Add FortiSase hook for endpoint configuration#351
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds a FortiSase-specific hook inside rest_generic_command::eval_IMPORT() to alter the IMPORT payload structure when the parser’s post_template contains an ADD_ENDPOINT marker.
Changes:
- Detects
ADD_ENDPOINTinpost_templateand injects anENDPOINTfield with the evaluated operation/URI. - Wraps the returned configuration in a new top-level
ROOTelement for FortiSase formatting. - Adds a debug dump of the (potentially modified) running configuration.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| $running_conf["ENDPOINT"]=$op_eval; | ||
| $running_conf = array( "ROOT" => $running_conf ); |
There was a problem hiding this comment.
The hook assumes $running_conf is an array and writes $running_conf["ENDPOINT"], but in REST generic $running_conf can be a SimpleXMLElement when REST_JSON is disabled (see adapters/rest_generic/rest_generic_connect.php: execute_curl_command() builds XML when rest_json is false). In that case this will fatally error ("Cannot use object of type SimpleXMLElement as array") and break IMPORT. Guard this logic with an is_array($running_conf)/$sms_sd_ctx->rest_json check, or add the ENDPOINT/root wrapper using SimpleXMLElement APIs for the XML path.
| $running_conf["ENDPOINT"]=$op_eval; | |
| $running_conf = array( "ROOT" => $running_conf ); | |
| if (is_array($running_conf)) { | |
| $running_conf["ENDPOINT"] = $op_eval; | |
| $running_conf = array("ROOT" => $running_conf); | |
| } elseif ($running_conf instanceof SimpleXMLElement) { | |
| $running_conf->addChild("ENDPOINT", $op_eval); | |
| $root = new SimpleXMLElement('<ROOT/>'); | |
| $root_dom = dom_import_simplexml($root); | |
| $running_conf_dom = dom_import_simplexml($running_conf); | |
| $imported_dom = $root_dom->ownerDocument->importNode($running_conf_dom, true); | |
| $root_dom->appendChild($imported_dom); | |
| $running_conf = $root; | |
| } |
|
Linked to cloudiamo/fortinet-ms#12 |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This pull request introduces a targeted customization to the
eval_IMPORTfunction inrest_generic_command.php, specifically to support FortiSase integration. The main change is a conditional hook that modifies the structure of the configuration data when a certain post template marker is detected.FortiSase-specific configuration handling:
post_templatecontains"ADD_ENDPOINT", and if so, wraps the configuration data in a new root element and adds anENDPOINTfield with the operation value. This enables specialized payload formatting for FortiSase integrations.*To use by the own risk of the MS developer :)