Try SpotterManage communication type compliance requirements
| "added in version" 0.3.0 of cisco.nd"
Authors: Akini Ross (@akinross)
preview | supported by community
Install with ansible-galaxy collection install cisco.nd:==0.5.0
collections:
- name: cisco.nd
version: 0.5.0Manage communication type compliance requirements on Cisco Nexus Dashboard Insights (NDI).
- name: Get all communication type compliance requirements
cisco.nd.nd_compliance_requirement_communication:
insights_group: igName
state: query
register: query_results
- name: Get a specific communication type compliance requirement
cisco.nd.nd_compliance_requirement_communication:
insights_group: igName
name: complianceRequirementName
state: query
register: query_results
- name: Create communication type compliance requirement
cisco.nd.nd_compliance_requirement_communication:
insights_group: igName
name: complianceRequirementName
sites:
- siteName1
- siteName2
enabled: false
type: may
from_object:
type: epg
includes:
- type: vrf
attribute: DN
patterns:
- type: tenant
operator: begins_with
value: foo
- type: vrf
operator: contains
value: bar
- type: epg
attribute: DN
patterns:
- type: tenant
operator: contains
value: foo
- type: ap
operator: contains
value: bar
- type: epg
operator: contains
value: foobar
to_object:
type: epg
excludes:
- type: epg
patterns:
- type: tenant
operator: contains
value: foo
- type: ap
operator: contains
value: bar
- type: epg
operator: contains
value: bar
traffic_selector_rules:
- ether_type: ip
protocol: all
- ether_type: arp
- ether_type: ip
protocol: tcp
from_object:
source: "1"
destination: "2"
tcp_flags: ["ack", "fin", "res", "syn" ]
state: present
- name: Delete communication type compliance requirement
cisco.nd.nd_compliance_requirement_communication:
insights_group: igName
name: complianceRequirementName
state: absent
host:
aliases:
- hostname
description:
- IP Address or hostname of the Nexus Dashboard (ND) host.
- If the value is not specified in the task, the value of environment variable C(ND_HOST)
will be used instead.
type: str
name:
description:
- The name of the compliance requirement.
type: str
port:
description:
- Port number to be used for the REST connection.
- The default value depends on parameter `use_ssl`.
- If the value is not specified in the task, the value of environment variable C(ND_PORT)
will be used instead.
type: int
type:
choices:
- must
- must_not
- may
description:
- The communication type of the compliance requirement.
type: str
sites:
description:
- The names of the sites.
elements: str
type: list
state:
choices:
- query
- absent
- present
default: query
description:
- Use C(present) or C(absent) for adding or removing.
- Use C(query) for listing an object or multiple objects.
type: str
enabled:
description:
- Enable the compliance requirement.
type: bool
timeout:
default: 30
description:
- The socket level timeout in seconds.
- If the value is not specified in the task, the value of environment variable C(ND_TIMEOUT)
will be used instead.
type: int
use_ssl:
description:
- If C(no), an HTTP connection will be used instead of the default HTTPS connection.
- If the value is not specified in the task, the value of environment variable C(ND_USE_SSL)
will be used instead.
type: bool
password:
description:
- The password to use for authentication.
- If the value is not specified in the task, the value of environment variables C(ND_PASSWORD)
or C(ANSIBLE_NET_PASSWORD) will be used instead.
type: str
username:
description:
- The username to use for authentication.
- If the value is not specified in the task, the value of environment variables C(ND_USERNAME)
or C(ANSIBLE_NET_USERNAME) will be used instead.
type: str
to_object:
description:
- Container for all matching criteria attached to the object.
suboptions:
excludes:
description:
- Container for all matching criteria to exclude.
elements: dict
suboptions:
attribute:
choices:
- DN
default: DN
description:
- The attribute of the match.
- The GUI represent this as 'By'.
type: str
patterns:
description:
- Container for all patterns attached to the match.
elements: dict
required: true
suboptions:
operator:
choices:
- contains
- begins_with
- ends_with
- equal_to
- not_equal_to
- not_contains
- not_begins_with
- not_ends_with
description:
- The operator of the pattern.
required: true
type: str
type:
choices:
- tenant
- vrf
- bd
- epg
- ap
- l3out
- l3instp
- l2out
- l2instp
- filter
- subject
- contract
description:
- The type of the match.
required: true
type: str
value:
description:
- The value of the pattern to match on.
- NDO defaults to a wildcard string, displayed in UI as ANY-STRING, when
unset during creation.
type: str
type: list
type:
choices:
- tenant
- vrf
- bd
- epg
- ap
- l3out
- l3instp
- l2out
- l2instp
- filter
- subject
- contract
description:
- The object type of the match.
required: true
type: str
type: list
includes:
description:
- Container for all matching criteria to include.
elements: dict
required: true
suboptions:
attribute:
choices:
- DN
default: DN
description:
- The attribute of the match.
- The GUI represent this as 'By'.
type: str
patterns:
description:
- Container for all patterns attached to the match.
elements: dict
required: true
suboptions:
operator:
choices:
- contains
- begins_with
- ends_with
- equal_to
- not_equal_to
- not_contains
- not_begins_with
- not_ends_with
description:
- The operator of the pattern.
required: true
type: str
type:
choices:
- tenant
- vrf
- bd
- epg
- ap
- l3out
- l3instp
- l2out
- l2instp
- filter
- subject
- contract
description:
- The type of the match.
required: true
type: str
value:
description:
- The value of the pattern to match on.
