fortinet.fortimanager.fmgr_system_admin_user – Admin user.
Note
This plugin is part of the fortinet.fortimanager collection (version 2.1.3).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_user.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| bypass_validation boolean |
| only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | ||
| enable_log boolean |
| Enable/Disable logging for task | ||
| proposed_method string |
| The overridden method for the underlying Json RPC request | ||
| rc_failed list / elements=string | the rc codes list with which the conditions to fail will be overriden | |||
| rc_succeeded list / elements=string | the rc codes list with which the conditions to succeed will be overriden | |||
| state string / required |
| the directive to create, update or delete an object | ||
| system_admin_user dictionary | the top level parameters set | |||
| adom list / elements=string | no description | |||
| adom-name string | Admin domain names. | |||
| adom-exclude list / elements=string | no description | |||
| adom-name string | Admin domain names. | |||
| app-filter list / elements=string | no description | |||
| app-filter-name string | App filter name. | |||
| avatar string | Image file for avatar (maximum 4K base64 encoded). | |||
| ca string | PKI user certificate CA (CA name in local). | |||
| change-password string |
| Enable/disable restricted user to change self password. disable - Disable setting. enable - Enable setting. | ||
| dashboard list / elements=string | no description | |||
| column integer | Default: 0 | Widgets column ID. | ||
| diskio-content-type string |
| Disk I/O Monitor widgets chart type. util - bandwidth utilization. iops - the number of I/O requests. blks - the amount of data of I/O requests. | ||
| diskio-period string |
| Disk I/O Monitor widgets data period. 1hour - 1 hour. 8hour - 8 hour. 24hour - 24 hour. | ||
| log-rate-period string |
| Log receive monitor widgets data period. 2min - 2 minutes. 1hour - 1 hour. 6hours - 6 hours. | ||
| log-rate-topn string |
| Log receive monitor widgets number of top items to display. 1 - Top 1. 2 - Top 2. 3 - Top 3. 4 - Top 4. 5 - Top 5. | ||
| log-rate-type string |
| Log receive monitor widgets statistics breakdown options. log - Show log rates for each log type. device - Show log rates for each device. | ||
| moduleid integer | Default: 0 | Widget ID. | ||
| name string | Widget name. | |||
| num-entries integer | Default: 10 | Number of entries. | ||
| refresh-interval integer | Default: 300 | Widgets refresh interval. | ||
| res-cpu-display string |
| Widgets CPU display type. average - Average usage of CPU. each - Each usage of CPU. | ||
| res-period string |
| Widgets data period. 10min - Last 10 minutes. hour - Last hour. day - Last day. | ||
| res-view-type string |
| Widgets data view type. real-time - Real-time view. history - History view. | ||
| status string |
| Widgets opened/closed state. close - Widget closed. open - Widget opened. | ||
| tabid integer | Default: 0 | ID of tab where widget is displayed. | ||
| time-period string |
| Log Database Monitor widgets data period. 1hour - 1 hour. 8hour - 8 hour. 24hour - 24 hour. | ||
| widget-type string |
| Widget type. top-lograte - Log Receive Monitor. sysres - System resources. sysinfo - System Information. licinfo - License Information. jsconsole - CLI Console. sysop - Unit Operation. alert - Alert Message Console. statistics - Statistics. rpteng - Report Engine. raid - Disk Monitor. logrecv - Logs/Data Received. devsummary - Device Summary. logdb-perf - Log Database Performance Monitor. logdb-lag - Log Database Lag Time. disk-io - Disk I/O. log-rcvd-fwd - Log receive and forwarding Monitor. | ||
| dashboard-tabs list / elements=string | no description | |||
| name string | Tab name. | |||
| tabid integer | Default: 0 | Tab ID. | ||
| description string | Description. | |||
| dev-group string | device group. | |||
| email-address string | Email address. | |||
| ext-auth-accprofile-override string |
| Allow to use the access profile provided by the remote authentication server. disable - Disable access profile override. enable - Enable access profile override. | ||
| ext-auth-adom-override string |
| Allow to use the ADOM provided by the remote authentication server. disable - Disable ADOM override. enable - Enable ADOM override. | ||
| ext-auth-group-match string | Only administrators belonging to this group can login. | |||
| first-name string | First name. | |||
| force-password-change string |
| Enable/disable force password change on next login. disable - Disable setting. enable - Enable setting. | ||
| group string | Group name. | |||
| hidden integer | Default: 0 | Hidden administrator. | ||
| ips-filter list / elements=string | no description | |||
| ips-filter-name string | IPS filter name. | |||
| ipv6_trusthost1 string | Default: "::/0" | Admin user trusted host IPv6, default ::/0 for all. | ||
| ipv6_trusthost10 string | Default: "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128" | Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. | ||
| ipv6_trusthost2 string | Default: "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128" | Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. | ||
| ipv6_trusthost3 string | Default: "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128" | Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. | ||
