Try SpotterModule for setup of NetworkSecurityPolicy Avi RESTful Object
Authors: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
preview | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections:
- name: community.general
version: 0.1.1This module is used to configure NetworkSecurityPolicy object
more examples at U(https://github.com/avinetworks/devops)
- name: Create a network security policy to block clients represented by ip group known_attackers
avi_networksecuritypolicy:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
name: vs-gurutest-ns
rules:
- action: NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY
age: 0
enable: true
index: 1
log: false
match:
client_ip:
group_refs:
- Demo:known_attackers
match_criteria: IS_IN
name: Rule 1
tenant_ref: Demo
url:
description:
- Avi controller URL of the object.
name:
description:
- Name of the object.
uuid:
description:
- Unique object identifier of the object.
rules:
description:
- List of networksecurityrule.
state:
choices:
- absent
- present
default: present
description:
- The state that should be applied on the entity.
tenant:
default: admin
description:
- Name of tenant used for all Avi API calls and context of object.
type: str
password:
default: ''
description:
- Password of Avi user in Avi controller. The default value is the environment variable
C(AVI_PASSWORD).
type: str
username:
default: ''
description:
- Username used for accessing Avi controller. The default value is the environment
variable C(AVI_USERNAME).
type: str
controller:
default: ''
description:
- IP address or hostname of the controller. The default value is the environment variable
C(AVI_CONTROLLER).
type: str
created_by:
description:
- Creator name.
tenant_ref:
description:
- It is a reference to an object of type tenant.
api_context:
description:
- Avi API context that includes current session ID and CSRF Token.
- This allows user to perform single login and re-use the session.
type: dict
api_version:
default: 16.4.4
description:
- Avi API version of to use for Avi API and objects.
type: str
description:
description:
- User defined description for the object.
tenant_uuid:
default: ''
description:
- UUID of tenant used for all Avi API calls and context of object.
type: str
avi_credentials:
description:
- Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller
login details.
suboptions:
api_version:
default: 16.4.4
description:
- Avi controller version
controller:
description:
- Avi controller IP or SQDN
csrftoken:
description:
- Avi controller API csrftoken to reuse existing session with session id
password:
description:
- Avi controller password
port:
description:
- Avi controller port
session_id:
description:
- Avi controller API session id to reuse existing session with csrftoken
tenant:
default: admin
description:
- Avi controller tenant
tenant_uuid:
description:
- Avi controller tenant UUID
timeout:
default: 300
description:
- Avi controller request timeout
token:
description:
- Avi controller API token
username:
description:
- Avi controller username
type: dict
avi_api_patch_op:
choices:
- add
- replace
- delete
description:
- Patch operation to use when using avi_api_update_method as patch.
cloud_config_cksum:
description:
- Checksum of cloud configuration for network sec policy.
- Internally set by cloud connector.
avi_api_update_method:
choices:
- put
- patch
default: put
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
avi_disable_session_cache_as_fact:
description:
- It disables avi session information to be cached as a fact.
type: bool
obj: description: NetworkSecurityPolicy (api/networksecuritypolicy) object returned: success, changed type: dict