fortinet.fortimanager.fmgr_system_admin_user – Admin user.
Note
This plugin is part of the fortinet.fortimanager collection (version 2.0.1).
To install it use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_user.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| bypass_validation
boolean
|
|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
|
||
| rc_failed
list / elements=string
|
the rc codes list with which the conditions to fail will be overriden
|
|||
| rc_succeeded
list / elements=string
|
the rc codes list with which the conditions to succeed will be overriden
|
|||
| state
string / required
|
|
the directive to create, update or delete an object
|
||
| system_admin_user
dictionary
|
the top level parameters set
|
|||
| adom
list / elements=string
|
no description
|
|||
| adom-name
string
|
Admin domain names.
|
|||
| adom-exclude
list / elements=string
|
no description
|
|||
| adom-name
string
|
Admin domain names.
|
|||
| app-filter
list / elements=string
|
no description
|
|||
| app-filter-name
string
|
App filter name.
|
|||
| avatar
string
|
Image file for avatar (maximum 4K base64 encoded).
|
|||
| ca
string
|
PKI user certificate CA (CA name in local).
|
|||
| change-password
string
|
|
Enable/disable restricted user to change self password.
disable - Disable setting.
enable - Enable setting.
|
||
| dashboard
list / elements=string
|
no description
|
|||
| column
integer
|
Default:
0
|
Widgets column ID.
|
||
| diskio-content-type
string
|
|
Disk I/O Monitor widgets chart type.
util - bandwidth utilization.
iops - the number of I/O requests.
blks - the amount of data of I/O requests.
|
||
| diskio-period
string
|
|
Disk I/O Monitor widgets data period.
1hour - 1 hour.
8hour - 8 hour.
24hour - 24 hour.
|
||
| log-rate-period
string
|
|
Log receive monitor widgets data period.
2min - 2 minutes.
1hour - 1 hour.
6hours - 6 hours.
|
||
| log-rate-topn
string
|
|
Log receive monitor widgets number of top items to display.
1 - Top 1.
2 - Top 2.
3 - Top 3.
4 - Top 4.
5 - Top 5.
|
||
| log-rate-type
string
|
|
Log receive monitor widgets statistics breakdown options.
log - Show log rates for each log type.
device - Show log rates for each device.
|
||
| moduleid
integer
|
Default:
0
|
Widget ID.
|
||
| name
string
|
Widget name.
|
|||
| num-entries
integer
|
Default:
10
|
Number of entries.
|
||
| refresh-interval
integer
|
Default:
300
|
Widgets refresh interval.
|
||
| res-cpu-display
string
|
|
Widgets CPU display type.
average - Average usage of CPU.
each - Each usage of CPU.
|
||
| res-period
string
|
|
Widgets data period.
10min - Last 10 minutes.
hour - Last hour.
day - Last day.
|
||
| res-view-type
string
|
|
Widgets data view type.
real-time - Real-time view.
history - History view.
|
||
| status
string
|
|
Widgets opened/closed state.
close - Widget closed.
open - Widget opened.
|
||
| tabid
integer
|
Default:
0
|
ID of tab where widget is displayed.
|
||
| time-period
string
|
|
Log Database Monitor widgets data period.
1hour - 1 hour.
8hour - 8 hour.
24hour - 24 hour.
|
||
| widget-type
string
|
|
Widget type.
top-lograte - Log Receive Monitor.
sysres - System resources.
sysinfo - System Information.
licinfo - License Information.
jsconsole - CLI Console.
sysop - Unit Operation.
alert - Alert Message Console.
statistics - Statistics.
rpteng - Report Engine.
raid - Disk Monitor.
logrecv - Logs/Data Received.
devsummary - Device Summary.
logdb-perf - Log Database Performance Monitor.
logdb-lag - Log Database Lag Time.
disk-io - Disk I/O.
log-rcvd-fwd - Log receive and forwarding Monitor.
|
||
| dashboard-tabs
list / elements=string
|
no description
|
|||
| name
string
|
Tab name.
