NQE to get VIP Mappings on Fortinets

An FW engineer was looking to get the results from the command, “show firewall vip”, from all Fortinet Firewalls in Forward Networks. 

Command: show firewall vip
config firewall vip
    edit "x-7.6.254.158-dns"
        set uuid d60c0a52-2630-51eb-9d53-bc032ca5e1c0
        set extip x.x.x.x
        set mappedip "y.y.y.y"
        set extintf "any"
    next
    edit "x.x.x.1/32"
        set uuid 796a2ac2-2251-51ec-5c82-26b2e049a7a7
        set comment "Voice LAB"
        set extip x.x.x.1
        set mappedip "y.y.y.1"
        set extintf "any"
    next
    edit "x.x.x.2-y.y.y.2"
        set uuid 9ea63058-47ac-51ec-2a7f-5b0d00a1d142
        set comment "Cloud"
        set extip x.x.x.2
        set mappedip "y.y.y.2"
        set extintf "any"
    next

Finding the command in the data model 

 /** Thank you Danny Ramirez with the Smarts on this
 * 
 * @intent Grap VIP's on Fortinets command.output of "show firewall vip"
 * @description Define VIP format, and then iterate through to pull the VIP 
 * Name and theMapped IP with External IP
 * Command: show firewall vip
 **/ 
pattern_vip = ```
config firewall vip
    edit {vip:string}
        set extip {vip_extip:string}
        set mappedip {vip_mappedip:string}
```;

foreach device in network.devices
where device.platform.os == OS.FORTINET
let outputs = device.outputs
foreach command in outputs.commands
where command.commandType == CommandType.FIREWALL_POLICIES
let configurations = parseConfigBlocks(OS.FORTINET, command.response)
foreach vip_child in blockMatches(configurations, pattern_vip)
select distinct { 
deviceName: device.name,
vip: vip_child.data.vip,
vip_mapped_ip: vip_child.data.vip_mappedip,
vip_ext_ip: vip_child.data.vip_extip,

}