fmgd_move – Reorder Two Objects.

Added in version 1.0.0.

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values need to be adjusted to data sources before usage.

  • Tested with FortiManager v7.x.

Requirements

The below requirements are needed on the host that executes this module.

  • ansible-core>=2.16.0

Parameters

  • access_token -The token to access FortiManager without using username and password. type: str required: false
  • enable_log - Enable/Disable logging for task. type: bool required: false default: False
  • forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
  • workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
  • workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
  • rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
  • rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
  • move - Reorder Two Objects. type: dict
    • action - Direction to indicate where to move an object entry. type: str required: true choices: before, after
    • selector - Selector of the moved object. type: str choices:

      • application_list_defaultnetworkservices - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • application_list_entries - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • authentication_rule - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • casb_attributematch - available versions: v7.6.2->latest
      • casb_profile - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • casb_saasapplication - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • casb_useractivity - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • dlp_dictionary_entries - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • dlp_exactdatamatch_columns - available versions: v7.4.3->v7.4.6, v7.4.8->v7.6.2, v7.6.4->latest
      • dlp_filepattern_entries - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • dlp_label_entries - available versions: v7.6.4->latest
      • dlp_profile_rule - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • dlp_sensor_entries - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • dnsfilter_domainfilter_entries - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • emailfilter_blockallowlist_entries - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • emailfilter_bword_entries - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • endpointcontrol_fctems - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • extensioncontroller_extenderprofile_cellular_smsnotification_receiver - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • filefilter_profile_rules - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_accessproxy - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_accessproxy6 - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_accessproxysshclientcert - available versions: v7.2.6->v7.2.12, v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_accessproxyvirtualhost - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_centralsnatmap - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_dospolicy - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_dospolicy6 - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_identitybasedroute - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_interfacepolicy - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_interfacepolicy6 - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_localinpolicy - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_localinpolicy6 - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_multicastpolicy - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_multicastpolicy6 - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_policy - available versions: v6.0.0->latest
      • firewall_proxypolicy - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_responseshapingpolicy - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_securitypolicy - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_service_category - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_service_custom - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_shapingpolicy - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_shapingprofile_shapingentries - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_sniffer - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • firewall_ttlpolicy - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • firewall_vip - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • firewall_vip6 - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • gtp_apnshaper - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • icap_localserver_icapservice - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • ips_sensor_entries - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • isolator_profile_entries - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • llm_server - available versions: v7.6.5->latest
      • nsxt_servicechain_serviceindex - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • report_layout_bodyitem - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • report_layout_page_footer_footeritem - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • report_layout_page_header_headeritem - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • router_policy - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • router_policy6 - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • sshfilter_profile_shellcommands - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • switchcontroller_dynamicportpolicy_policy - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • switchcontroller_managedswitch - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • system_automationstitch_actions - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • system_externalresource - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • system_healthcheckfortiguard - available versions: v7.6.2->latest
      • system_ipam_rules - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • system_sdnconnector_compartmentlist - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • system_sdnconnector_externalaccountlist - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • system_sdnconnector_forwardingrule - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • system_sdnconnector_ociregionlist - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • system_sdnconnector_routetable - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • system_sdwan_members - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • system_sdwan_service - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • system_sdwan_service_sla - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • system_sdwan_zone - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • system_virtualwanlink_members - available versions: v7.2.6->v7.2.12, v7.4.3->v7.6.2
      • system_virtualwanlink_service - available versions: v7.2.6->v7.2.12, v7.4.3->v7.6.2
      • system_virtualwanlink_service_sla - available versions: v7.2.6->v7.2.12, v7.4.3->v7.6.2
      • user_nacpolicy - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • videofilter_profile_filters - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • videofilter_profile_fortiguardcategory_filters - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • vpn_ipsec_fec_mappings - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • vpn_kmipserver_serverlist - available versions: v7.4.3->latest
      • vpn_ssl_settings_authenticationrule - available versions: v6.2.6->v6.2.13, v6.4.2->latest
      • vpnsslweb_portal_bookmarkgroup - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • vpnsslweb_portal_bookmarkgroup_bookmarks - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • vpnsslweb_portal_splitdns - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • vpnsslweb_userbookmark_bookmarks - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • vpnsslweb_usergroupbookmark_bookmarks - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • webfilter_contentheader_entries - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • webfilter_urlfilter_entries - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • webproxy_redirectprofile_entries - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • webproxy_urllist_entries - available versions: v7.4.8->v7.4.10, v7.6.4->latest
      • webproxy_urlmatch - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • wireless_accesscontrollist_layer3ipv4rules - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • wireless_accesscontrollist_layer3ipv6rules - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • wireless_apcfgprofile_commandlist - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • wireless_bonjourprofile_policylist - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • wireless_mpskprofile_mpskgroup - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • wireless_mpskprofile_mpskgroup_mpskkey - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • wireless_vap_vlanname - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • wireless_wtp - available versions: v7.2.6->v7.2.12, v7.4.3->latest
      • ztna_webportalbookmark_bookmarks - available versions: v7.6.2->latest
    • self - The parameter for each selector. type: dict choices:

