fmgr_system_admin_user – Admin user.¶

New in version 2.10.

Synopsis
Requirements
Parameters
Notes
Examples
Return Values
Status
Authors

Synopsis ¶

This module is able to configure a FortiManager device.
Examples include all parameters and values need to be adjusted to data sources before usage.
Tested with FortiManager v6.0.0.

Requirements ¶

The below requirements are needed on the host that executes this module.

ansible>=2.9.0

Parameters ¶

bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters type: bool required: false default: False
workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom adom including root
workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
rc_succeeded - The rc codes list with which the conditions to succeed will be overriden type: list required: false
rc_failed - The rc codes list with which the conditions to fail will be overriden type: list required: false
state - The directive to create, update or delete an object type: str required: true choices: present, absent
system_admin_user - Admin user. type: dict

adom - No description for the parameter type: array
- adom-name - Admin domain names. type: str
adom-exclude - No description for the parameter type: array
- adom-name - Admin domain names. type: str
app-filter - No description for the parameter type: array
- app-filter-name - App filter name. type: str
avatar - Image file for avatar (maximum 4K base64 encoded). type: str
ca - PKI user certificate CA (CA name in local). type: str
change-password - Enable/disable restricted user to change self password. type: str choices: [disable, enable] default: disable
dashboard - No description for the parameter type: array
- column - Widgets column ID. type: int default: 0
- diskio-content-type - Disk I/O Monitor widgets chart type. type: str choices: [util, iops, blks] default: util
- diskio-period - Disk I/O Monitor widgets data period. type: str choices: [1hour, 8hour, 24hour] default: 1hour
- log-rate-period - Log receive monitor widgets data period. type: str choices: [2min , 1hour, 6hours]
- log-rate-topn - Log receive monitor widgets number of top items to display. type: str choices: [1, 2, 3, 4, 5] default: 5
- log-rate-type - Log receive monitor widgets statistics breakdown options. type: str choices: [log, device] default: device
- moduleid - Widget ID. type: int default: 0
- name - Widget name. type: str
- num-entries - Number of entries. type: int default: 10
- refresh-interval - Widgets refresh interval. type: int default: 300
- res-cpu-display - Widgets CPU display type. type: str choices: [average , each] default: average
- res-period - Widgets data period. type: str choices: [10min , hour, day] default: 10min
- res-view-type - Widgets data view type. type: str choices: [real-time , history] default: history
- status - Widgets opened/closed state. type: str choices: [close, open] default: open
- tabid - ID of tab where widget is displayed. type: int default: 0
- time-period - Log Database Monitor widgets data period. type: str choices: [1hour, 8hour, 24hour] default: 1hour
- widget-type - Widget type. type: str choices: [top-lograte, sysres, sysinfo, licinfo, jsconsole, sysop, alert, statistics, rpteng, raid, logrecv, devsummary, logdb-perf, logdb-lag, disk-io, log-rcvd-fwd]
dashboard-tabs - No description for the parameter type: array
- name - Tab name. type: str
- tabid - Tab ID. type: int default: 0
description - Description. type: str
dev-group - device group. type: str
email-address - Email address. type: str
ext-auth-accprofile-override - Allow to use the access profile provided by the remote authentication server. type: str choices: [disable, enable] default: disable
ext-auth-adom-override - Allow to use the ADOM provided by the remote authentication server. type: str choices: [disable, enable] default: disable
ext-auth-group-match - Only administrators belonging to this group can login. type: str
first-name - First name. type: str
force-password-change - Enable/disable force password change on next login. type: str choices: [disable, enable] default: disable
group - Group name. type: str
hidden - Hidden administrator. type: int default: 0
ips-filter - No description for the parameter type: array
- ips-filter-name - IPS filter name. type: str
ipv6_trusthost1 - Admin user trusted host IPv6, default ::/0 for all. type: str default: ::/0
ipv6_trusthost10 - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost2 - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost3 - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost4 - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost5 - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost6 - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost7 - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost8 - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
ipv6_trusthost9 - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
last-name - Last name. type: str
ldap-server - LDAP server name. type: str
meta-data - No description for the parameter type: array
- fieldlength - Field length. type: int default: 0
- fieldname - Field name. type: str
- fieldvalue - Field value. type: str
- importance - Importance. type: str choices: [optional, required] default: optional
- status - Status. type: str choices: [disabled, enabled] default: enabled
mobile-number - Mobile number. type: str
pager-number - Pager number. type: str
password - No description for the parameter type: str
password-expire - No description for the parameter type: str
phone-number - Phone number. type: str
policy-package - No description for the parameter type: array
- policy-package-name - Policy package names. type: str
profileid - Profile ID. type: str default: Restricted_User
radius_server - RADIUS server name. type: str
restrict-access - Enable/disable restricted access to development VDOM. type: str choices: [disable, enable] default: disable
restrict-dev-vdom - No description for the parameter type: array
- dev-vdom - Device or device VDOM. type: str
rpc-permit - set none/read/read-write rpc-permission. type: str choices: [read-write, none, read] default: none
ssh-public-key1 - No description for the parameter type: str
ssh-public-key2 - No description for the parameter type: str
ssh-public-key3 - No description for the parameter type: str
subject - PKI user certificate name constraints. type: str
tacacs-plus-server - TACACS+ server name. type: str
trusthost1 - Admin user trusted host IP, default 0. type: str default: 0.0.0.0 0.0.0.0
trusthost10 - Admin user trusted host IP, default 255. type: str default: 255.255.255.255 255.255.255.255
trusthost2 - Admin user trusted host IP, default 255. type: str default: 255.255.255.255 255.255.255.255
trusthost3 - Admin user trusted host IP, default 255. type: str default: 255.255.255.255 255.255.255.255
trusthost4 - Admin user trusted host IP, default 255. type: str default: 255.255.255.255 255.255.255.255
trusthost5 - Admin user trusted host IP, default 255. type: str default: 255.255.255.255 255.255.255.255
trusthost6 - Admin user trusted host IP, default 255. type: str default: 255.255.255.255 255.255.255.255
trusthost7 - Admin user trusted host IP, default 255. type: str default: 255.255.255.255 255.255.255.255
trusthost8 - Admin user trusted host IP, default 255. type: str default: 255.255.255.255 255.255.255.255
trusthost9 - Admin user trusted host IP, default 255. type: str default: 255.255.255.255 255.255.255.255
two-factor-auth - Enable 2-factor authentication (certificate + password). type: str choices: [disable, enable] default: disable
user_type - User type. type: str choices: [local, radius, ldap, tacacs-plus, pki-auth, group] default: local
userid - User name. type: str
web-filter - No description for the parameter type: array
- web-filter-name - Web filter name. type: str
wildcard - Enable/disable wildcard remote authentication. type: str choices: [disable, enable] default: disable

