cisco.dnac.device_credential_workflow_manager module – Resource module for Global Device Credentials and Assigning Credentials to sites.

Note

This module is part of the cisco.dnac collection (version 6.25.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cisco.dnac. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cisco.dnac.device_credential_workflow_manager.

New in cisco.dnac 6.7.0

Synopsis

  • Manage operations on Global Device Credentials, Assigning Credentials to sites and Sync Credentials to site device.

  • API to create global device credentials.

  • API to update global device credentials.

  • API to delete global device credentials.

  • API to assign the device credential to the site.

  • API to sync the device credential to the site. Sync functionality is applicable for Catalyst Center version 2.3.7.6 and later.

Requirements

The below requirements are needed on the host that executes this module.

  • dnacentersdk >= 2.7.2

  • python >= 3.9

Parameters

Parameter

Comments

config

list / elements=dictionary / required

List of details of global device credentials and site names.

apply_credentials_to_site

dictionary

Sync Device Credentials to Site devices. Applicable for Catalyst Center version 2.3.7.6 and later.

cli_credential

dictionary

CLI Credential.

description

string

CLI Credential Description.

id

string

CLI Credential Id. Use (Description, Username) or Id.

username

string

CLI Credential Username.

site_name

list / elements=string

Site Name to apply credential.

snmp_v2c_read

dictionary

SNMPv2c Read Credential

description

string

SNMPv2c Read Credential Description.

id

string

SNMPv2c Read Credential Id. Use Description or Id.

snmp_v2c_write

dictionary

SNMPv2c Write Credential

description

string

SNMPv2c Write Credential Description.

id

string

SNMPv2c Write Credential Id. Use Description or Id.

snmp_v3

dictionary

snmp_v3 Credential

description

string

snmp_v3 Credential Description.

id

string

snmp_v3 Credential Id. Use Description or Id.

assign_credentials_to_site

dictionary

Assign Device Credentials to Site.

cli_credential

dictionary

CLI Credential.

description

string

CLI Credential Description.

id

string

CLI Credential Id. Use (Description, Username) or Id.

username

string

CLI Credential Username.

https_read

dictionary

HTTP(S) Read Credential

description

string

HTTP(S) Read Credential Description.

id

string

HTTP(S) Read Credential Id. Use (Description, Username) or Id.

username

string

HTTP(S) Read Credential Username.

https_write

dictionary

HTTP(S) Write Credential

description

string

HTTP(S) Write Credential Description.

id

string

HTTP(S) Write Credential Id. Use (Description, Username) or Id.

username

string

HTTP(S) Write Credential Username.

site_name

list / elements=string

Site Name to assign credential.

snmp_v2c_read

dictionary

SNMPv2c Read Credential

description

string

SNMPv2c Read Credential Description.

id

string

SNMPv2c Read Credential Id. Use Description or Id.

snmp_v2c_write

dictionary

SNMPv2c Write Credential

description

string

SNMPv2c Write Credential Description.

id

string

SNMPv2c Write Credential Id. Use Description or Id.

snmp_v3

dictionary

snmp_v3 Credential

description

string

snmp_v3 Credential Description.

id

string

snmp_v3 Credential Id. Use Description or Id.

global_credential_details

dictionary

Manages global device credentials

cli_credential

list / elements=dictionary

Global Credential V2’s cliCredential.

description

string

Description. Required for creating the credential.

enable_password

string

cli_credential credential Enable Password.

Password cannot contain spaces or angle brackets (< >)

id

string

Credential Id. Use this for updating the device credential.

old_description

string

Old Description. Use this for updating the description/Username.

old_username

string

Old Username. Use this for updating the description/Username.

password

string

cli_credential credential Password.

Required for creating/updating the credential.

Password cannot contain spaces or angle brackets (< >).

username

string

cli_credential credential Username.