      • params for application_list_defaultnetworkservices:
        • default-network-services
        • device
        • list
        • vdom
      • params for application_list_entries:
        • device
        • entries
        • list
        • vdom
      • params for authentication_rule:
        • device
        • rule
        • vdom
      • params for casb_attributematch:
        • attribute-match
        • device
        • vdom
      • params for casb_profile:
        • device
        • profile
        • vdom
      • params for casb_saasapplication:
        • device
        • saas-application
        • vdom
      • params for casb_useractivity:
        • device
        • user-activity
        • vdom
      • params for dlp_dictionary_entries:
        • device
        • dictionary
        • entries
        • vdom
      • params for dlp_exactdatamatch_columns:
        • columns
        • device
        • exact-data-match
        • vdom
      • params for dlp_filepattern_entries:
        • device
        • entries
        • filepattern
        • vdom
      • params for dlp_label_entries:
        • device
        • entries
        • label
        • vdom
      • params for dlp_profile_rule:
        • device
        • profile
        • rule
        • vdom
      • params for dlp_sensor_entries:
        • device
        • entries
        • sensor
        • vdom
      • params for dnsfilter_domainfilter_entries:
        • device
        • domain-filter
        • entries
        • vdom
      • params for emailfilter_blockallowlist_entries:
        • block-allow-list
        • device
        • entries
        • vdom
      • params for emailfilter_bword_entries:
        • bword
        • device
        • entries
        • vdom
      • params for endpointcontrol_fctems:
        • device
        • fctems
      • params for extensioncontroller_extenderprofile_cellular_smsnotification_receiver:
        • device
        • extender-profile
        • receiver
        • vdom
      • params for filefilter_profile_rules:
        • device
        • profile
        • rules
        • vdom
      • params for firewall_accessproxy:
        • access-proxy
        • device
        • vdom
      • params for firewall_accessproxy6:
        • access-proxy6
        • device
        • vdom
      • params for firewall_accessproxysshclientcert:
        • access-proxy-ssh-client-cert
        • device
        • vdom
      • params for firewall_accessproxyvirtualhost:
        • access-proxy-virtual-host
        • device
        • vdom
      • params for firewall_centralsnatmap:
        • central-snat-map
        • device
        • vdom
      • params for firewall_dospolicy:
        • DoS-policy
        • device
        • vdom
      • params for firewall_dospolicy6:
        • DoS-policy6
        • device
        • vdom
      • params for firewall_identitybasedroute:
        • device
        • identity-based-route
        • vdom
      • params for firewall_interfacepolicy:
        • device
        • interface-policy
        • vdom
      • params for firewall_interfacepolicy6:
        • device
        • interface-policy6
        • vdom
      • params for firewall_localinpolicy:
        • device
        • local-in-policy
        • vdom
      • params for firewall_localinpolicy6:
        • device
        • local-in-policy6
        • vdom
      • params for firewall_multicastpolicy:
        • device
        • multicast-policy
        • vdom
      • params for firewall_multicastpolicy6:
        • device
        • multicast-policy6
        • vdom
      • params for firewall_policy:
        • device
        • policy
        • vdom
      • params for firewall_proxypolicy:
        • device
        • proxy-policy
        • vdom
      • params for firewall_responseshapingpolicy:
        • device
        • response-shaping-policy
        • vdom
      • params for firewall_securitypolicy:
        • device
        • security-policy
        • vdom
      • params for firewall_service_category:
        • category
        • device
        • vdom
      • params for firewall_service_custom:
        • custom
        • device
        • vdom
      • params for firewall_shapingpolicy:
        • device
        • shaping-policy
