DLP profile rule "type" property value "fos_message" isn't obeyed

fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0

84 stars 47 forks source link

DLP profile rule "type" property value "fos_message" isn't obeyed #312

Open andrewlass opened 2 months ago

andrewlass commented 2 months ago

Issue: DLP profile rule "type" property value "fos_message" isn't obeyed. https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_dlp_profile_module.html#parameter-dlp_profile/rule/type

Reproduction: Create a DLP profile rule with "type" property with value "fos_message". It will take the default value on FortiOS upon application, which is "file".

Note: If you manually change the value from "file" to "message" in FortiOS, Ansible won't change it.

Note: The API docs say to use value "messae" not "fos_message". https://fndn.fortinet.net/index.php?/fortiapi/1-fortios/3826/1/dlp/

andrewlass commented 2 months ago

I propose the following changes:

Change "fos_message" to "message".

https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/blob/main/plugins/modules/fortios_dlp_profile.py#L263

https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/blob/main/plugins/modules/fortios_dlp_profile.py#L469

https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/blob/main/plugins/modules/fortios_dlp_profile.py#L577

This has been tested in my dev environment and works.

Not certain what happened here. Perhaps a carry over to 7.2.x and 7.4.x when DLP was revamped.

andrewlass commented 2 months ago

PR open to apply this proven fix to the main branch.

https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/pull/313

MaxxLiu22 commented 1 month ago

Hi @andrewlass

Thank you for bringing this issue to our attention. message is an Ansible reserved word, so any key named 'message' is not permitted, as it would cause us to fail the Ansible community sanity test. I am not certain if a value can be set as 'message,' but I have reported this matter to the development team for further investigation and resolution.

Thanks, Maxx

andrewlass commented 1 month ago

Okay, thank you. It seems like the dev team has taken this case into account with the function "valid_attr_to_invalid_attr". Issue is that the function never accesses the "type" field in the data. Seems like a design bug that will need to be revisited. I'll post any useful suggestions in the meantime.

MaxxLiu22 commented 5 minutes ago

Hi @andrewlass

We just released Ansible FOS 2.3.7. This issue should be fixed, so you could upgrade to it and give it a try at your convenience. in this version, we are still using "fos_message" and making a convert at Ansible backend, let me know if you still have questions.

rule:
  -
      id: 99
      name: "asb"
      proto: "smtp"
      type: "fos_message"
      filter_by: sensor

ansible-galaxy collection install fortinet.fortios:2.3.7

Thanks, Maxx