fortinet.fortimanager.fmgr_system_admin_user – Admin user.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_user.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
system_admin_user
dictionary
the top level parameters set
adom
list / elements=string
no description
adom-name
string
Admin domain names.
adom-exclude
list / elements=string
no description
adom-name
string
Admin domain names.
app-filter
list / elements=string
no description
app-filter-name
string
App filter name.
avatar
string
Image file for avatar (maximum 4K base64 encoded).
ca
string
PKI user certificate CA (CA name in local).
change-password
string
    Choices:
  • disable ←
  • enable
Enable/disable restricted user to change self password.
disable - Disable setting.
enable - Enable setting.
dashboard
list / elements=string
no description
column
integer
Default:
0
Widgets column ID.
diskio-content-type
string
    Choices:
  • util ←
  • iops
  • blks
Disk I/O Monitor widgets chart type.
util - bandwidth utilization.
iops - the number of I/O requests.
blks - the amount of data of I/O requests.
diskio-period
string
    Choices:
  • 1hour ←
  • 8hour
  • 24hour
Disk I/O Monitor widgets data period.
1hour - 1 hour.
8hour - 8 hour.
24hour - 24 hour.
log-rate-period
string
    Choices:
  • 2min
  • 1hour
  • 6hours
Log receive monitor widgets data period.
2min - 2 minutes.
1hour - 1 hour.
6hours - 6 hours.
log-rate-topn
string
    Choices:
  • 1
  • 2
  • 3
  • 4
  • 5 ←
Log receive monitor widgets number of top items to display.
1 - Top 1.
2 - Top 2.
3 - Top 3.
4 - Top 4.
5 - Top 5.
log-rate-type
string
    Choices:
  • log
  • device ←
Log receive monitor widgets statistics breakdown options.
log - Show log rates for each log type.
device - Show log rates for each device.
moduleid
integer
Default:
0
Widget ID.
name
string
Widget name.
num-entries
integer
Default:
10
Number of entries.
refresh-interval
integer
Default:
300
Widgets refresh interval.
res-cpu-display
string
    Choices:
  • average  ←
  • each
Widgets CPU display type.
average - Average usage of CPU.
each - Each usage of CPU.
res-period
string
    Choices:
  • 10min  ←
  • hour
  • day
Widgets data period.
10min - Last 10 minutes.
hour - Last hour.
day - Last day.
res-view-type
string
    Choices:
  • real-time
  • history ←
Widgets data view type.
real-time - Real-time view.
history - History view.
status
string
    Choices:
  • close
  • open ←
Widgets opened/closed state.
close - Widget closed.
open - Widget opened.
tabid
integer
Default:
0
ID of tab where widget is displayed.
time-period
string
    Choices:
  • 1hour ←
  • 8hour
  • 24hour
Log Database Monitor widgets data period.
1hour - 1 hour.
8hour - 8 hour.
24hour - 24 hour.
widget-type
string
    Choices:
  • top-lograte
  • sysres
  • sysinfo
  • licinfo
  • jsconsole
  • sysop
  • alert
  • statistics
  • rpteng
  • raid
  • logrecv
  • devsummary
  • logdb-perf
  • logdb-lag
  • disk-io
  • log-rcvd-fwd
Widget type.
top-lograte - Log Receive Monitor.
sysres - System resources.
sysinfo - System Information.
licinfo - License Information.
jsconsole - CLI Console.
sysop - Unit Operation.
alert - Alert Message Console.
statistics - Statistics.
rpteng - Report Engine.
raid - Disk Monitor.
logrecv - Logs/Data Received.
devsummary - Device Summary.
logdb-perf - Log Database Performance Monitor.
logdb-lag - Log Database Lag Time.
disk-io - Disk I/O.
log-rcvd-fwd - Log receive and forwarding Monitor.
dashboard-tabs
list / elements=string
no description
name
string
Tab name.
tabid
integer
Default:
0
Tab ID.
description
string
Description.
dev-group
string
device group.
email-address
string
Email address.
ext-auth-accprofile-override
string
    Choices:
  • disable ←
  • enable
Allow to use the access profile provided by the remote authentication server.
disable - Disable access profile override.
enable - Enable access profile override.
