LOGIN FAILED
fmg = AnsibleFortiManager(module, module.params["host"], module.params["username"], module.params["password"])
response = fmg.login()
if response[1]['status']['code'] != 0:
module.fail_json(msg="Connection to FortiManager Failed")
results = fmgr_waf_profile_addsetdelete(fmg, paramgram)
if results[0] != 0:
fmgr_logout(fmg, module, results=results, good_codes=[0])
fmg.logout()
if results is not None:
return module.exit_json(**results[1])
else: else:
return module.exit_json(msg="No results were returned from the API call.") module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['address-list', 'constraint', 'method', 'signature', 'url-access']
paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_waf_profile_modify(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
if __name__ == "__main__": if __name__ == "__main__":

View file

@ -1,360 +1,365 @@
{ {
"fmgr_waf_profile_addsetdelete": [ "fmgr_waf_profile_modify": [
{ {
"paramgram_used": { "paramgram_used": {
"comment": "Created by Ansible Module TEST", "comment": "Created by Ansible Module TEST",
"name": "Ansible_WAF_Profile", "name": "Ansible_WAF_Profile",
"adom": "root", "adom": "root",
"address-list": { "address-list": {
"blocked-address": null, "blocked-address": null,
"status": null, "status": null,
"severity": null, "severity": null,
"blocked-log": null, "blocked-log": null,
"trusted-address": null "trusted-address": null
},
"constraint": {
"header-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"content-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"max-cookie": {
"action": null,
"status": null,
"max-cookie": null,
"log": null,
"severity": null
},
"url-param-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"hostname": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"line-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"exception": {
"regex": null,
"header-length": null,
"content-length": null,
"max-cookie": null,
"pattern": null,
"hostname": null,
"line-length": null,
"max-range-segment": null,
"url-param-length": null,
"version": null,
"param-length": null,
"malformed": null,
"address": null,
"max-url-param": null,
"max-header-line": null,
"method": null
},
"max-range-segment": {
"action": null,
"status": null,
"max-range-segment": null,
"severity": null,
"log": null
},
"version": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"param-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"malformed": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"max-url-param": {
"action": null,
"status": null,
"max-url-param": null,
"log": null,
"severity": null
},
"max-header-line": {
"action": null,
"status": null,
"max-header-line": null,
"log": null,
"severity": null
},
"method": {
"action": null,
"status": null,
"log": null,
"severity": null
}
},
"extended-log": null,
"url-access": {
"action": null,
"address": null,
"severity": null,
"access-pattern": {
"negate": null,
"pattern": null,
"srcaddr": null,
"regex": null
},
"log": null
},
"external": null,
"signature": {
"custom-signature": {
"status": null,
"direction": null,
"target": null,
"severity": null,
"case-sensitivity": null,
"name": null,
"pattern": null,
"action": null,
"log": null
},
"credit-card-detection-threshold": null,
"main-class": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"disabled-signature": null,
"disabled-sub-class": null
},
"method": {
"status": null,
"severity": null,
"default-allowed-methods": null,
"log": null,
"method-policy": {
"regex": null,
"pattern": null,
"allowed-methods": null,
"address": null
}
},
"mode": "delete"
}, },
"constraint": { "datagram_sent": {},
"header-length": { "raw_response": {
"action": null, "status": {
"status": null, "message": "OK",
"length": null, "code": 0
"log": null, },
"severity": null "url": "/pm/config/adom/root/obj/waf/profile/Ansible_WAF_Profile"
},
"content-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"max-cookie": {
"action": null,
"status": null,
"max-cookie": null,
"log": null,
"severity": null
},
"url-param-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"hostname": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"line-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"exception": {
"regex": null,
"header-length": null,
"content-length": null,
"max-cookie": null,
"pattern": null,
"hostname": null,
"line-length": null,
"max-range-segment": null,
"url-param-length": null,
"version": null,
"param-length": null,
"malformed": null,
"address": null,
"max-url-param": null,
"max-header-line": null,
"method": null
},
"max-range-segment": {
"action": null,
"status": null,
"max-range-segment": null,
"severity": null,
"log": null
},
"version": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"param-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"malformed": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"max-url-param": {
