cisco / cisco.meraki / 2.18.0 / module / networks_group_policies Resource module for networks _grouppolicies | "added in version" 2.16.0 of cisco.meraki" Authors: Francisco Munoz (@fmunoz) This plugin has a corresponding action plugin.cisco.meraki.networks_group_policies (2.18.0) — module
Install with ansible-galaxy collection install cisco.meraki:==2.18.0
collections: - name: cisco.meraki version: 2.18.0
Manage operations create, update and delete of the resource networks _grouppolicies.
Create a group policy.
Delete a group policy.
Update a group policy.
- name: Create cisco.meraki.networks_group_policies: meraki_api_key: "{{meraki_api_key}}" meraki_base_url: "{{meraki_base_url}}" meraki_single_request_timeout: "{{meraki_single_request_timeout}}" meraki_certificate_path: "{{meraki_certificate_path}}" meraki_requests_proxy: "{{meraki_requests_proxy}}" meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}" meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}" meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}" meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}" meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}" meraki_maximum_retries: "{{meraki_maximum_retries}}" meraki_output_log: "{{meraki_output_log}}" meraki_log_file_prefix: "{{meraki_log_file_prefix}}" meraki_log_path: "{{meraki_log_path}}" meraki_print_console: "{{meraki_print_console}}" meraki_suppress_logging: "{{meraki_suppress_logging}}" meraki_simulate: "{{meraki_simulate}}" meraki_be_geo_id: "{{meraki_be_geo_id}}" meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}" meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}" state: present bandwidth: bandwidthLimits: limitDown: 1000000 limitUp: 1000000 settings: custom bonjourForwarding: rules: - description: A simple bonjour rule services: - All Services vlanId: '1' settings: custom contentFiltering: allowedUrlPatterns: patterns: [] settings: network default blockedUrlCategories: categories: - meraki:contentFiltering/category/1 - meraki:contentFiltering/category/7 settings: override blockedUrlPatterns: patterns: - http://www.example.com - http://www.betting.com settings: append firewallAndTrafficShaping: l3FirewallRules: - comment: Allow TCP traffic to subnet with HTTP servers. destCidr: 192.168.1.0/24 destPort: '443' policy: allow protocol: tcp l7FirewallRules: - policy: deny type: host value: google.com settings: custom trafficShapingRules: - definitions: - type: host value: google.com dscpTagValue: 0 pcpTagValue: 0 perClientBandwidthLimits: bandwidthLimits: limitDown: 1000000 limitUp: 1000000 settings: custom priority: normal name: No video streaming networkId: string scheduling: enabled: true friday: active: true from: '9:00' to: '17:00' monday: active: true from: '9:00' to: '17:00' saturday: active: true from: '9:00' to: '17:00' sunday: active: true from: '9:00' to: '17:00' thursday: active: true from: '9:00' to: '17:00' tuesday: active: true from: '9:00' to: '17:00' wednesday: active: true from: '9:00' to: '17:00' splashAuthSettings: bypass vlanTagging: settings: custom vlanId: '1'
- name: Delete by id cisco.meraki.networks_group_policies: meraki_api_key: "{{meraki_api_key}}" meraki_base_url: "{{meraki_base_url}}" meraki_single_request_timeout: "{{meraki_single_request_timeout}}" meraki_certificate_path: "{{meraki_certificate_path}}" meraki_requests_proxy: "{{meraki_requests_proxy}}" meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}" meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}" meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}" meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}" meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}" meraki_maximum_retries: "{{meraki_maximum_retries}}" meraki_output_log: "{{meraki_output_log}}" meraki_log_file_prefix: "{{meraki_log_file_prefix}}" meraki_log_path: "{{meraki_log_path}}" meraki_print_console: "{{meraki_print_console}}" meraki_suppress_logging: "{{meraki_suppress_logging}}" meraki_simulate: "{{meraki_simulate}}" meraki_be_geo_id: "{{meraki_be_geo_id}}" meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}" meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}" state: absent groupPolicyId: string networkId: string