Username cannot contain spaces or angle brackets (< >).

https_read

list / elements=dictionary

Global Credential V2’s httpsRead.

id

string

Credential Id. Use this for updating the device credential.

name

string

Name. Required for creating the credential.

old_description

string

Old Description. Use this for updating the description/Username.

old_username

string

Old Username. Use this for updating the description/Username.

password

string

https_read credential Password.

Required for creating/updating the credential.

Password cannot contain spaces or angle brackets (< >).

port

integer

Port. Default port is 443.

username

string

https_read credential Username.

Username cannot contain spaces or angle brackets (< >).

https_write

list / elements=dictionary

Global Credential V2’s httpsWrite.

id

string

Credential Id. Use this for updating the device credential.

name

string

Name. Required for creating the credential.

old_description

string

Old Description. Use this for updating the description/Username.

old_username

string

Old Username. Use this for updating the description/Username.

password

string

https_write credential Password.

Required for creating/updating the credential.

Password cannot contain spaces or angle brackets (< >).

port

integer

Port. Default port is 443.

username

string

https_write credential Username.

Username cannot contain spaces or angle brackets (< >).

snmp_v2c_read

list / elements=dictionary

Global Credential V2’s snmpV2cRead.

description

string

Description. Required for creating the credential.

id

string

Credential Id. Use this for updating the device credential.

old_description

string

Old Description. Use this for updating the description.

read_community

string

snmp_v2c_read Read Community.

Password cannot contain spaces or angle brackets (< >).

snmp_v2c_write

list / elements=dictionary

Global Credential V2’s snmpV2cWrite.

description

string

Description. Required for creating the credential.

id

string

Credential Id. Use this for updating the device credential.

old_description

string

Old Description. Use this for updating the description.

write_community

string

snmp_v2c_write Write Community.

Password cannot contain spaces or angle brackets (< >).

snmp_v3

list / elements=dictionary

Global Credential V2’s snmpV3.

auth_password

string

snmp_v3 Auth Password.

Password must contain minimum 8 characters.

Password cannot contain spaces or angle brackets (< >).

auth_type

string

Auth Type. [“SHA”, “MD5”].

description

string

snmp_v3 Description.

Should be unique from other snmp_v3 credentials.

id

string

Credential Id. Use this for updating the device credential.

old_description

string

Old Description. Use this for updating the description.

privacy_password

string

snmp_v3 Privacy Password.

Password must contain minimum 8 characters.

Password cannot contain spaces or angle brackets (< >).

privacy_type

string

Privacy Type. [“AES128”, “AES192”, “AES256”].

snmp_mode

string

Snmp Mode. [“AUTHPRIV”, “AUTHNOPRIV”, “NOAUTHNOPRIV”].

username

string

snmp_v3 credential Username.

Username cannot contain spaces or angle brackets (< >).

config_verify

boolean

Set to True to verify the Cisco Catalyst Center after applying the playbook config.

Choices:

  • false ← (default)

  • true

dnac_api_task_timeout

integer

Defines the timeout in seconds for API calls to retrieve task details. If the task details are not received within this period, the process will end, and a timeout notification will be logged.

Default: 1200

dnac_debug

boolean

Indicates whether debugging is enabled in the Cisco Catalyst Center SDK.

Choices:

  • false ← (default)

  • true

dnac_host

string / required

The hostname of the Cisco Catalyst Center.

dnac_log

boolean

Flag to enable/disable playbook execution logging.

When true and dnac_log_file_path is provided, - Create the log file at the execution location with the specified name.

When true and dnac_log_file_path is not provided, - Create the log file at the execution location with the name ‘dnac.log’.

When false, - Logging is disabled.

If the log file doesn’t exist, - It is created in append or write mode based on the “dnac_log_append” flag.

If the log file exists, - It is overwritten or appended based on the “dnac_log_append” flag.

Choices:

  • false ← (default)

  • true

dnac_log_append

boolean

Determines the mode of the file. Set to True for ‘append’ mode. Set to False for ‘write’ mode.

