cisco.ise.certificate_profile – Resource module for Certificate Profile

Note

This plugin is part of the cisco.ise collection (version 1.1.0).

To install it use: ansible-galaxy collection install cisco.ise.

To use it in a playbook, specify: cisco.ise.certificate_profile.

New in version 1.0.0: of cisco.ise

Synopsis

  • Manage operations create and update of the resource Certificate Profile.

Note

This module has a corresponding action plugin.

Requirements

The below requirements are needed on the host that executes this module.

  • ciscoisesdk >= 1.0.0

  • python >= 3.5

Parameters

Parameter Choices/Defaults Comments
allowedAsUserName
boolean
    Choices:
  • no
  • yes
AllowedAsUserName flag.
certificateAttributeName
string
Attribute name of the Certificate Profile - used only when CERTIFICATE is chosen in usernameFrom. Allowed values - SUBJECT_COMMON_NAME - SUBJECT_ALTERNATIVE_NAME - SUBJECT_SERIAL_NUMBER - SUBJECT - SUBJECT_ALTERNATIVE_NAME_OTHER_NAME - SUBJECT_ALTERNATIVE_NAME_EMAIL - SUBJECT_ALTERNATIVE_NAME_DNS. - Additional internal value ALL_SUBJECT_AND_ALTERNATIVE_NAMES is used automatically when usernameFrom=UPN.
description
string
Certificate Profile's description.
externalIdentityStoreName
string
Referred IDStore name for the Certificate Profile or not applicable in case no identity store is chosen.
id
string
Certificate Profile's id.
ise_debug
boolean
    Choices:
  • no ←
  • yes
Flag for Identity Services Engine SDK to enable debugging.
ise_hostname
string / required
The Identity Services Engine hostname.
ise_password
string / required
The Identity Services Engine password to authenticate.
ise_username
string / required
The Identity Services Engine username to authenticate.
ise_verify
boolean
    Choices:
  • no
  • yes ←
Flag to enable or disable SSL certificate verification.
ise_version
string
Default:
"3.0.0"
Informs the SDK which version of Identity Services Engine to use.
ise_wait_on_rate_limit
boolean
    Choices:
  • no
  • yes ←
Flag for Identity Services Engine SDK to enable automatic rate-limit handling.
matchMode
string
Match mode of the Certificate Profile. Allowed values - NEVER - RESOLVE_IDENTITY_AMBIGUITY - BINARY_COMPARISON.
name
string
Certificate Profile's name.
usernameFrom
string
The attribute in the certificate where the user name should be taken from. Allowed values - CERTIFICATE (for a specific attribute as defined in certificateAttributeName) - UPN (for using any Subject or Alternative Name Attributes in the Certificate - an option only in AD).

Notes

Note

  • Does not support check_mode

See Also

See also

Certificate Profile reference

Complete reference of the Certificate Profile object model.

Examples

- name: Update by id
  cisco.ise.certificate_profile:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    state: present
    allowedAsUserName: true
    certificateAttributeName: string
    description: string
    externalIdentityStoreName: string
    id: string
    matchMode: string
    name: string
    usernameFrom: string

- name: Create
  cisco.ise.certificate_profile:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    state: present
    allowedAsUserName: true
    certificateAttributeName: string
    description: string
    externalIdentityStoreName: string
    id: string
    matchMode: string
    name: string
    usernameFrom: string

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
ise_response
dictionary
always
A dictionary or list with the response returned by the Cisco ISE Python SDK

Sample:
{ "UpdatedFieldsList": { "updatedField": [ { "field": "string", "oldValue": "string", "newValue": "string" } ] } }


Authors

  • Rafael Campos (@racampos)