.. _cisco.asa.asa_ogs_module: ***************** cisco.asa.asa_ogs ***************** **Object Group resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module configures and manages Objects and Groups on ASA platforms. Parameters ---------- .. raw:: html

Parameter					Choices/Defaults	Comments
config list / elements=dictionary						A list of Object Group options.
	object_groups list / elements=dictionary					The object groups.
		description string				The description for the object-group.
		icmp_type dictionary				Configure an ICMP-type object
			icmp_object list / elements=string		Choices: alternate-address conversion-error echo echo-reply information-reply information-request mask-reply mask-request mobile-redirect parameter-problem redirect router-advertisement router-solicitation source-quench time-exceeded timestamp-reply timestamp-request traceroute unreachable	Defines the ICMP types in the group.
		name string / required				Specifies object-group ID
		network_object dictionary				Configure a network object
			address list / elements=string			Enter an IPv4 network address with space seperated netmask.
			host list / elements=string			Set this to specify a single host object.
			ipv6_address list / elements=string			Enter an IPv6 prefix.
		protocol_object dictionary				Configure a protocol object
			protocol list / elements=string		Choices: ah eigrp esp gre icmp icmp6 igmp igrp ip ipinip ipsec nos ospf pcp pim pptp sctp snp tcp udp	Defines the protocols in the group.
		security_group dictionary				Configure a security-group
			sec_name list / elements=string			Enter this keyword to specify a security-group name.
			tag list / elements=string			Enter this keyword to specify a security-group tag.
		service_object dictionary				Configure a service object
			object string			Enter this keyword to specify a service object
			protocol list / elements=string		Choices: ah eigrp esp gre icmp icmp6 igmp igrp ip ipinip ipsec nos ospf pcp pim pptp sctp snp tcp tcp-udp udp	Defines the protocols in the group.
		user_object dictionary				Configures single user, local or import user group
			user list / elements=dictionary			Configure a user objectUser name to configure a user object.
				domain string / required		User domain
				name string / required		Enter the name of the user
			user_group list / elements=dictionary			Configure a user group object.
				domain string / required		Group domain
				name string / required		Enter the name of the group
	object_type string / required				Choices: icmp-type network protocol security service user	The object group type.
running_config string						The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command.
state string					Choices: merged ← replaced overridden deleted gathered rendered parsed	The state the configuration should be left in

Notes ----- .. note:: - Tested against Cisco ASA Version 9.10(1)11 - This module works with connection ``network_cli``. See `ASA Platform Options <../network/user_guide/platform_asa.html>`_. Examples -------- .. code-block:: yaml # Using merged # Before state: # ------------- # # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_network_og # network-object host 192.0.3.1 - name: "Merge module attributes of given object-group" cisco.asa.asa_ogs: config: - object_type: network object_groups: - name: test_og_network description: test_og_network network_object: host: - 192.0.2.1 - 192.0.2.2 address: - 192.0.2.0 255.255.255.0 - 198.51.100.0 255.255.255.0 - name: test_network_og description: test_network_og network_object: host: - 192.0.3.1 - 192.0.3.2 ipv6_address: - 2001:db8:3::/64 - object_type: security object_groups: - name: test_og_security description: test_security security_group: sec_name: - test_1 - test_2 tag: - 10 - 20 - object_type: user object_groups: - name: test_og_user description: test_user user_object: user: - name: new_user_1 domain: LOCAL - name: new_user_2 domain: LOCAL state: merged # Commands fired: # --------------- # # object-group security test_og_security # description test_security # security-group name test_1 # security-group name test_2 # security-group tag 10 # security-group tag 20 # object-group network test_og_network # description test_og_network # network-object 192.0.2.0 255.255.255.0 # network-object 198.51.100.0 255.255.255.0 # network-object host 192.0.2.1 # network-object host 192.0.2.2 # object-group network test_network_og # network-object host 192.0.3.1 # network-object host 192.0.3.2 # network-object 2001:db8:3::/64 # object-group user test_og_user # description test_user # user LOCAL\new_user_1 # user LOCAL\new_user_2 # After state: # ------------ # # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network # network-object host 192.0.2.1 # network-object host 192.0.2.2 # network-object 192.0.2.0 255.255.255.0 # network-object 198.51.100.0 255.255.255.0 # network-object host 192.0.3.1 # object-group network test_network_og # description test_network_og # network-object host 192.0.3.1 # network-object host 192.0.3.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security # security-group name test_1 # security-group name test_2 # security-group tag 10 # security-group tag 20 # object-group user test_og_user # description test_user # user LOCAL\new_user_1 # user LOCAL\new_user_2 # Using Replaced # Before state: # ------------- # # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network # network-object host 192.0.2.1 # network-object host 192.0.2.2 # network-object 192.0.2.0 255.255.255.0 # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og # network-object host 192.0.3.1 # network-object host 192.0.3.