summaryrefslogtreecommitdiffstats
path: root/ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules.py
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 12:04:41 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 12:04:41 +0000
commit975f66f2eebe9dadba04f275774d4ab83f74cf25 (patch)
tree89bd26a93aaae6a25749145b7e4bca4a1e75b2be /ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules.py
parentInitial commit. (diff)
downloadansible-975f66f2eebe9dadba04f275774d4ab83f74cf25.tar.xz
ansible-975f66f2eebe9dadba04f275774d4ab83f74cf25.zip
Adding upstream version 7.7.0+dfsg.upstream/7.7.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules.py')
-rw-r--r--ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules.py535
1 files changed, 535 insertions, 0 deletions
diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules.py b/ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules.py
new file mode 100644
index 000000000..33ea47623
--- /dev/null
+++ b/ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules.py
@@ -0,0 +1,535 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2021, Cisco Systems
+# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+DOCUMENTATION = r"""
+---
+module: network_access_authentication_rules
+short_description: Resource module for Network Access Authentication Rules
+description:
+- Manage operations create, update and delete of the resource Network Access Authentication Rules.
+- Network Access - Create authentication rule.
+- Network Access - Delete rule.
+- Network Access - Update rule.
+version_added: '1.0.0'
+extends_documentation_fragment:
+ - cisco.ise.module
+author: Rafael Campos (@racampos)
+options:
+ id:
+ description: Id path parameter. Rule id.
+ type: str
+ identitySourceName:
+ description: Identity source name from the identity stores.
+ type: str
+ ifAuthFail:
+ description: Action to perform when authentication fails such as Bad credentials,
+ disabled user and so on.
+ type: str
+ ifProcessFail:
+ description: Action to perform when ISE is uanble to access the identity database.
+ type: str
+ ifUserNotFound:
+ description: Action to perform when user is not found in any of identity stores.
+ type: str
+ link:
+ description: Network Access Authentication Rules's link.
+ suboptions:
+ href:
+ description: Network Access Authentication Rules's href.
+ type: str
+ rel:
+ description: Network Access Authentication Rules's rel.
+ type: str
+ type:
+ description: Network Access Authentication Rules's type.
+ type: str
+ type: dict
+ policyId:
+ description: PolicyId path parameter. Policy id.
+ type: str
+ rule:
+ description: Common attributes in rule authentication/authorization.
+ suboptions:
+ condition:
+ description: Network Access Authentication Rules's condition.
+ suboptions:
+ attributeName:
+ description: Dictionary attribute name.
+ type: str
+ attributeValue:
+ description: <ul><li>Attribute value for condition</li> <li>Value type is
+ specified in dictionary object</li> <li>if multiple values allowed is
+ specified in dictionary object</li></ul>.
+ type: str
+ children:
+ description: In case type is andBlock or orBlock addtional conditions will
+ be aggregated under this logical (OR/AND) condition.
+ elements: dict
+ suboptions:
+ conditionType:
+ description: <ul><li>Inidicates whether the record is the condition
+ itself(data) or a logical(or,and) aggregation</li> <li>Data type enum(reference,single)
+ indicates than "conditonId" OR "ConditionAttrs" fields should contain
+ condition data but not both</li> <li>Logical aggreation(and,or) enum
+ indicates that additional conditions are present under the children
+ field</li></ul>.
+ type: str
+ isNegate:
+ description: Indicates whereas this condition is in negate mode.
+ type: bool
+ link:
+ description: Network Access Authentication Rules's link.
+ suboptions:
+ href:
+ description: Network Access Authentication Rules's href.
+ type: str
+ rel:
+ description: Network Access Authentication Rules's rel.
+ type: str
+ type:
+ description: Network Access Authentication Rules's type.