        • vdom
      • params for firewall_shapingprofile_shapingentries:
        • device
        • shaping-entries
        • shaping-profile
        • vdom
      • params for firewall_sniffer:
        • device
        • sniffer
        • vdom
      • params for firewall_ttlpolicy:
        • device
        • ttl-policy
        • vdom
      • params for firewall_vip:
        • device
        • vdom
        • vip
      • params for firewall_vip6:
        • device
        • vdom
        • vip6
      • params for gtp_apnshaper:
        • apn-shaper
        • device
        • vdom
      • params for icap_localserver_icapservice:
        • device
        • icap-service
        • local-server
        • vdom
      • params for ips_sensor_entries:
        • device
        • entries
        • sensor
        • vdom
      • params for isolator_profile_entries:
        • device
        • entries
        • profile
        • vdom
      • params for llm_server:
        • device
        • server
        • vdom
      • params for nsxt_servicechain_serviceindex:
        • device
        • service-chain
        • service-index
      • params for report_layout_bodyitem:
        • body-item
        • device
        • layout
        • vdom
      • params for report_layout_page_footer_footeritem:
        • device
        • footer-item
        • layout
        • vdom
      • params for report_layout_page_header_headeritem:
        • device
        • header-item
        • layout
        • vdom
      • params for router_policy:
        • device
        • policy
        • vdom
      • params for router_policy6:
        • device
        • policy6
        • vdom
      • params for sshfilter_profile_shellcommands:
        • device
        • profile
        • shell-commands
        • vdom
      • params for switchcontroller_dynamicportpolicy_policy:
        • device
        • dynamic-port-policy
        • policy
        • vdom
      • params for switchcontroller_managedswitch:
        • device
        • managed-switch
        • vdom
      • params for system_automationstitch_actions:
        • actions
        • automation-stitch
        • device
      • params for system_externalresource:
        • device
        • external-resource
        • vdom
      • params for system_healthcheckfortiguard:
        • device
        • health-check-fortiguard
      • params for system_ipam_rules:
        • device
        • rules
      • params for system_sdnconnector_compartmentlist:
        • compartment-list
        • device
        • sdn-connector
      • params for system_sdnconnector_externalaccountlist:
        • device
        • external-account-list
        • sdn-connector
      • params for system_sdnconnector_forwardingrule:
        • device
        • forwarding-rule
        • sdn-connector
      • params for system_sdnconnector_ociregionlist:
        • device
        • oci-region-list
        • sdn-connector
      • params for system_sdnconnector_routetable:
        • device
        • route-table
        • sdn-connector
      • params for system_sdwan_members:
        • device
        • members
        • vdom
      • params for system_sdwan_service:
        • device
        • service
        • vdom
      • params for system_sdwan_service_sla:
        • device
        • service
        • sla
        • vdom
      • params for system_sdwan_zone:
        • device
        • vdom
        • zone
      • params for system_virtualwanlink_members:
        • device
        • members
        • vdom
      • params for system_virtualwanlink_service:
        • device
        • service
        • vdom
      • params for system_virtualwanlink_service_sla:
        • device
        • service
        • sla
        • vdom
      • params for user_nacpolicy:
        • device
        • nac-policy
        • vdom
      • params for videofilter_profile_filters:
        • device
        • filters
        • profile
        • vdom
      • params for videofilter_profile_fortiguardcategory_filters:
        • device
        • filters
        • profile
        • vdom
      • params for vpn_ipsec_fec_mappings:
        • device
        • fec
        • mappings
        • vdom
      • params for vpn_kmipserver_serverlist:
        • device
