This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
This repository contains EmberStack Ansible Collections, providing enterprise-grade automation for network infrastructure. The repository is organized to support multiple collections under the EmberStack namespace.
# Install specific collection in development mode
ansible-galaxy collection install ./src/fortios --force
# Run sanity tests
ansible-test sanity
# Run integration tests
ansible-test integration
# Install from source
ansible-galaxy collection install git+https://github.com/emberstack/ansible.git#/src/fortios- Collections Path:
src/ - Available Collections:
fortios- Fortinet FortiOS devices (FortiGate, FortiAP, etc.)
- Namespace:
emberstack
The FortiGate role (src/fortios/roles/fortigate/) uses a highly modular architecture:
-
Task Organization: Each FortiGate feature has its own task file in
tasks/:addresses.yaml- Firewall address objectsinterfaces.yaml- Network interfacespolicies.yaml- Security policiessdwan.yaml- SD-WAN configurationipsec.yaml- IPSec VPN tunnelsssl_vpn.yaml- SSL VPN configuration- 30+ more task files for comprehensive coverage
-
Version Support: Version-specific configurations in
vars/versions/:7.4.yaml- FortiOS 7.4 compatibility
-
Variable Structure: All variables follow pattern
fortigate_[category]_[resources]:fortigate_firewall_addressesfortigate_vpn_tunnelsfortigate_system_settings
-
Basic Resource Configuration:
- name: Configure [resource] - {{ item.[key].name }} fortinet.fortios.fortios_[module]: state: "{{ item.state | default(fortigate_default_state) }}" access_token: "{{ access_token }}" vdom: "{{ item.vdom | default(vdom | default(fortigate_vdom)) }}"
-
Loop Control: Always use descriptive labels and custom loop variables when needed
-
Error Handling: Standard retry pattern with
fortigate_connection_retriesandfortigate_connection_delay -
VDOM Support: All resources support VDOM with fallback to default
- Ansible 2.15+
- Python 3.9+
- Required collections:
fortinet.fortios>= 2.4.2ansible.netcommon>= 8.2.0
- Task Files: One file per logical feature group
- Variable Naming: Follow
fortigate_[category]_[resources]pattern - Task Names: Must be descriptive with resource identification
- Module Names: Always use FQCN (
fortinet.fortios.fortios_*) - Default Values: Use cascade pattern for defaults
- When Conditions: Always check both defined and length
- Unit tests: Not yet implemented
- Integration tests: Use
ansible-test integration - Sanity tests: Use
ansible-test sanity - Manual testing: Required for FortiGate device interactions
- Create new task file in
src/fortios/roles/fortigate/tasks/ - Follow patterns from
docs/PATTERNS.md - Add include in
main.yamlwith appropriate tags - Define variables in
defaults/main.yaml - Test with example playbooks
- Locate task file in
src/fortios/roles/fortigate/tasks/ - Follow existing patterns in the file
- Maintain backward compatibility
- Update defaults if adding new parameters
- Check
vars/versions/for version files - Add version-specific overrides as needed
- Test with FortiOS 7.4
- Create new directory under
src/[collection_name] - Add
galaxy.ymlwith proper namespace and collection name - Create standard structure:
roles/,plugins/,playbooks/,docs/,tests/ - Update repository README with new collection information
- This is infrastructure automation code for defensive security purposes
- All tasks support both individual resource and list configurations
- VDOM support is built into all applicable resources
- Connection retry logic is standard across all tasks
- Commercial support available at support@emberstack.com