Try SpotterCreate, update or destroy reverse_proxy auth_profile entry in Sophos UTM
Authors: Stephan Schwarz (@stearz)
Install with ansible-galaxy collection install community.general:==8.5.0
collections:
- name: community.general
version: 8.5.0Create, update or destroy a reverse_proxy auth_profile entry in SOPHOS UTM.
This module needs to have the REST Ability of the UTM to be activated.
- name: Create UTM proxy_auth_profile
community.general.utm_proxy_auth_profile:
utm_host: sophos.host.name
utm_token: abcdefghijklmno1234
name: TestAuthProfileEntry
aaa: [REF_OBJECT_STRING,REF_ANOTHEROBJECT_STRING]
basic_prompt: "Authentication required: Please login"
frontend_session_lifetime: 1
frontend_session_timeout: 1
state: present
- name: Remove UTM proxy_auth_profile
community.general.utm_proxy_auth_profile:
utm_host: sophos.host.name
utm_token: abcdefghijklmno1234
name: TestAuthProfileEntry
state: absent
- name: Read UTM proxy_auth_profile
community.general.utm_proxy_auth_profile:
utm_host: sophos.host.name
utm_token: abcdefghijklmno1234
name: TestAuthProfileEntry
state: info
aaa:
description:
- List of references to utm_aaa objects (allowed users or groups)
elements: str
required: true
type: list
name:
description:
- The name of the object. Will be used to identify the entry
required: true
type: str
state:
choices:
- absent
- present
default: present
description:
- The desired state of the object.
- V(present) will create or update an object.
- V(absent) will delete an object if it was present.
type: str
comment:
default: ''
description:
- Optional comment string
type: str
headers:
default: {}
description:
- A dictionary of additional headers to be sent to POST and PUT requests.
- Is needed for some modules.
required: false
type: dict
utm_host:
description:
- The REST Endpoint of the Sophos UTM.
required: true
type: str
utm_port:
default: 4444
description:
- The port of the REST interface.
type: int
utm_token:
description:
- The token used to identify at the REST-API. See U(https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf?la=en),
Chapter 2.4.2.
required: true
type: str
logout_mode:
choices:
- None
- Delegation
default: None
description:
- Mode of logout (None|Delegation)
type: str
backend_mode:
choices:
- Basic
- None
default: None
description:
- Specifies if the backend server needs authentication ([Basic|None])
type: str
basic_prompt:
description:
- The message in the basic authentication prompt
required: true
type: str
utm_protocol:
choices:
- http
- https
default: https
description:
- The protocol of the REST Endpoint.
type: str
frontend_form:
description:
- Frontend authentication form name
type: str
frontend_mode:
choices:
- Basic
- Form
default: Basic
description:
- Frontend authentication mode (Form|Basic)
type: str
frontend_login:
description:
- Frontend login name
type: str
frontend_realm:
description:
- Frontend authentication realm
type: str
validate_certs:
default: true
description:
- Whether the REST interface's ssl certificate should be verified or not.
type: bool
frontend_cookie:
description:
- Frontend cookie name
type: str
frontend_logout:
description:
- Frontend logout name
type: str
backend_user_prefix:
default: ''
description:
- Prefix string to prepend to the username for backend authentication
type: str
backend_user_suffix:
default: ''
description:
- Suffix string to append to the username for backend authentication
type: str
frontend_cookie_secret:
description:
- Frontend cookie secret
type: str
frontend_form_template:
default: ''
description:
- Frontend authentication form template
type: str
logout_delegation_urls:
default: []
description:
- List of logout URLs that logouts are delegated to
elements: str
type: list
backend_strip_basic_auth:
default: true
description:
- Should the login data be stripped when proxying the request to the backend host
type: bool
frontend_session_timeout:
description:
- session timeout
required: true
type: int
frontend_session_lifetime:
description:
- session lifetime
required: true
type: int
redirect_to_requested_url:
default: false
description:
- Should a redirect to the requested URL be made
type: bool
frontend_session_timeout_scope:
choices:
- days
- hours
- minutes
default: minutes
description:
- scope for frontend_session_timeout (days|hours|minutes)
type: str
frontend_session_lifetime_scope:
choices:
- days
- hours
- minutes
default: hours
description:
- scope for frontend_session_lifetime (days|hours|minutes)
type: str
frontend_session_timeout_enabled:
default: true
description:
- Specifies if session timeout is active
type: bool
frontend_session_lifetime_limited:
default: true
description:
- Specifies if limitation of session lifetime is active
type: bool
frontend_session_allow_persistency:
default: false
description:
- Allow session persistency
type: bool
result:
contains:
_locked:
description: Whether or not the object is currently locked
type: bool
_ref:
description: The reference name of the object
type: str
_type:
description: The type of the object
type: str
aaa:
description: List of references to utm_aaa objects (allowed users or groups)
type: list
backend_mode:
description: Specifies if the backend server needs authentication ([Basic|None])
type: str
backend_strip_basic_auth:
description: Should the login data be stripped when proxying the request to
the backend host
type: bool
backend_user_prefix:
description: Prefix string to prepend to the username for backend authentication
type: str
backend_user_suffix:
description: Suffix string to append to the username for backend authentication
type: str
basic_prompt:
description: The message in the basic authentication prompt
type: str
comment:
description: Optional comment string
type: str
frontend_cookie:
description: Frontend cookie name
type: str
frontend_form:
description: Frontend authentication form name
type: str
frontend_form_template:
description: Frontend authentication form template
type: str
frontend_login:
description: Frontend login name
type: str
frontend_logout:
description: Frontend logout name
type: str
frontend_mode:
description: Frontend authentication mode (Form|Basic)
type: str
frontend_realm:
description: Frontend authentication realm
type: str
frontend_session_allow_persistency:
description: Allow session persistency
type: bool
frontend_session_lifetime:
description: session lifetime
type: int
frontend_session_lifetime_limited:
description: Specifies if limitation of session lifetime is active
type: bool
frontend_session_lifetime_scope:
description: scope for frontend_session_lifetime (days|hours|minutes)
type: str
frontend_session_timeout:
description: session timeout
type: int
frontend_session_timeout_enabled:
description: Specifies if session timeout is active
type: bool
frontend_session_timeout_scope:
description: scope for frontend_session_timeout (days|hours|minutes)
type: str
logout_delegation_urls:
description: List of logout URLs that logouts are delegated to
type: list
logout_mode:
description: Mode of logout (None|Delegation)
type: str
name:
description: The name of the object
type: str
redirect_to_requested_url:
description: Should a redirect to the requested URL be made
type: bool
description: The utm object that was created
returned: success
type: complex