Try SpotterManage BIG-IP ASM policies
| "added in version" 2.5 of ansible.builtin"
Authors: Wojciech Wypior (@wojtek0806), Tim Rupp (@caphrim007)
preview | supported by community
pipInstall with pip install ansible==2.5.6
Manage BIG-IP ASM policies.
- name: Import and activate ASM policy
bigip_asm_policy:
server: lb.mydomain.com
user: admin
password: secret
name: new_asm_policy
file: /root/asm_policy.xml
active: yes
state: present
delegate_to: localhost
- name: Import ASM policy from template
bigip_asm_policy:
server: lb.mydomain.com
user: admin
password: secret
name: new_sharepoint_policy
template: SharePoint 2007 (http)
state: present
delegate_to: localhost
- name: Create blank ASM policy
bigip_asm_policy:
server: lb.mydomain.com
user: admin
password: secret
name: new_blank_policy
state: present
delegate_to: localhost
- name: Create blank ASM policy and activate
bigip_asm_policy:
server: lb.mydomain.com
user: admin
password: secret
name: new_blank_policy
active: yes
state: present
delegate_to: localhost
- name: Activate ASM policy
bigip_asm_policy:
server: lb.mydomain.com
user: admin
password: secret
name: inactive_policy
active: yes
state: present
delegate_to: localhost
- name: Deactivate ASM policy
bigip_asm_policy:
server: lb.mydomain.com
user: admin
password: secret
name: active_policy
state: present
delegate_to: localhost
- name: Import and activate ASM policy in Role
bigip_asm_policy:
server: lb.mydomain.com
user: admin
password: secret
name: new_asm_policy
file: "{{ role_path }}/files/asm_policy.xml"
active: yes
state: present
delegate_to: localhost
- name: Import ASM binary policy
bigip_asm_policy:
server: lb.mydomain.com
user: admin
password: secret
name: new_asm_policy
file: "/root/asm_policy.plc"
active: yes
state: present
delegate_to: localhost
file:
description:
- Full path to a policy file to be imported into the BIG-IP ASM.
- Policy files exported from newer versions of BIG-IP cannot be imported into older
versions of BIG-IP. The opposite, however, is true; you can import older into newer.
name:
description:
- The ASM policy to manage or create.
required: true
state:
choices:
- present
- absent
description:
- When C(state) is C(present), and C(file) or C(template) parameter is provided, new
ASM policy is imported and created with the given C(name).
- When C(state) is present and no C(file) or C(template) parameter is provided new
blank ASM policy is created with the given C(name).
- When C(state) is C(absent), ensures that the policy is removed, even if it is currently
active.
active:
choices:
- true
- false
default: false
description:
- If C(yes) will apply and activate existing inactive policy. If C(no), it will deactivate
existing active policy. Generally should be C(yes) only in cases where you want
to activate new or existing policy.
provider:
description:
- A dict object containing connection details.
suboptions:
auth_provider:
description:
- Configures the auth provider for to obtain authentication tokens from the remote
device.
- This option is really used when working with BIG-IQ devices.
type: str
no_f5_teem:
default: false
description:
- If C(yes), TEEM telemetry data is not sent to F5.
- You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
- Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
type: bool
password:
aliases:
- pass
- pwd
description:
- The password for the user account used to connect to the BIG-IP or the BIG-IQ.
- You may omit this option by setting the environment variable C(F5_PASSWORD).
required: true
type: str
server:
description:
- The BIG-IP host or the BIG-IQ host.
- You may omit this option by setting the environment variable C(F5_SERVER).
required: true
type: str
server_port:
default: 443
description:
- The BIG-IP server port.
- You may omit this option by setting the environment variable C(F5_SERVER_PORT).
type: int
timeout:
description:
- Specifies the timeout in seconds for communicating with the network device for
either connecting or sending commands. If the timeout is exceeded before the
operation is completed, the module will error.
type: int
transport:
choices:
- rest
default: rest
description:
- Configures the transport connection to use when connecting to the remote device.
type: str
user:
description:
- The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
privileges on the device.
- You may omit this option by setting the environment variable C(F5_USER).
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates are not validated. Use this only on personally controlled
sites using self-signed certificates.
- You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
type: bool
type: dict
version_added: 1.0.0
version_added_collection: f5networks.f5_modules
template:
choices:
- ActiveSync v1.0 v2.0 (http)
- ActiveSync v1.0 v2.0 (https)
- Comprehensive
- Drupal
- Fundamental
- Joomla
- LotusDomino 6.5 (http)
- LotusDomino 6.5 (https)
- OWA Exchange 2003 (http)
- OWA Exchange 2003 (https)
- OWA Exchange 2003 with ActiveSync (http)
- OWA Exchange 2003 with ActiveSync (https)
- OWA Exchange 2007 (http)
- OWA Exchange 2007 (https)
- OWA Exchange 2007 with ActiveSync (http)
- OWA Exchange 2007 with ActiveSync (https)
- OWA Exchange 2010 (http)
- OWA Exchange 2010 (https)
- Oracle 10g Portal (http)
- Oracle 10g Portal (https)
- Oracle Applications 11i (http)
- Oracle Applications 11i (https)
- PeopleSoft Portal 9 (http)
- PeopleSoft Portal 9 (https)
- Rapid Deployment Policy
- SAP NetWeaver 7 (http)
- SAP NetWeaver 7 (https)
- SharePoint 2003 (http)
- SharePoint 2003 (https)
- SharePoint 2007 (http)
- SharePoint 2007 (https)
- SharePoint 2010 (http)
- SharePoint 2010 (https)
- Vulnerability Assessment Baseline
- Wordpress
description:
- An ASM policy built-in template. If the template does not exist we will raise an
error.
- Once the policy has been created, this value cannot change.
- The C(Comprehensive), C(Drupal), C(Fundamental), C(Joomla), C(Vulnerability Assessment
Baseline), and C(Wordpress) templates are only available on BIG-IP versions >= 13.
partition:
default: Common
description:
- Device partition to manage resources on.
active: description: Set when activating/deactivating ASM policy returned: changed sample: true type: bool file: description: Local path to ASM policy file. returned: changed sample: /root/some_policy.xml type: string name: description: Name of the ASM policy to be managed/created returned: changed sample: Asm_APP1_Transparent type: string state: description: Action performed on the target device. returned: changed sample: absent type: string template: description: Name of the built-in ASM policy template returned: changed sample: OWA Exchange 2007 (https) type: string