Notes ¶

Note

Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples ¶

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Admin user.
     fmgr_system_admin_user:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        state: <value in [present, absent]>
        system_admin_user:
           adom:
             -
                 adom-name: <value of string>
           adom-exclude:
             -
                 adom-name: <value of string>
           app-filter:
             -
                 app-filter-name: <value of string>
           avatar: <value of string>
           ca: <value of string>
           change-password: <value in [disable, enable]>
           dashboard:
             -
                 column: <value of integer>
                 diskio-content-type: <value in [util, iops, blks]>
                 diskio-period: <value in [1hour, 8hour, 24hour]>
                 log-rate-period: <value in [2min , 1hour, 6hours]>
                 log-rate-topn: <value in [1, 2, 3, ...]>
                 log-rate-type: <value in [log, device]>
                 moduleid: <value of integer>
                 name: <value of string>
                 num-entries: <value of integer>
                 refresh-interval: <value of integer>
                 res-cpu-display: <value in [average , each]>
                 res-period: <value in [10min , hour, day]>
                 res-view-type: <value in [real-time , history]>
                 status: <value in [close, open]>
                 tabid: <value of integer>
                 time-period: <value in [1hour, 8hour, 24hour]>
                 widget-type: <value in [top-lograte, sysres, sysinfo, ...]>
           dashboard-tabs:
             -
                 name: <value of string>
                 tabid: <value of integer>
           description: <value of string>
           dev-group: <value of string>
           email-address: <value of string>
           ext-auth-accprofile-override: <value in [disable, enable]>
           ext-auth-adom-override: <value in [disable, enable]>
           ext-auth-group-match: <value of string>
           first-name: <value of string>
           force-password-change: <value in [disable, enable]>
           group: <value of string>
           hidden: <value of integer>
           ips-filter:
             -
                 ips-filter-name: <value of string>
           ipv6_trusthost1: <value of string>
           ipv6_trusthost10: <value of string>
           ipv6_trusthost2: <value of string>
           ipv6_trusthost3: <value of string>
           ipv6_trusthost4: <value of string>
           ipv6_trusthost5: <value of string>
           ipv6_trusthost6: <value of string>
           ipv6_trusthost7: <value of string>
           ipv6_trusthost8: <value of string>
           ipv6_trusthost9: <value of string>
           last-name: <value of string>
           ldap-server: <value of string>
           meta-data:
             -
                 fieldlength: <value of integer>
                 fieldname: <value of string>
                 fieldvalue: <value of string>
                 importance: <value in [optional, required]>
                 status: <value in [disabled, enabled]>
           mobile-number: <value of string>
           pager-number: <value of string>
           password: <value of string>
           password-expire: <value of string>
           phone-number: <value of string>
           policy-package:
             -
                 policy-package-name: <value of string>
           profileid: <value of string>
           radius_server: <value of string>
           restrict-access: <value in [disable, enable]>
           restrict-dev-vdom:
             -
                 dev-vdom: <value of string>
           rpc-permit: <value in [read-write, none, read]>
           ssh-public-key1: <value of string>
           ssh-public-key2: <value of string>
           ssh-public-key3: <value of string>
           subject: <value of string>
           tacacs-plus-server: <value of string>
           trusthost1: <value of string>
           trusthost10: <value of string>
           trusthost2: <value of string>
           trusthost3: <value of string>
           trusthost4: <value of string>
           trusthost5: <value of string>
           trusthost6: <value of string>
           trusthost7: <value of string>
           trusthost8: <value of string>
           trusthost9: <value of string>
           two-factor-auth: <value in [disable, enable]>
           user_type: <value in [local, radius, ldap, ...]>
           userid: <value of string>
           web-filter:
             -
                 web-filter-name: <value of string>
           wildcard: <value in [disable, enable]>

Return Values ¶

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

request_url - The full url requested returned: always type: str sample: /sys/login/user
response_code - The status of api request returned: always type: int sample: 0
response_message - The descriptive message of the api response returned: always type: str sample: OK
response_data - The data body of the api response returned: optional type: list or dict

Status ¶

This module is not guaranteed to have a backwards compatible interface.

Authors ¶

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.