cisco.ise.authorization_profile module – Resource module for Authorization Profile
Note
This module is part of the cisco.ise collection (version 2.5.9).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.ise
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cisco.ise.authorization_profile
.
New in cisco.ise 1.0.0
Synopsis
Manage operations create, update and delete of the resource Authorization Profile.
This API creates an authorization profile.
This API deletes an authorization profile.
This API allows the client to update an authorization profile.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
ciscoisesdk >= 2.0.8
python >= 3.5
Parameters
Parameter |
Comments |
---|---|
Allowed Values - ACCESS_ACCEPT, - ACCESS_REJECT. |
|
Authorization Profile’s acl. |
|
Authorization Profile’s advancedAttributes. |
|
Authorization Profile’s leftHandSideDictionaryAttribue. |
|
Authorization Profile’s AdvancedAttributeValueType. |
|
Authorization Profile’s attributeName. |
|
Authorization Profile’s dictionaryName. |
|
Authorization Profile’s value. |
|
Attribute value can be of type AttributeValue or AdvancedDictionaryAttribute. For AttributeValue the value is String, For AdvancedDictionaryAttribute the value is dictionaryName and attributeName properties. |
|
Authorization Profile’s AdvancedAttributeValueType. |
|
Authorization Profile’s attributeName. |
|
Authorization Profile’s dictionaryName. |
|
Authorization Profile’s value. |
|
AgentlessPosture flag. Choices:
|
|
Authorization Profile’s airespaceACL. |
|
Authorization Profile’s airespaceIPv6ACL. |
|
Authorization Profile’s asaVpn. |
|
Allowed Values - SWITCH, - TRUSTSEC, - TACACS SWITCH is used for Standard Authorization Profiles. |
|
Authorization Profile’s autoSmartPort. |
|
Authorization Profile’s avcProfile. |
|
Authorization Profile’s daclName. |
|
Authorization Profile’s description. |
|
EasywiredSessionCandidate flag. Choices:
|
|
Resource UUID value. |
|
Authorization Profile’s interfaceTemplate. |
|
Authorization Profile’s ipv6ACLFilter. |
|
Authorization Profile’s ipv6DaclName. |
|
Flag for Identity Services Engine SDK to enable debugging. Choices:
|
|
The Identity Services Engine hostname. |
|
The Identity Services Engine password to authenticate. |
|
The Identity Services Engine username to authenticate. |
|
Flag that informs the SDK whether to use the Identity Services Engine’s API Gateway to send requests. If it is true, it uses the ISE’s API Gateway and sends requests to https://{{ise_hostname}}. If it is false, it sends the requests to https://{{ise_hostname}}:{{port}}, where the port value depends on the Service used (ERS, Mnt, UI, PxGrid). Choices:
|
|
Flag that informs the SDK whether we send the CSRF token to ISE’s ERS APIs. If it is True, the SDK assumes that your ISE CSRF Check is enabled. If it is True, it assumes you need the SDK to manage the CSRF token automatically for you. Choices:
|
|
Flag to enable or disable SSL certificate verification. Choices:
|
|
Informs the SDK which version of Identity Services Engine to use. Default: |
|
Flag for Identity Services Engine SDK to enable automatic rate-limit handling. Choices:
|
|
Allowed Values - MUST_SECURE, - MUST_NOT_SECURE, - SHOULD_SECURE. |
|
Resource Name. |
|
Neat flag. Choices:
|
|
Authorization Profile’s profileName. |
|
Authorization Profile’s reauth. |
|
Allowed Values - DEFAULT, - RADIUS_REQUEST. |
|
Valid range is 1-65535. |
|
ServiceTemplate flag. Choices:
|
|
TrackMovement flag. Choices:
|
|
Authorization Profile’s vlan. |
|
Authorization Profile’s nameID. |
|
Valid range is 0-31. |
|
VoiceDomainPermission flag. Choices:
|
|
WebAuth flag. Choices:
|
|
Authorization Profile’s webRedirection. |
|
Authorization Profile’s acl. |
|
The displayCertificatesRenewalMessages is mandatory when ‘WebRedirectionType’ value is ‘CentralizedWebAuth’. For all other ‘WebRedirectionType’ values the field must be ignored. Choices:
|
|
A portal that exist in the DB and fits the WebRedirectionType. |
|
Authorization Profile’s staticIPHostNameFQDN. |
|
Value MUST be one of the following CentralizedWebAuth, HotSpot, NativeSupplicanProvisioning, ClientProvisioning. The WebRedirectionType must fit the portalName. |
Notes
Note
SDK Method used are authorization_profile.AuthorizationProfile.create_authorization_profile, authorization_profile.AuthorizationProfile.delete_authorization_profile_by_id, authorization_profile.AuthorizationProfile.update_authorization_profile_by_id,
Paths used are post /ers/config/authorizationprofile, delete /ers/config/authorizationprofile/{id}, put /ers/config/authorizationprofile/{id},
Does not support
check_mode
The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco ISE SDK
The parameters starting with ise_ are used by the Cisco ISE Python SDK to establish the connection
Examples
- name: Update by id
cisco.ise.authorization_profile:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: present
accessType: string
acl: string
advancedAttributes:
- leftHandSideDictionaryAttribue:
AdvancedAttributeValueType: string
attributeName: string
dictionaryName: string
value: string
rightHandSideAttribueValue:
AdvancedAttributeValueType: string
attributeName: string
dictionaryName: string
value: string
agentlessPosture: true
airespaceACL: string
airespaceIPv6ACL: string
asaVpn: string
authzProfileType: string
autoSmartPort: string
avcProfile: string
daclName: string
description: string
easywiredSessionCandidate: true
id: string
interfaceTemplate: string
ipv6ACLFilter: string
ipv6DaclName: string
macSecPolicy: string
name: string
neat: true
profileName: string
reauth:
connectivity: string
timer: 0
serviceTemplate: true
trackMovement: true
vlan:
nameID: string
tagID: 0
voiceDomainPermission: true
webAuth: true
webRedirection:
WebRedirectionType: string
acl: string
displayCertificatesRenewalMessages: true
portalName: string
staticIPHostNameFQDN: string
- name: Delete by id
cisco.ise.authorization_profile:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: absent
id: string
- name: Create
cisco.ise.authorization_profile:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: present
accessType: string
acl: string
advancedAttributes:
- leftHandSideDictionaryAttribue:
AdvancedAttributeValueType: string
attributeName: string
dictionaryName: string
value: string
rightHandSideAttribueValue:
AdvancedAttributeValueType: string
attributeName: string
dictionaryName: string
value: string
agentlessPosture: true
airespaceACL: string
airespaceIPv6ACL: string
asaVpn: string
authzProfileType: string
autoSmartPort: string
avcProfile: string
daclName: string
description: string
easywiredSessionCandidate: true
id: string
interfaceTemplate: string
ipv6ACLFilter: string
ipv6DaclName: string
macSecPolicy: string
name: string
neat: true
profileName: string
reauth:
connectivity: string
timer: 0
serviceTemplate: true
trackMovement: true
vlan:
nameID: string
tagID: 0
voiceDomainPermission: true
webAuth: true
webRedirection:
WebRedirectionType: string
acl: string
displayCertificatesRenewalMessages: true
portalName: string
staticIPHostNameFQDN: string
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always Sample: |
|
A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always Sample: |
Authors
Rafael Campos (@racampos)