cisco.ise.authorizationprofile module – Resource module for Authorizationprofile

Note

This module is part of the cisco.ise collection (version 3.0.0).

To install it, use: ansible-galaxy collection install cisco.ise. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cisco.ise.authorizationprofile.

New in cisco.ise 1.0.0

Synopsis

• Manage operation create of the resource Authorizationprofile.

Note

This module has a corresponding action plugin.

Requirements

The below requirements are needed on the host that executes this module.

• ciscoisesdk >= 2.0.1

• python >= 3.5

Parameters

Parameter	Comments
accessType string	Allowed Values ACCESS_ACCEPT, ACCESS_REJECT.
acl string	Authorizationprofile’s acl.
advancedAttributes dictionary	Authorizationprofile’s advancedAttributes.
leftHandSideDictionaryAttribue dictionary	Authorizationprofile’s leftHandSideDictionaryAttribue.
attributeName string	Attribute name.
dictionaryName string	Dictionary name.
rightHandSideAttribueValue dictionary	Attribute value can be of type AttributeValue or AdvancedDictionaryAttribute. For AttributeValue the value is String, For AdvancedDictionaryAttribute the value is dictionaryName and attributeName properties, for RADIUS Dictionary with attribute name starting with ‘Tunnel-’ there is also tagID property which is a number between 0-31.
agentlessPosture dictionary	Authorizationprofile’s agentlessPosture.
airespaceACL string	Authorizationprofile’s airespaceACL.
airespaceIPv6ACL string	Authorizationprofile’s airespaceIPv6ACL.
asaVpn string	Authorizationprofile’s asaVpn.
authzProfileType string	Allowed Values SWITCH, TRUSTSEC, TACACS. SWITCH is used for Standard Authorization Profiles. Only SWITCH is supported.
autoSmartPort string	Authorizationprofile’s autoSmartPort.
avcProfile string	Authorizationprofile’s avcProfile.
daclName string	Authorizationprofile’s daclName.
description string	Description.
easywiredSessionCandidate dictionary	Authorizationprofile’s easywiredSessionCandidate.
id string	Id.
interfaceTemplate string	Authorizationprofile’s interfaceTemplate.
ipv6ACLFilter string	Authorizationprofile’s ipv6ACLFilter.
ipv6DaclName string	Authorizationprofile’s ipv6DaclName.
ise_debug boolean	Flag for Identity Services Engine SDK to enable debugging. Choices: :ansible-option-choices-entry-default:`false` ← (default) :ansible-option-choices-entry:`true`
ise_hostname string / required	The Identity Services Engine hostname.
ise_password string / required	The Identity Services Engine password to authenticate.
ise_single_request_timeout integer added in cisco.ise 3.0.0	Timeout (in seconds) for RESTful HTTP requests. Default: :ansible-option-default:`60`
ise_username string / required	The Identity Services Engine username to authenticate.
ise_uses_api_gateway boolean added in cisco.ise 1.1.0	Flag that informs the SDK whether to use the Identity Services Engine’s API Gateway to send requests. If it is true, it uses the ISE’s API Gateway and sends requests to https://{{ise_hostname}}. If it is false, it sends the requests to https://{{ise_hostname}}:{{port}}, where the port value depends on the Service used (ERS, Mnt, UI, PxGrid). Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry-default:`true` ← (default)
ise_uses_csrf_token boolean added in cisco.ise 3.0.0	Flag that informs the SDK whether we send the CSRF token to ISE’s ERS APIs. If it is True, the SDK assumes that your ISE CSRF Check is enabled. If it is True, it assumes you need the SDK to manage the CSRF token automatically for you. Choices: :ansible-option-choices-entry-default:`false` ← (default) :ansible-option-choices-entry:`true`
ise_verify boolean	Flag to enable or disable SSL certificate verification. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry-default:`true` ← (default)
ise_version string	Informs the SDK which version of Identity Services Engine to use. Default: :ansible-option-default:`"3.1\_Patch\_1"`
ise_wait_on_rate_limit boolean	Flag for Identity Services Engine SDK to enable automatic rate-limit handling. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry-default:`true` ← (default)
macSecPolicy string	Allowed Values MUST_SECURE, MUST_NOT_SECURE, SHOULD_SECURE.
name string	Name.
neat dictionary	Authorizationprofile’s neat.
profileName string	Value needs to be an existing Network Device Profile.
reauth dictionary	Authorizationprofile’s reauth.
attributeName string	The name of the attribute within the dictionary containing the value. Value should be date based in ISO 8601 form with timezone offset. For example, 2035-12-31T23 59 59-08 00.
connectivity string	Allowed Values DEFAULT, RADIUS_REQUEST.
dictionaryName string	The name of the dictionary containing the attribute.
reauthType string	Allowed Values TIMER, EXPIRATION_DATE. Specifies the type of reauthentication. TIMER is used for time-based reauthentication, while EXPIRATION_DATE is used for dynamic date-based reauthentication.
timer dictionary	Specifies the reauthentication timer in seconds. Valid range is 1-1073741823.
serviceTemplate dictionary	Authorizationprofile’s serviceTemplate.
trackMovement dictionary	Authorizationprofile’s trackMovement.
uniqueIdentifier string	Authorizationprofile’s uniqueIdentifier.
vlan dictionary	Authorizationprofile’s vlan.
nameID string	Authorizationprofile’s nameID.
tagID float	Valid range is 0-31.
voiceDomainPermission dictionary	Authorizationprofile’s voiceDomainPermission.
webAuth dictionary	Authorizationprofile’s webAuth.
webRedirection dictionary	Authorizationprofile’s webRedirection.
ACL string	Authorizationprofile’s ACL.
displayCertificatesRenewalMessages boolean	The displayCertificatesRenewalMessages is mandatory when ‘WebRedirectionType’ value is ‘CentralizedWebAuth’. For all other ‘WebRedirectionType’ values the field must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
portalName string	A portal that exist in the DB and fits the WebRedirectionType.
staticIPHostNameFQDN string	Authorizationprofile’s staticIPHostNameFQDN.
WebRedirectionType string	Value MUST be one of the following CentralizedWebAuth, HotSpot, NativeSupplicanProvisioning, ClientProvisioning. The WebRedirectionType must fit the portalName.

