From dbe83cc09984ad27e778caebe4ccdcf585f44c4f Mon Sep 17 00:00:00 2001 From: John R Barker Date: Wed, 5 Apr 2017 13:56:40 +0100 Subject: [PATCH] fortios_ipv4_policy.py state=absent Fix 23239 (#23242) (#23290) * Resolve #23239: - path is missing when state=absent - update doc for unclear policy ID - required params based on state * Fix pep8 + doc * Fix doc * Another doc problem... * doc * Update doc fot policy ID * Fix doc string * fix required in doc * fix required in doc Required when I(state=present). (cherry picked from commit f74a9abbdabac47be9eba9f258f07796f64c67cc) --- .../network/fortios/fortios_ipv4_policy.py | 43 +++++++++++-------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py b/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py index aea2b1efeb..fea8110427 100644 --- a/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py +++ b/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py @@ -36,11 +36,17 @@ extends_documentation_fragment: fortios options: id: description: - - Policy ID. + - "Policy ID. + Warning: policy ID number is different than Policy sequence number. + The policy ID is the number assigned at policy creation. + The sequence number represents the order in which the Fortigate will evaluate the rule for policy enforcement, + and also the order in which rules are listed in the GUI and CLI. + These two numbers do not necessarily correlate: this module is based off policy ID. + TIP: policy ID can be viewed in the GUI by adding 'ID' to the display columns" required: true state: description: - - Specifies if address need to be added or deleted. + - Specifies if policy I(id) need to be added or deleted. choices: ['present', 'absent'] default: present src_intf: @@ -53,8 +59,7 @@ options: default: any src_addr: description: - - Specifies source address (or group) object name(s). - required: true + - Specifies source address (or group) object name(s). Required when I(state=present). src_addr_negate: description: - Negate source address param. @@ -62,8 +67,7 @@ options: choices: ["true", "false"] dst_addr: description: - - Specifies destination address (or group) object name(s). - required: true + - Specifies destination address (or group) object name(s). Required when I(state=present). dst_addr_negate: description: - Negate destination address param. @@ -71,14 +75,12 @@ options: choices: ["true", "false"] policy_action: description: - - Specifies accept or deny action policy. + - Specifies accept or deny action policy. Required when I(state=present). choices: ['accept', 'deny'] - required: true aliases: ['action'] service: description: - - "Specifies policy service(s), could be a list (ex: ['MAIL','DNS'])." - required: true + - "Specifies policy service(s), could be a list (ex: ['MAIL','DNS']). Required when I(state=present)." aliases: - services service_negate: @@ -180,12 +182,12 @@ def main(): src_intf = dict(default='any'), dst_intf = dict(default='any'), state = dict(choices=['present', 'absent'], default='present'), - src_addr = dict(required=True, type='list'), - dst_addr = dict(required=True, type='list'), + src_addr = dict(type='list'), + dst_addr = dict(type='list'), src_addr_negate = dict(type='bool', default=False), dst_addr_negate = dict(type='bool', default=False), - policy_action = dict(choices=['accept','deny'], required=True, aliases=['action']), - service = dict(aliases=['services'], required=True, type='list'), + policy_action = dict(choices=['accept','deny'], aliases=['action']), + service = dict(aliases=['services'], type='list'), service_negate = dict(type='bool', default=False), schedule = dict(type='str', default='always'), nat = dict(type='bool', default=False), @@ -200,15 +202,22 @@ def main(): #merge global required_if & argument_spec from module_utils/fortios.py argument_spec.update(fortios_argument_spec) + ipv4_policy_required_if = [ + ['state', 'present', ['src_addr', 'dst_addr', 'policy_action', 'service']], + ] + module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True, - required_if=fortios_required_if, + required_if=fortios_required_if + ipv4_policy_required_if , ) #init forti object fortigate = AnsibleFortios(module) + #Security policies root path + config_path = 'firewall policy' + #test params #NAT related if not module.params['nat']: @@ -221,11 +230,11 @@ def main(): policy_id = str(module.params['id']) #load config - fortigate.load_config('firewall policy') + fortigate.load_config(config_path) #Absent State if module.params['state'] == 'absent': - fortigate.candidate_config[path].del_block(policy_id) + fortigate.candidate_config[config_path].del_block(policy_id) #Present state elif module.params['state'] == 'present':