Choices:

  • false

  • true ← (default)

dnac_log_file_path

string

Governs logging. Logs are recorded if dnac_log is True.

If path is not specified, - When ‘dnac_log_append’ is True, ‘dnac.log’ is generated in the current Ansible directory; logs are appended. - When ‘dnac_log_append’ is False, ‘dnac.log’ is generated; logs are overwritten.

If path is specified, - When ‘dnac_log_append’ is True, the file opens in append mode. - When ‘dnac_log_append’ is False, the file opens in write (w) mode. - In shared file scenarios, without append mode, content is overwritten after each module execution. - For a shared log file, set append to False for the 1st module (to overwrite); for subsequent modules, set append to True.

Default: "dnac.log"

dnac_log_level

string

Sets the threshold for log level. Messages with a level equal to or higher than this will be logged. Levels are listed in order of severity [CRITICAL, ERROR, WARNING, INFO, DEBUG].

CRITICAL indicates serious errors halting the program. Displays only CRITICAL messages.

ERROR indicates problems preventing a function. Displays ERROR and CRITICAL messages.

WARNING indicates potential future issues. Displays WARNING, ERROR, CRITICAL messages.

INFO tracks normal operation. Displays INFO, WARNING, ERROR, CRITICAL messages.

DEBUG provides detailed diagnostic info. Displays all log messages.

Default: "WARNING"

dnac_password

string

The password for authentication at the Cisco Catalyst Center.

dnac_port

string

Specifies the port number associated with the Cisco Catalyst Center.

Default: "443"

dnac_task_poll_interval

integer

Specifies the interval in seconds between successive calls to the API to retrieve task details.

Default: 2

dnac_username

aliases: user

string

The username for authentication at the Cisco Catalyst Center.

Default: "admin"

dnac_verify

boolean

Flag to enable or disable SSL certificate verification.

Choices:

  • false

  • true ← (default)

dnac_version

string

Specifies the version of the Cisco Catalyst Center that the SDK should use.

Default: "2.2.3.3"

state

string

The state of Cisco Catalyst Center after module completion.

Choices:

  • "merged" ← (default)

  • "deleted"

validate_response_schema

boolean

Flag for Cisco Catalyst Center SDK to enable the validation of request bodies against a JSON schema.

Choices:

  • false

  • true ← (default)

Notes

Note

  • SDK Method used are discovery.Discovery.create_global_credentials_v2, discovery.Discovery.delete_global_credential_v2, discovery.Discovery.update_global_credentials_v2, network_settings.NetworkSettings.assign_device_credential_to_site_v2, network_settings.NetworkSettings.get_device_credential_settings_for_a_site, network_settings.NetworkSettings.update_device_credential_settings_for_a_site, network_settings.NetworkSettings.sync_network_devices_credential, network_settings.NetworkSettings.get_network_devices_credentials_sync_status, site.Sites.get_site_assigned_network_devices, site.Sites.get_sites

  • Paths used are post /dna/intent/api/v2/global-credential, delete /dna/intent/api/v2/global-credential/{id}, put /dna/intent/api/v2/global-credential, post /dna/intent/api/v2/credential-to-site/{siteId}, get /dna/intent/api/v1/sites/${id}/deviceCredentials, post /dna/intent/api/v1/sites/deviceCredentials/apply, post /dna/intent/api/v1/sites/${id}/deviceCredentials, get /dna/intent/api/v1/sites/${id}/deviceCredentials/status, get /dna/intent/api/v1/networkDevices/assignedToSite, get /dna/intent/api/v1/sites,

  • Does not support check_mode

  • The plugin runs on the control node and does not use any ansible connection plugins instead embedded connection manager from Cisco Catalyst Center SDK

  • The parameters starting with dnac_ are used by the Cisco Catalyst Center Python SDK to establish the connection

See Also

See also

Cisco Catalyst Center documentation for Discovery CreateGlobalCredentialsV2

Complete reference of the CreateGlobalCredentialsV2 API.