Notes

Note

• SDK Method used are authorizationprofile.Authorizationprofile.create_authorizationprofile,

• Paths used are post /authorizationprofile/,

• Does not support check_mode

• The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco ISE SDK

• The parameters starting with ise_ are used by the Cisco ISE Python SDK to establish the connection

Examples

---
- name: Create
  cisco.ise.authorizationprofile:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    state: present
    accessType: ACCESS_ACCEPT
    acl: aclfilter
    advancedAttributes:
      - leftHandSideDictionaryAttribue:
          AdvancedAttributeValueType: AdvancedDictionaryAttribute
          attributeName: cisco-call-filter
          dictionaryName: Cisco
        rightHandSideAttribueValue:
          AdvancedAttributeValueType: AttributeValue
          value: '23'
    agentlessPosture: false
    airespaceACL: ACL
    airespaceIPv6ACL: ACL6
    asaVpn: Cisco:cisco-call-type
    authzProfileType: SWITCH
    autoSmartPort: autoSmartPort
    avcProfile: avcProfile
    daclName: PERMIT_ALL_IPV4_TRAFFIC
    description: description
    easywiredSessionCandidate: false
    id: f75760e7-a4f9-40ef-93bb-88a97e9fb171
    interfaceTemplate: interfaceTemplate
    ipv6ACLFilter: ipv6ACLFilter
    ipv6DaclName: PERMIT_ALL_IPV6_TRAFFIC
    macSecPolicy: MUST_SECURE
    name: name
    neat: false
    profileName: Cisco
    reauth:
      connectivity: RADIUS_REQUEST
      reauthType: TIMER
      timer: 1800
    serviceTemplate: false
    trackMovement: false
    uniqueIdentifier: CERTIFICATE:Subject Alternative Name - URI
    vlan:
      nameID: vlanName
      tagID: 1
    voiceDomainPermission: false
    webAuth: false
    webRedirection:
      WebRedirectionType: CentralizedWebAuth
      acl: acl
      displayCertificatesRenewalMessages: true
      portalName: Sponsored Guest Portal (default)
      staticIPHostNameFQDN: 10.56.54.200

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
ise_response list / elements=dictionary	A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always Sample: :ansible-rv-sample-value:`"[\\n {\\n \\"id\\": \\"string\\",\\n \\"name\\": \\"string\\",\\n \\"description\\": \\"string\\",\\n \\"link\\": {\\n \\"rel\\": \\"string\\",\\n \\"href\\": \\"string\\",\\n \\"type\\": \\"string\\"\\n }\\n }\\n]\\n"`

Authors

• Rafael Campos (@racampos)

Collection links

Issue Tracker Repository (Sources)