community.network.avi_networksecuritypolicy – Module for setup of NetworkSecurityPolicy Avi RESTful Object
Note
This plugin is part of the community.network collection (version 1.3.0).
To install it use: ansible-galaxy collection install community.network.
To use it in a playbook, specify: community.network.avi_networksecuritypolicy.
Synopsis
- This module is used to configure NetworkSecurityPolicy object
- more examples at https://github.com/avinetworks/devops
Requirements
The below requirements are needed on the host that executes this module.
- avisdk
Parameters
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| api_context
dictionary
|
Avi API context that includes current session ID and CSRF Token.
This allows user to perform single login and re-use the session.
|
||
| api_version
string
|
Default:
"16.4.4"
|
Avi API version of to use for Avi API and objects.
|
|
| avi_api_patch_op
string
|
|
Patch operation to use when using avi_api_update_method as patch.
|
|
| avi_api_update_method
string
|
|
Default method for object update is HTTP PUT.
Setting to patch will override that behavior to use HTTP PATCH.
|
|
| avi_credentials
dictionary
|
Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller login details.
|
||
| api_version
string
|
Default:
"16.4.4"
|
Avi controller version
|
|
| controller
string
|
Avi controller IP or SQDN
|
||
| csrftoken
string
|
Avi controller API csrftoken to reuse existing session with session id
|
||
| password
string
|
Avi controller password
|
||
| port
string
|
Avi controller port
|
||
| session_id
string
|
Avi controller API session id to reuse existing session with csrftoken
|
||
| tenant
string
|
Default:
"admin"
|
Avi controller tenant
|
|
| tenant_uuid
string
|
Avi controller tenant UUID
|
||
| timeout
string
|
Default:
300
|
Avi controller request timeout
|
|
| token
string
|
Avi controller API token
|
||
| username
string
|
Avi controller username
|
||
| avi_disable_session_cache_as_fact
boolean
|
|
It disables avi session information to be cached as a fact.
|
|
| cloud_config_cksum
string
|
Checksum of cloud configuration for network sec policy.
Internally set by cloud connector.
|
||
| controller
string
|
Default:
""
|
IP address or hostname of the controller. The default value is the environment variable AVI_CONTROLLER.
|
|
| created_by
string
|
Creator name.
|
||
| description
string
|
User defined description for the object.
|
||
| name
string
|
Name of the object.
|
||
| password
string
|
Default:
""
|
Password of Avi user in Avi controller. The default value is the environment variable AVI_PASSWORD.
|
|
| rules
string
|
List of networksecurityrule.
|
||
| state
string
|
|
The state that should be applied on the entity.
|
|
| tenant
string
|
Default:
"admin"
|
Name of tenant used for all Avi API calls and context of object.
|
|
| tenant_ref
string
|
It is a reference to an object of type tenant.
|
||
| tenant_uuid
string
|
Default:
""
|
UUID of tenant used for all Avi API calls and context of object.
|
|
| url
string
|
Avi controller URL of the object.
|
||
| username
string
|
Default:
""
|
Username used for accessing Avi controller. The default value is the environment variable AVI_USERNAME.
|
|
| uuid
string
|
Unique object identifier of the object.
|
||
Notes
Note
- For more information on using Ansible to manage Avi Network devices see https://www.ansible.com/ansible-avi-networks.
Examples
- name: Create a network security policy to block clients represented by ip group known_attackers
community.network.avi_networksecuritypolicy:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
name: vs-gurutest-ns
rules:
- action: NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY
age: 0
enable: true
index: 1
log: false
match:
client_ip:
group_refs:
- Demo:known_attackers
match_criteria: IS_IN
name: Rule 1
tenant_ref: Demo
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| obj
dictionary
|
success, changed |
NetworkSecurityPolicy (api/networksecuritypolicy) object
|
Authors
- Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/network/avi_networksecuritypolicy_module.html