avi_networksecuritypolicy – Module for setup of NetworkSecurityPolicy Avi RESTful Object

New in version 2.4.

Synopsis

Requirements

The below requirements are needed on the host that executes this module.

  • avisdk

Parameters

Parameter Choices/Defaults Comments
api_context
dictionary
added in 2.5
Avi API context that includes current session ID and CSRF Token.
This allows user to perform single login and re-use the session.
api_version
string
Default:
"16.4.4"
Avi API version of to use for Avi API and objects.
avi_api_patch_op
-
added in 2.5
    Choices:
  • add
  • replace
  • delete
Patch operation to use when using avi_api_update_method as patch.
avi_api_update_method
-
added in 2.5
    Choices:
  • put ←
  • patch
Default method for object update is HTTP PUT.
Setting to patch will override that behavior to use HTTP PATCH.
avi_credentials
dictionary
added in 2.5
Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller login details.
api_version
-
Default:
"16.4.4"
Avi controller version
controller
-
Avi controller IP or SQDN
csrftoken
-
Avi controller API csrftoken to reuse existing session with session id
password
-
Avi controller password
port
-
Avi controller port
session_id
-
Avi controller API session id to reuse existing session with csrftoken
tenant
-
Default:
"admin"
Avi controller tenant
tenant_uuid
-
Avi controller tenant UUID
timeout
-
Default:
300
Avi controller request timeout
token
-
Avi controller API token
username
-
Avi controller username
avi_disable_session_cache_as_fact
boolean
added in 2.6
    Choices:
  • no
  • yes
It disables avi session information to be cached as a fact.
cloud_config_cksum
-
Checksum of cloud configuration for network sec policy.
Internally set by cloud connector.
controller
string
Default:
""
IP address or hostname of the controller. The default value is the environment variable AVI_CONTROLLER.
created_by
-
Creator name.
description
-
User defined description for the object.
name
-
Name of the object.
password
string
Default:
""
Password of Avi user in Avi controller. The default value is the environment variable AVI_PASSWORD.
rules
-
List of networksecurityrule.
state
-
    Choices:
  • absent
  • present ←
The state that should be applied on the entity.
tenant
string
Default:
"admin"
Name of tenant used for all Avi API calls and context of object.
tenant_ref
-
It is a reference to an object of type tenant.
tenant_uuid
string
Default:
""
UUID of tenant used for all Avi API calls and context of object.
url
-
Avi controller URL of the object.
username
string
Default:
""
Username used for accessing Avi controller. The default value is the environment variable AVI_USERNAME.
uuid
-
Unique object identifier of the object.

Notes

Note

Examples

- name: Create a network security policy to block clients represented by ip group known_attackers
  avi_networksecuritypolicy:
    controller: '{{ controller }}'
    username: '{{ username }}'
    password: '{{ password }}'
    name: vs-gurutest-ns
    rules:
    - action: NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY
      age: 0
      enable: true
      index: 1
      log: false
      match:
        client_ip:
          group_refs:
          - Demo:known_attackers
          match_criteria: IS_IN
      name: Rule 1
    tenant_ref: Demo

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
obj
dictionary
success, changed
NetworkSecurityPolicy (api/networksecuritypolicy) object


Status

Authors

Hint

If you notice any issues in this documentation, you can edit this document to improve it.