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security # security-group name test_1 # security-group name test_2 # security-group tag 10 # security-group tag 20 # object-group user test_og_user # user LOCAL\new_user_1 # user LOCAL\new_user_2 - name: "Replace module attributes of given object-group" cisco.asa.asa_ogs: config: - object_type: network object_groups: - name: test_og_network description: test_og_network_replace network_object: host: - 192.0.3.1 address: - 192.0.3.0 255.255.255.0 - object_type: protocol object_groups: - name: test_og_protocol description: test_og_protocol protocol_object: protocol: - tcp - udp state: replaced # Commands Fired: # --------------- # # object-group protocol test_og_protocol # description test_og_protocol # protocol tcp # protocol udp # object-group network test_og_network # description test_og_network_replace # no network-object 192.0.2.0 255.255.255.0 # no network-object 198.51.100.0 255.255.255.0 # network-object 192.0.3.0 255.255.255.0 # no network-object host 192.0.2.1 # no network-object host 192.0.2.2 # network-object host 192.0.3.1 # After state: # ------------- # # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network_replace # network-object host 192.0.3.1 # network-object 192.0.3.0 255.255.255.0 # object-group network test_network_og # description test_network_og # network-object host 192.0.3.1 # network-object host 192.0.3.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security # security-group name test_1 # security-group name test_2 # security-group tag 10 # security-group tag 20 # object-group user test_og_user # user LOCAL\new_user_1 # user LOCAL\new_user_2 # object-group protocol test_og_protocol # protocol-object tcp # protocol-object udp # Using Overridden # Before state: # ------------- # # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network # network-object host 192.0.2.1 # network-object host 192.0.2.2 # network-object 192.0.2.0 255.255.255.0 # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og # network-object host 192.0.3.1 # network-object host 192.0.3.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security # security-group name test_1 # security-group name test_2 # security-group tag 10 # security-group tag 20 # object-group user test_og_user # user LOCAL\new_user_1 # user LOCAL\new_user_2 - name: "Overridden module attributes of given object-group" cisco.asa.asa_ogs: config: - object_type: network object_groups: - name: test_og_network description: test_og_network_override network_object: host: - 192.0.3.1 address: - 192.0.3.0 255.255.255.0 - object_type: protocol object_groups: - name: test_og_protocol description: test_og_protocol protocol_object: protocol: - tcp - udp state: overridden # Commands Fired: # --------------- # # no object-group security test_og_security # no object-group user test_og_user # object-group protocol test_og_protocol # description test_og_protocol # protocol tcp # protocol udp # object-group network test_og_network # description test_og_network_override # no network-object 192.0.2.0 255.255.255.0 # no network-object 198.51.100.0 255.255.255.0 # network-object 192.0.3.0 255.255.255.0 # no network-object host 192.0.2.1 # no network-object host 192.0.2.2 # network-object host 192.0.3.1 # no object-group network test_network_og # After state: # ------------- # # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network_override # network-object host 192.0.3.1 # network-object 192.0.3.0 255.255.255.0 # object-group protocol test_og_protocol # protocol-object tcp # protocol-object udp # Using Deleted # Before state: # ------------- # # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network # network-object host 192.0.2.1 # network-object host 192.0.2.2 # network-object 192.0.2.0 255.255.255.0 # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og # network-object host 192.0.3.1 # network-object host 192.0.3.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security # security-group name test_1 # security-group name test_2 # security-group tag 10 # security-group tag 20 # object-group user test_og_user # user LOCAL\new_user_1 # user LOCAL\new_user_2 - name: "Delete given module attributes" cisco.asa.asa_ogs: config: - object_type: network object_groups: - name: test_og_network - name: test_network_og - object_type: security object_groups: - name: test_og_security state: deleted # Commands Fired: # --------------- # # no object-group network test_og_network # no object-group network test_network_og # no object-group security test_og_security # After state: # ------------- # # ciscoasa# sh running-config object-group # object-group user test_og_user # user LOCAL\new_user_1 # user LOCAL\new_user_2 # Using DELETED without any config passed #"(NOTE: This will delete all of configured resource module attributes)" # Before state: # ------------- # # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network # network-object host 192.0.2.1 # network-object host 192.0.2.2 # network-object 192.0.2.0 255.255.255.0 # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og # network-object host 192.0.3.1 # network-object host 192.0.3.