Cisco Catalyst Center documentation for Discovery DeleteGlobalCredentialV2

Complete reference of the DeleteGlobalCredentialV2 API.

Cisco Catalyst Center documentation for Discovery UpdateGlobalCredentialsV2

Complete reference of the UpdateGlobalCredentialsV2 API.

Cisco Catalyst Center documentation for Network Settings AssignDeviceCredentialToSiteV2

Complete reference of the AssignDeviceCredentialToSiteV2 API.

Cisco Catalyst Center documentation for Network Settings updateDeviceCredentialSettingsForASite_

Complete reference of the updateDeviceCredentialSettingsForASite API.

Cisco Catalyst Center documentation for Network Settings syncNetworkDevicesCredential

Complete reference of the syncNetworkDevicesCredential API.

Examples

---
  - name: Create Credentials and assign it to a site.
    cisco.dnac.device_credential_workflow_manager:
    dnac_host: "{{ dnac_host }}"
    dnac_port: "{{ dnac_port }}"
    dnac_username: "{{ dnac_username }}"
    dnac_password: "{{ dnac_password }}"
    dnac_verify: "{{ dnac_verify }}"
    dnac_debug: "{{ dnac_debug }}"
    dnac_log: True
    dnac_log_level: "{{ dnac_log_level }}"
    state: merged
    config_verify: True
    config:
    - global_credential_details:
        cli_credential:
        - description: CLI1
          username: cli1
          password: '12345'
          enable_password: '12345'
        snmp_v2c_read:
        - description: SNMPv2c Read1
          read_community: '123456'
        snmp_v2c_write:
        - description: SNMPv2c Write1
          write_community: '123456'
        snmp_v3:
        - auth_password: '12345678'
          auth_type: SHA
          snmp_mode: AUTHPRIV
          privacy_password: '12345678'
          privacy_type: AES128
          username: snmpV31
          description: snmpV31
        https_read:
        - description: HTTP Read1
          username: HTTP Read1
          password: '12345'
          port: 443
        https_write:
        - description: HTTP Write1
          username: HTTP Write1
          password: '12345'
          port: 443
      assign_credentials_to_site:
        Sync: True
        cli_credential:
            description: CLI6
            username: cli6
        snmp_v2c_read:
            description: SNMPv2c Read1
        snmp_v2c_write:
            description: SNMPv2c Write1
        snmp_v3:
            description: snmpV31
        https_read:
            description: HTTP Read1
            username: HTTP_Read1
        https_write:
            description: HTTP Write1
            username: HTTP_Write1
        site_name:
            - Global/USA

  - name: Create Multiple Credentials.
    cisco.dnac.device_credential_workflow_manager:
    dnac_host: "{{ dnac_host }}"
    dnac_port: "{{ dnac_port }}"
    dnac_username: "{{ dnac_username }}"
    dnac_password: "{{ dnac_password }}"
    dnac_verify: "{{ dnac_verify }}"
    dnac_debug: "{{ dnac_debug }}"
    dnac_log: True
    dnac_log_level: "{{ dnac_log_level }}"
    state: merged
    config_verify: True
    config:
    - global_credential_details:
        cli_credential:
        - description: CLI1
          username: cli1
          password: '12345'
          enable_password: '12345'
        - description: CLI2
          username: cli2
          password: '12345'
          enable_password: '12345'
        snmp_v2c_read:
        - description: SNMPv2c Read1
          read_community: '123456'
        - description: SNMPv2c Read2
          read_community: '123456'
        snmp_v2c_write:
        - description: SNMPv2c Write1
          write_community: '123456'
        - description: SNMPv2c Write2
          write_community: '123456'
        snmp_v3:
        - auth_password: '12345678'
          auth_type: SHA
          snmp_mode: AUTHPRIV
          privacy_password: '12345678'
          privacy_type: AES128
          username: snmpV31
          description: snmpV31
        - auth_password: '12345678'
          auth_type: SHA
          snmp_mode: AUTHPRIV
          privacy_password: '12345678'
          privacy_type: AES128
          username: snmp
          description: snmp
        https_read:
        - description: HTTP Read1
          username: HTTP Read1
          password: '12345'
          port: 443
        - description: HTTP Read2
          username: HTTP Read2
          password: '12345'
          port: 443
        https_write:
        - description: HTTP Write1
          username: HTTP Write1
          password: '12345'
          port: 443
        - description: HTTP Write2
          username: HTTP Write2
          password: '12345'
          port: 443

