Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DLP profile rule "type" property value "fos_message" isn't obeyed #312

Closed
andrewlass opened this issue May 16, 2024 · 5 comments
Closed

DLP profile rule "type" property value "fos_message" isn't obeyed #312

andrewlass opened this issue May 16, 2024 · 5 comments

Comments

@andrewlass
Copy link

Issue: DLP profile rule "type" property value "fos_message" isn't obeyed.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_dlp_profile_module.html#parameter-dlp_profile/rule/type

Reproduction: Create a DLP profile rule with "type" property with value "fos_message". It will take the default value on FortiOS upon application, which is "file".

Note: If you manually change the value from "file" to "message" in FortiOS, Ansible won't change it.

Note: The API docs say to use value "messae" not "fos_message".
https://fndn.fortinet.net/index.php?/fortiapi/1-fortios/3826/1/dlp/
@andrewlass
Copy link
Author

I propose the following changes:

Change "fos_message" to "message".

https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/blob/main/plugins/modules/fortios_dlp_profile.py#L263

https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/blob/main/plugins/modules/fortios_dlp_profile.py#L469

https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/blob/main/plugins/modules/fortios_dlp_profile.py#L577

This has been tested in my dev environment and works.

Not certain what happened here. Perhaps a carry over to 7.2.x and 7.4.x when DLP was revamped.

@andrewlass andrewlass mentioned this issue May 16, 2024
Open
@andrewlass
Copy link
Author

PR open to apply this proven fix to the main branch.

#313

@MaxxLiu22
Copy link

Hi @andrewlass

Thank you for bringing this issue to our attention. message is an Ansible reserved word, so any key named 'message' is not permitted, as it would cause us to fail the Ansible community sanity test. I am not certain if a value can be set as 'message,' but I have reported this matter to the development team for further investigation and resolution.

Thanks,
Maxx

@andrewlass
Copy link
Author

Okay, thank you. It seems like the dev team has taken this case into account with the function "valid_attr_to_invalid_attr". Issue is that the function never accesses the "type" field in the data. Seems like a design bug that will need to be revisited. I'll post any useful suggestions in the meantime.

@MaxxLiu22
Copy link

Hi @andrewlass

We just released Ansible FOS 2.3.7. This issue should be fixed, so you could upgrade to it and give it a try at your convenience. in this version, we are still using "fos_message" and making a convert at Ansible backend, let me know if you still have questions.

rule:
  -
      id: 99
      name: "asb"
      proto: "smtp"
      type: "fos_message"
      filter_by: sensor

ansible-galaxy collection install fortinet.fortios:2.3.7

Thanks,
Maxx

@JieX19 JieX19 closed this as completed Aug 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JieX19 @MaxxLiu22 @andrewlass