Try SpotterManage BIG-IP ASM policy imports
| "added in version" 1.0.0 of f5networks.f5_modules"
Authors: Wojciech Wypior (@wojtek0806), Nitin Khanna (@nitinthewiz)
Install with ansible-galaxy collection install f5networks.f5_modules:==1.28.0
collections:
- name: f5networks.f5_modules
version: 1.28.0Manage the policy imports for BIG-IP ASM policies.
- name: Import ASM policy
bigip_asm_policy_import:
name: new_asm_policy
file: /root/asm_policy.xml
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Import ASM policy inline
bigip_asm_policy_import:
name: foo-policy4
inline: <xml>content</xml>
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Override existing ASM policy
bigip_asm_policy:
name: new_asm_policy
source: /root/asm_policy_new.xml
force: true
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
name:
description:
- The ASM policy to create or override.
required: true
type: str
force:
default: false
description:
- When set to C(true), any existing policy with the same name will be overwritten
by the new import.
- This works for both inline and file imports, if the policy does not exist this setting
is ignored.
type: bool
base64:
description:
- Indicates if the imported policy string is encoded in Base64.
- This parameter only takes effect when using the C(inline) method of import.
type: bool
inline:
description:
- When specified, the ASM policy is created from a provided string.
- Content needs to be provided in a valid XML format, otherwise the operation will
fail.
type: str
source:
description:
- Full path to a policy file to be imported into the BIG-IP ASM.
- Policy files exported from newer versions of BIG-IP cannot be imported into older
versions of BIG-IP. However, policy files from older versions of BIG-IP can be imported
into newer versions of BIG-IP.
- The file format can be binary or XML.
type: path
encoding:
choices:
- windows-874
- utf-8
- koi8-r
- windows-1253
- iso-8859-10
- gbk
- windows-1256
- windows-1250
- iso-8859-13
- iso-8859-9
- windows-1251
- iso-8859-6
- big5
- gb2312
- iso-8859-1
- windows-1252
- iso-8859-4
- iso-8859-2
- iso-8859-3
- gb18030
- shift_jis
- iso-8859-8
- euc-kr
- iso-8859-5
- iso-8859-7
- windows-1255
- euc-jp
- iso-8859-15
- windows-1257
- iso-8859-16
- auto-detect
description:
- Specifies the desired application language of the imported policy.
- The imported policy cannot be a C(parent) type or attached to a C(parent) policy
when C(auto-detect) encoding is set.
- When importing a policy to attach to a C(parent) policy, the C(encoding) of the
imported policy, if different, must be set to be the same value as C(parent_policy),
otherwise import will fail.
- This parameter is available on TMOS version 13.x and later and only takes effect
when the C(inline) import method is used.
type: str
provider:
description:
- A dict object containing connection details.
suboptions:
auth_provider:
description:
- Configures the auth provider for to obtain authentication tokens from the remote
device.
- This option is really used when working with BIG-IQ devices.
type: str
no_f5_teem:
default: false
description:
- If C(yes), TEEM telemetry data is not sent to F5.
- You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
- Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
type: bool
password:
aliases:
- pass
- pwd
description:
- The password for the user account used to connect to the BIG-IP or the BIG-IQ.
- You may omit this option by setting the environment variable C(F5_PASSWORD).
required: true
type: str
server:
description:
- The BIG-IP host or the BIG-IQ host.
- You may omit this option by setting the environment variable C(F5_SERVER).
required: true
type: str
server_port:
default: 443
description:
- The BIG-IP server port.
- You may omit this option by setting the environment variable C(F5_SERVER_PORT).
type: int
timeout:
description:
- Specifies the timeout in seconds for communicating with the network device for
either connecting or sending commands. If the timeout is exceeded before the
operation is completed, the module will error.
type: int
transport:
choices:
- rest
default: rest
description:
- Configures the transport connection to use when connecting to the remote device.
type: str
user:
description:
- The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
privileges on the device.
- You may omit this option by setting the environment variable C(F5_USER).
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates are not validated. Use this only on personally controlled
sites using self-signed certificates.
- You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
type: bool
type: dict
version_added: 1.0.0
version_added_collection: f5networks.f5_modules
partition:
default: Common
description:
- Device partition on which to create the policy.
- This parameter is also applied to indicate the partition of the C(parent) policy.
type: str
policy_type:
choices:
- security
- parent
default: security
description:
- The type of the policy to import.
- When C(policy_type) is C(security), the policy is imported as an application security
policy that you can apply to a virtual server.
- When C(policy_type) is C(parent), the policy becomes a parent to which other Security
policies attach, inheriting its attributes. This policy type cannot be applied to
Virtual Servers.
- This parameter is available on TMOS version 13.x and later and only takes effect
when the C(inline) import method is used.
type: str
parent_policy:
description:
- The parent policy to which the newly imported policy should be attached as child.
- When C(parent_policy) is specified, the imported C(policy_type) must not be C(parent).
- This parameter is available on TMOS version 13.x and later and only takes effect
when C(inline) import method is used.
type: str
retain_inheritance_settings:
description:
- Indicates if an imported security type policy should retain settings when attached
to parent policy.
- This parameter is available on TMOS version 13.x and later and only takes effect
when the C(inline) import method is used.
type: bool
base64:
description: Indicates if the imported policy string is encoded in Base64.
returned: changed
sample: true
type: bool
encoding:
description: The desired application language of the imported policy.
returned: changed
sample: utf-8
type: str
force:
description: Set when overwriting an existing policy.
returned: changed
sample: true
type: bool
inline:
description: Contents of a policy as an inline string.
returned: changed
sample: <xml>foobar contents</xml>
type: str
name:
description: Name of the ASM policy to be created/overwritten.
returned: changed
sample: Asm_APP1_Transparent
type: str
parent_policy:
description: The parent policy to which the newly imported policy should be attached
as child.
returned: changed
sample: /Common/parent
type: str
policy_type:
description: The type of the policy to import.
returned: changed
sample: security
type: str
retain_inheritance_settings:
description: Indicate if an imported security type policy should retain settings
when attached to the parent policy.
returned: changed
sample: true
type: bool
source:
description: Local path to an ASM policy file.
returned: changed
sample: /root/some_policy.xml
type: str