Giter Club home page Giter Club logo

fortiwebcloud-ansible's Introduction

FortiWeb Cloud Ansible Collection

The collection is the FortiWeb Cloud Ansible Automation project. It includes the modules that configure FortiWeb Cloud by allowing the user to configure WAF (Web Application Firewall) features.

Requirements

  • Ansible 2.9+ (to support the newer Ansible Collections format)
  • Python 3.6+

Installation

This collection can be downloaded from ansible-galaxy, with installation steps as follows:

  1. Install or upgrade to Ansible 2.9+.
  2. Install the collection with the command ansible-galaxy collection install fortinet.fortiwebcloud:1.0.2.

Supported FortiWeb Cloud Versions

FortiWeb Cloud Version Galaxy  Version Release Date Install Path
21.3.b 2021/8/30 ansible-galaxy collection install fortinet.fortiwebcloud:1.0.2
21.4.a latest 2021/10/08 ansible-galaxy collection install fortinet.fortiwebcloud:1.0.3

Compatibility

This integration has been tested against Ansible version 2.9.6. Versions above this are expected to work but have not been tested.

Modules

Module Name Description
cloudwaf_app_create Onboard an application in Fortinet's FortiWeb Cloud.
cloudwaf_app_delete Delete an application from Fortinet's FortiWeb Cloud.
cloudwaf_ip_protection_method Configure IP Protection settings in Fortinet's FortiWeb Cloud.
cloudwaf_endpoint_update Modify the endpoint configuration of the application.
cloudwaf_inter_cert_method Configure intermediate certificates for the application.
cloudwaf_sni_cert_method Configure SNI certificates for the application.
cloudwaf_openapi_validation Configure Openapi Validation for the application.

Usage

More information about the usage can be found in Fortinet's FortiWeb Cloud Online Help.

Example to create an application in Fortinet's FortiWeb Cloud

  1. Create fwbcld_app_create.yml with the following template:

    ---
- hosts: fortiwebcloud01
  collections:
    - fortinet.fortiwebcloud
  connection: httpapi
  vars:
    application_name:  "YOUR_APP_NAME"
    ansible_httpapi_validate_certs: False
    ansible_httpapi_use_ssl: true
    ansible_httpapi_port: 443
  tasks:
    - name: Create an application.
      cloudwaf_app_create:
        app_name: "{{application_name}}"
        domain_name: "www.demo.com"
        extra_domains:
          - a.example.com
          - b.example.com
        app_service:
          http: 80
          https: 443
        origin_server_ip: "166.111.4.100"
        origin_server_service: "HTTPS"
        origin_server_port: "443"
        cdn: False
        continent_cdn: False
        block: False
        template: "your-template-name-or-empty"

  2. Create the hosts inventory file:

    [fortiwebcloud]
fortiwebcloud01 ansible_host="api.fortiweb-cloud.com" ansible_user="Your Account" ansible_password="Your Password"

[fortiwebcloud:vars]
ansible_network_os=fortinet.fortiwebcloud.fortiwebcloud

  3. Run the test:

    ansible-playbook fwbcld_app_create.yml -i hosts  -e 'ansible_python_interpreter=/usr/bin/python3'

Example to delete an existing application in Fortinet's FortiWeb Cloud

  1. Create fwbcld_app_delete.yml with the following template:

    ---
- hosts: fortiwebcloud01
  gather_facts: no
  collections:
    - fortinet.fortiwebcloud
  connection: httpapi
  vars:
    ansible_httpapi_validate_certs: False
    ansible_httpapi_use_ssl: True
    ansible_httpapi_port: 443
    application_name:  "YOUR_APP_NAME"
  tasks:
  - name: Delete the application.
    cloudwaf_app_delete:
      app_name: "{{application_name}}"

  2. Create the hosts inventory file:

    [fortiwebcloud]
fortiwebcloud01 ansible_host="api.fortiweb-cloud.com" ansible_user="Your Account" ansible_password="Your Password"

[fortiwebcloud:vars]
ansible_network_os=fortinet.fortiwebcloud.fortiwebcloud

  3. Run the test:

    ansible-playbook fwbcld_app_delete.yml -i hosts  -e 'ansible_python_interpreter=/usr/bin/python3'

