fortios_system_automation_action – Action for automation stitches in Fortinet’s FortiOS and FortiGate.¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and automation_action category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
FortiOS Version Compatibility¶
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
v6.4.0 |
v6.4.1 |
v6.4.4 |
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
v7.2.4 |
v7.4.0 |
|
fortios_system_automation_action | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- system_automation_action - Action for automation stitches. type: dict more...
- accprofile - Access profile for CLI script action to access FortiGate features. Source system.accprofile.name. type: str more...
- action_type - Action type. type: str choices: email, fortiexplorer-notification, alert, disable-ssid, system-actions, quarantine, quarantine-forticlient, quarantine-nsx, quarantine-fortinac, ban-ip, aws-lambda, azure-function, google-cloud-function, alicloud-function, webhook, cli-script, slack-notification, microsoft-teams-notification, ios-notification more...
- alicloud_access_key_id - AliCloud AccessKey ID. type: str more...
- alicloud_access_key_secret - AliCloud AccessKey secret. type: str more...
- alicloud_account_id - AliCloud account ID. type: str more...
- alicloud_function - AliCloud function name. type: str more...
- alicloud_function_authorization - AliCloud function authorization type. type: str choices: anonymous, function more...
- alicloud_function_domain - AliCloud function domain. type: str more...
- alicloud_region - AliCloud region. type: str more...
- alicloud_service - AliCloud service name. type: str more...
- alicloud_version - AliCloud version. type: str more...
- aws_api_id - AWS API Gateway ID. type: str more...
- aws_api_key - AWS API Gateway API key. type: str more...
- aws_api_path - AWS API Gateway path. type: str more...
- aws_api_stage - AWS API Gateway deployment stage name. type: str more...
- aws_domain - AWS domain. type: str more...
- aws_region - AWS region. type: str more...
- azure_api_key - Azure function API key. type: str more...
- azure_app - Azure function application name. type: str more...
- azure_domain - Azure function domain. type: str more...
- azure_function - Azure function name. type: str more...
- azure_function_authorization - Azure function authorization level. type: str choices: anonymous, function, admin more...
- delay - Delay before execution (in seconds). type: int more...
- description - Description. type: str more...
- email_body - Email body. type: str more...
- email_from - Email sender name. type: str more...
- email_subject - Email subject. type: str more...
- email_to - Email addresses. type: list member_path: email_to:name more...
- name - Email address. type: str required: true more...
- execute_security_fabric - Enable/disable execution of CLI script on all or only one FortiGate unit in the Security Fabric. type: str choices: enable, disable more...
- forticare_email - Enable/disable use of your FortiCare email address as the email-to address. type: str choices: enable, disable more...
- fos_message - Message content. type: str more...
- gcp_function - Google Cloud function name. type: str more...
- gcp_function_domain - Google Cloud function domain. type: str more...
- gcp_function_region - Google Cloud function region. type: str more...
- gcp_project - Google Cloud Platform project name. type: str more...
- headers - Request headers. type: list member_path: headers:header more...
- header - Request header. type: str required: true more...
- http_body - Request body (if necessary). Should be serialized json string. type: str more...
- http_headers - Request headers. type: list member_path: http_headers:id more...
- id - Entry ID. type: int required: true more...
- key - Request header key. type: str more...
- value - Request header value. type: str more...
- message_type - Message type. type: str choices: text, json more...
- method - Request method (POST, PUT, GET, PATCH or DELETE). type: str choices: post, put, get, patch, delete more...
- minimum_interval - Limit execution to no more than once in this interval (in seconds). type: int more...
- name - Name. type: str required: true more...
- output_size - Number of megabytes to limit script output to (1 - 1024). type: int more...
- port - Protocol port. type: int more...
- protocol - Request protocol. type: str choices: http, https more...
- replacement_message - Enable/disable replacement message. type: str choices: enable, disable more...
- replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str more...
- required - Required in action chain. type: str choices: enable, disable more...
- script - CLI script. type: str more...
- sdn_connector - NSX SDN connector names. type: list member_path: sdn_connector:name more...
- name - SDN connector name. Source system.sdn-connector.name. type: str required: true more...
- security_tag - NSX security tag. type: str more...
- system_action - System action type. type: str choices: reboot, shutdown, backup-config more...
- timeout - Maximum running time for this script in seconds (0 = no timeout). type: int more...
- tls_certificate - Custom TLS certificate for API request. Source certificate.local.name. type: str more...
- uri - Request API URI. type: str more...
- verify_host_cert - Enable/disable verification of the remote host certificate. type: str choices: enable, disable more...
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Action for automation stitches.
fortios_system_automation_action:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
system_automation_action:
accprofile: "<your_own_value> (source system.accprofile.name)"
action_type: "email"
alicloud_access_key_id: "<your_own_value>"
alicloud_access_key_secret: "<your_own_value>"
alicloud_account_id: "<your_own_value>"
alicloud_function: "<your_own_value>"
alicloud_function_authorization: "anonymous"
alicloud_function_domain: "<your_own_value>"
alicloud_region: "<your_own_value>"
alicloud_service: "<your_own_value>"
alicloud_version: "<your_own_value>"
aws_api_id: "<your_own_value>"
aws_api_key: "<your_own_value>"
aws_api_path: "<your_own_value>"
aws_api_stage: "<your_own_value>"
aws_domain: "<your_own_value>"
aws_region: "<your_own_value>"
azure_api_key: "<your_own_value>"
azure_app: "<your_own_value>"
azure_domain: "<your_own_value>"
azure_function: "<your_own_value>"
azure_function_authorization: "anonymous"
delay: "0"
description: "<your_own_value>"
email_body: "<your_own_value>"
email_from: "<your_own_value>"
email_subject: "<your_own_value>"
email_to:
-
name: "default_name_31"
execute_security_fabric: "enable"
forticare_email: "enable"
fos_message: "<your_own_value>"
gcp_function: "<your_own_value>"
gcp_function_domain: "<your_own_value>"
gcp_function_region: "<your_own_value>"
gcp_project: "<your_own_value>"
headers:
-
header: "<your_own_value>"
http_body: "<your_own_value>"
http_headers:
-
id: "43"
key: "<your_own_value>"
value: "<your_own_value>"
message_type: "text"
method: "post"
minimum_interval: "0"
name: "default_name_49"
output_size: "10"
port: "0"
protocol: "http"
replacement_message: "enable"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
required: "enable"
script: "<your_own_value>"
sdn_connector:
-
name: "default_name_58 (source system.sdn-connector.name)"
security_tag: "<your_own_value>"
system_action: "reboot"
timeout: "0"
tls_certificate: "<your_own_value> (source certificate.local.name)"
uri: "<your_own_value>"
verify_host_cert: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3