|
|||
| tabid
integer
|
Default:
0
|
Tab ID.
|
||
| description
string
|
Description.
|
|||
| dev-group
string
|
device group.
|
|||
| email-address
string
|
Email address.
|
|||
| ext-auth-accprofile-override
string
|
|
Allow to use the access profile provided by the remote authentication server.
disable - Disable access profile override.
enable - Enable access profile override.
|
||
| ext-auth-adom-override
string
|
|
Allow to use the ADOM provided by the remote authentication server.
disable - Disable ADOM override.
enable - Enable ADOM override.
|
||
| ext-auth-group-match
string
|
Only administrators belonging to this group can login.
|
|||
| first-name
string
|
First name.
|
|||
| force-password-change
string
|
|
Enable/disable force password change on next login.
disable - Disable setting.
enable - Enable setting.
|
||
| group
string
|
Group name.
|
|||
| hidden
integer
|
Default:
0
|
Hidden administrator.
|
||
| ips-filter
list / elements=string
|
no description
|
|||
| ips-filter-name
string
|
IPS filter name.
|
|||
| ipv6_trusthost1
string
|
Default:
"::/0"
|
Admin user trusted host IPv6, default ::/0 for all.
|
||
| ipv6_trusthost10
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost2
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost3
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost4
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost5
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost6
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost7
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost8
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost9
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| last-name
string
|
Last name.
|
|||
| ldap-server
string
|
LDAP server name.
|
|||
| meta-data
list / elements=string
|
no description
|
|||
| fieldlength
integer
|
Default:
0
|
Field length.
|
||
| fieldname
string
|
Field name.
|
|||
| fieldvalue
string
|
Field value.
|
|||
| importance
string
|
|
Importance.
optional - This field is optional.
required - This field is required.
|
||
| status
string
|
|
Status.
disabled - This field is disabled.
enabled - This field is enabled.
|
||
| mobile-number
string
|
Mobile number.
|
|||
| pager-number
string
|
Pager number.
|
|||
| password
string
|
no description
|
|||
| password-expire
string
|
no description
|
|||
| phone-number
string
|
Phone number.
|
|||
| policy-package
list / elements=string
|
no description
|
|||
| policy-package-name
string
|
Policy package names.
|
|||
| profileid
string
|
Default:
"Restricted_User"
|
Profile ID.
|
||
| radius_server
string
|
RADIUS server name.
|
|||
| restrict-access
string
|
|
Enable/disable restricted access to development VDOM.
disable - Disable setting.
enable - Enable setting.
|
||
| restrict-dev-vdom
list / elements=string
|
no description
|
|||
| dev-vdom
string
|
Device or device VDOM.
|
|||
| rpc-permit
string
|
|
set none/read/read-write rpc-permission.
read-write - Read-write permission.
none - No permission.
read - Read-only permission.
|
||
| ssh-public-key1
string
|
no description
|
|||
| ssh-public-key2
string
|
no description
|
|||
| ssh-public-key3
string
|
no description
|
|||
| subject
string
|
PKI user certificate name constraints.
|
|||
| tacacs-plus-server
string
|
TACACS+ server name.
|
|||
| trusthost1
string
|
Default:
"0.0.0.0 0.0.0.0"
|
Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
|
||
| trusthost10
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost2
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost3
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost4
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost5
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost6
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost7
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost8
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost9
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| two-factor-auth
string
|
|
Enable 2-factor authentication (certificate + password).
disable - Disable 2-factor authentication.
enable - Enable 2-factor authentication.
|
||
| user_type
string
|
|
User type.
local - Local user.
radius - RADIUS user.
ldap - LDAP user.
tacacs-plus - TACACS+ user.
pki-auth - PKI user.
group - Group user.
|
||
| userid
string
|
User name.
|
|||
| web-filter
list / elements=string
|
no description
|
|||
| web-filter-name
string
|
Web filter name.
