illumio / illumio.core / 0.2.6 / module / pairing_profile Create/update/delete Illumio PCE pairing profiles | "added in version" 0.2.0 of illumio.core" Authors: Duncan Sommerville (@dsommerville-illumio)illumio.core.pairing_profile (0.2.6) — module
Install with ansible-galaxy collection install illumio.core:==0.2.6
collections: - name: illumio.core version: 0.2.6
This module allows you to create and manipulate pairing profile objects on the Illumio PCE to pair Illumio VEN agents.
Supports check mode.
- name: "Create profile with default labels" illumio.core.pairing_profile: name: PP-DB state: present enabled: true labels: - href: /orgs/1/labels/1 - href: /orgs/1/labels/2
- name: "Create profile with pairing key uses and lifespan limitations" illumio.core.pairing_profile: name: PP-AUTOMATION state: present enforcement_mode: visibility_only allowed_uses_per_key: 1 key_lifespan: 30
- name: "Remove existing profile" illumio.core.pairing_profile: name: PP-DB state: absent
- name: "Remove profile by HREF" illumio.core.pairing_profile: href: /orgs/1/pairing_profiles/1 state: absent
href: description: HREF of an existing pairing profile. type: str name: description: - Pairing profile display name. - Required for creating a pairing profile or when HREF is not specified. type: str state: choices: - present - absent default: present description: - Desired pairing profile state. - If C(present), the profile will be created if it does not exist, or updated to match the provided parameters if it does. - If C(absent), the profile will be removed if it exists. type: str labels: default: [] description: - List of default labels to apply to workloads paired using this profile. - Labels can only be referenced by HREF, and only one Label of each type can be specified. elements: dict suboptions: href: description: Label HREF. required: true type: str type: list enabled: default: 'yes' description: Determines whether or not the profile is enabled for pairing. type: bool pce_port: default: 443 description: - HTTP(S) port used by the PCE. - Can be set with the environment variable C(ILLUMIO_PCE_PORT). type: int pce_org_id: default: 1 description: - PCE Organization ID. - Can be set with the environment variable C(ILLUMIO_PCE_ORG_ID). type: int pce_tls_ca: description: - Path to a custom root CA certificate bundle to use for the PCE connection. - If set, overrides C(pce_tls_verify). type: str description: default: '' description: Pairing profile description. type: str ven_version: description: - Optional parameter to set the VEN version used by this pairing profile. - If not set, the profile will use the default VEN version configured in the PCE's VEN library. type: str key_lifespan: default: unlimited description: - The number of seconds pairing profile keys will be valid for. - By default, each key lasts an unlimited amount of time. type: str pce_hostname: aliases: - pce_url description: - URL or FQDN of Illumio Policy Compute Engine. C(pce_url) is an alias for C(pce_hostname). - Can be set with the environment variable C(ILLUMIO_PCE_HOST). required: true type: str api_key_secret: description: - Illumio PCE API key secret. - Can be set with the environment variable C(ILLUMIO_API_KEY_SECRET). required: true type: str app_label_lock: default: 'yes' description: If set to C(false), allows the app label to be overridden when pairing. type: bool env_label_lock: default: 'yes' description: If set to C(false), allows the environment label to be overridden when pairing. type: bool loc_label_lock: default: 'yes' description: If set to C(false), allows the location label to be overridden when pairing. type: bool pce_http_proxy: description: - HTTP proxy server to use when connecting to the PCE. - If not set, it will use the default C(http_proxy) environment variable. type: str pce_tls_verify: default: true description: - Flag denoting whether TLS verification should be enabled on the PCE connection. type: bool pce_https_proxy: description: - HTTPS proxy server to use when connecting to the PCE. - If not set, it will use the default C(https_proxy) environment variable. type: str role_label_lock: default: 'yes' description: If set to C(false), allows the role label to be overridden when pairing. type: bool api_key_username: description: - Illumio PCE API key username. - Can be set with the environment variable C(ILLUMIO_API_KEY_USERNAME). required: true type: str enforcement_mode: choices: - idle - visibility_only - selective - full default: idle description: - Pairing profile default enforcement mode. - VENs paired using this profile will be put into the provided enforcement mode by default. - 'C(idle): the VEN will not take control of the host firewall.' - 'C(visibility_only): no traffic will be blocked by PCE policy.' - 'C(selective): segmentation rules are enforced only for selected inbound services when the host is within the scope of an enforcement boundary.' - 'C(full): segmentation rules are enforced for all inbound and outbound services. Traffic that is not allowed by a segmentation rule is blocked.' type: str visibility_level: choices: - flow_summary - flow_drops - flow_off - enhanced_data_collection default: flow_summary description: - Determines what traffic will be logged by VENs