cisco.ise.sg_acl module – Resource module for SGACL
Note
This module is part of the cisco.ise collection (version 2.5.15).
To install it, use: ansible-galaxy collection install cisco.ise
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cisco.ise.sg_acl
.
New in cisco.ise 1.0.0
Synopsis
Manage operations create, update and delete of the resource SGACL.
This API creates a security group ACL.
This API deletes a security group ACL.
This API allows the client to update a security group ACL.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
ciscoisesdk >= 2.0.8
python >= 3.5
Parameters
Parameter |
Comments |
---|---|
SGACL’s aclcontent. |
|
SGACL’s description. |
|
SGACL’s generationId. |
|
SGACL’s id. |
|
Allowed values - IPV4, - IPV6, - IP_AGNOSTIC. |
|
Flag for Identity Services Engine SDK to enable debugging. Choices: |
|
The Identity Services Engine hostname. |
|
The Identity Services Engine password to authenticate. |
|
Timeout (in seconds) for RESTful HTTP requests. Default: :ansible-option-default:`60` |
|
The Identity Services Engine username to authenticate. |
|
Flag that informs the SDK whether to use the Identity Services Engine’s API Gateway to send requests. If it is true, it uses the ISE’s API Gateway and sends requests to https://{{ise_hostname}}. If it is false, it sends the requests to https://{{ise_hostname}}:{{port}}, where the port value depends on the Service used (ERS, Mnt, UI, PxGrid). Choices: |
|
Flag that informs the SDK whether we send the CSRF token to ISE’s ERS APIs. If it is True, the SDK assumes that your ISE CSRF Check is enabled. If it is True, it assumes you need the SDK to manage the CSRF token automatically for you. Choices: |
|
Flag to enable or disable SSL certificate verification. Choices: |
|
Informs the SDK which version of Identity Services Engine to use. |
|
Flag for Identity Services Engine SDK to enable automatic rate-limit handling. Choices: |
|
IsReadOnly flag. Choices: |
|
Modelled content of contract. |
|
SGACL’s name. |
Notes
Note
SDK Method used are security_groups_acls.SecurityGroupsAcls.create_security_groups_acl, security_groups_acls.SecurityGroupsAcls.delete_security_groups_acl_by_id, security_groups_acls.SecurityGroupsAcls.update_security_groups_acl_by_id,
Paths used are post /ers/config/sgacl, delete /ers/config/sgacl/{id}, put /ers/config/sgacl/{id},
Does not support
check_mode
The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco ISE SDK
The parameters starting with ise_ are used by the Cisco ISE Python SDK to establish the connection
See Also
See also
- Cisco ISE documentation for SecurityGroupsACLs
Complete reference of the SecurityGroupsACLs API.
Examples
- name: Update by id
cisco.ise.sg_acl:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: present
aclcontent: string
description: string
generationId: string
id: string
ipVersion: string
isReadOnly: true
modelledContent: {}
name: string
- name: Delete by id
cisco.ise.sg_acl:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: absent
id: string
- name: Create
cisco.ise.sg_acl:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: present
aclcontent: string
description: string
generationId: string
ipVersion: string
isReadOnly: true
modelledContent: {}
name: string
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always |
|
A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always |