Documentation

avi_pkiprofile – Module for setup of PKIProfile Avi RESTful Object

New in version 2.3.

Synopsis

Requirements

The below requirements are needed on the host that executes this module.

  • avisdk

Parameters

Parameter Choices/Defaults Comments
api_context
-
added in 2.5
Avi API context that includes current session ID and CSRF Token.
This allows user to perform single login and re-use the session.
api_version
-
Default:
16.4.4
Avi API version of to use for Avi API and objects.
avi_api_patch_op
-
added in 2.5
    Choices:
  • add
  • replace
  • delete
Patch operation to use when using avi_api_update_method as patch.
avi_api_update_method
-
added in 2.5
    Choices:
  • put ←
  • patch
Default method for object update is HTTP PUT.
Setting to patch will override that behavior to use HTTP PATCH.
avi_credentials
-
added in 2.5
Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller login details.
ca_certs
-
List of certificate authorities (root and intermediate) trusted that is used for certificate validation.
controller
-
Default:
IP address or hostname of the controller. The default value is the environment variable AVI_CONTROLLER.
created_by
-
Creator name.
crl_check
boolean
    Choices:
  • no
  • yes
When enabled, avi will verify via crl checks that certificates in the trust chain have not been revoked.
Default value when not specified in API or module is interpreted by Avi Controller as True.
crls
-
Certificate revocation lists.
ignore_peer_chain
boolean
    Choices:
  • no
  • yes
When enabled, avi will not trust intermediate and root certs presented by a client.
Instead, only the chain certs configured in the certificate authority section will be used to verify trust of the client's cert.
Default value when not specified in API or module is interpreted by Avi Controller as False.
is_federated
boolean
added in 2.4
    Choices:
  • no
  • yes
This field describes the object's replication scope.
If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines.
If the field is set to true, then the object is replicated across the federation.
Field introduced in 17.1.3.
Default value when not specified in API or module is interpreted by Avi Controller as False.
name
- / required
Name of the pki profile.
password
-
Default:
Password of Avi user in Avi controller. The default value is the environment variable AVI_PASSWORD.
state
-
    Choices:
  • absent
  • present ←
The state that should be applied on the entity.
tenant
-
Default:
admin
Name of tenant used for all Avi API calls and context of object.
tenant_ref
-
It is a reference to an object of type tenant.
tenant_uuid
-
Default:
UUID of tenant used for all Avi API calls and context of object.
url
-
Avi controller URL of the object.
username
-
Default:
Username used for accessing Avi controller. The default value is the environment variable AVI_USERNAME.
uuid
-
Unique object identifier of the object.
validate_only_leaf_crl
boolean
    Choices:
  • no
  • yes
When enabled, avi will only validate the revocation status of the leaf certificate using crl.
To enable validation for the entire chain, disable this option and provide all the relevant crls.
Default value when not specified in API or module is interpreted by Avi Controller as True.

Notes

Note

Examples

- name: Example to create PKIProfile object
  avi_pkiprofile:
    controller: 10.10.25.42
    username: admin
    password: something
    state: present
    name: sample_pkiprofile

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
obj
dictionary
success, changed
PKIProfile (api/pkiprofile) object



Status

Authors

Hint

If you notice any issues in this documentation you can edit this document to improve it.