"action": null,
"status": null,
"max-url-param": null,
"log": null,
"severity": null
},
"max-header-line": {
"action": null,
"status": null,
"max-header-line": null,
"log": null,
"severity": null
},
"method": {
"action": null,
"status": null,
"log": null,
"severity": null
}
}, },
"extended-log": null, "post_method": "delete"
"url-access": { },
"action": null, {
"address": null, "raw_response": {
"severity": null, "status": {
"access-pattern": { "message": "OK",
"negate": null, "code": 0
"pattern": null, },
"srcaddr": null, "url": "/pm/config/adom/root/obj/waf/profile"
"regex": null
},
"log": null
}, },
"external": null, "datagram_sent": {
"signature": { "comment": "Created by Ansible Module TEST",
"custom-signature": { "name": "Ansible_WAF_Profile"
"status": null,
"direction": null,
"target": null,
"severity": null,
"case-sensitivity": null,
"name": null,
"pattern": null,
"action": null,
"log": null
},
"credit-card-detection-threshold": null,
"main-class": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"disabled-signature": null,
"disabled-sub-class": null
}, },
"method": { "paramgram_used": {
"status": null, "comment": "Created by Ansible Module TEST",
"severity": null, "adom": "root",
"default-allowed-methods": null, "address-list": {
"log": null, "blocked-address": null,
"method-policy": { "status": null,
"regex": null, "severity": null,
"pattern": null, "blocked-log": null,
"allowed-methods": null, "trusted-address": null
"address": null },
} "extended-log": null,
"url-access": {
"action": null,
"severity": null,
"log": null,
"access-pattern": {
"negate": null,
"pattern": null,
"srcaddr": null,
"regex": null
},
"address": null
},
"external": null,
"name": "Ansible_WAF_Profile",
"constraint": {
"content-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"max-cookie": {
"action": null,
"status": null,
"max-cookie": null,
"log": null,
"severity": null
},
"line-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"max-range-segment": {
"action": null,
"severity": null,
"status": null,
"log": null,
"max-range-segment": null
},
"param-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"malformed": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"max-url-param": {
"action": null,
"status": null,
"max-url-param": null,
"log": null,
"severity": null
},
"header-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"exception": {
"regex": null,
"header-length": null,
"content-length": null,
"max-cookie": null,
"pattern": null,
"hostname": null,
"line-length": null,
"max-range-segment": null,
"url-param-length": null,
"version": null,
"param-length": null,
"malformed": null,
"address": null,
"max-url-param": null,
"max-header-line": null,
"method": null
},
"hostname": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"url-param-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"version": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"max-header-line": {
"action": null,
"status": null,
"max-header-line": null,
"log": null,
"severity": null
},
"method": {
"action": null,
"status": null,
"log": null,
"severity": null
}
},
"mode": "set",
"signature": {
"custom-signature": {
"status": null,
"direction": null,
"log": null,
"severity": null,
"target": null,
"action": null,
"pattern": null,
"case-sensitivity": null,
"name": null
},
"credit-card-detection-threshold": null,
"main-class": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"disabled-signature": null,
"disabled-sub-class": null
},
"method": {
"status": null,
"default-allowed-methods": null,
"method-policy": {
"regex": null,
"pattern": null,
"allowed-methods": null,
"address": null
},
"log": null,
"severity": null
}
}, },
"mode": "delete" "post_method": "set"
}, }
"raw_response": { ]
"status": {
"message": "OK",
"code": 0
},
"url": "/pm/config/adom/root/obj/waf/profile/Ansible_WAF_Profile"
},
"post_method": "delete"
},
{
"raw_response": {
"status": {
"message": "OK",
"code": 0
},
"url": "/pm/config/adom/root/obj/waf/profile"
},
"paramgram_used": {
"comment": "Created by Ansible Module TEST",
"adom": "root",
"address-list": {
"blocked-address": null,
"status": null,
"severity": null,
"blocked-log": null,
"trusted-address": null
},
"extended-log": null,
"url-access": {
"action": null,
"severity": null,
"log": null,
"access-pattern": {
"negate": null,
"pattern": null,
"srcaddr": null,
"regex": null
},
"address": null
},
"external": null,
"name": "Ansible_WAF_Profile",
"constraint": {
"content-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"max-cookie": {
"action": null,
"status": null,
"max-cookie": null,
"log": null,
"severity": null
},
"line-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"max-range-segment": {
"action": null,
"severity": null,
"status": null,
"log": null,
"max-range-segment": null
},