+ type: str
+ type: dict
+ type: list
+ conditionType:
+ description: <ul><li>Inidicates whether the record is the condition itself(data)
+ or a logical(or,and) aggregation</li> <li>Data type enum(reference,single)
+ indicates than "conditonId" OR "ConditionAttrs" fields should contain
+ condition data but not both</li> <li>Logical aggreation(and,or) enum indicates
+ that additional conditions are present under the children field</li></ul>.
+ type: str
+ datesRange:
+ description: <p>Defines for which date/s TimeAndDate condition will be matched<br>
+ Options are - Date range, for specific date, the same date should be used
+ for start/end date <br> Default - no specific dates<br> In order to reset
+ the dates to have no specific dates Date format - yyyy-mm-dd (MM = month,
+ dd = day, yyyy = year)</p>.
+ suboptions:
+ endDate:
+ description: Network Access Authentication Rules's endDate.
+ type: str
+ startDate:
+ description: Network Access Authentication Rules's startDate.
+ type: str
+ type: dict
+ datesRangeException:
+ description: <p>Defines for which date/s TimeAndDate condition will be matched<br>
+ Options are - Date range, for specific date, the same date should be used
+ for start/end date <br> Default - no specific dates<br> In order to reset
+ the dates to have no specific dates Date format - yyyy-mm-dd (MM = month,
+ dd = day, yyyy = year)</p>.
+ suboptions:
+ endDate:
+ description: Network Access Authentication Rules's endDate.
+ type: str
+ startDate:
+ description: Network Access Authentication Rules's startDate.
+ type: str
+ type: dict
+ description:
+ description: Condition description.
+ type: str
+ dictionaryName:
+ description: Dictionary name.
+ type: str
+ dictionaryValue:
+ description: Dictionary value.
+ type: str
+ hoursRange:
+ description: <p>Defines for which hours a TimeAndDate condition will be
+ matched<br> Time format - hh mm ( h = hour , mm = minutes ) <br> Default
+ - All Day </p>.
+ suboptions:
+ endTime:
+ description: Network Access Authentication Rules's endTime.
+ type: str
+ startTime:
+ description: Network Access Authentication Rules's startTime.
+ type: str
+ type: dict
+ hoursRangeException:
+ description: <p>Defines for which hours a TimeAndDate condition will be
+ matched<br> Time format - hh mm ( h = hour , mm = minutes ) <br> Default
+ - All Day </p>.
+ suboptions:
+ endTime:
+ description: Network Access Authentication Rules's endTime.
+ type: str
+ startTime:
+ description: Network Access Authentication Rules's startTime.
+ type: str
+ type: dict
+ id:
+ description: Network Access Authentication Rules's id.
+ type: str
+ isNegate:
+ description: Indicates whereas this condition is in negate mode.
+ type: bool
+ link:
+ description: Network Access Authentication Rules's link.
+ suboptions:
+ href:
+ description: Network Access Authentication Rules's href.
+ type: str
+ rel:
+ description: Network Access Authentication Rules's rel.
+ type: str
+ type:
+ description: Network Access Authentication Rules's type.
+ type: str
+ type: dict
+ name:
+ description: Condition name.
+ type: str
+ operator:
+ description: Equality operator.
+ type: str
+ weekDays:
+ description: <p>Defines for which days this condition will be matched<br>
+ Days format - Arrays of WeekDay enums <br> Default - List of All week
+ days</p>.
+ elements: str
+ type: list
+ weekDaysException:
+ description: <p>Defines for which days this condition will NOT be matched<br>
+ Days format - Arrays of WeekDay enums <br> Default - Not enabled</p>.
+ elements: str
+ type: list
+ type: dict
+ default:
+ description: Indicates if this rule is the default one.
+ type: bool
+ hitCounts:
+ description: The amount of times the rule was matched.
+ type: int
+ id:
+ description: The identifier of the rule.
+ type: str
+ name:
+ description: Rule name, Valid characters are alphanumerics, underscore, hyphen,
+ space, period, parentheses.
