wbrawner/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fortios_ipv4_policy.py state=absent Fix 23239 (#23242) (#23290)

Browse source 
* Resolve #23239:
  - path is missing when state=absent
  - update doc for unclear policy ID
  - required params based on state

* Fix pep8 + doc

* Fix doc

* Another doc problem...

* doc

* Update doc fot policy ID

* Fix doc string

* fix required in doc

* fix required in doc Required when I(state=present).

(cherry picked from commit f74a9abbda)
This commit is contained in:
John R Barker 2017-04-05 13:56:40 +01:00 committed by GitHub
parent dc99a7dac2
commit dbe83cc099
1 changed files with 26 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
lib/ansible/modules/network/fortios/fortios_ipv4_policy.py
View file

@ -36,11 +36,17 @@ extends_documentation_fragment: fortios
options: options:
id: id:
description: description:
- Policy ID. - "Policy ID.
Warning: policy ID number is different than Policy sequence number.
The policy ID is the number assigned at policy creation.
The sequence number represents the order in which the Fortigate will evaluate the rule for policy enforcement,
and also the order in which rules are listed in the GUI and CLI.
These two numbers do not necessarily correlate: this module is based off policy ID.
TIP: policy ID can be viewed in the GUI by adding 'ID' to the display columns"
required: true required: true
state: state:
description: description:
- Specifies if address need to be added or deleted. - Specifies if policy I(id) need to be added or deleted.
choices: ['present', 'absent'] choices: ['present', 'absent']
default: present default: present
src_intf: src_intf:
@ -53,8 +59,7 @@ options:
default: any default: any
src_addr: src_addr:
description: description:
- Specifies source address (or group) object name(s). - Specifies source address (or group) object name(s). Required when I(state=present).
required: true
src_addr_negate: src_addr_negate:
description: description:
- Negate source address param. - Negate source address param.
@ -62,8 +67,7 @@ options:
choices: ["true", "false"] choices: ["true", "false"]
dst_addr: dst_addr:
description: description:
- Specifies destination address (or group) object name(s). - Specifies destination address (or group) object name(s). Required when I(state=present).
required: true
dst_addr_negate: dst_addr_negate:
description: description:
- Negate destination address param. - Negate destination address param.
@ -71,14 +75,12 @@ options:
choices: ["true", "false"] choices: ["true", "false"]
policy_action: policy_action:
description: description:
- Specifies accept or deny action policy. - Specifies accept or deny action policy. Required when I(state=present).
choices: ['accept', 'deny'] choices: ['accept', 'deny']
required: true
aliases: ['action'] aliases: ['action']
service: service:
description: description:
- "Specifies policy service(s), could be a list (ex: ['MAIL','DNS'])." - "Specifies policy service(s), could be a list (ex: ['MAIL','DNS']). Required when I(state=present)."
required: true
aliases: aliases:
- services - services
service_negate: service_negate:
@ -180,12 +182,12 @@ def main():
src_intf = dict(default='any'), src_intf = dict(default='any'),
dst_intf = dict(default='any'), dst_intf = dict(default='any'),
state = dict(choices=['present', 'absent'], default='present'), state = dict(choices=['present', 'absent'], default='present'),
src_addr = dict(required=True, type='list'), src_addr = dict(type='list'),
dst_addr = dict(required=True, type='list'), dst_addr = dict(type='list'),
src_addr_negate = dict(type='bool', default=False), src_addr_negate = dict(type='bool', default=False),
dst_addr_negate = dict(type='bool', default=False), dst_addr_negate = dict(type='bool', default=False),
policy_action = dict(choices=['accept','deny'], required=True, aliases=['action']), policy_action = dict(choices=['accept','deny'], aliases=['action']),
service = dict(aliases=['services'], required=True, type='list'), service = dict(aliases=['services'], type='list'),
service_negate = dict(type='bool', default=False), service_negate = dict(type='bool', default=False),
schedule = dict(type='str', default='always'), schedule = dict(type='str', default='always'),
nat = dict(type='bool', default=False), nat = dict(type='bool', default=False),
@ -200,15 +202,22 @@ def main():
#merge global required_if & argument_spec from module_utils/fortios.py #merge global required_if & argument_spec from module_utils/fortios.py
argument_spec.update(fortios_argument_spec) argument_spec.update(fortios_argument_spec)
ipv4_policy_required_if = [
['state', 'present', ['src_addr', 'dst_addr', 'policy_action', 'service']],
]
module = AnsibleModule( module = AnsibleModule(
argument_spec=argument_spec, argument_spec=argument_spec,
supports_check_mode=True, supports_check_mode=True,
required_if=fortios_required_if, required_if=fortios_required_if + ipv4_policy_required_if ,
) )
#init forti object #init forti object
fortigate = AnsibleFortios(module) fortigate = AnsibleFortios(module)
#Security policies root path
config_path = 'firewall policy'
#test params #test params
#NAT related #NAT related
if not module.params['nat']: if not module.params['nat']:
@ -221,11 +230,11 @@ def main():
policy_id = str(module.params['id']) policy_id = str(module.params['id'])
#load config #load config
fortigate.load_config('firewall policy') fortigate.load_config(config_path)
#Absent State #Absent State
if module.params['state'] == 'absent': if module.params['state'] == 'absent':
fortigate.candidate_config[path].del_block(policy_id) fortigate.candidate_config[config_path].del_block(policy_id)
#Present state #Present state
elif module.params['state'] == 'present': elif module.params['state'] == 'present':