"param-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"malformed": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"max-url-param": {
"action": null,
"status": null,
"max-url-param": null,
"log": null,
"severity": null
},
"header-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"exception": {
"regex": null,
"header-length": null,
"content-length": null,
"max-cookie": null,
"pattern": null,
"hostname": null,
"line-length": null,
"max-range-segment": null,
"url-param-length": null,
"version": null,
"param-length": null,
"malformed": null,
"address": null,
"max-url-param": null,
"max-header-line": null,
"method": null
},
"hostname": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"url-param-length": {
"action": null,
"status": null,
"length": null,
"log": null,
"severity": null
},
"version": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"max-header-line": {
"action": null,
"status": null,
"max-header-line": null,
"log": null,
"severity": null
},
"method": {
"action": null,
"status": null,
"log": null,
"severity": null
}
},
"mode": "set",
"signature": {
"custom-signature": {
"status": null,
"direction": null,
"log": null,
"severity": null,
"target": null,
"action": null,
"pattern": null,
"case-sensitivity": null,
"name": null
},
"credit-card-detection-threshold": null,
"main-class": {
"action": null,
"status": null,
"log": null,
"severity": null
},
"disabled-signature": null,
"disabled-sub-class": null
},
"method": {
"status": null,
"default-allowed-methods": null,
"method-policy": {
"regex": null,
"pattern": null,
"allowed-methods": null,
"address": null
},
"log": null,
"severity": null
}
},
"post_method": "set"
}
]
} }

View file

@ -19,7 +19,7 @@ __metaclass__ = type
import os import os
import json import json
from pyFMG.fortimgr import FortiManager from ansible.module_utils.network.fortimanager.fortimanager import FortiManagerHandler
import pytest import pytest
try: try:
@ -27,15 +27,10 @@ try:
except ImportError: except ImportError:
pytest.skip("Could not load required modules for testing", allow_module_level=True) pytest.skip("Could not load required modules for testing", allow_module_level=True)
fmg_instance = FortiManager("1.1.1.1", "admin", "")
def load_fixtures(): def load_fixtures():
fixture_path = os.path.join( fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures') + "/{filename}.json".format(
os.path.dirname(__file__), filename=os.path.splitext(os.path.basename(__file__))[0])
'fixtures') + "/{filename}.json".format(
filename=os.path.splitext(
os.path.basename(__file__))[0])
try: try:
with open(fixture_path, "r") as fixture_file: with open(fixture_path, "r") as fixture_file:
fixture_data = json.load(fixture_file) fixture_data = json.load(fixture_file)
@ -44,88 +39,31 @@ def load_fixtures():
return [fixture_data] return [fixture_data]
@pytest.fixture(autouse=True)
def module_mock(mocker):
connection_class_mock = mocker.patch('ansible.module_utils.basic.AnsibleModule')
return connection_class_mock
@pytest.fixture(autouse=True)
def connection_mock(mocker):
connection_class_mock = mocker.patch('ansible.modules.network.fortimanager.fmgr_secprof_waf.Connection')
return connection_class_mock
@pytest.fixture(scope="function", params=load_fixtures()) @pytest.fixture(scope="function", params=load_fixtures())
def fixture_data(request): def fixture_data(request):
func_name = request.function.__name__.replace("test_", "") func_name = request.function.__name__.replace("test_", "")
return request.param.get(func_name, None) return request.param.get(func_name, None)
def test_fmgr_waf_profile_addsetdelete(fixture_data, mocker): fmg_instance = FortiManagerHandler(connection_mock, module_mock)
mocker.patch("pyFMG.fortimgr.FortiManager._post_request", side_effect=fixture_data)
# Fixture sets used:###########################
##################################################
# comment: Created by Ansible Module TEST
# name: Ansible_WAF_Profile
# adom: root
# address-list: {'blocked-address': None, 'status': None, 'severity': None, 'blocked-log': None,
# 'trusted-address': None}
# constraint: {'header-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
# 'content-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
# 'max-cookie': {'action': None, 'status': None, 'max-cookie': None, 'log': None, 'severity': None},
# 'url-param-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
# 'hostname': {'action': None, 'status': None, 'log': None, 'severity': None},
# 'line-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
# 'exception': {'regex': None, 'header-length': None, 'content-length': None, 'max-cookie': None, 'pattern': None,
# 'hostname': None, 'line-length': None, 'max-range-segment': None, 'url-param-length': None, 'version': None,
# 'param-length': None, 'malformed': None, 'address': None, 'max-url-param': None, 'max-header-line': None,
# 'method': None}, 'max-range-segment': {'action': None, 