FortiPower · alagoutte · Dec 12, 2019 · Dec 3, 2019 · Dec 3, 2019 · Dec 8, 2019
diff --git a/PowerFGT/Private/RestMethod.ps1 b/PowerFGT/Private/RestMethod.ps1
@@ -37,8 +37,24 @@ function Invoke-FGTRestMethod {
       Invoke-FGTRestMethod -method "get" -uri "api/v2/cmdb/firewall/address" -connection $fw2
 
       Invoke-RestMethod with $fw2 connection for get api/v2/cmdb/firewall/address uri
+
+      .EXAMPLE
+      Invoke-FGTRestMethod -method "get" -uri "api/v2/cmdb/firewall/address" -filter=name==FGT
+
+      Invoke-RestMethod with FGT connection for get api/v2/cmdb/firewall/address uri with only name equal FGT
+
+      .EXAMPLE
+      Invoke-FGTRestMethod -method "get" -uri "api/v2/cmdb/firewall/address" -filter_attribute name -filter_value FGT
+
+      Invoke-RestMethod with FGT connection for get api/v2/cmdb/firewall/address uri with filter attribute equal name and filter value equal FGT
+
+      .EXAMPLE
+      Invoke-FGTRestMethod -method "get" -uri "api/v2/cmdb/firewall/address" -filter_attribute name -filter_type contains -filter_value FGT
+
+      Invoke-RestMethod with FGT connection for get api/v2/cmdb/firewall/address uri with filter attribute equal name and filter value contains FGT
     #>
 
+    [CmdletBinding(DefaultParameterSetName = "default")]
     Param(
         [Parameter(Mandatory = $true, position = 1)]
         [String]$uri,
@@ -52,6 +68,19 @@ function Invoke-FGTRestMethod {
         [Parameter(Mandatory = $false)]
         [String[]]$vdom,
         [Parameter(Mandatory = $false)]
+        [Parameter (ParameterSetName = "filter")]
+        [String]$filter,
+        [Parameter(Mandatory = $false)]
+        [Parameter (ParameterSetName = "filter_build")]
+        [string]$filter_attribute,
+        [Parameter(Mandatory = $false)]
+        [ValidateSet('equal', 'contains')]
+        [Parameter (ParameterSetName = "filter_build")]
+        [string]$filter_type,
+        [Parameter (Mandatory = $false)]
+        [Parameter (ParameterSetName = "filter_build")]
+        [psobject]$filter_value,
+        [Parameter(Mandatory = $false)]
         [psobject]$connection
     )
 
@@ -98,6 +127,28 @@ function Invoke-FGTRestMethod {
             $fullurl += "&vdom=$vdom"
         }
 
+        #filter
+        switch ( $filter_type ) {
+            "equal" {
+                $filter_value = "==" + $filter_value
+            }
+            "contains" {
+                $filter_value = "=@" + $filter_value
+            }
+            #by default set to equal..
+            default {
+                $filter_value = "==" + $filter_value
+            }
+        }
+
+        if ($filter_attribute) {
+            $filter = $filter_attribute + $filter_value
+        }
+
+        if ( $filter ) {
+            $fullurl += "&filter=$filter"
+        }
+
         try {
             if ($body) {
 

diff --git a/PowerFGT/Public/cmdb/firewall/address.ps1 b/PowerFGT/Public/cmdb/firewall/address.ps1
@@ -105,7 +105,7 @@ function Add-FGTFirewallAddress {
 
         Invoke-FGTRestMethod -method "POST" -body $address -uri $uri -connection $connection @invokeParams | out-Null
 
-        Get-FGTFirewallAddress -connection $connection @invokeParams | Where-Object { $_.name -eq $name }
+        Get-FGTFirewallAddress -connection $connection @invokeParams -name $name
     }
 
     End {
@@ -155,7 +155,7 @@ function Copy-FGTFirewallAddress {
 
         Invoke-FGTRestMethod -method "POST" -uri $uri -connection $connection @invokeParams | out-Null
 
-        Get-FGTFirewallAddress -connection $connection @invokeParams | Where-Object { $_.name -eq $name }
+        Get-FGTFirewallAddress -connection $connection @invokeParams -name $_.name -eq $name
     }
 
     End {
@@ -182,9 +182,14 @@ function Get-FGTFirewallAddress {
       Get address named myFGTAddress
 
       .EXAMPLE
-      Get-FGTFirewallAddress -match FGT
+      Get-FGTFirewallAddress -name FGT -filter_type contains
 
-      Get address match with *FGT*
+      Get address contains with *FGT*
+
+      .EXAMPLE
+      Get-FGTFirewallAddress -uuid 9e73a10e-1772-51ea-a8d7-297686fd7702
+
+      Get address with uuid 9e73a10e-1772-51ea-a8d7-297686fd7702
 
