cisco.ise.network_access_authentication_rules module – Resource module for Network Access Authentication Rules
Note
This module is part of the cisco.ise collection (version 1.2.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.ise
.
To use it in a playbook, specify: cisco.ise.network_access_authentication_rules
.
New in version 1.0.0: of cisco.ise
Synopsis
Manage operations create, update and delete of the resource Network Access Authentication Rules.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
ciscoisesdk >= 1.1.0
python >= 3.5
Parameters
Parameter |
Comments |
---|---|
Id path parameter. Rule id. |
|
Identity source id from the identity stores. |
|
Identity source name from the identity stores. |
|
Action to perform when authentication fails such as Bad credentials, disabled user and so on. |
|
Action to perform when ISE is uanble to access the identity database. |
|
Action to perform when user is not found in any of identity stores. |
|
Flag for Identity Services Engine SDK to enable debugging. Choices:
|
|
The Identity Services Engine hostname. |
|
The Identity Services Engine password to authenticate. |
|
The Identity Services Engine username to authenticate. |
|
Flag that informs the SDK whether to use the Identity Services Engine’s API Gateway to send requests. If it is true, it uses the ISE’s API Gateway and sends requests to https://{{ise_hostname}}. If it is false, it sends the requests to https://{{ise_hostname}}:{{port}}, where the port value depends on the Service used (ERS, Mnt, UI, PxGrid). Choices:
|
|
Flag to enable or disable SSL certificate verification. Choices:
|
|
Informs the SDK which version of Identity Services Engine to use. Default: “3.1.0” |
|
Flag for Identity Services Engine SDK to enable automatic rate-limit handling. Choices:
|
|
Network Access Authentication Rules’s link. |
|
Network Access Authentication Rules’s href. |
|
Network Access Authentication Rules’s rel. |
|
Network Access Authentication Rules’s type. |
|
PolicyId path parameter. Policy id. |
|
Common attributes in rule authentication/authorization. |
|
Network Access Authentication Rules’s condition. |
|
Dictionary attribute id (Optional), used for additional verification. |
|
Dictionary attribute name. |
|
<ul><li>Attribute value for condition</li> <li>Value type is specified in dictionary object</li> <li>if multiple values allowed is specified in dictionary object</li></ul>. |
|
In case type is andBlock or orBlock addtional conditions will be aggregated under this logical (OR/AND) condition. |
|
<ul><li>Inidicates whether the record is the condition itself(data) or a logical(or,and) aggregation</li> <li>Data type enum(reference,single) indicates than “conditonId” OR “ConditionAttrs” fields should contain condition data but not both</li> <li>Logical aggreation(and,or) enum indicates that additional conditions are present under the children field</li></ul>. |
|
Indicates whereas this condition is in negate mode. Choices:
|
|
Network Access Authentication Rules’s link. |
|
Network Access Authentication Rules’s href. |
|
Network Access Authentication Rules’s rel. |
|
Network Access Authentication Rules’s type. |
|
<ul><li>Inidicates whether the record is the condition itself(data) or a logical(or,and) aggregation</li> <li>Data type enum(reference,single) indicates than “conditonId” OR “ConditionAttrs” fields should contain condition data but not both</li> <li>Logical aggreation(and,or) enum indicates that additional conditions are present under the children field</li></ul>. |
|
<p>Defines for which date/s TimeAndDate condition will be matched or NOT matched if used in exceptionDates prooperty<br> Options are - Date range, for specific date, the same date should be used for start/end date <br> Default - no specific dates<br> In order to reset the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, dd = day, yyyy = year)</p>. |