- name: Update by id cisco.meraki.networks_group_policies: meraki_api_key: "{{meraki_api_key}}" meraki_base_url: "{{meraki_base_url}}" meraki_single_request_timeout: "{{meraki_single_request_timeout}}" meraki_certificate_path: "{{meraki_certificate_path}}" meraki_requests_proxy: "{{meraki_requests_proxy}}" meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}" meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}" meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}" meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}" meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}" meraki_maximum_retries: "{{meraki_maximum_retries}}" meraki_output_log: "{{meraki_output_log}}" meraki_log_file_prefix: "{{meraki_log_file_prefix}}" meraki_log_path: "{{meraki_log_path}}" meraki_print_console: "{{meraki_print_console}}" meraki_suppress_logging: "{{meraki_suppress_logging}}" meraki_simulate: "{{meraki_simulate}}" meraki_be_geo_id: "{{meraki_be_geo_id}}" meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}" meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}" state: present bandwidth: bandwidthLimits: limitDown: 1000000 limitUp: 1000000 settings: custom bonjourForwarding: rules: - description: A simple bonjour rule services: - All Services vlanId: '1' settings: custom contentFiltering: allowedUrlPatterns: patterns: [] settings: network default blockedUrlCategories: categories: - meraki:contentFiltering/category/1 - meraki:contentFiltering/category/7 settings: override blockedUrlPatterns: patterns: - http://www.example.com - http://www.betting.com settings: append firewallAndTrafficShaping: l3FirewallRules: - comment: Allow TCP traffic to subnet with HTTP servers. destCidr: 192.168.1.0/24 destPort: '443' policy: allow protocol: tcp l7FirewallRules: - policy: deny type: host value: google.com settings: custom trafficShapingRules: - definitions: - type: host value: google.com dscpTagValue: 0 pcpTagValue: 0 perClientBandwidthLimits: bandwidthLimits: limitDown: 1000000 limitUp: 1000000 settings: custom priority: normal groupPolicyId: string name: No video streaming networkId: string scheduling: enabled: true friday: active: true from: '9:00' to: '17:00' monday: active: true from: '9:00' to: '17:00' saturday: active: true from: '9:00' to: '17:00' sunday: active: true from: '9:00' to: '17:00' thursday: active: true from: '9:00' to: '17:00' tuesday: active: true from: '9:00' to: '17:00' wednesday: active: true from: '9:00' to: '17:00' splashAuthSettings: bypass vlanTagging: settings: custom vlanId: '1'
name: description: The name for your group policy. Required. type: str bandwidth: description: The bandwidth settings for clients bound to your group policy. suboptions: bandwidthLimits: description: The bandwidth limits object, specifying upload and download speed for clients bound to the group policy. These are only enforced if 'settings' is set to 'custom'. suboptions: limitDown: description: The maximum download limit (integer, in Kbps). Null indicates no limit. type: int limitUp: description: The maximum upload limit (integer, in Kbps). Null indicates no limit. type: int type: dict settings: description: How bandwidth limits are enforced. Can be 'network default', 'ignore' or 'custom'. type: str type: dict networkId: description: NetworkId path parameter. Network ID. type: str scheduling: description: The schedule for the group policy. Schedules are applied to days of the week. suboptions: enabled: description: Whether scheduling is enabled (true) or disabled (false). Defaults to false. If true, the schedule objects for each day of the week (monday - sunday) are parsed. type: bool friday: description: The schedule object for Friday. suboptions: active: description: Whether the schedule is active (true) or inactive (false) during the time specified between 'from' and 'to'. Defaults to true. type: bool from: description: The time, from '00 00' to '24 00'. Must be less than the time specified in 'to'. Defaults to '00 00'. Only 30 minute increments are allowed. type: str to: description: The time, from '00 00' to '24 00'. Must be greater than the time specified in 'from'. Defaults to '24 00'. Only 30 minute increments are allowed. type: str type: dict monday: description: The schedule object for Monday. suboptions: active: description: Whether the schedule is active (true) or inactive (false) during the time specified between 'from' and 'to'. Defaults to true. type: bool from: description: The time, from '00 00' to '24 00'. Must be less than the time specified in 'to'. Defaults to '00 00'. Only 30 minute increments are allowed. type: str to: description: The time, from '00 00' to '24 00'. Must be greater than the time specified in 'from'. Defaults to '24 00'. Only 30 minute increments are allowed. type: str type: dict saturday: description: The schedule object for Saturday. suboptions: active: description: Whether the schedule is active (true) or inactive (false) during the time specified between 'from' and 'to'. Defaults to true. type: bool from: description: The time, from '00 00' to '24 00'. Must be less than the time specified in 'to'. Defaults to '00 00'. Only 30 minute increments are allowed. type: str to: description: The time, from '00 00' to '24 00'. Must be greater than the time specified in 'from'. Defaults to '24 00'. Only 30 minute increments are allowed. type: str type: dict sunday: description: The schedule object for Sunday. suboptions: active: description: Whether the schedule is active (true) or inactive (false) during the time specified between 'from' and 'to'. Defaults to true. type: bool from: description: The time, from '00 00' to '24 00'. Must be less than the time specified in 'to'. Defaults to '00 00'. Only 30 minute increments are allowed. type: str to: description: The time, from '00 00' to '24 00'. Must be greater than the time specified in 'from'. Defaults to '24 00'. Only 30 minute increments are allowed. type: str type: dict thursday: description: The schedule object for Thursday. suboptions: active: description: Whether the schedule is active (true) or inactive (false) during the time specified between 'from' and 'to'. Defaults to true. type: bool from: description: The time, from '00 00' to '24 00'. Must be less than the time specified in 'to'. Defaults to '00 00'. Only 30 minute increments are allowed. type: str to: description: The time, from '00 00' to '24 00'. Must be greater than the time specified in 'from'. Defaults to '24 00'. Only 30 minute increments are allowed. type: str type: dict tuesday: description: The schedule object for Tuesday. suboptions: active: description: Whether the schedule is active (true) or inactive (false) during the time specified between 'from' and 'to'. Defaults to true. type: bool from: description: The time, from '00 00' to '24 00'. Must be less than the time specified in 'to'. Defaults to '00 00'. Only 30 minute increments are allowed. type: str to: description: The time, from '00 00' to '24 00'. Must be greater than the time specified in 'from'. Defaults to '24 00'. Only 30 minute increments are allowed. type: str type: dict wednesday: description: The schedule object for Wednesday. suboptions: active: description: Whether the schedule is active (true) or inactive (false) during the time specified between 'from' and 'to'. Defaults to true. type: bool from: description: The time, from '00 00' to '24 00'. Must be less than the time specified in 'to'. Defaults to '00 00'. Only 30 minute increments are allowed. type: str to: description: The time, from '00 00' to '24 00'. Must be greater than the time specified in 'from'. Defaults to '24 00'. Only 30 minute increments are allowed. type: str type: dict type: dict vlanTagging: description: The VLAN tagging settings for your group policy. Only available if your network has a wireless configuration. suboptions: settings: description: How VLAN tagging is applied. Can be 'network default', 'ignore' or 'custom'. type: str vlanId: description: The ID of the vlan you want to tag. This only applies if 'settings' is set to 'custom'. type: str type: dict groupPolicyId: description: GroupPolicyId path parameter. Group policy ID. type: str meraki_caller: default: '' description: - meraki_caller (string), optional identifier for API usage tracking; can also be set as an environment variable MERAKI_PYTHON_SDK_CALLER type: str meraki_api_key: description: - meraki_api_key (string), API key generated in dashboard; can also be set as an environment variable MERAKI_DASHBOARD_API_KEY required: true type: str meraki_base_url: default: https://api.meraki.com/api/v1 description: - meraki_base_url (string), preceding all endpoint resources type: str meraki_log_path: default: '' description: - log_path (string), path to output log; by default, working directory of script if not specified type: str meraki_simulate: default: false description: - meraki_simulate (boolean), simulate POST/PUT/DELETE calls to prevent changes? type: bool contentFiltering: description: The content filtering settings for your group policy. suboptions: allowedUrlPatterns: description: Settings for allowed URL patterns. suboptions: patterns: description: A list of URL patterns that are allowed. elements: str type: list settings: description: How URL patterns are applied. Can be 'network default', 'append' or 'override'. type: str type: dict blockedUrlCategories: description: Settings for blocked URL categories. suboptions: categories: description: A list of URL categories to block. elements: str type: list settings: description: How URL categories are applied. Can be 'network default', 'append' or 'override'. type: str type: dict blockedUrlPatterns: description: Settings for blocked URL patterns. suboptions: patterns: description: A list of URL patterns that are blocked. elements: str type: list settings: description: How URL patterns are applied. Can be 'network default', 'append' or 'override'. type: str type: dict type: dict meraki_be_geo_id: default: '' description: - meraki_be_geo_id (string), optional partner identifier for API usage tracking; can also be set as an environment variable BE_GEO_ID type: str bonjourForwarding: description: The