Example to configure IP Protection attributes in Fortinet's FortiWeb Cloud

  1. Create fwbcld_app_ip_set.yml with the following template:

    ---
- hosts: fortiwebcloud01
  name: Execute cloud api
  collections:
    - fortinet.fortiwebcloud
  gather_facts: no
  connection: httpapi
  vars:
    ansible_httpapi_validate_certs: False
    ansible_httpapi_use_ssl: True
    ansible_httpapi_port: 443
    application_name:  "YOUR_APP_NAME"
  tasks:
  - name: Configure IP Protection.
    cloudwaf_ip_protection_method:
    app_name: "{{application_name}}"
    template_status: disable
    _status: enable
    IPProtection:
      ip-reputation: enable
      geo-ip-block:
      members:
        - Antigua And Barbuda
        - Aland Islands
        - Afghanistan
      ip-list:
      members:
        - type: trust-ip
        ip: '1.1.1.1,2.2.2.21-2.2.2.27'
        - type: block-ip
        ip: '3.1.1.1,3.1.1.11-3.1.1.17'
        - type: allow-only-ip
        ip: '4.1.1.1-4.1.1.17,4.1.1.19'

  2. Create the hosts inventory file:

    [fortiwebcloud]
fortiwebcloud01 ansible_host="api.fortiweb-cloud.com" ansible_user="Your Account" ansible_password="Your Password"

[fortiwebcloud:vars]
ansible_network_os=fortinet.fortiwebcloud.fortiwebcloud

  3. Run the test:

    ansible-playbook fwbcld_app_delete.yml -i hosts  -e 'ansible_python_interpreter=/usr/bin/python3'

Example to create an application with custom certificate in Fortinet's FortiWeb Cloud

  1. Create fwbcld_app_with_custom_cert.yml with the following template:

    ---
- hosts: fortiwebcloud01
  collections:
    - fortinet.fortiwebcloud
  connection: httpapi
  vars:
    application_name:  "YOUR_APP_NAME"
    ansible_httpapi_validate_certs: False
    ansible_httpapi_use_ssl: true
    ansible_httpapi_port: 443
  tasks:
    - name: Create an application.
      cloudwaf_app_create:
        app_name: "{{application_name}}"
        domain_name: "www.demo.com"
        extra_domains:
          - a.example.com
          - b.example.com
        app_service:
          http: 80
          https: 443
        origin_server_ip: "166.111.4.100"
        origin_server_service: "HTTPS"
        origin_server_port: "443"
        cdn: False
        block: False
        template: "your-template-name-or-empty"
    - name: sleep 120 seconds for the added app take effect
      wait_for:
        timeout: 120
      delegate_to: localhost
    - name: Update an application.
      cloudwaf_endpoint_update:
        app_name: "{{application_name}}"
        http_status: 1
        https_status: 1
        http2_status: 1
        extra_domains: [a.example.com, b.example.com]
        cert_type: 1
        ssl_options:
          tls_1_0: 0
          tls_1_1: 0
          tls_1_2: 1
          tls_1_3: 1
          encryption_level: 1
          http_2_https: 1
        custom_block_page: enable
        block_url: ''
        custom_http_port: 80
        custom_https_port: 443
    - name: Configure intermediate certificates.
      cloudwaf_inter_cert_method:
        app_name: "{{application_name}}"
        action: import
        certificate: |
          -----BEGIN CERTIFICATE-----
          Your intermediate certificate
          -----END CERTIFICATE-----
    - name: Import SNI certificate.
      cloudwaf_sni_cert_method:
        app_name: "{{application_name}}"
        action: import
        certificate: |
          -----BEGIN CERTIFICATE-----
          Your certificate
          -----END CERTIFICATE-----
        private_key: |
          -----BEGIN RSA PRIVATE KEY-----
          Your private key of the certificate
          -----END RSA PRIVATE KEY-----
        passwd: "Your password"
    - name: sleep 120 seconds to make sure the configuration take effect
      wait_for:
        timeout: 120
      delegate_to: localhost

  2. Create the hosts inventory file:

    [fortiwebcloud]
fortiwebcloud01 ansible_host="api.fortiweb-cloud.com" ansible_user="Your Account" ansible_password="Your Password"
[fortiwebcloud:vars]
ansible_network_os=fortinet.fortiwebcloud.fortiwebcloud

  3. Run the test:

    ansible-playbook fwbcld_app_create.yml -i hosts  -e 'ansible_python_interpreter=/usr/bin/python3'

Example to delete the custom certificate and import a new one in Fortinet's FortiWeb Cloud