  - name: Update global device credentials
    cisco.dnac.device_credential_workflow_manager:
    dnac_host: "{{ dnac_host }}"
    dnac_port: "{{ dnac_port }}"
    dnac_username: "{{ dnac_username }}"
    dnac_password: "{{ dnac_password }}"
    dnac_verify: "{{ dnac_verify }}"
    dnac_debug: "{{ dnac_debug }}"
    dnac_log: True
    dnac_log_level: "{{ dnac_log_level }}"
    state: merged
    config_verify: True
    config:
    - global_credential_details:
        cli_credential:
        - description: CLI1
          username: cli1
          password: '12345'
          enable_password: '12345'
        snmp_v2c_read:
        - description: SNMPv2c Read1
          read_community: '123456'
        snmp_v2c_write:
        - description: SNMPv2c Write1
          write_community: '123456'
        snmp_v3:
        - auth_password: '12345678'
          auth_type: SHA
          snmp_mode: AUTHPRIV
          privacy_password: '12345678'
          privacy_type: AES128
          username: snmpV31
          description: snmpV31
        https_read:
        - description: HTTP Read1
          username: HTTP Read1
          password: '12345'
          port: 443
        https_write:
        - description: HTTP_Write1
          username: HTTP_Write1
          password: '12345'
          port: 443

  - name: Update multiple global device credentials
    cisco.dnac.device_credential_workflow_manager:
    dnac_host: "{{ dnac_host }}"
    dnac_port: "{{ dnac_port }}"
    dnac_username: "{{ dnac_username }}"
    dnac_password: "{{ dnac_password }}"
    dnac_verify: "{{ dnac_verify }}"
    dnac_debug: "{{ dnac_debug }}"
    dnac_log: True
    dnac_log_level: "{{ dnac_log_level }}"
    state: merged
    config_verify: True
    config:
    - global_credential_details:
        cli_credential:
        - description: CLI1
          username: cli1
          password: '12345'
          enable_password: '12345'
        - description: CLI2
          username: cli2
          password: '12345'
          enable_password: '12345'
        snmp_v2c_read:
        - description: SNMPv2c Read1
          read_community: '123456'
        - description: SNMPv2c Read2
          read_community: '123458'
        snmp_v2c_write:
        - description: SNMPv2c write1
          write_community: '123456'
        - description: SNMPv2c Write1
          write_community: '123466'
        snmp_v3:
        - auth_password: '12345678'
          auth_type: SHA
          snmp_mode: AUTHPRIV
          privacy_password: '12345678'
          privacy_type: AES128
          username: snmpV31
          description: snmpV31
        - auth_password: '12345678'
          auth_type: SHA
          snmp_mode: AUTHPRIV
          privacy_password: '12345644'
          privacy_type: AES128
          username: snmpV32
          description: snmpV32
        https_read:
        - description: HTTP Read1
          username: HTTP Read1
          password: '12345'
          port: 443
        - description: HTTP Read2
          username: HTTP Read2
          password: '12345'
          port: 443
        https_write:
        - description: HTTP_Write1
          username: HTTP_Write1
          password: '12345'
          port: 443
        - description: HTTP_Write2
          username: HTTP_Write2
          password: '12345'
          port: 443

