Documentation

avi_networksecuritypolicy – Module for setup of NetworkSecurityPolicy Avi RESTful Object

New in version 2.4.

Synopsis

Requirements

The below requirements are needed on the host that executes this module.

  • avisdk

Parameters

Parameter Choices/Defaults Comments
api_context
-
added in 2.5
Avi API context that includes current session ID and CSRF Token.
This allows user to perform single login and re-use the session.
api_version
-
Default:
16.4.4
Avi API version of to use for Avi API and objects.
avi_api_patch_op
-
added in 2.5
    Choices:
  • add
  • replace
  • delete
Patch operation to use when using avi_api_update_method as patch.
avi_api_update_method
-
added in 2.5
    Choices:
  • put ←
  • patch
Default method for object update is HTTP PUT.
Setting to patch will override that behavior to use HTTP PATCH.
avi_credentials
-
added in 2.5
Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller login details.
cloud_config_cksum
-
Checksum of cloud configuration for network sec policy.
Internally set by cloud connector.
controller
-
Default:
IP address or hostname of the controller. The default value is the environment variable AVI_CONTROLLER.
created_by
-
Creator name.
description
-
User defined description for the object.
name
-
Name of the object.
password
-
Default:
Password of Avi user in Avi controller. The default value is the environment variable AVI_PASSWORD.
rules
-
List of networksecurityrule.
state
-
    Choices:
  • absent
  • present ←
The state that should be applied on the entity.
tenant
-
Default:
admin
Name of tenant used for all Avi API calls and context of object.
tenant_ref
-
It is a reference to an object of type tenant.
tenant_uuid
-
Default:
UUID of tenant used for all Avi API calls and context of object.
url
-
Avi controller URL of the object.
username
-
Default:
Username used for accessing Avi controller. The default value is the environment variable AVI_USERNAME.
uuid
-
Unique object identifier of the object.

Notes

Note

Examples

- name: Create a network security policy to block clients represented by ip group known_attackers
  avi_networksecuritypolicy:
    controller: '{{ controller }}'
    username: '{{ username }}'
    password: '{{ password }}'
    name: vs-gurutest-ns
    rules:
    - action: NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY
      age: 0
      enable: true
      index: 1
      log: false
      match:
        client_ip:
          group_refs:
          - Demo:known_attackers
          match_criteria: IS_IN
      name: Rule 1
    tenant_ref: Demo

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
obj
dictionary
success, changed
NetworkSecurityPolicy (api/networksecuritypolicy) object



Status

Authors

Hint

If you notice any issues in this documentation you can edit this document to improve it.