       .EXAMPLE
       Get-FGTFirewallAddress -skip
@@ -202,8 +207,20 @@ function Get-FGTFirewallAddress {
     Param(
         [Parameter (Mandatory = $false, Position = 1, ParameterSetName = "name")]
         [string]$name,
-        [Parameter (Mandatory = $false, ParameterSetName = "match")]
-        [string]$match,
+        [Parameter (Mandatory = $false, ParameterSetName = "uuid")]
+        [string]$uuid,
+        [Parameter (Mandatory = $false)]
+        [Parameter (ParameterSetName = "filter")]
+        [string]$filter_attribute,
+        [Parameter (Mandatory = $false)]
+        [Parameter (ParameterSetName = "name")]
+        [Parameter (ParameterSetName = "uuid")]
+        [Parameter (ParameterSetName = "filter")]
+        [ValidateSet('equal', 'contains')]
+        [string]$filter_type = "equal",
+        [Parameter (Mandatory = $false)]
+        [Parameter (ParameterSetName = "filter")]
+        [psobject]$filter_value,
         [Parameter(Mandatory = $false)]
         [switch]$skip,
         [Parameter(Mandatory = $false)]
@@ -225,13 +242,36 @@ function Get-FGTFirewallAddress {
             $invokeParams.add( 'vdom', $vdom )
         }
 
-        $response = Invoke-FGTRestMethod -uri 'api/v2/cmdb/firewall/address' -method 'GET' -connection $connection @invokeParams
-
         switch ( $PSCmdlet.ParameterSetName ) {
-            "name" { $response.results | where-object { $_.name -eq $name } }
-            "match" { $response.results | where-object { $_.name -match $match } }
-            default { $response.results }
+            "match" {
+                $filter_value = $match
+                $filter_attribute = "name"
+                $filter_type = "contains"
+            }
+            "name" {
+                $filter_value = $name
+                $filter_attribute = "name"
+                $filter_type = "equal"
+            }
+            "uuid" {
+                $filter_value = $uuid
+                $filter_attribute = "uuid"
+                $filter_type = "equal"
+            }
+            default { }
+        }
+
+        #if filter value and filter_attribut, add filter (by default filter_type is equal)
+        if ( $filter_value -and $filter_attribute ) {
+            $invokeParams.add( 'filter_value', $filter_value )
+            $invokeParams.add( 'filter_attribute', $filter_attribute )
+            $invokeParams.add( 'filter_type', $filter_type )
         }
+
+        $response = Invoke-FGTRestMethod -uri 'api/v2/cmdb/firewall/address' -method 'GET' -connection $connection @invokeParams
+
+        $response.results
+
     }
 
     End {
@@ -357,7 +397,7 @@ function Set-FGTFirewallAddress {
 
         Invoke-FGTRestMethod -method "PUT" -body $_address -uri $uri -connection $connection @invokeParams | out-Null
 
-        Get-FGTFirewallAddress -connection $connection @invokeParams | Where-Object { $_.name -eq $address.name }
+        Get-FGTFirewallAddress -connection $connection @invokeParams -name $address.name
     }
 
     End {

diff --git a/README.md b/README.md
@@ -215,6 +215,49 @@ or delete it `Remove-FGTFirewallAddress`.
     Get-FGTFirewallAddress -name "My Network" | Remove-FGTFirewallAddress
 ```
 
+### Filtering
+
+For `Invoke-FGTRestMethod`, it is possible to use -filter parameter
+You need to use FortiGate API syntax :
+
+| Key | Operator | Pattern | Full Request | Description
+| ---------- | ------------------- | ------------------- | ------------------- | -------------------
+| schedule | == | always | GET /api/v2/cmdb/firewall/policy/?filter=schedule==always | Only return firewall policy with schedule 'always'
+| schedule | != | always | GET /api/v2/cmdb/firewall/policy/?filter=schedule!=always | Return all firewall policy with schedule other than 'always'
+
+
+and Filter Operators :
+
+|  Operator |  Description
+| ---------- | -------------------
+| == | Case insensitive match with pattern.
+| != | Does not match with pattern (case insensitive).
+| =@ | Pattern found in object value (case insensitive).
+| !@ | Pattern not found in object value (case insensitive).
+| <= | Value must be less than or equal to pattern.
+| < | Value must be less than pattern.
+| >= | Value must be greater than or equal to pattern.
+| > | Value must be greater than pattern.
+
+For  `Invoke-FGTRestMethod` and `Get-XXX` cmdlet like `Get-FGTFirewallAddress`, it is possible to using some helper filter (`-filter_attribute`, `-filter_type`, `-filter_value`)
+
+```powershell
+# Get NetworkDevice named myFGT
+    Get-FGTFirewallAddress -name  myFGT
+...
+
+# Get NetworkDevice contains myFGT
+    Get-FGTFirewallAddress -name myFGT -filter_type contains
+...
+
+# Get NetworkDevice where subnet equal 192.0.2.0 255.255.255.0
+    Get-FGTFirewallAddress -filter_attribute subnet -filter_type equal -filter_value 192.0.2.0 255.255.255.0
+...
+
+```
+Actually, support only `equal` and `contains` filter type
+
+
 ### Invoke API
 for example to get Fortigate System Global Info