avi_authprofile – Module for setup of AuthProfile Avi RESTful Object

New in version 2.4.

Synopsis

• This module is used to configure AuthProfile object
• more examples at https://github.com/avinetworks/devops

Requirements

The below requirements are needed on the host that executes this module.

• avisdk

Parameters

Parameter		Choices/Defaults	Comments
api_context dictionary added in 2.5			Avi API context that includes current session ID and CSRF Token. This allows user to perform single login and re-use the session.
api_version string		Default: "16.4.4"	Avi API version of to use for Avi API and objects.
avi_api_patch_op - added in 2.5		Choices: add replace delete	Patch operation to use when using avi_api_update_method as patch.
avi_api_update_method - added in 2.5		Choices: put ← patch	Default method for object update is HTTP PUT. Setting to patch will override that behavior to use HTTP PATCH.
avi_credentials dictionary added in 2.5			Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller login details.
	api_version -	Default: "16.4.4"	Avi controller version
	controller -		Avi controller IP or SQDN
	csrftoken -		Avi controller API csrftoken to reuse existing session with session id
	password -		Avi controller password
	port -		Avi controller port
	session_id -		Avi controller API session id to reuse existing session with csrftoken
	tenant -	Default: "admin"	Avi controller tenant
	tenant_uuid -		Avi controller tenant UUID
	timeout -	Default: 300	Avi controller request timeout
	token -		Avi controller API token
	username -		Avi controller username
avi_disable_session_cache_as_fact boolean added in 2.6		Choices: no yes	It disables avi session information to be cached as a fact.
controller string		Default: ""	IP address or hostname of the controller. The default value is the environment variable AVI_CONTROLLER.
description -			User defined description for the object.
http -			Http user authentication params.
ldap -			Ldap server and directory settings.
name - / required			Name of the auth profile.
pa_agent_ref - added in 2.9			Pingaccessagent uuid. It is a reference to an object of type pingaccessagent. Field introduced in 18.2.3.
password string		Default: ""	Password of Avi user in Avi controller. The default value is the environment variable AVI_PASSWORD.
saml - added in 2.5			Saml settings. Field introduced in 17.2.3.
state -		Choices: absent present ←	The state that should be applied on the entity.
tacacs_plus -			Tacacs+ settings.
tenant string		Default: "admin"	Name of tenant used for all Avi API calls and context of object.
tenant_ref -			It is a reference to an object of type tenant.
tenant_uuid string		Default: ""	UUID of tenant used for all Avi API calls and context of object.
type - / required			Type of the auth profile. Enum options - AUTH_PROFILE_LDAP, AUTH_PROFILE_TACACS_PLUS, AUTH_PROFILE_SAML, AUTH_PROFILE_PINGACCESS.
url -			Avi controller URL of the object.
username string		Default: ""	Username used for accessing Avi controller. The default value is the environment variable AVI_USERNAME.
uuid -			Uuid of the auth profile.

Notes

Note

• For more information on using Ansible to manage Avi Network devices see https://www.ansible.com/ansible-avi-networks.

Examples

- name: Create user authorization profile based on the LDAP
  avi_authprofile:
    controller: '{{ controller }}'
    password: '{{ password }}'
    username: '{{ username }}'
    http:
      cache_expiration_time: 5
      group_member_is_full_dn: false
    ldap:
      base_dn: dc=avi,dc=local
      bind_as_administrator: true
      port: 389
      security_mode: AUTH_LDAP_SECURE_NONE
      server:
      - 10.10.0.100
      settings:
        admin_bind_dn: user@avi.local
        group_filter: (objectClass=*)
        group_member_attribute: member
        group_member_is_full_dn: true
        group_search_dn: dc=avi,dc=local
        group_search_scope: AUTH_LDAP_SCOPE_SUBTREE
        ignore_referrals: true
        password: password
        user_id_attribute: samAccountname
        user_search_dn: dc=avi,dc=local
        user_search_scope: AUTH_LDAP_SCOPE_ONE
    name: ProdAuth
    tenant_ref: admin
    type: AUTH_PROFILE_LDAP

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
obj dictionary	success, changed	AuthProfile (api/authprofile) object

Status

• This module is not guaranteed to have a backwards compatible interface. [preview]
• This module is maintained by the Ansible Community. [community]

Authors

• Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>

Hint

If you notice any issues in this documentation, you can edit this document to improve it.