/ home / community / community.general / 8.5.0 / module / utm_aaa_group

community.general.utm_aaa_group (8.5.0) — module

Create, update or destroy an aaa group object in Sophos UTM

Authors: Johannes Brunswicker (@MatrixCrawler)

Install collection

Install with ansible-galaxy collection install community.general:==8.5.0

Add to requirements.yml

  collections:
    - name: community.general
      version: 8.5.0

Description

Create, update or destroy an aaa group object in Sophos UTM.

This module needs to have the REST Ability of the UTM to be activated.

Usage examples

Scanned by Steampunk Spotter

- name: Create UTM aaa_group
  community.general.utm_aaa_group:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAAAGroupEntry
    backend_match: ldap
    dynamic: directory_groups
    ldap_attributes: memberof
    ldap_attributes_value: "cn=groupname,ou=Groups,dc=mydomain,dc=com"
    network: REF_OBJECT_STRING
    state: present

Scanned by Steampunk Spotter

- name: Remove UTM aaa_group
  community.general.utm_aaa_group:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAAAGroupEntry
    state: absent

Inputs

    
name:
    description:
    - The name of the object. Will be used to identify the entry.
    required: true
    type: str

state:
    choices:
    - absent
    - present
    default: present
    description:
    - The desired state of the object.
    - V(present) will create or update an object.
    - V(absent) will delete an object if it was present.
    type: str

comment:
    default: ''
    description:
    - Comment that describes the AAA group.
    type: str

dynamic:
    choices:
    - none
    - ipsec_dn
    - directory_groups
    default: none
    description:
    - Group type. Is static if none is selected.
    type: str

headers:
    default: {}
    description:
    - A dictionary of additional headers to be sent to POST and PUT requests.
    - Is needed for some modules.
    required: false
    type: dict

members:
    default: []
    description:
    - A list of user ref names (aaa/user).
    elements: str
    type: list

network:
    default: ''
    description:
    - The network reference name. The objects contains the known ip addresses for the
      authentication object (network/aaa).
    type: str

ipsec_dn:
    default: ''
    description:
    - The ipsec dn string.
    type: str

utm_host:
    description:
    - The REST Endpoint of the Sophos UTM.
    required: true
    type: str

utm_port:
    default: 4444
    description:
    - The port of the REST interface.
    type: int

utm_token:
    description:
    - The token used to identify at the REST-API. See U(https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf?la=en),
      Chapter 2.4.2.
    required: true
    type: str

utm_protocol:
    choices:
    - http
    - https
    default: https
    description:
    - The protocol of the REST Endpoint.
    type: str

backend_match:
    choices:
    - none
    - adirectory
    - edirectory
    - radius
    - tacacs
    - ldap
    default: none
    description:
    - The backend for the group.
    type: str

radius_groups:
    default: []
    description:
    - A list of radius group strings.
    elements: str
    type: list

tacacs_groups:
    default: []
    description:
    - A list of tacacs group strings.
    elements: str
    type: list

ldap_attribute:
    default: ''
    description:
    - The ldap attribute to check against.
    type: str

validate_certs:
    default: true
    description:
    - Whether the REST interface's ssl certificate should be verified or not.
    type: bool

adirectory_groups:
    default: []
    description:
    - List of adirectory group strings.
    elements: str
    type: list

edirectory_groups:
    default: []
    description:
    - List of edirectory group strings.
    elements: str
    type: list

ldap_attribute_value:
    default: ''
    description:
    - The ldap attribute value to check against.
    type: str

adirectory_groups_sids:
    default: {}
    description:
    - Dictionary of group sids.
    type: dict

Outputs

result:
  contains:
    _locked:
      description: Whether or not the object is currently locked.
      type: bool
    _ref:
      description: The reference name of the object.
      type: str
    _type:
      description: The type of the object.
      type: str
    adirectory_groups:
      description: List of Active Directory Groups.
      type: str
    adirectory_groups_sids:
      description: List of Active Directory Groups SIDS.
      type: list
    backend_match:
      description: The backend to use.
      type: str
    comment:
      description: The comment string.
      type: str
    dynamic:
      description: Whether the group match is ipsec_dn or directory_group.
      type: str
    edirectory_groups:
      description: List of eDirectory Groups.
      type: str
    ipsec_dn:
      description: ipsec_dn identifier to match.
      type: str
    ldap_attribute:
      description: The LDAP Attribute to match against.
      type: str
    ldap_attribute_value:
      description: The LDAP Attribute Value to match against.
      type: str
    members:
      description: List of member identifiers of the group.
      type: list
    name:
      description: The name of the object.
      type: str
    network:
      description: The identifier of the network (network/aaa).
      type: str
    radius_group:
      description: The radius group identifier.
      type: str
    tacacs_group:
      description: The tacacs group identifier.
      type: str
  description: The utm object that was created.
  returned: success
  type: complex