Bonjour settings for your group policy. Only valid if your network has a wireless configuration. suboptions: rules: description: A list of the Bonjour forwarding rules for your group policy. If 'settings' is set to 'custom', at least one rule must be specified. elements: dict suboptions: description: description: A description for your Bonjour forwarding rule. Optional. type: str services: description: A list of Bonjour services. At least one service must be specified. Available services are 'All Services', 'AirPlay', 'AFP', 'BitTorrent', 'FTP', 'iChat', 'iTunes', 'Printers', 'Samba', 'Scanners' and 'SSH'. elements: str type: list vlanId: description: The ID of the service VLAN. Required. type: str type: list settings: description: How Bonjour rules are applied. Can be 'network default', 'ignore' or 'custom'. type: str type: dict meraki_output_log: default: true description: - meraki_output_log (boolean), create an output log file? type: bool splashAuthSettings: description: Whether clients bound to your policy will bypass splash authorization or behave according to the network's rules. Can be one of 'network default' or 'bypass'. Only available if your network has a wireless configuration. type: str meraki_print_console: default: true description: - meraki_print_console (boolean), print logging output to console? type: bool meraki_requests_proxy: default: '' description: - meraki_requests_proxy (string), proxy server and port, if needed, for HTTPS type: str meraki_log_file_prefix: default: meraki_api_ description: - meraki_log_file_prefix (string), log file name appended with date and timestamp type: str meraki_maximum_retries: default: 2 description: - meraki_maximum_retries (integer), retry up to this many times when encountering 429s or other server-side errors type: int meraki_retry_4xx_error: default: false description: - meraki_retry_4xx_error (boolean), retry if encountering other 4XX error (besides 429)? type: bool meraki_certificate_path: default: '' description: - meraki_certificate_path (string), path for TLS/SSL certificate verification if behind local proxy type: str meraki_suppress_logging: default: false description: - meraki_suppress_logging (boolean), disable all logging? you're on your own then! type: bool firewallAndTrafficShaping: description: The firewall and traffic shaping rules and settings for your policy. suboptions: l3FirewallRules: description: An ordered array of the L3 firewall rules. elements: dict suboptions: comment: description: Description of the rule (optional). type: str destCidr: description: Destination IP address (in IP or CIDR notation), a fully-qualified domain name (FQDN, if your network supports it) or 'any'. type: str destPort: description: Destination port (integer in the range 1-65535), a port range (e.g. 8080-9090), or 'any'. type: str policy: description: '''allow'' or ''deny'' traffic specified by this rule.' type: str protocol: description: The type of protocol (must be 'tcp', 'udp', 'icmp', 'icmp6' or 'any'). type: str type: list l7FirewallRules: description: An ordered array of L7 firewall rules. elements: dict suboptions: policy: description: The policy applied to matching traffic. Must be 'deny'. type: str type: description: Type of the L7 Rule. Must be 'application', 'applicationCategory', 'host', 'port' or 'ipRange'. type: str value: description: The 'value' of what you want to block. If 'type' is 'host', 'port' or 'ipRange', 'value' must be a string matching either a hostname (e.g. Somewhere.com), a port (e.g. 8080), or an IP range (e.g. 192.1.0.0/16). If 'type' is 'application' or 'applicationCategory', then 'value' must be an object with an ID for the application. type: str type: list settings: description: How firewall and traffic shaping rules are enforced. Can be 'network default', 'ignore' or 'custom'. type: str trafficShapingRules: description: An array of traffic shaping rules. Rules are applied in the order that they are specified in. An empty list (or null) means no rules. Note that you are allowed a maximum of 8 rules. elements: dict suboptions: definitions: description: A list of objects describing the definitions of your traffic shaping rule. At least one definition is required. elements: dict suboptions: type: description: The type of definition. Can be one of 'application', 'applicationCategory', 'host', 'port', 'ipRange' or 'localNet'. type: str value: description: If "type" is 'host', 'port', 'ipRange' or 'localNet', then "value" must be a string, matching either a hostname (e.g. "somesite.com"), a port (e.g. 8080), or an IP range ("192.1.0.0", "192.1.0.0/16", or "10.1.0.0/16 80"). 