|
|||
| wildcard
string
|
|
Enable/disable wildcard remote authentication.
disable - Disable username wildcard.
enable - Enable username wildcard.
|
||
| workspace_locking_adom
string
|
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
|
|||
| workspace_locking_timeout
integer
|
Default:
300
|
the maximum time in seconds to wait for other user to release the workspace lock
|
||
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Admin user.
fmgr_system_admin_user:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
state: <value in [present, absent]>
system_admin_user:
adom:
-
adom-name: <value of string>
adom-exclude:
-
adom-name: <value of string>
app-filter:
-
app-filter-name: <value of string>
avatar: <value of string>
ca: <value of string>
change-password: <value in [disable, enable]>
dashboard:
-
column: <value of integer>
diskio-content-type: <value in [util, iops, blks]>
diskio-period: <value in [1hour, 8hour, 24hour]>
log-rate-period: <value in [2min , 1hour, 6hours]>
log-rate-topn: <value in [1, 2, 3, ...]>
log-rate-type: <value in [log, device]>
moduleid: <value of integer>
name: <value of string>
num-entries: <value of integer>
refresh-interval: <value of integer>
res-cpu-display: <value in [average , each]>
res-period: <value in [10min , hour, day]>
res-view-type: <value in [real-time , history]>
status: <value in [close, open]>
tabid: <value of integer>
time-period: <value in [1hour, 8hour, 24hour]>
widget-type: <value in [top-lograte, sysres, sysinfo, ...]>
dashboard-tabs:
-
name: <value of string>
tabid: <value of integer>
description: <value of string>
dev-group: <value of string>
email-address: <value of string>
ext-auth-accprofile-override: <value in [disable, enable]>
ext-auth-adom-override: <value in [disable, enable]>
ext-auth-group-match: <value of string>
first-name: <value of string>
force-password-change: <value in [disable, enable]>
group: <value of string>
hidden: <value of integer>
ips-filter:
-
ips-filter-name: <value of string>
ipv6_trusthost1: <value of string>
ipv6_trusthost10: <value of string>
ipv6_trusthost2: <value of string>
ipv6_trusthost3: <value of string>
ipv6_trusthost4: <value of string>
ipv6_trusthost5: <value of string>
ipv6_trusthost6: <value of string>
ipv6_trusthost7: <value of string>
ipv6_trusthost8: <value of string>
ipv6_trusthost9: <value of string>
last-name: <value of string>
ldap-server: <value of string>
meta-data:
-
fieldlength: <value of integer>
fieldname: <value of string>
fieldvalue: <value of string>
importance: <value in [optional, required]>
status: <value in [disabled, enabled]>
mobile-number: <value of string>
pager-number: <value of string>
password: <value of string>
password-expire: <value of string>
phone-number: <value of string>
policy-package:
-
policy-package-name: <value of string>
profileid: <value of string>
radius_server: <value of string>
restrict-access: <value in [disable, enable]>
restrict-dev-vdom:
-
dev-vdom: <value of string>
rpc-permit: <value in [read-write, none, read]>
ssh-public-key1: <value of string>
ssh-public-key2: <value of string>
ssh-public-key3: <value of string>
subject: <value of string>
tacacs-plus-server: <value of string>
trusthost1: <value of string>
trusthost10: <value of string>
trusthost2: <value of string>
trusthost3: <value of string>
trusthost4: <value of string>
trusthost5: <value of string>
trusthost6: <value of string>
trusthost7: <value of string>
trusthost8: <value of string>
trusthost9: <value of string>
two-factor-auth: <value in [disable, enable]>
user_type: <value in [local, radius, ldap, ...]>
userid: <value of string>
web-filter:
-
web-filter-name: <value of string>
wildcard: <value in [disable, enable]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url
string
|
always |
The full url requested
Sample:
/sys/login/user
|
| response_code
integer
|
always |
The status of api request
|
| response_message
string
|
always |
The descriptive message of the api response
Sample:
OK.
|
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_system_admin_user_module.html