+ type: str
+ rank:
+ description: The rank(priority) in relation to other rules. Lower rank is higher
+ priority.
+ type: int
+ state:
+ description: The state that the rule is in. A disabled rule cannot be matched.
+ type: str
+ type: dict
+requirements:
+- ciscoisesdk >= 2.0.8
+- python >= 3.5
+seealso:
+- name: Cisco ISE documentation for Network Access - Authentication Rules
+ description: Complete reference of the Network Access - Authentication Rules API.
+ link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi
+notes:
+ - SDK Method used are
+ network_access_authentication_rules.NetworkAccessAuthenticationRules.create_network_access_authentication_rule,
+ network_access_authentication_rules.NetworkAccessAuthenticationRules.delete_network_access_authentication_rule_by_id,
+ network_access_authentication_rules.NetworkAccessAuthenticationRules.update_network_access_authentication_rule_by_id,
+
+ - Paths used are
+ post /network-access/policy-set/{policyId}/authentication,
+ delete /network-access/policy-set/{policyId}/authentication/{id},
+ put /network-access/policy-set/{policyId}/authentication/{id},
+
+"""
+
+EXAMPLES = r"""
+- name: Create
+ cisco.ise.network_access_authentication_rules:
+ ise_hostname: "{{ise_hostname}}"
+ ise_username: "{{ise_username}}"
+ ise_password: "{{ise_password}}"
+ ise_verify: "{{ise_verify}}"
+ state: present
+ identitySourceName: string
+ ifAuthFail: string
+ ifProcessFail: string
+ ifUserNotFound: string
+ link:
+ href: string
+ rel: string
+ type: string
+ policyId: string
+ rule:
+ condition:
+ attributeName: string
+ attributeValue: string
+ children:
+ - conditionType: string
+ isNegate: true
+ link:
+ href: string
+ rel: string
+ type: string
+ conditionType: string
+ datesRange:
+ endDate: string
+ startDate: string
+ datesRangeException:
+ endDate: string
+ startDate: string
+ description: string
+ dictionaryName: string
+ dictionaryValue: string
+ hoursRange:
+ endTime: string
+ startTime: string
+ hoursRangeException:
+ endTime: string
+ startTime: string
+ id: string
+ isNegate: true
+ link:
+ href: string
+ rel: string
+ type: string
+ name: string
+ operator: string
+ weekDays:
+ - string
+ weekDaysException:
+ - string
+ default: true
+ hitCounts: 0
+ id: string
+ name: string
+ rank: 0
+ state: string
+
+- name: Update by id
+ cisco.ise.network_access_authentication_rules:
+ ise_hostname: "{{ise_hostname}}"
+ ise_username: "{{ise_username}}"
+ ise_password: "{{ise_password}}"
+ ise_verify: "{{ise_verify}}"
+ state: present
+ id: string
+ identitySourceName: string
+ ifAuthFail: string
+ ifProcessFail: string
+ ifUserNotFound: string
+ link:
+ href: string
+ rel: string
+ type: string
+ policyId: string
+ rule:
+ condition:
+ attributeName: string
+ attributeValue: string
+ children:
+ - conditionType: string
+ isNegate: true
+ link:
+ href: string
+ rel: string
+ type: string
+ conditionType: string
+ datesRange:
+ endDate: string
+ startDate: string
+ datesRangeException:
+ endDate: string
+ startDate: string
+ description: string
+ dictionaryName: string
+ dictionaryValue: string
+ hoursRange:
+ endTime: string
+ startTime: string
+ hoursRangeException:
+ endTime: string
+ startTime: string
+ id: string
+ isNegate: true
+ link:
+ href: string
+ rel: string
+ type: string
+ name: string