'localNet' also supports CIDR notation, excluding custom ports. If "type" is 'application' or 'applicationCategory', then "value" must be an object with the structure { "id" "meraki layer7/..." }, where "id" is the application category or application ID (for a list of IDs for your network, use the trafficShaping/applicationCategories endpoint). type: str type: list dscpTagValue: description: The DSCP tag applied by your rule. Null means 'Do not change DSCP tag'. For a list of possible tag values, use the trafficShaping/dscpTaggingOptions endpoint. type: int pcpTagValue: description: The PCP tag applied by your rule. Can be 0 (lowest priority) through 7 (highest priority). Null means 'Do not set PCP tag'. type: int perClientBandwidthLimits: description: An object describing the bandwidth settings for your rule. suboptions: bandwidthLimits: description: The bandwidth limits object, specifying the upload ('limitUp') and download ('limitDown') speed in Kbps. These are only enforced if 'settings' is set to 'custom'. suboptions: limitDown: description: The maximum download limit (integer, in Kbps). type: int limitUp: description: The maximum upload limit (integer, in Kbps). type: int type: dict settings: description: How bandwidth limits are applied by your rule. Can be one of 'network default', 'ignore' or 'custom'. type: str type: dict priority: description: A string, indicating the priority level for packets bound to your rule. Can be 'low', 'normal' or 'high'. type: str type: list type: dict meraki_wait_on_rate_limit: default: true description: - meraki_wait_on_rate_limit (boolean), retry if 429 rate limit error encountered? type: bool meraki_inherit_logging_config: default: false description: - meraki_inherit_logging_config (boolean), Inherits your own logger instance type: bool meraki_single_request_timeout: default: 60 description: - meraki_single_request_timeout (integer), maximum number of seconds for each API call type: int meraki_nginx_429_retry_wait_time: default: 60 description: - meraki_nginx_429_retry_wait_time (integer), Nginx 429 retry wait time type: int meraki_retry_4xx_error_wait_time: default: 60 description: - meraki_retry_4xx_error_wait_time (integer), other 4XX error retry wait time type: int meraki_use_iterator_for_get_pages: default: false description: - meraki_use_iterator_for_get_pages (boolean), list* methods will return an iterator with each object instead of a complete list with all items type: bool meraki_action_batch_retry_wait_time: default: 60 description: - meraki_action_batch_retry_wait_time (integer), action batch concurrency error retry wait time type: int
meraki_response: description: A dictionary or list with the response returned by the Cisco Meraki Python SDK returned: always sample: "{\n \"bandwidth\": {\n \"bandwidthLimits\": {\n \"limitDown\"\ : 0,\n \"limitUp\": 0\n },\n \"settings\": \"string\"\n },\n \"bonjourForwarding\"\ : {\n \"rules\": [\n {\n \"description\": \"string\",\n \ \ \"services\": [\n \"string\"\n ],\n \"vlanId\": \"string\"\ \n }\n ],\n \"settings\": \"string\"\n },\n \"contentFiltering\"\ : {\n \"allowedUrlPatterns\": {\n \"patterns\": [\n \"string\"\n\ \ ],\n \"settings\": \"string\"\n },\n \"blockedUrlCategories\"\ : {\n \"categories\": [\n \"string\"\n ],\n \"settings\"\ : \"string\"\n },\n \"blockedUrlPatterns\": {\n \"patterns\": [\n \ \ \"string\"\n ],\n \"settings\": \"string\"\n }\n },\n \"\ firewallAndTrafficShaping\": {\n \"l3FirewallRules\": [\n {\n \"\ comment\": \"string\",\n \"destCidr\": \"string\",\n \"destPort\"\ : \"string\",\n \"policy\": \"string\",\n \"protocol\": \"string\"\ \n }\n ],\n \"l7FirewallRules\": [\n {\n \"policy\": \"\ string\",\n \"type\": \"string\",\n \"value\": \"string\"\n \ \ }\n ],\n \"settings\": \"string\",\n \"trafficShapingRules\": [\n\ \ {\n \"definitions\": [\n {\n \"type\": \"string\"\ ,\n \"value\": \"string\"\n }\n ],\n \"dscpTagValue\"\ : 0,\n \"pcpTagValue\": 0,\n \"perClientBandwidthLimits\": {\n \ \ \"bandwidthLimits\": {\n \"limitDown\": 0,\n \"\ limitUp\": 0\n },\n \"settings\": \"string\"\n },\n \ \ \"priority\": \"string\"\n }\n ]\n },\n \"groupPolicyId\": \"\ string\",\n \"scheduling\": {\n \"enabled\": true,\n \"friday\": {\n \ \ \"active\": true,\n \"from\": \"string\",\n \"to\": \"string\"\n\ \ },\n \"monday\": {\n \"active\": true,\n \"from\": \"string\"\ ,\n \"to\": \"string\"\n },\n \"saturday\": {\n \"active\": true,\n\ \ \"from\": \"string\",\n \"to\": \"string\"\n },\n \"sunday\"\ : {\n \"active\": true,\n \"from\": \"string\",\n \"to\": \"string\"\ \n },\n \"thursday\": {\n \"active\": true,\n \"from\": \"string\"\ ,\n \"to\": \"string\"\n },\n \"tuesday\": {\n \"active\": true,\n\ \ \"from\": \"string\",\n \"to\": \"string\"\n },\n \"wednesday\"\ : {\n \"active\": true,\n \"from\": \"string\",\n \"to\": \"string\"\ \n }\n },\n \"splashAuthSettings\": \"string\",\n \"vlanTagging\": {\n \ \ \"settings\": \"string\",\n \"vlanId\": \"string\"\n }\n}\n" type: dict