  1. Create fwbcld_app_with_custom_cert.yml with the following template:

    ---
- hosts: fortiwebcloud01
  collections:
    - fortinet.fortiwebcloud
  connection: httpapi
  vars:
    application_name:  "YOUR_APP_NAME"
    ansible_httpapi_validate_certs: False
    ansible_httpapi_use_ssl: true
    ansible_httpapi_port: 443
  tasks:
    - name: Get the SNI certificates.
      cloudwaf_sni_cert_method:
        app_name: "{{application_name}}"
        action: get
      register: sni_cert_id
    - name: Delete SNI certificates.
      cloudwaf_sni_cert_method:
        app_name: "{{application_name}}"
        action: delete
        id: "{{ item.id }}"
      with_items:
        - "{{ sni_cert_id.meta }}"
    - name: Get intermediate certificates.
      cloudwaf_inter_cert_method:
        app_name: "{{application_name}}"
        action: get
      register: inter_cert_id
    - name: Delete Intermediate certificates.
      cloudwaf_inter_cert_method:
        app_name: "{{application_name}}"
        action: delete
        id: "{{ item.id }}"
      with_items:
        - "{{inter_cert_id.meta}}"
    - name: sleep 120 seconds for the added app take effect
      wait_for:
        timeout: 120
      delegate_to: localhost
    - name: Update an application.
      cloudwaf_endpoint_update:
        app_name: "{{application_name}}"
        http_status: 1
        https_status: 1
        http2_status: 1
        cert_type: 1
        ssl_options:
          tls_1_0: 0
          tls_1_1: 0
          tls_1_2: 1
          tls_1_3: 1
          encryption_level: 1
          http_2_https: 1
        custom_block_page: enable
        block_url: ''
        custom_http_port: 80
        custom_https_port: 443
    - name: Import intermediate certificate.
      cloudwaf_inter_cert_method:
        app_name: "{{application_name}}"
        action: import
        certificate: |
          -----BEGIN CERTIFICATE-----
          Your intermediate certificate
          -----END CERTIFICATE-----
    - name: Import SNI certificate.
      cloudwaf_sni_cert_method:
        app_name: "{{application_name}}"
        action: import
        certificate: |
          -----BEGIN CERTIFICATE-----
          Your certificate
          -----END CERTIFICATE-----
        private_key: |
          -----BEGIN RSA PRIVATE KEY-----
          Your private key of the certificate
          -----END RSA PRIVATE KEY-----
        passwd: "Your password"
    - name: sleep 120 seconds to make sure the configuration take effect
      wait_for:
        timeout: 120
      delegate_to: localhost

  2. Create the hosts inventory file:

    [fortiwebcloud]
fortiwebcloud01 ansible_host="api.fortiweb-cloud.com" ansible_user="Your Account" ansible_password="Your Password"
[fortiwebcloud:vars]
ansible_network_os=fortinet.fortiwebcloud.fortiwebcloud

  3. Run the test:

    ansible-playbook fwbcld_app_create.yml -i hosts  -e 'ansible_python_interpreter=/usr/bin/python3'

Example to configure OpenAPI Validation in Fortinet's FortiWeb Cloud

  1. Create fwbcld_openapi_validation.yml with the following template:

     ---
 - name: Execute cloud api
   hosts: fortiwebcloud01
   gather_facts: no
   collections:
     - fortinet.fortiwebcloud
   connection: httpapi
   vars:
     ansible_httpapi_validate_certs: False
     ansible_httpapi_use_ssl: true
     ansible_httpapi_port: 443
     application_name: "YOUR_APP_NAME"

   tasks:
     - name: Setup OpenApi Validation
       cloudwaf_openapi_validation:
         app_name: "{{application_name}}"
         enable: True
         action: "alert", "alert_deny", or "deny_no_log"
         validation_files:
           - /path/openapi_validation_file_1.yaml
           - /path/openapi_validation_file_2.yaml

  2. Create the hosts inventory file:

    
 [fortiwebcloud]
 fortiwebcloud01 ansible_host="api.fortiweb-cloud.com" ansible_user="Your Account" ansible_password="Your Password"

 [fortiwebcloud:vars]
 ansible_network_os=fortinet.fortiwebcloud.fortiwebcloud

  3. Run the test:

     ansible-playbook fwbcld_openapi_validation.yml -i hosts  -e 'ansible_python_interpreter=/usr/bin/python3'

License

License© Fortinet Technologies. All rights reserved.

Support

Fortinet-provided scripts in this and other GitHub projects do not fall under the regular Fortinet technical support scope and are not supported by FortiCare Support Services. For direct issues, please refer to the Issues tab of this GitHub project. For other questions related to this project, contact [email protected].

fortiwebcloud-ansible's People

Contributors

fortiweb avatar jthompson-ftnt avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.