| ipv6_trusthost4 string | Default: "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128" | Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. | ||
| ipv6_trusthost5 string | Default: "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128" | Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. | ||
| ipv6_trusthost6 string | Default: "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128" | Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. | ||
| ipv6_trusthost7 string | Default: "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128" | Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. | ||
| ipv6_trusthost8 string | Default: "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128" | Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. | ||
| ipv6_trusthost9 string | Default: "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128" | Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. | ||
| last-name string | Last name. | |||
| ldap-server string | LDAP server name. | |||
| login-max integer | Default: 32 | Max login session for this user. | ||
| meta-data list / elements=string | no description | |||
| fieldlength integer | Default: 0 | Field length. | ||
| fieldname string | Field name. | |||
| fieldvalue string | Field value. | |||
| importance string |
| Importance. optional - This field is optional. required - This field is required. | ||
| status string |
| Status. disabled - This field is disabled. enabled - This field is enabled. | ||
| mobile-number string | Mobile number. | |||
| pager-number string | Pager number. | |||
| password string | no description | |||
| password-expire string | no description | |||
| phone-number string | Phone number. | |||
| policy-package list / elements=string | no description | |||
| policy-package-name string | Policy package names. | |||
| profileid string | Default: "Restricted_User" | Profile ID. | ||
| radius_server string | RADIUS server name. | |||
| restrict-access string |
| Enable/disable restricted access to development VDOM. disable - Disable setting. enable - Enable setting. | ||
| restrict-dev-vdom list / elements=string | no description | |||
| dev-vdom string | Device or device VDOM. | |||
| rpc-permit string |
| set none/read/read-write rpc-permission. read-write - Read-write permission. none - No permission. read - Read-only permission. | ||
| ssh-public-key1 string | no description | |||
| ssh-public-key2 string | no description | |||
| ssh-public-key3 string | no description | |||
| subject string | PKI user certificate name constraints. | |||
| tacacs-plus-server string | TACACS+ server name. | |||
| trusthost1 string | Default: "0.0.0.0 0.0.0.0" | Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all. | ||
| trusthost10 string | Default: "255.255.255.255 255.255.255.255" | Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. | ||
| trusthost2 string | Default: "255.255.255.255 255.255.255.255" | Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. | ||
| trusthost3 string | Default: "255.255.255.255 255.255.255.255" | Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. | ||
| trusthost4 string | Default: "255.255.255.255 255.255.255.255" | Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. | ||
| trusthost5 string | Default: "255.255.255.255 255.255.255.255" | Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. | ||
| trusthost6 string | Default: "255.255.255.255 255.255.255.255" | Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. | ||
| trusthost7 string | Default: "255.255.255.255 255.255.255.255" | Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. | ||
| trusthost8 string | Default: "255.255.255.255 255.255.255.255" | Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. | ||
| trusthost9 string | Default: "255.255.255.255 255.255.255.255" | Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. | ||
| two-factor-auth string |
| Enable 2-factor authentication (certificate + password). disable - Disable 2-factor authentication. enable - Enable 2-factor authentication. | ||
| use-global-theme string |
| Enable/disble global theme for administration GUI. disable - Disable setting. enable - Enable setting. | ||
| user-theme string |
| Color scheme to use for the admin user GUI. blue - Blueberry green - Kiwi red - Cherry melongene - Plum spring - Spring summer - Summer autumn - Autumn winter - Winter circuit-board - Circuit Board calla-lily - Calla Lily binary-tunnel - Binary Tunnel mars - Mars blue-sea - Blue Sea technology - Technology landscape - Landscape twilight - Twilight canyon - Canyon northern-light - Northern Light astronomy - Astronomy fish - Fish penguin - Penguin mountain - Mountain panda - Panda parrot - Parrot cave - Cave zebra - Zebra contrast-dark - High Contrast Dark | ||
| user_type string |
| User type. local - Local user. radius - RADIUS user. ldap - LDAP user. tacacs-plus - TACACS+ user. pki-auth - PKI user. group - Group user. | ||
| userid string | User name. | |||
| web-filter list / elements=string | no description | |||
| web-filter-name string | Web filter name. | |||
| wildcard string |
| Enable/disable wildcard remote authentication. disable - Disable username wildcard. enable - Enable username wildcard. | ||
| workspace_locking_adom string | the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | |||
| workspace_locking_timeout integer | Default: 300 | the maximum time in seconds to wait for other user to release the workspace lock | ||
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Admin user.
