New module to setup WAF policy (#34362)

* New module to setup WAF policy

* Update copyright notice.
This commit is contained in:
Gaurav Rastogi 2018-01-03 10:57:07 -08:00 committed by John R Barker
parent 627295365d
commit 53051cf9e8

View file

@ -0,0 +1,159 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_wafpolicy
author: Gaurav Rastogi (grastogi@avinetworks.com)
short_description: Module for setup of WafPolicy Avi RESTful Object
description:
- This module is used to configure WafPolicy object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
version_added: "2.5"
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
version_added: "2.5"
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
version_added: "2.5"
choices: ["add", "replace", "delete"]
created_by:
description:
- Creator name.
- Field introduced in 17.2.4.
crs_groups:
description:
- Waf rules are categorized in to groups based on their characterization.
- These groups are system created with crs groups.
- Field introduced in 17.2.1.
description:
description:
- Field introduced in 17.2.1.
mode:
description:
- Waf policy mode.
- This can be detection or enforcement.
- Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT.
- Field introduced in 17.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as WAF_MODE_DETECTION_ONLY.
name:
description:
- Field introduced in 17.2.1.
required: true
paranoia_level:
description:
- Waf ruleset paranoia mode.
- This is used to select rules based on the paranoia-level tag.
- Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME.
- Field introduced in 17.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as WAF_PARANOIA_LEVEL_LOW.
post_crs_groups:
description:
- Waf rules are categorized in to groups based on their characterization.
- These groups are created by the user and will be enforced after the crs groups.
- Field introduced in 17.2.1.
pre_crs_groups:
description:
- Waf rules are categorized in to groups based on their characterization.
- These groups are created by the user and will be enforced before the crs groups.
- Field introduced in 17.2.1.
tenant_ref:
description:
- It is a reference to an object of type tenant.
- Field introduced in 17.2.1.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Field introduced in 17.2.1.
waf_profile_ref:
description:
- Waf profile for waf policy.
- It is a reference to an object of type wafprofile.
- Field introduced in 17.2.1.
extends_documentation_fragment:
- avi
'''
EXAMPLES = """
- name: Example to create WafPolicy object
avi_wafpolicy:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_wafpolicy
"""
RETURN = '''
obj:
description: WafPolicy (api/wafpolicy) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible.module_utils.network.avi.avi import (
avi_common_argument_spec, HAS_AVI, avi_ansible_api)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
created_by=dict(type='str',),
crs_groups=dict(type='list',),
description=dict(type='str',),
mode=dict(type='str',),
name=dict(type='str', required=True),
paranoia_level=dict(type='str',),
post_crs_groups=dict(type='list',),
pre_crs_groups=dict(type='list',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
waf_profile_ref=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'wafpolicy',
set([]))
if __name__ == '__main__':
main()