#!/usr/bin/python # # @author: Gaurav Rastogi (grastogi@avinetworks.com) # Eric Anderson (eanderson@avinetworks.com) # module_check: supported # Avi Version: 17.1.1 # # Copyright: (c) 2017 Gaurav Rastogi, # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} DOCUMENTATION = ''' --- module: avi_sslprofile author: Gaurav Rastogi (@grastogi23) short_description: Module for setup of SSLProfile Avi RESTful Object description: - This module is used to configure SSLProfile object - more examples at U(https://github.com/avinetworks/devops) requirements: [ avisdk ] options: state: description: - The state that should be applied on the entity. default: present choices: ["absent", "present"] avi_api_update_method: description: - Default method for object update is HTTP PUT. - Setting to patch will override that behavior to use HTTP PATCH. default: put choices: ["put", "patch"] avi_api_patch_op: description: - Patch operation to use when using avi_api_update_method as patch. choices: ["add", "replace", "delete"] accepted_ciphers: description: - Ciphers suites represented as defined by U(http://www.openssl.org/docs/apps/ciphers.html). - Default value when not specified in API or module is interpreted by Avi Controller as AES:3DES:RC4. accepted_versions: description: - Set of versions accepted by the server. cipher_enums: description: - Enum options - tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, - tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_ecdsa_with_aes_128_cbc_sha256, tls_ecdhe_ecdsa_with_aes_256_cbc_sha384, - tls_ecdhe_rsa_with_aes_128_cbc_sha256, tls_ecdhe_rsa_with_aes_256_cbc_sha384, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, - tls_rsa_with_aes_128_cbc_sha256, tls_rsa_with_aes_256_cbc_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, - tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, - tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_rc4_128_sha. description: description: - User defined description for the object. dhparam: description: - Dh parameters used in ssl. - At this time, it is not configurable and is set to 2048 bits. enable_ssl_session_reuse: description: - Enable ssl session re-use. - Default value when not specified in API or module is interpreted by Avi Controller as True. type: bool name: description: - Name of the object. required: true prefer_client_cipher_ordering: description: - Prefer the ssl cipher ordering presented by the client during the ssl handshake over the one specified in the ssl profile. - Default value when not specified in API or module is interpreted by Avi Controller as False. type: bool send_close_notify: description: - Send 'close notify' alert message for a clean shutdown of the ssl connection. - Default value when not specified in API or module is interpreted by Avi Controller as True. type: bool ssl_rating: description: - Sslrating settings for sslprofile. ssl_session_timeout: description: - The amount of time in seconds before an ssl session expires. - Default value when not specified in API or module is interpreted by Avi Controller as 86400. tags: description: - List of tag. tenant_ref: description: - It is a reference to an object of type tenant. type: description: - Ssl profile type. - Enum options - SSL_PROFILE_TYPE_APPLICATION, SSL_PROFILE_TYPE_SYSTEM. - Field introduced in 17.2.8. - Default value when not specified in API or module is interpreted by Avi Controller as SSL_PROFILE_TYPE_APPLICATION. url: description: - Avi controller URL of the object. uuid: description: - Unique object identifier of the object. extends_documentation_fragment: - community.general.avi ''' EXAMPLES = """ - name: Create SSL profile with list of allowed ciphers avi_sslprofile: controller: '{{ controller }}' username: '{{ username }}' password: '{{ password }}' accepted_ciphers: > ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384: AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA: AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384: ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA accepted_versions: - type: SSL_VERSION_TLS1 - type: SSL_VERSION_TLS1_1 - type: SSL_VERSION_TLS1_2 cipher_enums: - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA name: PFS-BOTH-RSA-EC send_close_notify: true ssl_rating: compatibility_rating: SSL_SCORE_EXCELLENT performance_rating: SSL_SCORE_EXCELLENT security_score: '100.0' tenant_ref: Demo """ RETURN = ''' obj: description: SSLProfile (api/sslprofile) object returned: success, changed type: dict ''' from ansible.module_utils.basic import AnsibleModule try: from ansible_collections.community.general.plugins.module_utils.network.avi.avi import ( avi_common_argument_spec, avi_ansible_api, HAS_AVI) except ImportError: HAS_AVI = False def main(): argument_specs = dict( state=dict(default='present', choices=['absent', 'present']), avi_api_update_method=dict(default='put', choices=['put', 'patch']), avi_api_patch_op=dict(choices=['add', 'replace', 'delete']), accepted_ciphers=dict(type='str',), accepted_versions=dict(type='list',), cipher_enums=dict(type='list',), description=dict(type='str',), dhparam=dict(type='str',), enable_ssl_session_reuse=dict(type='bool',), name=dict(type='str', required=True), prefer_client_cipher_ordering=dict(type='bool',), send_close_notify=dict(type='bool',), ssl_rating=dict(type='dict',), ssl_session_timeout=dict(type='int',), tags=dict(type='list',), tenant_ref=dict(type='str',), type=dict(type='str',), url=dict(type='str',), uuid=dict(type='str',), ) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule( argument_spec=argument_specs, supports_check_mode=True) if not HAS_AVI: return module.fail_json(msg=( 'Avi python API SDK (avisdk>=17.1) or requests is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) return avi_ansible_api(module, 'sslprofile', set([])) if __name__ == '__main__': main()