Documentation

avi_networksecuritypolicy - Module for setup of NetworkSecurityPolicy Avi RESTful Object

New in version 2.4.

Synopsis

Options

parameter required default choices comments
api_version
no
Avi API version of to use for Avi API and objects.
cloud_config_cksum
no
Checksum of cloud configuration for network sec policy.
Internally set by cloud connector.
controller
no
IP address or hostname of the controller. The default value is the environment variable AVI_CONTROLLER.
created_by
no
Creator name.
description
no
User defined description for the object.
name
no
Name of the object.
password
no
Password of Avi user in Avi controller. The default value is the environment variable AVI_PASSWORD.
rules
no
List of networksecurityrule.
state
no present
  • absent
  • present
The state that should be applied on the entity.
tenant
no admin
Name of tenant used for all Avi API calls and context of object.
tenant_ref
no
It is a reference to an object of type tenant.
tenant_uuid
no
UUID of tenant used for all Avi API calls and context of object.
url
no
Avi controller URL of the object.
username
no
Username used for accessing Avi controller. The default value is the environment variable AVI_USERNAME.
uuid
no
Unique object identifier of the object.

Examples

- name: Create a network security policy to block clients represented by ip group known_attackers
  avi_networksecuritypolicy:
    controller: ''
    username: ''
    password: ''
    name: vs-gurutest-ns
    rules:
    - action: NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY
      age: 0
      enable: true
      index: 1
      log: false
      match:
        client_ip:
          group_refs:
          - Demo:known_attackers
          match_criteria: IS_IN
      name: Rule 1
    tenant_ref: Demo

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
obj NetworkSecurityPolicy (api/networksecuritypolicy) object success, changed dict


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Support

This module is community maintained without core committer oversight.

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.