|
Network Access Authentication Rules’s endDate. |
|
Network Access Authentication Rules’s startDate. |
|
<p>Defines for which date/s TimeAndDate condition will be matched or NOT matched if used in exceptionDates prooperty<br> Options are - Date range, for specific date, the same date should be used for start/end date <br> Default - no specific dates<br> In order to reset the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, dd = day, yyyy = year)</p>. |
|
Network Access Authentication Rules’s endDate. |
|
Network Access Authentication Rules’s startDate. |
|
Condition description. |
|
Dictionary name. |
|
Dictionary value. |
|
<p>Defines for which hours a TimeAndDate condition will be matched or not matched if used in exceptionHours property<br> Time foramt - hh mm ( h = hour , mm = minutes ) <br> Default - All Day </p>. |
|
Network Access Authentication Rules’s endTime. |
|
Network Access Authentication Rules’s startTime. |
|
<p>Defines for which hours a TimeAndDate condition will be matched or not matched if used in exceptionHours property<br> Time foramt - hh mm ( h = hour , mm = minutes ) <br> Default - All Day </p>. |
|
Network Access Authentication Rules’s endTime. |
|
Network Access Authentication Rules’s startTime. |
|
Network Access Authentication Rules’s id. |
|
Indicates whereas this condition is in negate mode. Choices:
|
|
Network Access Authentication Rules’s link. |
|
Network Access Authentication Rules’s href. |
|
Network Access Authentication Rules’s rel. |
|
Network Access Authentication Rules’s type. |
|
Condition name. |
|
Equality operator. |
|
<p>Defines for which days this condition will be matched<br> Days format - Arrays of WeekDay enums <br> Default - List of All week days</p>. |
|
<p>Defines for which days this condition will NOT be matched<br> Days format - Arrays of WeekDay enums <br> Default - Not enabled</p>. |
|
Indicates if this rule is the default one. Choices:
|
|
The amount of times the rule was matched. |
|
The identifier of the rule. |
|
Rule name, Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses. |
|
The rank(priority) in relation to other rules. Lower rank is higher priority. |
|
The state that the rule is in. A disabled rule cannot be matched. |
See Also
See also
- Network Access Authentication Rules reference
Complete reference of the Network Access Authentication Rules object model.
Examples
- name: Create
cisco.ise.network_access_authentication_rules:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: present
identitySourceId: string
identitySourceName: string
ifAuthFail: string
ifProcessFail: string
ifUserNotFound: string
link:
href: string
rel: string
type: string
rule:
condition:
attributeId: string
attributeName: string
attributeValue: string
children:
- conditionType: string
isNegate: true
link:
href: string
rel: string
type: string
conditionType: string
datesRange:
endDate: string
startDate: string
datesRangeException:
endDate: string
startDate: string
description: string
dictionaryName: string
dictionaryValue: string
hoursRange:
endTime: string
startTime: string
hoursRangeException:
endTime: string
startTime: string
id: string
isNegate: true
link:
href: string
rel: string
type: string
name: string
operator: string
weekDays:
- string
weekDaysException:
- string
default: true
hitCounts: 0
id: string
name: string
rank: 0
state: string
- name: Update by id
cisco.ise.network_access_authentication_rules:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: present
id: string
identitySourceId: string
identitySourceName: string
ifAuthFail: string
ifProcessFail: string
ifUserNotFound: string
link:
href: string
rel: string
type: string
policyId: string
rule:
condition:
attributeId: string
attributeName: string
attributeValue: string
children:
- conditionType: string