ext-auth-adom-override
string
    Choices:
  • disable ←
  • enable
Allow to use the ADOM provided by the remote authentication server.
disable - Disable ADOM override.
enable - Enable ADOM override.
ext-auth-group-match
string
Only administrators belonging to this group can login.
first-name
string
First name.
force-password-change
string
    Choices:
  • disable ←
  • enable
Enable/disable force password change on next login.
disable - Disable setting.
enable - Enable setting.
group
string
Group name.
hidden
integer
Default:
0
Hidden administrator.
ips-filter
list / elements=string
no description
ips-filter-name
string
IPS filter name.
ipv6_trusthost1
string
Default:
"::/0"
Admin user trusted host IPv6, default ::/0 for all.
ipv6_trusthost10
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost2
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost3
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost4
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost5
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost6
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost7
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost8
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost9
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
last-name
string
Last name.
ldap-server
string
LDAP server name.
login-max
integer
Default:
32
Max login session for this user.
meta-data
list / elements=string
no description
fieldlength
integer
Default:
0
Field length.
fieldname
string
Field name.
fieldvalue
string
Field value.
importance
string
    Choices:
  • optional ←
  • required
Importance.
optional - This field is optional.
required - This field is required.
status
string
    Choices:
  • disabled
  • enabled ←
Status.
disabled - This field is disabled.
enabled - This field is enabled.
mobile-number
string
Mobile number.
pager-number
string
Pager number.
password
string
no description
password-expire
string
no description
phone-number
string
Phone number.
policy-package
list / elements=string
no description
policy-package-name
string
Policy package names.
profileid
string
Default:
"Restricted_User"
Profile ID.
radius_server
string
RADIUS server name.
restrict-access
string
    Choices:
  • disable ←
  • enable
Enable/disable restricted access to development VDOM.
disable - Disable setting.
enable - Enable setting.
restrict-dev-vdom
list / elements=string
no description
dev-vdom
string
Device or device VDOM.
rpc-permit
string
    Choices:
  • read-write
  • none ←
  • read
set none/read/read-write rpc-permission.
read-write - Read-write permission.
none - No permission.
read - Read-only permission.
ssh-public-key1
string
no description
ssh-public-key2
string
no description
ssh-public-key3
string
no description
subject
string
PKI user certificate name constraints.
tacacs-plus-server
string
TACACS+ server name.
trusthost1
string
Default:
"0.0.0.0 0.0.0.0"
Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
trusthost10
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost2
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost3
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost4
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost5
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost6
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost7
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost8
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost9
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
two-factor-auth
string
    Choices:
  • disable ←
  • enable
Enable 2-factor authentication (certificate + password).
disable - Disable 2-factor authentication.
enable - Enable 2-factor authentication.
use-global-theme
string
    Choices:
  • disable
  • enable ←
Enable/disble global theme for administration GUI.
disable - Disable setting.
enable - Enable setting.
user-theme
string
    Choices:
  • blue ←
  • green
  • red
  • melongene
  • spring
  • summer
  • autumn
  • winter
  • circuit-board
  • calla-lily
  • binary-tunnel
  • mars
  • blue-sea
  • technology
  • landscape
  • twilight
  • canyon
  • northern-light
  • astronomy
  • fish
  • penguin
  • mountain
  • panda
  • parrot
  • cave
  • zebra
  • contrast-dark
Color scheme to use for the admin user GUI.
blue - Blueberry
green - Kiwi
red - Cherry
melongene - Plum
spring - Spring
summer - Summer
autumn - Autumn
winter - Winter
circuit-board - Circuit Board
calla-lily - Calla Lily
binary-tunnel - Binary Tunnel
mars - Mars
blue-sea - Blue Sea
technology - Technology
landscape - Landscape
twilight - Twilight
canyon - Canyon
northern-light - Northern Light
astronomy - Astronomy
fish - Fish
penguin - Penguin
mountain - Mountain
panda - Panda
parrot - Parrot
cave - Cave
zebra - Zebra
contrast-dark - High Contrast Dark
user_type
string
    Choices:
  • local ←
  • radius
  • ldap
  • tacacs-plus
  • pki-auth
  • group
  • sso
User type.
local - Local user.
radius - RADIUS user.
ldap - LDAP user.
tacacs-plus - TACACS+ user.
pki-auth - PKI user.
group - Group user.
userid
string
User name.
web-filter
list / elements=string
no description
web-filter-name
string
Web filter name.
wildcard
string
    Choices:
  • disable ←
  • enable
Enable/disable wildcard remote authentication.
disable - Disable username wildcard.
enable - Enable username wildcard.
