diff options
| author | Gaurav Rastogi <grastogi@avinetworks.com> | 2018-01-03 10:57:07 -0800 |
|---|---|---|
| committer | John R Barker <john@johnrbarker.com> | 2018-01-03 18:57:07 +0000 |
| commit | 53051cf9e83d3f33482f97cc60675475fef827cb (patch) | |
| tree | d40d348259ce9263421f8bd7d972c61559e1a37a /lib/ansible/modules/network/avi | |
| parent | 627295365d0bea96258908724a5296a4f4169c57 (diff) | |
| download | ansible-53051cf9e83d3f33482f97cc60675475fef827cb.tar.gz | |
New module to setup WAF policy (#34362)
* New module to setup WAF policy
* Update copyright notice.
Diffstat (limited to 'lib/ansible/modules/network/avi')
| -rw-r--r-- | lib/ansible/modules/network/avi/avi_wafpolicy.py | 159 |
1 files changed, 159 insertions, 0 deletions
diff --git a/lib/ansible/modules/network/avi/avi_wafpolicy.py b/lib/ansible/modules/network/avi/avi_wafpolicy.py new file mode 100644 index 0000000000..d1bdd8a177 --- /dev/null +++ b/lib/ansible/modules/network/avi/avi_wafpolicy.py @@ -0,0 +1,159 @@ +#!/usr/bin/python +# +# @author: Gaurav Rastogi (grastogi@avinetworks.com) +# Eric Anderson (eanderson@avinetworks.com) +# module_check: supported +# +# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: avi_wafpolicy +author: Gaurav Rastogi (grastogi@avinetworks.com) + +short_description: Module for setup of WafPolicy Avi RESTful Object +description: + - This module is used to configure WafPolicy object + - more examples at U(https://github.com/avinetworks/devops) +requirements: [ avisdk ] +version_added: "2.5" +options: + state: + description: + - The state that should be applied on the entity. + default: present + choices: ["absent", "present"] + avi_api_update_method: + description: + - Default method for object update is HTTP PUT. + - Setting to patch will override that behavior to use HTTP PATCH. + version_added: "2.5" + default: put + choices: ["put", "patch"] + avi_api_patch_op: + description: + - Patch operation to use when using avi_api_update_method as patch. + version_added: "2.5" + choices: ["add", "replace", "delete"] + created_by: + description: + - Creator name. + - Field introduced in 17.2.4. + crs_groups: + description: + - Waf rules are categorized in to groups based on their characterization. + - These groups are system created with crs groups. + - Field introduced in 17.2.1. + description: + description: + - Field introduced in 17.2.1. + mode: + description: + - Waf policy mode. + - This can be detection or enforcement. + - Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. + - Field introduced in 17.2.1. + - Default value when not specified in API or module is interpreted by Avi Controller as WAF_MODE_DETECTION_ONLY. + name: + description: + - Field introduced in 17.2.1. + required: true + paranoia_level: + description: + - Waf ruleset paranoia mode. + - This is used to select rules based on the paranoia-level tag. + - Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. + - Field introduced in 17.2.1. + - Default value when not specified in API or module is interpreted by Avi Controller as WAF_PARANOIA_LEVEL_LOW. + post_crs_groups: + description: + - Waf rules are categorized in to groups based on their characterization. + - These groups are created by the user and will be enforced after the crs groups. + - Field introduced in 17.2.1. + pre_crs_groups: + description: + - Waf rules are categorized in to groups based on their characterization. + - These groups are created by the user and will be enforced before the crs groups. + - Field introduced in 17.2.1. + tenant_ref: + description: + - It is a reference to an object of type tenant. + - Field introduced in 17.2.1. + url: + description: + - Avi controller URL of the object. + uuid: + description: + - Field introduced in 17.2.1. + waf_profile_ref: + description: + - Waf profile for waf policy. + - It is a reference to an object of type wafprofile. + - Field introduced in 17.2.1. +extends_documentation_fragment: + - avi +''' + +EXAMPLES = """ +- name: Example to create WafPolicy object + avi_wafpolicy: + controller: 10.10.25.42 + username: admin + password: something + state: present + name: sample_wafpolicy +""" + +RETURN = ''' +obj: + description: WafPolicy (api/wafpolicy) object + returned: success, changed + type: dict +''' + +from ansible.module_utils.basic import AnsibleModule +try: + from ansible.module_utils.network.avi.avi import ( + avi_common_argument_spec, HAS_AVI, avi_ansible_api) +except ImportError: + HAS_AVI = False + + +def main(): + argument_specs = dict( + state=dict(default='present', + choices=['absent', 'present']), + avi_api_update_method=dict(default='put', + choices=['put', 'patch']), + avi_api_patch_op=dict(choices=['add', 'replace', 'delete']), + created_by=dict(type='str',), + crs_groups=dict(type='list',), + description=dict(type='str',), + mode=dict(type='str',), + name=dict(type='str', required=True), + paranoia_level=dict(type='str',), + post_crs_groups=dict(type='list',), + pre_crs_groups=dict(type='list',), + tenant_ref=dict(type='str',), + url=dict(type='str',), + uuid=dict(type='str',), + waf_profile_ref=dict(type='str',), + ) + argument_specs.update(avi_common_argument_spec()) + module = AnsibleModule( + argument_spec=argument_specs, supports_check_mode=True) + if not HAS_AVI: + return module.fail_json(msg=( + 'Avi python API SDK (avisdk>=17.1) is not installed. ' + 'For more details visit https://github.com/avinetworks/sdk.')) + return avi_ansible_api(module, 'wafpolicy', + set([])) + +if __name__ == '__main__': + main() |