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security # security-group name test_1 # security-group name test_2 # security-group tag 10 # security-group tag 20 # object-group user test_og_user # user LOCAL\new_user_1 # user LOCAL\new_user_2 - name: Delete ALL configured module attributes cisco.asa.asa_ogs: config: state: deleted # Commands Fired: # --------------- # # no object-group network test_og_network # no object-group network test_network_og # no object-group security test_og_security # no object-group user test_og_user # After state: # ------------- # # ciscoasa# sh running-config object-group # Using Gathered # Before state: # ------------- # # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network # network-object host 192.0.2.1 # network-object host 192.0.2.2 # network-object 192.0.2.0 255.255.255.0 # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og # network-object host 192.0.3.1 # network-object host 192.0.3.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security # security-group name test_1 # security-group name test_2 # security-group tag 10 # security-group tag 20 # object-group user test_og_user # user LOCAL\new_user_1 # user LOCAL\new_user_2 - name: Gather listed OGs with provided configurations cisco.asa.asa_ogs: config: state: gathered # Module Execution Result: # ------------------------ # # "gathered": [ # { # "object_groups": [ # { # "description": "test_security", # "name": "test_og_security", # "security_group": { # "sec_name": [ # "test_2", # "test_1" # ], # "tag": [ # 10, # 20 # ] # } # } # ], # "object_type": "security" # }, # { # "object_groups": [ # { # "description": "test_network_og", # "name": "test_network_og", # "network_object": { # "host": [ # "192.0.3.1", # "192.0.3.2" # ], # "ipv6_address": [ # "2001:db8:3::/64" # ] # } # }, # { # "description": "test_og_network", # "name": "test_og_network", # "network_object": { # "address": [ # "192.0.2.0 255.255.255.0", # "198.51.100.0 255.255.255.0" # ], # "host": [ # "192.0.2.1", # "192.0.2.2" # ] # } # } # ], # "object_type": "network" # }, # { # "object_groups": [ # { # "description": "test_user", # "name": "test_og_user", # "user_object": { # "user": [ # { # "domain": "LOCAL", # "name": "new_user_1" # }, # { # "domain": "LOCAL", # "name": "new_user_2" # } # ] # } # } # ], # "object_type": "user" # } # ] # After state: # ------------ # # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network # network-object host 192.0.2.1 # network-object host 192.0.2.2 # network-object 192.0.2.0 255.255.255.0 # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og # network-object host 192.0.3.1 # network-object host 192.0.3.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security # security-group name test_1 # security-group name test_2 # security-group tag 10 # security-group tag 20 # object-group user test_og_user # user LOCAL\new_user_1 # user LOCAL\new_user_2 # Using Rendered - name: Render the commands for provided configuration cisco.asa.asa_ogs: config: - object_type: network object_groups: - name: test_og_network description: test_og_network network_object: host: - 192.0.2.1 - 192.0.2.2 address: - 192.0.2.0 255.255.255.0 - 198.51.100.0 255.255.255.0 - name: test_network_og description: test_network_og network_object: host: - 192.0.3.1 - 192.0.3.2 ipv6_address: - 2001:db8:3::/64 - object_type: security object_groups: - name: test_og_security description: test_security security_group: sec_name: - test_1 - test_2 tag: - 10 - 20 - object_type: user object_groups: - name: test_og_user description: test_user user_object: user: - name: new_user_1 domain: LOCAL - name: new_user_2 domain: LOCAL state: rendered # Module Execution Result: # ------------------------ # # "rendered": [ # "object-group security test_og_security", # "description test_security", # "security-group name test_1", # "security-group name test_2", # "security-group tag 10", # "security-group tag 20", # "object-group network test_og_network", # "description test_og_network", # "network-object 192.0.2.0 255.255.255.0", # "network-object 198.51.100.0 255.255.255.0", # "network-object host 192.0.2.1", # "network-object host 192.0.2.2", # "object-group network test_network_og", # "description test_network_og", # "network-object host 192.0.3.1", # "network-object host 192.0.3.2", # "network-object 2001:db8:3::/64", # "object-group user test_og_user", # "description test_user", # "user LOCAL\new_user_1", # "user LOCAL\new_user_2" # ] # Using Parsed # parsed.cfg # # object-group network test_og_network # description test_og_network # network-object host 192.0.2.1 # network-object 192.0.2.0 255.255.255.0 # object-group network test_network_og # network-object 2001:db8:3::/64 # object-group service test_og_service # service-object tcp-udp - name: Parse the commands for provided configuration cisco.asa.asa_ogs: running_config: "{{ lookup('file', 'parsed.cfg') }}" state: parsed # Module Execution Result: # ------------------------ # # "parsed": [ # { # "object_groups": [ # { # "name": "test_network_og" # }, # { # "description": "test_og_network", # "name": "test_og_network", # "network_object": { # "host": [ # "192.0.2.2" # ] # } # } # ], # "object_type": "network" # }, # { # "object_groups": [ # { # "name": "test_og_service", # "service_object": { # "protocol": [ # "tcp-udp", # "ipinip" # ] # } # } # ], # "object_type": "service" # } # ] Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html

Key	Returned	Description
after list	when changed	The configuration as structured data after module completion. Sample: The configuration returned will always be in the same format of the parameters above.
before list	always	The configuration as structured data prior to module invocation. Sample: The configuration returned will always be in the same format of the parameters above.
commands list	always	The set of commands pushed to the remote device Sample: ['object-group network test_network_og', 'description test_network_og', 'network-object host 192.0.2.1']

Status ------ Authors ~~~~~~~ - Sumit Jaiswal (@justjais)