-2

How to read/display the following response (e.g: name, srcinft, dstinf) from FortiGate Firewall using Ansible. Or is there any way I can read this JSON output from file and display the fields i want.

{
    "changed": false,
    "meta": {
      "http_method": "GET",
      "size": 2,
      "matched_count": 2,
      "next_idx": 1,
      "revision": "ac9c4e1d722b74695dee4fb3ce4fcd12",
      "results": [
        {
          "policyid": 1,
          "q_origin_key": 1,
          "status": "enable",
          "name": "test-policy01",
          "uuid": "c4de3298-97ce-51ed-ccba-cafc556ba9e0",
          "uuid-idx": 14729,
          "srcintf": [
            {
              "name": "port2",
              "q_origin_key": "port2"
            }
          ],
          "dstintf": [
            {
              "name": "port1",
              "q_origin_key": "port1"
            }
          ],
          "action": "accept",
          "ztna-status": "disable",
          "srcaddr": [
            {
              "name": "all",
              "q_origin_key": "all"
            }
          ],
          "dstaddr": [
            {
              "name": "all",
              "q_origin_key": "all"
            }
          ],
          "policy-expiry": "disable",
          "policy-expiry-date": "0000-00-00 00:00:00",
          "service": [
            {
              "name": "ALL",
              "q_origin_key": "ALL"
            }
          ],
          "tos": "0x00",
          "sgt-check": "disable",
          "sgt": []
        },
        {
          "policyid": 2,
          "q_origin_key": 2,
          "status": "enable",
          "name": "test-policy-02",
          "uuid": "534b6c9c-97d1-51ed-7aa8-7544c628c7ea",
          "uuid-idx": 14730,
          "srcintf": [
            {
              "name": "port1",
              "q_origin_key": "port1"
            }
          ],
          "dstintf": [
            {
              "name": "port2",
              "q_origin_key": "port2"
            }
          ],
          "action": "accept",
          "nat64": "disable",
          "nat46": "disable",
          "ztna-status": "disable",
          "srcaddr": [
            {
              "name": "all",
              "q_origin_key": "all"
            }
          ],
          "dstaddr": [
            {
              "name": "login.microsoft.com",
              "q_origin_key": "login.microsoft.com"
            }
          ],
          "srcaddr6": [],
          "reputation-direction6": "destination",
          "policy-expiry-date": "0000-00-00 00:00:00",
          "service": [
            {
              "name": "ALL_ICMP6",
              "q_origin_key": "ALL_ICMP6"
            }
          ],
          "tos": "0x00",
          "webcache": "disable",
          "webcache-https": "disable",
          "sgt-check": "disable",
          "sgt": []
        }
      ],
      "vdom": "root",
      "path": "firewall",
      "name": "policy",
      "version": "v7.2.3",
      "build": 1262
    },
    "invocation": {
      "module_args": {
        "vdom": "root",
        "access_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
        "selector": "firewall_policy",
        "selectors": null
      }
    },
    "_ansible_no_log": false
  }

Expected result:

  result:
    test-policy-02:
      dstintf:
      - name: port2
        q_origin_key: port2
      srcintf:
      - name: port1
        q_origin_key: port1
    test-policy01:
      dstintf:
      - name: port1
        q_origin_key: port1
      srcintf:
      - name: port2
        q_origin_key: port2
Vladimir Botka
  • 58,131
  • 4
  • 32
  • 63
UME
  • 323
  • 1
  • 2
  • 7
  • 1
    Please do not repost [the same question multiple times](https://stackoverflow.com/questions/75195294/how-to-read-and-display-response-from-fortigate-firewall-policies-using-ansible), rather **edit** the existing one and add the missing information. You might benefit from reading the [mre] help page. – β.εηοιτ.βε Jan 23 '23 at 10:21

1 Answers1

1

Unfortunately there is absolute no description or any further information.

However, regarding

How to read/display the following response (e.g: name, srcinft, dstinf) from FortiGate Firewall using Ansible.

you may have a look into the following simple and lazy approach with loop

---
- hosts: localhost
  become: false
  gather_facts: false

  tasks:

  - name: Include vars of stuff.yaml into the 'stuff' variable (2.2).
    ansible.builtin.include_vars:
      file: stuff.json
      name: stuff

  - name: Show list of dict
    debug:
      msg: "{{ stuff.meta.results }}"

  - name: Print key:value
    debug:
      msg:
        - "name: {{ item.name }}"
        - "{{ item.srcintf }}"
        - "{{ item.dstintf }}"
    loop_control:
      label: "policyid: {{ item.policyid }}"
    loop: "{{ stuff.meta.results }}"

resulting into an output of

TASK [Print key:value] *****************
ok: [localhost] => (item=policyid: 1) =>
  msg:
  - 'name: test-policy01'
  - - name: port2
      q_origin_key: port2
  - - name: port1
      q_origin_key: port1
ok: [localhost] => (item=policyid: 2) =>
  msg:
  - 'name: test-policy-02'
  - - name: port1
      q_origin_key: port1
  - - name: port2
      q_origin_key: port2

Further Documentation

Or is there any way I can read this JSON output from file and display the fields I want?

To get familiar with data structure, respective JSON response you've provided in your example, you could start with something like a JSONPathFinder. It will result into an path of

x.meta.results[0].name
x.meta.results[0].srcintf
x.meta.results[0].dstintf
x.meta.results[1].name
x.meta.results[1].srcintf
x.meta.results[1].dstintf

for the provided keys.

It is also possible to use jq on CLI

jq keys stuff.json
[
  "_ansible_no_log",
  "changed",
  "invocation",
  "meta"
]

and just proceed further with

jq '.meta.results' stuff.json
jq '.meta.results[0]' stuff.json
jq '.meta.results[1]' stuff.json

Further Q&A

U880D
  • 8,601
  • 6
  • 24
  • 40