avi_networksecuritypolicy.rst

vmware.alb.avi_networksecuritypolicy

Module for setup of NetworkSecurityPolicy Avi RESTful Object

• Synopsis
• Parameters
• Examples

Synopsis

• This module is used to configure NetworkSecurityPolicy object.
• More examples at (https://github.com/avinetworks/devops).

Parameters

Parameter		Choices/Defaults	Comments
state str		absent present ←	- The state that should be applied on the entity.
avi_api_update_method str		put ← patch	- Default method for object update is HTTP PUT. - Setting to patch will override that behavior to use HTTP PATCH.
avi_api_patch_op str		add ← replace delete remove	- Patch operation to use when using avi_api_update_method as patch.
avi_patch_path str			- Patch path to use when using avi_api_update_method as patch.
avi_patch_value str			- Patch value to use when using avi_api_update_method as patch.
cloud_config_cksum str			- Checksum of cloud configuration for network sec policy. - Internally set by cloud connector. - Allowed in enterprise edition with any value, essentials, basic, enterprise with cloud services edition.
configpb_attributes dict			- Protobuf versioning for config pbs. - Field introduced in 21.1.1. - Allowed in enterprise edition with any value, essentials edition with any value, basic edition with any value, enterprise with cloud services - edition.
created_by str			- Creator name. - Allowed in enterprise edition with any value, essentials, basic, enterprise with cloud services edition.
description str			- Allowed in enterprise edition with any value, essentials, basic, enterprise with cloud services edition.
geo_db_ref str			- Geo database. - It is a reference to an object of type geodb. - Field introduced in 21.1.1. - Allowed in enterprise edition with any value, enterprise with cloud services edition.
internal bool			- Network security policy is created and modified by internal modules only. - Should not be modified by users. - Field introduced in 21.1.1. - Allowed in enterprise edition with any value, enterprise with cloud services edition.
ip_reputation_db_ref str			- Ip reputation database. - It is a reference to an object of type ipreputationdb. - Field introduced in 20.1.1. - Allowed in enterprise edition with any value, enterprise with cloud services edition.
markers list			- List of labels to be used for granular rbac. - Field introduced in 20.1.5. - Allowed in enterprise edition with any value, essentials edition with any value, basic edition with any value, enterprise with cloud services - edition.
name str			- Allowed in enterprise edition with any value, essentials, basic, enterprise with cloud services edition.
rules list			- Allowed in enterprise edition with any value, essentials, basic, enterprise with cloud services edition.
tenant_ref str			- It is a reference to an object of type tenant. - Allowed in enterprise edition with any value, essentials, basic, enterprise with cloud services edition.
url str			- Avi controller URL of the object.
uuid str			- Allowed in enterprise edition with any value, essentials, basic, enterprise with cloud services edition.

Examples

- hosts: localhost
  connection: local
  collections:
    - vmware.alb
  vars:
    avi_credentials:
      username: "{{ username }}"
      password: "{{ password }}"
      controller: "{{ controller }}"
      api_version: "{{ api_version }}"
  tasks:
    - name: Create a network security policy to block clients represented by ip group known_attackers
      avi_networksecuritypolicy:
        avi_credentials: "{{ avi_credentials }}"
        name: vs-gurutest-ns
        rules:
        - action: NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY
          age: 0
          enable: true
          index: 1
          log: false
          match:
            client_ip:
              group_refs:
              - Demo:known_attackers
              match_criteria: IS_IN
          name: Rule 1
        tenant_ref: /api/tenant?name=Demo

Authors

• Gaurav Rastogi (grastogi@vmware.com)
• Sandeep Bandi (sbandi@vmware.com)
• Amol Shinde (samol@vmware.com)