- NDO defaults to a wildcard string, displayed in UI as ANY-STRING, when
unset during creation.
type: str
type: list
type:
choices:
- tenant
- vrf
- bd
- epg
- ap
- l3out
- l3instp
- l2out
- l2instp
- filter
- subject
- contract
description:
- The object type of the match.
required: true
type: str
type: list
type:
choices:
- tenant
- epg
description:
- The object type of the object.
required: true
type: str
type: dict
use_proxy:
description:
- If C(no), it will not use a proxy, even if one is defined in an environment variable
on the target hosts.
- If the value is not specified in the task, the value of environment variable C(ND_USE_PROXY)
will be used instead.
type: bool
description:
aliases:
- descr
description:
- The description of the compliance requirement.
type: str
from_object:
description:
- Container for all matching criteria attached to the object.
suboptions:
excludes:
description:
- Container for all matching criteria to exclude.
elements: dict
suboptions:
attribute:
choices:
- DN
default: DN
description:
- The attribute of the match.
- The GUI represent this as 'By'.
type: str
patterns:
description:
- Container for all patterns attached to the match.
elements: dict
required: true
suboptions:
operator:
choices:
- contains
- begins_with
- ends_with
- equal_to
- not_equal_to
- not_contains
- not_begins_with
- not_ends_with
description:
- The operator of the pattern.
required: true
type: str
type:
choices:
- tenant
- vrf
- bd
- epg
- ap
- l3out
- l3instp
- l2out
- l2instp
- filter
- subject
- contract
description:
- The type of the match.
required: true
type: str
value:
description:
- The value of the pattern to match on.
- NDO defaults to a wildcard string, displayed in UI as ANY-STRING, when
unset during creation.
type: str
type: list
type:
choices:
- tenant
- vrf
- bd
- epg
- ap
- l3out
- l3instp
- l2out
- l2instp
- filter
- subject
- contract
description:
- The object type of the match.
required: true
type: str
type: list
includes:
description:
- Container for all matching criteria to include.
elements: dict
required: true
suboptions:
attribute:
choices:
- DN
default: DN
description:
- The attribute of the match.
- The GUI represent this as 'By'.
type: str
patterns:
description:
- Container for all patterns attached to the match.
elements: dict
required: true
suboptions:
operator:
choices:
- contains
- begins_with
- ends_with
- equal_to
- not_equal_to
- not_contains
- not_begins_with
- not_ends_with
description:
- The operator of the pattern.
required: true
type: str
type:
choices:
- tenant
- vrf
- bd
- epg
- ap
- l3out
- l3instp
- l2out
- l2instp
- filter
- subject
- contract
description:
- The type of the match.
required: true
type: str
value:
description:
- The value of the pattern to match on.
- NDO defaults to a wildcard string, displayed in UI as ANY-STRING, when
unset during creation.
type: str
type: list
type:
choices:
- tenant
- vrf
- bd
- epg
- ap
- l3out
- l3instp
- l2out
- l2instp
- filter
- subject
- contract
description:
- The object type of the match.
required: true
type: str
type: list
type:
choices:
- tenant
- epg
description:
- The object type of the object.
required: true
type: str
type: dict
login_domain:
description:
- The login domain name to use for authentication.
- The default value is DefaultAuth.
- If the value is not specified in the task, the value of environment variable C(ND_LOGIN_DOMAIN)
will be used instead.
type: str
output_level:
choices:
- debug
- info
- normal
default: normal
description:
- Influence the output of this ND module.
- C(normal) means the standard output, incl. C(current) dict
- C(info) adds informational output, incl. C(previous), C(proposed) and C(sent) dicts
- C(debug) adds debugging output, incl. C(filter_string), C(method), C(response),
C(status) and C(url) information
- If the value is not specified in the task, the value of environment variable C(ND_OUTPUT_LEVEL)
will be used instead.
type: str
insights_group:
aliases:
- fab_name
- ig_name
description:
- The name of the insights group.
required: true
type: str
validate_certs:
description:
- If C(no), SSL certificates will not be validated.
- This should only set to C(no) when used on personally controlled sites using self-signed
certificates.
- If the value is not specified in the task, the value of environment variable C(ND_VALIDATE_CERTS)
will be used instead.
type: bool
traffic_selector_rules:
description:
- Apply rules to selected traffic.
elements: dict
suboptions:
ether_type:
choices:
- arp
- fcoe
- ip
- mac_security
- mpls_unicast
- trill
description:
- The type of the traffic selector.
required: true
type: str
from_object:
description:
- Direction from the object.
suboptions:
destination:
description:
- The destination port or port range.
type: str
source:
description:
- The source port or port range.
type: str
tcp_flags:
aliases:
- tcp_flags_set
choices:
- ack
- est
- fin
- res
- syn
description:
- Confirm these flags are set.
elements: str
type: list
tcp_flags_not_set:
choices:
- ack
- est
- fin
- res
- syn
description:
- Confirm these flags are not set.
elements: str
type: list
type: dict
protocol:
choices:
- all
- egp
- eigrp
- icmp
- icmpv6
- igmp
- igp
- l2tp
- ospfigp
- pim
- tcp
- udp
description:
- The type of the traffic protocol.
- Only significant when 'ip' is selected.
type: str
reverse_port:
default: false
description:
- The direction of the IP TCP/UDP rule.
- Only significant when 'ip' is selected in combination with 'tcp' or 'udp'.
- When set to true the from_object option is used for both directions.
type: bool
to_object:
description:
- Direction to the object.
suboptions:
destination:
description:
- The destination port or port range.
type: str
source:
description:
- The source port or port range.
type: str
tcp_flags:
aliases:
- tcp_flags_set
choices:
- ack
- est
- fin
- res
- syn
description:
- Confirm these flags are set.
elements: str
type: list
tcp_flags_not_set:
choices:
- ack
- est
- fin
- res
- syn
description:
- Confirm these flags are not set.
elements: str
type: list
type: dict
type: list