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Admin user.
     fmgr_system_admin_user:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        state: <value in [present, absent]>
        system_admin_user:
           adom:
             -
                 adom-name: <value of string>
           adom-exclude:
             -
                 adom-name: <value of string>
           app-filter:
             -
                 app-filter-name: <value of string>
           avatar: <value of string>
           ca: <value of string>
           change-password: <value in [disable, enable]>
           dashboard:
             -
                 column: <value of integer>
                 diskio-content-type: <value in [util, iops, blks]>
                 diskio-period: <value in [1hour, 8hour, 24hour]>
                 log-rate-period: <value in [2min , 1hour, 6hours]>
                 log-rate-topn: <value in [1, 2, 3, ...]>
                 log-rate-type: <value in [log, device]>
                 moduleid: <value of integer>
                 name: <value of string>
                 num-entries: <value of integer>
                 refresh-interval: <value of integer>
                 res-cpu-display: <value in [average , each]>
                 res-period: <value in [10min , hour, day]>
                 res-view-type: <value in [real-time , history]>
                 status: <value in [close, open]>
                 tabid: <value of integer>
                 time-period: <value in [1hour, 8hour, 24hour]>
                 widget-type: <value in [top-lograte, sysres, sysinfo, ...]>
           dashboard-tabs:
             -
                 name: <value of string>
                 tabid: <value of integer>
           description: <value of string>
           dev-group: <value of string>
           email-address: <value of string>
           ext-auth-accprofile-override: <value in [disable, enable]>
           ext-auth-adom-override: <value in [disable, enable]>
           ext-auth-group-match: <value of string>
           first-name: <value of string>
           force-password-change: <value in [disable, enable]>
           group: <value of string>
           hidden: <value of integer>
           ips-filter:
             -
                 ips-filter-name: <value of string>
           ipv6_trusthost1: <value of string>
           ipv6_trusthost10: <value of string>
           ipv6_trusthost2: <value of string>
           ipv6_trusthost3: <value of string>
           ipv6_trusthost4: <value of string>
           ipv6_trusthost5: <value of string>
           ipv6_trusthost6: <value of string>
           ipv6_trusthost7: <value of string>
           ipv6_trusthost8: <value of string>
           ipv6_trusthost9: <value of string>
           last-name: <value of string>
           ldap-server: <value of string>
           meta-data:
             -
                 fieldlength: <value of integer>
                 fieldname: <value of string>
                 fieldvalue: <value of string>
                 importance: <value in [optional, required]>
                 status: <value in [disabled, enabled]>
           mobile-number: <value of string>
           pager-number: <value of string>
           password: <value of string>
           password-expire: <value of string>
           phone-number: <value of string>
           policy-package:
             -
                 policy-package-name: <value of string>
           profileid: <value of string>
           radius_server: <value of string>
           restrict-access: <value in [disable, enable]>
           restrict-dev-vdom:
             -
                 dev-vdom: <value of string>
           rpc-permit: <value in [read-write, none, read]>
           ssh-public-key1: <value of string>
           ssh-public-key2: <value of string>
           ssh-public-key3: <value of string>
           subject: <value of string>
           tacacs-plus-server: <value of string>
           trusthost1: <value of string>
           trusthost10: <value of string>
           trusthost2: <value of string>
           trusthost3: <value of string>
           trusthost4: <value of string>
           trusthost5: <value of string>
           trusthost6: <value of string>
           trusthost7: <value of string>
           trusthost8: <value of string>
           trusthost9: <value of string>
           two-factor-auth: <value in [disable, enable]>
           user_type: <value in [local, radius, ldap, ...]>
           userid: <value of string>
           web-filter:
             -
                 web-filter-name: <value of string>
           wildcard: <value in [disable, enable]>
           login-max: <value of integer>
           use-global-theme: <value in [disable, enable]>
           user-theme: <value in [blue, green, red, ...]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)