isNegate: true
link:
href: string
rel: string
type: string
conditionType: string
datesRange:
endDate: string
startDate: string
datesRangeException:
endDate: string
startDate: string
description: string
dictionaryName: string
dictionaryValue: string
hoursRange:
endTime: string
startTime: string
hoursRangeException:
endTime: string
startTime: string
id: string
isNegate: true
link:
href: string
rel: string
type: string
name: string
operator: string
weekDays:
- string
weekDaysException:
- string
default: true
hitCounts: 0
id: string
name: string
rank: 0
state: string
- name: Delete by id
cisco.ise.network_access_authentication_rules:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: absent
id: string
policyId: string
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always Sample: “{\n \”identitySourceId\”: \”string\”,\n \”identitySourceName\”: \”string\”,\n \”ifAuthFail\”: \”string\”,\n \”ifProcessFail\”: \”string\”,\n \”ifUserNotFound\”: \”string\”,\n \”link\”: {\n \”href\”: \”string\”,\n \”rel\”: \”string\”,\n \”type\”: \”string\”\n },\n \”rule\”: {\n \”condition\”: {\n \”conditionType\”: \”string\”,\n \”isNegate\”: true,\n \”link\”: {\n \”href\”: \”string\”,\n \”rel\”: \”string\”,\n \”type\”: \”string\”\n },\n \”description\”: \”string\”,\n \”id\”: \”string\”,\n \”name\”: \”string\”,\n \”attributeName\”: \”string\”,\n \”attributeId\”: \”string\”,\n \”attributeValue\”: \”string\”,\n \”dictionaryName\”: \”string\”,\n \”dictionaryValue\”: \”string\”,\n \”operator\”: \”string\”,\n \”children\”: [\n {\n \”conditionType\”: \”string\”,\n \”isNegate\”: true,\n \”link\”: {\n \”href\”: \”string\”,\n \”rel\”: \”string\”,\n \”type\”: \”string\”\n }\n }\n ],\n \”datesRange\”: {\n \”endDate\”: \”string\”,\n \”startDate\”: \”string\”\n },\n \”datesRangeException\”: {\n \”endDate\”: \”string\”,\n \”startDate\”: \”string\”\n },\n \”hoursRange\”: {\n \”endTime\”: \”string\”,\n \”startTime\”: \”string\”\n },\n \”hoursRangeException\”: {\n \”endTime\”: \”string\”,\n \”startTime\”: \”string\”\n },\n \”weekDays\”: [\n \”string\”\n ],\n \”weekDaysException\”: [\n \”string\”\n ]\n },\n \”default\”: true,\n \”hitCounts\”: 0,\n \”id\”: \”string\”,\n \”name\”: \”string\”,\n \”rank\”: 0,\n \”state\”: \”string\”\n }\n}\n” |
|
A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always Sample: “{\n \”response\”: {\n \”identitySourceId\”: \”string\”,\n \”identitySourceName\”: \”string\”,\n \”ifAuthFail\”: \”string\”,\n \”ifProcessFail\”: \”string\”,\n \”ifUserNotFound\”: \”string\”,\n \”link\”: {\n \”href\”: \”string\”,\n \”rel\”: \”string\”,\n \”type\”: \”string\”\n },\n \”rule\”: {\n \”condition\”: {\n \”conditionType\”: \”string\”,\n \”isNegate\”: true,\n \”link\”: {\n \”href\”: \”string\”,\n \”rel\”: \”string\”,\n \”type\”: \”string\”\n },\n \”description\”: \”string\”,\n \”id\”: \”string\”,\n \”name\”: \”string\”,\n \”attributeName\”: \”string\”,\n \”attributeId\”: \”string\”,\n \”attributeValue\”: \”string\”,\n \”dictionaryName\”: \”string\”,\n \”dictionaryValue\”: \”string\”,\n \”operator\”: \”string\”,\n \”children\”: [\n {\n \”conditionType\”: \”string\”,\n \”isNegate\”: true,\n \”link\”: {\n \”href\”: \”string\”,\n \”rel\”: \”string\”,\n \”type\”: \”string\”\n }\n }\n ],\n \”datesRange\”: {\n \”endDate\”: \”string\”,\n \”startDate\”: \”string\”\n },\n \”datesRangeException\”: {\n \”endDate\”: \”string\”,\n \”startDate\”: \”string\”\n },\n \”hoursRange\”: {\n \”endTime\”: \”string\”,\n \”startTime\”: \”string\”\n },\n \”hoursRangeException\”: {\n \”endTime\”: \”string\”,\n \”startTime\”: \”string\”\n },\n \”weekDays\”: [\n \”string\”\n ],\n \”weekDaysException\”: [\n \”string\”\n ]\n },\n \”default\”: true,\n \”hitCounts\”: 0,\n \”id\”: \”string\”,\n \”name\”: \”string\”,\n \”rank\”: 0,\n \”state\”: \”string\”\n }\n },\n \”version\”: \”string\”\n}\n” |
Authors
Rafael Campos (@racampos)