  - name: Update global device credential name/description using old name and description.
    cisco.dnac.device_credential_workflow_manager:
    dnac_host: "{{ dnac_host }}"
    dnac_port: "{{ dnac_port }}"
    dnac_username: "{{ dnac_username }}"
    dnac_password: "{{ dnac_password }}"
    dnac_verify: "{{ dnac_verify }}"
    dnac_debug: "{{ dnac_debug }}"
    dnac_log: True
    dnac_log_level: "{{ dnac_log_level }}"
    state: merged
    config_verify: True
    config:
    - global_credential_details:
        cli_credential:
        - description: CLI1
          username: cli1
          password: '12345'
          enable_password: '12345'
          old_description: CLI
          old_username: cli
        snmp_v2c_read:
        - description: SNMPv2c Read1
          read_community: '123456'
          old_description: SNMPv2c Read
        snmp_v2c_write:
        - description: SNMPv2c write1
          write_community: '123456'
          old_description: SNMPv2c write
        snmp_v3:
        - auth_password: '12345678'
          auth_type: SHA
          snmp_mode: AUTHPRIV
          privacy_password: '12345678'
          privacy_type: AES128
          username: snmpV31
          description: snmpV31
          old_description: snmp
        https_read:
        - description: HTTP Read1
          username: HTTP Read1
          password: '12345'
          port: 443
          old_description: HTTP Read
          old_username: HTTP Read
        https_write:
        - description: HTTP_Write1
          username: HTTP_Write1
          password: '12345'
          port: 443
          old_description: HTTP_Write
          old_username: HTTP_Write

  - name: Assign Credentials to sites using old description and username.
    cisco.dnac.device_credential_workflow_manager:
    dnac_host: "{{ dnac_host }}"
    dnac_port: "{{ dnac_port }}"
    dnac_username: "{{ dnac_username }}"
    dnac_password: "{{ dnac_password }}"
    dnac_verify: "{{ dnac_verify }}"
    dnac_debug: "{{ dnac_debug }}"
    dnac_log: True
    dnac_log_level: "{{ dnac_log_level }}"
    state: merged
    config_verify: True
    config:
    - assign_credentials_to_site:
        cli_credential:
            description: CLI6
            username: cli6
        snmp_v2c_read:
            description: SNMPv2c Read1
        snmp_v2c_write:
            description: SNMPv2c Write1
        snmp_v3:
            description: snmpV31
        https_read:
            description: HTTP Read1
            username: HTTP_Read1
        https_write:
            description: HTTP Write1
            username: HTTP_Write1
        site_name:
            - Global/USA

  - name: Sync global device credentials to a site.
    cisco.dnac.device_credential_workflow_manager:
    dnac_host: "{{ dnac_host }}"
    dnac_port: "{{ dnac_port }}"
    dnac_username: "{{ dnac_username }}"
    dnac_password: "{{ dnac_password }}"
    dnac_verify: "{{ dnac_verify }}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{ dnac_debug }}"
    dnac_log_level: "{{ dnac_log_level }}"
    dnac_log: True
    state: merged
    config_verify: True
    config:
    - apply_credentials_to_site:
        cli_credential:
            description: CLI5
            username: cli5
        snmp_v2c_read:
            description: SNMPv2c Read2
        snmp_v2c_write:
            description: SNMPv2c Write1
        snmp_v3:
            description: snmp
        site_name:
            - Global/Vietnam/halong/Hanoi

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

dnac_response1

dictionary

A dictionary or list with the response returned by the Cisco Catalyst Center Python SDK

Returned: always

Sample: {"response": {"taskId": "string", "url": "string"}, "version": "string"}

dnac_response2

dictionary

A dictionary or list with the response returned by the Cisco Catalyst Center Python SDK

Returned: always

Sample: {"response": {"taskId": "string", "url": "string"}, "version": "string"}

Authors

  • Muthu Rakesh (@MUTHU-RAKESH-27) Madhan Sankaranarayanan (@madhansansel) Megha Kandari (@kandarimegha)