New module to setup WAF policy (#34362)
* New module to setup WAF policy * Update copyright notice.
This commit is contained in:
parent
627295365d
commit
53051cf9e8
1 changed files with 159 additions and 0 deletions
159
lib/ansible/modules/network/avi/avi_wafpolicy.py
Normal file
159
lib/ansible/modules/network/avi/avi_wafpolicy.py
Normal file
|
@ -0,0 +1,159 @@
|
|||
#!/usr/bin/python
|
||||
#
|
||||
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
|
||||
# Eric Anderson (eanderson@avinetworks.com)
|
||||
# module_check: supported
|
||||
#
|
||||
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
#
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = '''
|
||||
---
|
||||
module: avi_wafpolicy
|
||||
author: Gaurav Rastogi (grastogi@avinetworks.com)
|
||||
|
||||
short_description: Module for setup of WafPolicy Avi RESTful Object
|
||||
description:
|
||||
- This module is used to configure WafPolicy object
|
||||
- more examples at U(https://github.com/avinetworks/devops)
|
||||
requirements: [ avisdk ]
|
||||
version_added: "2.5"
|
||||
options:
|
||||
state:
|
||||
description:
|
||||
- The state that should be applied on the entity.
|
||||
default: present
|
||||
choices: ["absent", "present"]
|
||||
avi_api_update_method:
|
||||
description:
|
||||
- Default method for object update is HTTP PUT.
|
||||
- Setting to patch will override that behavior to use HTTP PATCH.
|
||||
version_added: "2.5"
|
||||
default: put
|
||||
choices: ["put", "patch"]
|
||||
avi_api_patch_op:
|
||||
description:
|
||||
- Patch operation to use when using avi_api_update_method as patch.
|
||||
version_added: "2.5"
|
||||
choices: ["add", "replace", "delete"]
|
||||
created_by:
|
||||
description:
|
||||
- Creator name.
|
||||
- Field introduced in 17.2.4.
|
||||
crs_groups:
|
||||
description:
|
||||
- Waf rules are categorized in to groups based on their characterization.
|
||||
- These groups are system created with crs groups.
|
||||
- Field introduced in 17.2.1.
|
||||
description:
|
||||
description:
|
||||
- Field introduced in 17.2.1.
|
||||
mode:
|
||||
description:
|
||||
- Waf policy mode.
|
||||
- This can be detection or enforcement.
|
||||
- Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT.
|
||||
- Field introduced in 17.2.1.
|
||||
- Default value when not specified in API or module is interpreted by Avi Controller as WAF_MODE_DETECTION_ONLY.
|
||||
name:
|
||||
description:
|
||||
- Field introduced in 17.2.1.
|
||||
required: true
|
||||
paranoia_level:
|
||||
description:
|
||||
- Waf ruleset paranoia mode.
|
||||
- This is used to select rules based on the paranoia-level tag.
|
||||
- Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME.
|
||||
- Field introduced in 17.2.1.
|
||||
- Default value when not specified in API or module is interpreted by Avi Controller as WAF_PARANOIA_LEVEL_LOW.
|
||||
post_crs_groups:
|
||||
description:
|
||||
- Waf rules are categorized in to groups based on their characterization.
|
||||
- These groups are created by the user and will be enforced after the crs groups.
|
||||
- Field introduced in 17.2.1.
|
||||
pre_crs_groups:
|
||||
description:
|
||||
- Waf rules are categorized in to groups based on their characterization.
|
||||
- These groups are created by the user and will be enforced before the crs groups.
|
||||
- Field introduced in 17.2.1.
|
||||
tenant_ref:
|
||||
description:
|
||||
- It is a reference to an object of type tenant.
|
||||
- Field introduced in 17.2.1.
|
||||
url:
|
||||
description:
|
||||
- Avi controller URL of the object.
|
||||
uuid:
|
||||
description:
|
||||
- Field introduced in 17.2.1.
|
||||
waf_profile_ref:
|
||||
description:
|
||||
- Waf profile for waf policy.
|
||||
- It is a reference to an object of type wafprofile.
|
||||
- Field introduced in 17.2.1.
|
||||
extends_documentation_fragment:
|
||||
- avi
|
||||
'''
|
||||
|
||||
EXAMPLES = """
|
||||
- name: Example to create WafPolicy object
|
||||
avi_wafpolicy:
|
||||
controller: 10.10.25.42
|
||||
username: admin
|
||||
password: something
|
||||
state: present
|
||||
name: sample_wafpolicy
|
||||
"""
|
||||
|
||||
RETURN = '''
|
||||
obj:
|
||||
description: WafPolicy (api/wafpolicy) object
|
||||
returned: success, changed
|
||||
type: dict
|
||||
'''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
try:
|
||||
from ansible.module_utils.network.avi.avi import (
|
||||
avi_common_argument_spec, HAS_AVI, avi_ansible_api)
|
||||
except ImportError:
|
||||
HAS_AVI = False
|
||||
|
||||
|
||||
def main():
|
||||
argument_specs = dict(
|
||||
state=dict(default='present',
|
||||
choices=['absent', 'present']),
|
||||
avi_api_update_method=dict(default='put',
|
||||
choices=['put', 'patch']),
|
||||
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
|
||||
created_by=dict(type='str',),
|
||||
crs_groups=dict(type='list',),
|
||||
description=dict(type='str',),
|
||||
mode=dict(type='str',),
|
||||
name=dict(type='str', required=True),
|
||||
paranoia_level=dict(type='str',),
|
||||
post_crs_groups=dict(type='list',),
|
||||
pre_crs_groups=dict(type='list',),
|
||||
tenant_ref=dict(type='str',),
|
||||
url=dict(type='str',),
|
||||
uuid=dict(type='str',),
|
||||
waf_profile_ref=dict(type='str',),
|
||||
)
|
||||
argument_specs.update(avi_common_argument_spec())
|
||||
module = AnsibleModule(
|
||||
argument_spec=argument_specs, supports_check_mode=True)
|
||||
if not HAS_AVI:
|
||||
return module.fail_json(msg=(
|
||||
'Avi python API SDK (avisdk>=17.1) is not installed. '
|
||||
'For more details visit https://github.com/avinetworks/sdk.'))
|
||||
return avi_ansible_api(module, 'wafpolicy',
|
||||
set([]))
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
Loading…
Reference in a new issue