fmgr_system_admin_user:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
state: <value in [present, absent]>
system_admin_user:
adom:
-
adom-name: <value of string>
adom-exclude:
-
adom-name: <value of string>
app-filter:
-
app-filter-name: <value of string>
avatar: <value of string>
ca: <value of string>
change-password: <value in [disable, enable]>
dashboard:
-
column: <value of integer>
diskio-content-type: <value in [util, iops, blks]>
diskio-period: <value in [1hour, 8hour, 24hour]>
log-rate-period: <value in [2min , 1hour, 6hours]>
log-rate-topn: <value in [1, 2, 3, ...]>
log-rate-type: <value in [log, device]>
moduleid: <value of integer>
name: <value of string>
num-entries: <value of integer>
refresh-interval: <value of integer>
res-cpu-display: <value in [average , each]>
res-period: <value in [10min , hour, day]>
res-view-type: <value in [real-time , history]>
status: <value in [close, open]>
tabid: <value of integer>
time-period: <value in [1hour, 8hour, 24hour]>
widget-type: <value in [top-lograte, sysres, sysinfo, ...]>
dashboard-tabs:
-
name: <value of string>
tabid: <value of integer>
description: <value of string>
dev-group: <value of string>
email-address: <value of string>
ext-auth-accprofile-override: <value in [disable, enable]>
ext-auth-adom-override: <value in [disable, enable]>
ext-auth-group-match: <value of string>
first-name: <value of string>
force-password-change: <value in [disable, enable]>
group: <value of string>
hidden: <value of integer>
ips-filter:
-
ips-filter-name: <value of string>
ipv6_trusthost1: <value of string>
ipv6_trusthost10: <value of string>
ipv6_trusthost2: <value of string>
ipv6_trusthost3: <value of string>
ipv6_trusthost4: <value of string>
ipv6_trusthost5: <value of string>
ipv6_trusthost6: <value of string>
ipv6_trusthost7: <value of string>
ipv6_trusthost8: <value of string>
ipv6_trusthost9: <value of string>
last-name: <value of string>
ldap-server: <value of string>
meta-data:
-
fieldlength: <value of integer>
fieldname: <value of string>
fieldvalue: <value of string>
importance: <value in [optional, required]>
status: <value in [disabled, enabled]>
mobile-number: <value of string>
pager-number: <value of string>
password: <value of string>
password-expire: <value of string>
phone-number: <value of string>
policy-package:
-
policy-package-name: <value of string>
profileid: <value of string>
radius_server: <value of string>
restrict-access: <value in [disable, enable]>
restrict-dev-vdom:
-
dev-vdom: <value of string>
rpc-permit: <value in [read-write, none, read]>
ssh-public-key1: <value of string>
ssh-public-key2: <value of string>
ssh-public-key3: <value of string>
subject: <value of string>
tacacs-plus-server: <value of string>
trusthost1: <value of string>
trusthost10: <value of string>
trusthost2: <value of string>
trusthost3: <value of string>
trusthost4: <value of string>
trusthost5: <value of string>
trusthost6: <value of string>
trusthost7: <value of string>
trusthost8: <value of string>
trusthost9: <value of string>
two-factor-auth: <value in [disable, enable]>
user_type: <value in [local, radius, ldap, ...]>
userid: <value of string>
web-filter:
-
web-filter-name: <value of string>
wildcard: <value in [disable, enable]>
login-max: <value of integer>
use-global-theme: <value in [disable, enable]>
user-theme: <value in [blue, green, red, ...]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url string | always | The full url requested Sample: /sys/login/user |
| response_code integer | always | The status of api request |
| response_message string | always | The descriptive message of the api response Sample: OK. |
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_system_admin_user_module.html