From 811eb66703887c041924abc5466c6872a1de46de Mon Sep 17 00:00:00 2001
From: claer <claer@users.noreply.github.com>
Date: Thu, 13 Apr 2017 18:20:06 +0200
Subject: [PATCH] Improve Fortios IPv4 policy with logging capabilities and use
 the backup_filename param (#23544)

* Improve Fortios IPv4 policy with logging capabilities. While there, fix typos in examples. forti_config: use the backup_filename param and dont enforce the the filename value.

* forti-typos

* Add version_added for new options in the documentation
---
 lib/ansible/module_utils/fortios.py           |  6 +++-
 .../network/fortios/fortios_ipv4_policy.py    | 36 ++++++++++++++++---
 2 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/lib/ansible/module_utils/fortios.py b/lib/ansible/module_utils/fortios.py
index cbb0bd9249..883f815ed2 100644
--- a/lib/ansible/module_utils/fortios.py
+++ b/lib/ansible/module_utils/fortios.py
@@ -65,13 +65,17 @@ fortios_error_codes = {
 
 def backup(module,running_config):
     backup_path = module.params['backup_path']
+    backup_filename = module.params['backup_filename']
     if not os.path.exists(backup_path):
         try:
             os.mkdir(backup_path)
         except:
             module.fail_json(msg="Can't create directory {0} Permission denied ?".format(backup_path))
     tstamp = time.strftime("%Y-%m-%d@%H:%M:%S", time.localtime(time.time()))
-    filename = '%s/%s_config.%s' % (backup_path, module.params['host'], tstamp)
+    if 0 < len(backup_filename):
+        filename = '%s/%s' % (backup_path, backup_filename)
+    else:
+        filename = '%s/%s_config.%s' % (backup_path, module.params['host'], tstamp)
     try:
         open(filename, 'w').write(running_config)
     except:
diff --git a/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py b/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py
index 69cb0d6e31..70187435df 100644
--- a/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py
+++ b/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py
@@ -117,6 +117,18 @@ options:
   application_list:
     description:
       - Specifies Application Control name.
+  logtraffic:
+    version_added: "2.4"
+    description:
+      - Logs sessions that matched policy.
+    default: utm
+    choices: ['disable', 'utm', 'all']
+  logtraffic_start:
+    version_added: "2.4"
+    description:
+      - Logs begining of session as well.
+    default: false
+    choices: ["true", "false"]
   comment:
     description:
       - free text to describe policy.
@@ -131,12 +143,13 @@ EXAMPLES = """
     username: admin
     password: password
     id: 42
-    srcaddr: internal_network
-    dstaddr: all
+    src_addr: internal_network
+    dst_addr: all
     service: dns
     nat: True
     state: present
     policy_action: accept
+    logtraffic: disable
 
 - name: Public Web
   fortios_ipv4_policy:
@@ -144,8 +157,8 @@ EXAMPLES = """
     username: admin
     password: password
     id: 42
-    srcaddr: all
-    dstaddr: webservers
+    src_addr: all
+    dst_addr: webservers
     services:
       - http
       - https
@@ -197,6 +210,8 @@ def main():
         webfilter_profile         = dict(type='str'),
         ips_sensor                = dict(type='str'),
         application_list          = dict(type='str'),
+        logtraffic                = dict(choices=['disable','all','utm'], default='utm'),
+        logtraffic_start          = dict(type='bool', default=False),
     )
 
     #merge global required_if & argument_spec from module_utils/fortios.py
@@ -226,6 +241,11 @@ def main():
         if module.params['fixedport']:
             module.fail_json(msg='Fixedport param requires NAT to be true.')
 
+    #log options
+    if module.params['logtraffic_start']:
+        if not module.params['logtraffic'] == 'all':
+            module.fail_json(msg='Logtraffic_start param requires logtraffic to be set to "all".')
+
     #id must be str(int) for pyFG to work
     policy_id = str(module.params['id'])
 
@@ -260,6 +280,14 @@ def main():
         # action
         new_policy.set_param('action', '%s' % (module.params['policy_action']))
 
+        #logging
+        new_policy.set_param('logtraffic', '%s' % (module.params['logtraffic']))
+        if module.params['logtraffic'] == 'all':
+            if module.params['logtraffic_start']:
+                new_policy.set_param('logtraffic-start', 'enable')
+            else:
+                new_policy.set_param('logtraffic-start', 'disable')
+
         # Schedule
         new_policy.set_param('schedule', '%s' % (module.params['schedule']))