'status': None, 'max-range-segment': None,
# 'severity': None, 'log': None}, 'version': {'action': None, 'status': None, 'log': None, 'severity': None},
# 'param-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
# 'malformed': {'action': None, 'status': None, 'log': None, 'severity': None}, 'max-url-param': {'action': None,
# 'status': None, 'max-url-param': None, 'log': None, 'severity': None}, 'max-header-line': {'action': None,
# 'status': None, 'max-header-line': None, 'log': None, 'severity': None}, 'method': {'action': None,
# 'status': None, 'log': None, 'severity': None}}
# extended-log: None
# url-access: {'action': None, 'address': None, 'severity': None, 'access-pattern': {'negate': None,
# 'pattern': None, 'srcaddr': None, 'regex': None}, 'log': None}
# external: None
# signature: {'custom-signature': {'status': None, 'direction': None, 'target': None, 'severity': None,
# 'case-sensitivity': None, 'name': None, 'pattern': None, 'action': None, 'log': None},
# 'credit-card-detection-threshold': None, 'main-class': {'action': None, 'status': None, 'log': None,
# 'severity': None}, 'disabled-signature': None, 'disabled-sub-class': None}
# method: {'status': None, 'severity': None, 'default-allowed-methods': None, 'log': None,
# 'method-policy': {'regex': None, 'pattern': None, 'allowed-methods': None, 'address': None}}
# mode: delete
##################################################
##################################################
# comment: Created by Ansible Module TEST
# adom: root
# address-list: {'blocked-address': None, 'status': None, 'severity': None, 'blocked-log': None,
# 'trusted-address': None}
# extended-log: None
# url-access: {'action': None, 'severity': None, 'log': None, 'access-pattern': {'negate': None, 'pattern': None,
# 'srcaddr': None, 'regex': None}, 'address': None}
# external: None
# name: Ansible_WAF_Profile
# constraint: {'content-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
# 'max-cookie': {'action': None, 'status': None, 'max-cookie': None, 'log': None, 'severity': None},
# 'line-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
# 'max-range-segment': {'action': None, 'severity': None, 'status': None, 'log': None, 'max-range-segment': None},
# 'param-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
# 'malformed': {'action': None, 'status': None, 'log': None, 'severity': None}, 'max-url-param': {'action': None,
# 'status': None, 'max-url-param': None, 'log': None, 'severity': None}, 'header-length': {'action': None,
# 'status': None, 'length': None, 'log': None, 'severity': None}, 'exception': {'regex': None,
# 'header-length': None, 'content-length': None, 'max-cookie': None, 'pattern': None, 'hostname': None,
# 'line-length': None, 'max-range-segment': None, 'url-param-length': None, 'version': None, 'param-length': None,
# 'malformed': None, 'address': None, 'max-url-param': None, 'max-header-line': None, 'method': None},
# 'hostname': {'action': None, 'status': None, 'log': None, 'severity': None},
# 'url-param-length': {'action': None, 'status': None, 'length': None, 'log': None, 'severity': None},
# 'version': {'action': None, 'status': None, 'log': None, 'severity': None}, 'max-header-line': {'action': None,
# 'status': None, 'max-header-line': None, 'log': None, 'severity': None}, 'method': {'action': None,
# 'status': None, 'log': None, 'severity': None}}
# mode: set
# signature: {'custom-signature': {'status': None, 'direction': None, 'log': None, 'severity': None, 'target': None,
# 'action': None, 'pattern': None, 'case-sensitivity': None, 'name': None},
# 'credit-card-detection-threshold': None, 'main-class': {'action': None, 'status': None, 'log': None,
# 'severity': None}, 'disabled-signature': None, 'disabled-sub-class': None}
# method: {'status': None, 'default-allowed-methods': None, 'method-policy': {'regex': None, 'pattern': None,
# 'allowed-methods': None, 'address': None}, 'log': None, 'severity': None}
##################################################
# Test using fixture 1 # def test_fmgr_waf_profile_modify(fixture_data, mocker):
output = fmgr_secprof_waf.fmgr_waf_profile_addsetdelete(fmg_instance, fixture_data[0]['paramgram_used']) mocker.patch("ansible.module_utils.network.fortimanager.fortimanager.FortiManagerHandler.process_request",
side_effect=fixture_data)
output = fmgr_secprof_waf.fmgr_waf_profile_modify(fmg_instance, fixture_data[0]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0 assert output['raw_response']['status']['code'] == 0
# Test using fixture 2 # output = fmgr_secprof_waf.fmgr_waf_profile_modify(fmg_instance, fixture_data[1]['paramgram_used'])
output = fmgr_secprof_waf.fmgr_waf_profile_addsetdelete(fmg_instance, fixture_data[1]['paramgram_used'])
assert output['raw_response']['status']['code'] == 0 assert output['raw_response']['status']['code'] == 0