        • kmip-server
        • server-list
        • vdom
      • params for vpn_ssl_settings_authenticationrule:
        • authentication-rule
        • device
        • vdom
      • params for vpnsslweb_portal_bookmarkgroup:
        • bookmark-group
        • device
        • portal
        • vdom
      • params for vpnsslweb_portal_bookmarkgroup_bookmarks:
        • bookmark-group
        • bookmarks
        • device
        • portal
        • vdom
      • params for vpnsslweb_portal_splitdns:
        • device
        • portal
        • split-dns
        • vdom
      • params for vpnsslweb_userbookmark_bookmarks:
        • bookmarks
        • device
        • user-bookmark
        • vdom
      • params for vpnsslweb_usergroupbookmark_bookmarks:
        • bookmarks
        • device
        • user-group-bookmark
        • vdom
      • params for webfilter_contentheader_entries:
        • content-header
        • device
        • entries
        • vdom
      • params for webfilter_urlfilter_entries:
        • device
        • entries
        • urlfilter
        • vdom
      • params for webproxy_redirectprofile_entries:
        • device
        • entries
        • redirect-profile
        • vdom
      • params for webproxy_urllist_entries:
        • device
        • entries
        • url-list
        • vdom
      • params for webproxy_urlmatch:
        • device
        • url-match
        • vdom
      • params for wireless_accesscontrollist_layer3ipv4rules:
        • access-control-list
        • device
        • layer3-ipv4-rules
        • vdom
      • params for wireless_accesscontrollist_layer3ipv6rules:
        • access-control-list
        • device
        • layer3-ipv6-rules
        • vdom
      • params for wireless_apcfgprofile_commandlist:
        • apcfg-profile
        • command-list
        • device
        • vdom
      • params for wireless_bonjourprofile_policylist:
        • bonjour-profile
        • device
        • policy-list
        • vdom
      • params for wireless_mpskprofile_mpskgroup:
        • device
        • mpsk-group
        • mpsk-profile
        • vdom
      • params for wireless_mpskprofile_mpskgroup_mpskkey:
        • device
        • mpsk-group
        • mpsk-key
        • mpsk-profile
        • vdom
      • params for wireless_vap_vlanname:
        • device
        • vap
        • vdom
        • vlan-name
      • params for wireless_wtp:
        • device
        • vdom
        • wtp
      • params for ztna_webportalbookmark_bookmarks:
        • bookmarks
        • device
        • vdom
        • web-portal-bookmark
    • target - Key to the target entry. type: str required: true

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • Selector is a mandatory parameter for the module, and the params is varying depending on the selector.

  • Semantic description for the module: move self action(before or after) target

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Move an object.
  hosts: fortimanagers
  connection: httpapi
  vars:
    device_name: "FGVMMLTMXXXXX"
    vdom_name: "root"
  tasks:
    - name: Move an object.
      fortinet.fmgdevice.fmgd_move:
        move:
          selector: "router_policy"
          self:
            device: "{{ device_name }}"
            vdom: "{{ vdom_name }}"
            policy: "1" # seq-num
          target: "2" # seq-num
          action: "after"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • meta - The result of the request.returned: always type: dict
    • request_url - The full url requested. returned: always type: str sample: /sys/login/user
    • response_code - The status of api request. returned: always type: int sample: 0
    • response_data - The data body of the api response. returned: optional type: list or dict
    • response_message - The descriptive message of the api response. returned: always type: str sample: OK
    • system_information - The information of the target system. returned: always type: dict
  • rc - The status the request. returned: always type: int 0
  • version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least on parameter mpt supported by the current FortiManager version type: list 0

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.