From 53051cf9e83d3f33482f97cc60675475fef827cb Mon Sep 17 00:00:00 2001 From: Gaurav Rastogi Date: Wed, 3 Jan 2018 10:57:07 -0800 Subject: [PATCH] New module to setup WAF policy (#34362) * New module to setup WAF policy * Update copyright notice. --- .../modules/network/avi/avi_wafpolicy.py | 159 ++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 lib/ansible/modules/network/avi/avi_wafpolicy.py diff --git a/lib/ansible/modules/network/avi/avi_wafpolicy.py b/lib/ansible/modules/network/avi/avi_wafpolicy.py new file mode 100644 index 00000000000..d1bdd8a1770 --- /dev/null +++ b/lib/ansible/modules/network/avi/avi_wafpolicy.py @@ -0,0 +1,159 @@ +#!/usr/bin/python +# +# @author: Gaurav Rastogi (grastogi@avinetworks.com) +# Eric Anderson (eanderson@avinetworks.com) +# module_check: supported +# +# Copyright: (c) 2017 Gaurav Rastogi, +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: avi_wafpolicy +author: Gaurav Rastogi (grastogi@avinetworks.com) + +short_description: Module for setup of WafPolicy Avi RESTful Object +description: + - This module is used to configure WafPolicy object + - more examples at U(https://github.com/avinetworks/devops) +requirements: [ avisdk ] +version_added: "2.5" +options: + state: + description: + - The state that should be applied on the entity. + default: present + choices: ["absent", "present"] + avi_api_update_method: + description: + - Default method for object update is HTTP PUT. + - Setting to patch will override that behavior to use HTTP PATCH. + version_added: "2.5" + default: put + choices: ["put", "patch"] + avi_api_patch_op: + description: + - Patch operation to use when using avi_api_update_method as patch. + version_added: "2.5" + choices: ["add", "replace", "delete"] + created_by: + description: + - Creator name. + - Field introduced in 17.2.4. + crs_groups: + description: + - Waf rules are categorized in to groups based on their characterization. + - These groups are system created with crs groups. + - Field introduced in 17.2.1. + description: + description: + - Field introduced in 17.2.1. + mode: + description: + - Waf policy mode. + - This can be detection or enforcement. + - Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. + - Field introduced in 17.2.1. + - Default value when not specified in API or module is interpreted by Avi Controller as WAF_MODE_DETECTION_ONLY. + name: + description: + - Field introduced in 17.2.1. + required: true + paranoia_level: + description: + - Waf ruleset paranoia mode. + - This is used to select rules based on the paranoia-level tag. + - Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. + - Field introduced in 17.2.1. + - Default value when not specified in API or module is interpreted by Avi Controller as WAF_PARANOIA_LEVEL_LOW. + post_crs_groups: + description: + - Waf rules are categorized in to groups based on their characterization. + - These groups are created by the user and will be enforced after the crs groups. + - Field introduced in 17.2.1. + pre_crs_groups: + description: + - Waf rules are categorized in to groups based on their characterization. + - These groups are created by the user and will be enforced before the crs groups. + - Field introduced in 17.2.1. + tenant_ref: + description: + - It is a reference to an object of type tenant. + - Field introduced in 17.2.1. + url: + description: + - Avi controller URL of the object. + uuid: + description: + - Field introduced in 17.2.1. + waf_profile_ref: + description: + - Waf profile for waf policy. + - It is a reference to an object of type wafprofile. + - Field introduced in 17.2.1. +extends_documentation_fragment: + - avi +''' + +EXAMPLES = """ +- name: Example to create WafPolicy object + avi_wafpolicy: + controller: 10.10.25.42 + username: admin + password: something + state: present + name: sample_wafpolicy +""" + +RETURN = ''' +obj: + description: WafPolicy (api/wafpolicy) object + returned: success, changed + type: dict +''' + +from ansible.module_utils.basic import AnsibleModule +try: + from ansible.module_utils.network.avi.avi import ( + avi_common_argument_spec, HAS_AVI, avi_ansible_api) +except ImportError: + HAS_AVI = False + + +def main(): + argument_specs = dict( + state=dict(default='present', + choices=['absent', 'present']), + avi_api_update_method=dict(default='put', + choices=['put', 'patch']), + avi_api_patch_op=dict(choices=['add', 'replace', 'delete']), + created_by=dict(type='str',), + crs_groups=dict(type='list',), + description=dict(type='str',), + mode=dict(type='str',), + name=dict(type='str', required=True), + paranoia_level=dict(type='str',), + post_crs_groups=dict(type='list',), + pre_crs_groups=dict(type='list',), + tenant_ref=dict(type='str',), + url=dict(type='str',), + uuid=dict(type='str',), + waf_profile_ref=dict(type='str',), + ) + argument_specs.update(avi_common_argument_spec()) + module = AnsibleModule( + argument_spec=argument_specs, supports_check_mode=True) + if not HAS_AVI: + return module.fail_json(msg=( + 'Avi python API SDK (avisdk>=17.1) is not installed. ' + 'For more details visit https://github.com/avinetworks/sdk.')) + return avi_ansible_api(module, 'wafpolicy', + set([])) + +if __name__ == '__main__': + main()