+ operator: string
+ weekDays:
+ - string
+ weekDaysException:
+ - string
+ default: true
+ hitCounts: 0
+ id: string
+ name: string
+ rank: 0
+ state: string
+
+- name: Delete by id
+ cisco.ise.network_access_authentication_rules:
+ ise_hostname: "{{ise_hostname}}"
+ ise_username: "{{ise_username}}"
+ ise_password: "{{ise_password}}"
+ ise_verify: "{{ise_verify}}"
+ state: absent
+ id: string
+ policyId: string
+
+"""
+
+RETURN = r"""
+ise_response:
+ description: A dictionary or list with the response returned by the Cisco ISE Python SDK
+ returned: always
+ type: dict
+ sample: >
+ {
+ "identitySourceName": "string",
+ "ifAuthFail": "string",
+ "ifProcessFail": "string",
+ "ifUserNotFound": "string",
+ "link": {
+ "href": "string",
+ "rel": "string",
+ "type": "string"
+ },
+ "rule": {
+ "condition": {
+ "conditionType": "string",
+ "isNegate": true,
+ "link": {
+ "href": "string",
+ "rel": "string",
+ "type": "string"
+ },
+ "description": "string",
+ "id": "string",
+ "name": "string",
+ "attributeName": "string",
+ "attributeValue": "string",
+ "dictionaryName": "string",
+ "dictionaryValue": "string",
+ "operator": "string",
+ "children": [
+ {
+ "conditionType": "string",
+ "isNegate": true,
+ "link": {
+ "href": "string",
+ "rel": "string",
+ "type": "string"
+ }
+ }
+ ],
+ "datesRange": {
+ "endDate": "string",
+ "startDate": "string"
+ },
+ "datesRangeException": {
+ "endDate": "string",
+ "startDate": "string"
+ },
+ "hoursRange": {
+ "endTime": "string",
+ "startTime": "string"
+ },
+ "hoursRangeException": {
+ "endTime": "string",
+ "startTime": "string"
+ },
+ "weekDays": [
+ "string"
+ ],
+ "weekDaysException": [
+ "string"
+ ]
+ },
+ "default": true,
+ "hitCounts": 0,
+ "id": "string",
+ "name": "string",
+ "rank": 0,
+ "state": "string"
+ }
+ }
+
+ise_update_response:
+ description: A dictionary or list with the response returned by the Cisco ISE Python SDK
+ returned: always
+ version_added: '1.1.0'
+ type: dict
+ sample: >
+ {
+ "response": {
+ "identitySourceName": "string",
+ "ifAuthFail": "string",
+ "ifProcessFail": "string",
+ "ifUserNotFound": "string",
+ "link": {
+ "href": "string",
+ "rel": "string",
+ "type": "string"
+ },
+ "rule": {
+ "condition": {
+ "conditionType": "string",
+ "isNegate": true,
+ "link": {
+ "href": "string",
+ "rel": "string",
+ "type": "string"
+ },
+ "description": "string",
+ "id": "string",
+ "name": "string",
+ "attributeName": "string",
+ "attributeValue": "string",
+ "dictionaryName": "string",
+ "dictionaryValue": "string",
+ "operator": "string",
+ "children": [
+ {
+ "conditionType": "string",
+ "isNegate": true,
+ "link": {
+ "href": "string",
+ "rel": "string",
+ "type": "string"
+ }
+ }
+ ],
+ "datesRange": {
+ "endDate": "string",
+ "startDate": "string"
+ },
+ "datesRangeException": {
+ "endDate": "string",
+ "startDate": "string"
+ },
+ "hoursRange": {
+ "endTime": "string",
+ "startTime": "string"
+ },
+ "hoursRangeException": {
+ "endTime": "string",
+ "startTime": "string"
+ },
+ "weekDays": [
+ "string"
+ ],
+ "weekDaysException": [
+ "string"
+ ]
+ },
+ "default": true,
+ "hitCounts": 0,
+ "id": "string",
+ "name": "string",
+ "rank": 0,
+ "state": "string"
+ }
+ },
+ "version": "string"
+ }
+"""
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 22:31:27 +0000