From c87a6c23cd63ad097bd560043060f742f7af0a08 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 23 Dec 2025 20:18:46 +0100 Subject: [PATCH 1/3] addresgroup: remove member check with last FortiOS (7.2.x) release don't longer need to have member on AddressGroup --- .../Public/cmdb/firewall/addressgroup.ps1 | 23 ++++++++----------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/PowerFGT/Public/cmdb/firewall/addressgroup.ps1 b/PowerFGT/Public/cmdb/firewall/addressgroup.ps1 index ad0aab435..d37a8c939 100644 --- a/PowerFGT/Public/cmdb/firewall/addressgroup.ps1 +++ b/PowerFGT/Public/cmdb/firewall/addressgroup.ps1 @@ -38,7 +38,7 @@ function Add-FGTFirewallAddressGroup { Param( [Parameter (Mandatory = $true)] [string]$name, - [Parameter (Mandatory = $true)] + [Parameter (Mandatory = $false)] [string[]]$member, [Parameter (Mandatory = $false)] [ValidateLength(0, 255)] @@ -73,14 +73,16 @@ function Add-FGTFirewallAddressGroup { $addrgrp | add-member -name "name" -membertype NoteProperty -Value $name - #Add member to Member Array - $members = @( ) - foreach ( $m in $member ) { - $member_name = @{ } - $member_name.add( 'name', $m) - $members += $member_name + if ( $PsBoundParameters.ContainsKey('member') ) { + #Add member to Member Array + $members = @( ) + foreach ( $m in $member ) { + $member_name = @{ } + $member_name.add( 'name', $m) + $members += $member_name + } + $addrgrp | add-member -name "member" -membertype NoteProperty -Value $members } - $addrgrp | add-member -name "member" -membertype NoteProperty -Value $members if ( $PsBoundParameters.ContainsKey('comment') ) { $addrgrp | add-member -name "comment" -membertype NoteProperty -Value $comment @@ -606,11 +608,6 @@ function Remove-FGTFirewallAddressGroupMember { $members = $members | Where-Object { $_.name -ne $remove_member } } - #check if there is always a member... (it is not possible don't have member on Address Group) - if ( $members.count -eq 0 ) { - Throw "You can't remove all members. Use Remove-FGTFirewallAddressGroup to remove Address Group" - } - #if there is only One member force to be an array if ( $members.count -eq 1 ) { $members = @($members) From 361072b4c6dcc6c9ba43067dec2ee10c4b293bcc Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 23 Dec 2025 20:31:07 +0100 Subject: [PATCH 2/3] AddressGroup: Force to set an array with only zero or one member --- PowerFGT/Public/cmdb/firewall/addressgroup.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/PowerFGT/Public/cmdb/firewall/addressgroup.ps1 b/PowerFGT/Public/cmdb/firewall/addressgroup.ps1 index d37a8c939..f35bce560 100644 --- a/PowerFGT/Public/cmdb/firewall/addressgroup.ps1 +++ b/PowerFGT/Public/cmdb/firewall/addressgroup.ps1 @@ -608,8 +608,8 @@ function Remove-FGTFirewallAddressGroupMember { $members = $members | Where-Object { $_.name -ne $remove_member } } - #if there is only One member force to be an array - if ( $members.count -eq 1 ) { + #if there is only One (or 0) member force to be an array + if ( $members.count -le 1 ) { $members = @($members) } From 5a10b112ba71d701505774067d97e54be79f37b9 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 23 Dec 2025 20:34:33 +0100 Subject: [PATCH 3/3] AddressGroup(Tests): change test with 0 member and disable this test when run on old (unsupported) FortiOS release (< 7.2.0) --- .../FirewallAddressGroup.Tests.ps1 | 26 ++++++++++++++++--- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/Tests/integration/FirewallAddressGroup.Tests.ps1 b/Tests/integration/FirewallAddressGroup.Tests.ps1 index 3b7b785e1..1eabcd1f8 100644 --- a/Tests/integration/FirewallAddressGroup.Tests.ps1 +++ b/Tests/integration/FirewallAddressGroup.Tests.ps1 @@ -105,6 +105,18 @@ Describe "Add Firewall Address Group" { Get-FGTFirewallAddressGroup -name $pester_addressgroup1 | Remove-FGTFirewallAddressGroup -confirm:$false } + It "Add Address Group $pester_addressgroup1 (with 0 member)" -skip:($fgt_version -lt "7.2.0") { + Add-FGTFirewallAddressGroup -Name $pester_addressgroup1 + $addressgroup = Get-FGTFirewallAddressGroup -name $pester_addressgroup1 + $addressgroup.name | Should -Be $pester_addressgroup1 + $addressgroup.uuid | Should -Not -BeNullOrEmpty + ($addressgroup.member).count | Should -Be "0" + $addressgroup.comment | Should -BeNullOrEmpty + if ($DefaultFGTConnection.version -lt "6.4.0") { + $addressgroup.visibility | Should -Be $true + } + } + It "Add Address Group $pester_addressgroup1 (with 1 member)" { Add-FGTFirewallAddressGroup -Name $pester_addressgroup1 -member $pester_address1 $addressgroup = Get-FGTFirewallAddressGroup -name $pester_addressgroup1 @@ -487,10 +499,16 @@ Describe "Remove Firewall Address Group Member" { } } - It "Try Remove 3 members to Address Group $pester_addressgroup1 (with 3 members before)" { - { - Get-FGTFirewallAddressGroup -Name $pester_addressgroup1 | Remove-FGTFirewallAddressGroupMember -member $pester_address1, $pester_address2, $pester_address3 - } | Should -Throw "You can't remove all members. Use Remove-FGTFirewallAddressGroup to remove Address Group" + It "Remove 3 members to Address Group $pester_addressgroup1 (with 3 members before)" -skip:($fgt_version -lt "7.2.0") { + Get-FGTFirewallAddressGroup -Name $pester_addressgroup1 | Remove-FGTFirewallAddressGroupMember -member $pester_address1, $pester_address2, $pester_address3 + $addressgroup = Get-FGTFirewallAddressGroup -name $pester_addressgroup1 + $addressgroup.name | Should -Be $pester_addressgroup1 + $addressgroup.uuid | Should -Not -BeNullOrEmpty + ($addressgroup.member).count | Should -Be "0" + $addressgroup.comment | Should -BeNullOrEmpty + if ($DefaultFGTConnection.version -lt "6.4.0") { + $addressgroup.visibility | Should -Be $true + } } AfterAll {