paired with this profile. - 'C(flow_summary): log connection information for allowed, blocked, and potentially blocked traffic.' - 'C(flow_drops): log connection information for blocked and potentially blocked traffic.' - 'C(flow_off): do not log any traffic information.' - 'C(enhanced_data_collection): log byte counts in addition to connection details for all traffic.' type: str external_data_set: description: - External data set identifier. - Must be set if using C(external_data_reference). type: str allowed_uses_per_key: default: unlimited description: - The number of times pairing profile keys can be used. - By default, each key has unlimited uses. type: str pce_tls_client_certs: description: - Optional paths to client-side certificate files. - May point to separate cert and private key files or a PEM bundle containing both. elements: str type: list enforcement_mode_lock: default: 'yes' description: If set to C(false), allows the enforcement mode to be overridden when pairing. type: bool visibility_level_lock: default: 'yes' description: If set to C(false), allows the visibility level to be overridden when pairing. type: bool external_data_reference: description: - External data reference identifier. - Must be set if using C(external_data_set). type: str
pairing_profile: contains: agent_software_release: description: The VEN version used by this pairing profile. returned: always type: str allowed_uses_per_key: description: The number of times each pairing key generated by this profile can be used to pair VENs. returned: always type: str app_label_lock: description: A flag that denotes whether the app label set by this profile can be overridden from the pairing script. returned: always type: bool caps: description: - Array of permissions on the entity held by the requesting user. - An empty array implies readonly permission. elements: str returned: always type: list created_at: description: A timestamp denoting when this pairing profile was created. returned: always type: str created_by: description: A reference to the user object that created this profile. returned: always sample: created_by: href: /users/1 type: dict description: description: A description of the pairing profile. returned: always type: str enabled: description: A flag that determines whether or not this profile is enabled for pairing. returned: always type: bool enforcement_mode: description: The enforcement mode that will be applied to VENs paired using this profile. returned: always type: str enforcement_mode_lock: description: A flag that denotes whether the enforcement mode set by this profile can be overridden from the pairing script. returned: always type: bool env_label_lock: description: A flag that denotes whether the environment label set by this profile can be overridden from the pairing script. returned: always type: bool href: description: The pairing profile's HREF. returned: always type: str is_default: description: A flag that denotes whether this profile is the default pairing profile for the PCE. returned: always type: bool key_lifespan: description: The amount of time, in seconds, that a pairing key generated by this profile will be valid for. returned: always type: str labels: description: A list of labels that will be applied to VENs paired using this profile. elements: dict returned: always sample: - href: /orgs/1/labels/1 type: list loc_label_lock: description: A flag that denotes whether the location label set by this profile can be overridden from the pairing script. returned: always type: bool name: description: The pairing profile's name. returned: always type: str role_label_lock: description: A flag that denotes whether the role label set by this profile can be overridden from the pairing script. returned: always type: bool total_use_count: description: The total number of times this profile has been used to pair VENs. returned: always type: int updated_at: description: A timestamp denoting when this pairing profile was last updated. returned: always type: str updated_by: description: A reference to the user object that last updated this profile. returned: always sample: updated_by: href: /users/1 type: dict visibility_level: description: Determines what traffic will be logged by VENs paired with this profile. returned: always type: str visibility_level_lock: description: A flag that denotes whether the visibility level set by this profile can be overridden from the pairing script. returned: always type: bool description: Information about the pairing profile that was created or updated. returned: success sample: pairing_profile: agent_software_release: Default (21.2.0-7831) allowed_uses_per_key: unlimited app_label_lock: true caps: - write - generate_pairing_key created_at: '2022-06-07T00:11:10.923Z' created_by: href: /users/1 description: Created with Ansible enabled: true enforcement_mode: visibility_only enforcement_mode_lock: true env_label_lock: true href: /orgs/1/pairing_profiles/1500 is_default: false key_lifespan: unlimited labels: [] loc_label_lock: true name: PP-ANSIBLE-TEST role_label_lock: true total_use_count: 0 updated_at: '2022-06-07T17:51:56.606Z' updated_by: href: /users/1 visibility_level: flow_summary visibility_level_lock: true type: complex