mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
209 lines
8.3 KiB
Python
209 lines
8.3 KiB
Python
#!/usr/bin/python
|
|
#
|
|
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
|
|
# Eric Anderson (eanderson@avinetworks.com)
|
|
# module_check: supported
|
|
# Avi Version: 17.1.1
|
|
#
|
|
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
#
|
|
|
|
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
|
'status': ['preview'],
|
|
'supported_by': 'community'}
|
|
|
|
DOCUMENTATION = '''
|
|
---
|
|
module: avi_sslprofile
|
|
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
|
|
|
|
short_description: Module for setup of SSLProfile Avi RESTful Object
|
|
description:
|
|
- This module is used to configure SSLProfile object
|
|
- more examples at U(https://github.com/avinetworks/devops)
|
|
requirements: [ avisdk ]
|
|
options:
|
|
state:
|
|
description:
|
|
- The state that should be applied on the entity.
|
|
default: present
|
|
choices: ["absent", "present"]
|
|
avi_api_update_method:
|
|
description:
|
|
- Default method for object update is HTTP PUT.
|
|
- Setting to patch will override that behavior to use HTTP PATCH.
|
|
default: put
|
|
choices: ["put", "patch"]
|
|
avi_api_patch_op:
|
|
description:
|
|
- Patch operation to use when using avi_api_update_method as patch.
|
|
choices: ["add", "replace", "delete"]
|
|
accepted_ciphers:
|
|
description:
|
|
- Ciphers suites represented as defined by U(http://www.openssl.org/docs/apps/ciphers.html).
|
|
- Default value when not specified in API or module is interpreted by Avi Controller as AES:3DES:RC4.
|
|
accepted_versions:
|
|
description:
|
|
- Set of versions accepted by the server.
|
|
cipher_enums:
|
|
description:
|
|
- Enum options - tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256,
|
|
- tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_ecdsa_with_aes_128_cbc_sha256, tls_ecdhe_ecdsa_with_aes_256_cbc_sha384,
|
|
- tls_ecdhe_rsa_with_aes_128_cbc_sha256, tls_ecdhe_rsa_with_aes_256_cbc_sha384, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384,
|
|
- tls_rsa_with_aes_128_cbc_sha256, tls_rsa_with_aes_256_cbc_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha,
|
|
- tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha,
|
|
- tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_rc4_128_sha.
|
|
description:
|
|
description:
|
|
- User defined description for the object.
|
|
dhparam:
|
|
description:
|
|
- Dh parameters used in ssl.
|
|
- At this time, it is not configurable and is set to 2048 bits.
|
|
enable_ssl_session_reuse:
|
|
description:
|
|
- Enable ssl session re-use.
|
|
- Default value when not specified in API or module is interpreted by Avi Controller as True.
|
|
type: bool
|
|
name:
|
|
description:
|
|
- Name of the object.
|
|
required: true
|
|
prefer_client_cipher_ordering:
|
|
description:
|
|
- Prefer the ssl cipher ordering presented by the client during the ssl handshake over the one specified in the ssl profile.
|
|
- Default value when not specified in API or module is interpreted by Avi Controller as False.
|
|
type: bool
|
|
send_close_notify:
|
|
description:
|
|
- Send 'close notify' alert message for a clean shutdown of the ssl connection.
|
|
- Default value when not specified in API or module is interpreted by Avi Controller as True.
|
|
type: bool
|
|
ssl_rating:
|
|
description:
|
|
- Sslrating settings for sslprofile.
|
|
ssl_session_timeout:
|
|
description:
|
|
- The amount of time in seconds before an ssl session expires.
|
|
- Default value when not specified in API or module is interpreted by Avi Controller as 86400.
|
|
tags:
|
|
description:
|
|
- List of tag.
|
|
tenant_ref:
|
|
description:
|
|
- It is a reference to an object of type tenant.
|
|
type:
|
|
description:
|
|
- Ssl profile type.
|
|
- Enum options - SSL_PROFILE_TYPE_APPLICATION, SSL_PROFILE_TYPE_SYSTEM.
|
|
- Field introduced in 17.2.8.
|
|
- Default value when not specified in API or module is interpreted by Avi Controller as SSL_PROFILE_TYPE_APPLICATION.
|
|
url:
|
|
description:
|
|
- Avi controller URL of the object.
|
|
uuid:
|
|
description:
|
|
- Unique object identifier of the object.
|
|
extends_documentation_fragment:
|
|
- community.general.avi
|
|
|
|
'''
|
|
|
|
EXAMPLES = """
|
|
- name: Create SSL profile with list of allowed ciphers
|
|
avi_sslprofile:
|
|
controller: '{{ controller }}'
|
|
username: '{{ username }}'
|
|
password: '{{ password }}'
|
|
accepted_ciphers: >
|
|
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:
|
|
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:
|
|
AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:
|
|
AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:
|
|
ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA
|
|
accepted_versions:
|
|
- type: SSL_VERSION_TLS1
|
|
- type: SSL_VERSION_TLS1_1
|
|
- type: SSL_VERSION_TLS1_2
|
|
cipher_enums:
|
|
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
|
|
- TLS_RSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_RSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_RSA_WITH_AES_128_CBC_SHA256
|
|
- TLS_RSA_WITH_AES_256_CBC_SHA256
|
|
- TLS_RSA_WITH_AES_128_CBC_SHA
|
|
- TLS_RSA_WITH_AES_256_CBC_SHA
|
|
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
|
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
|
|
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
|
|
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
|
name: PFS-BOTH-RSA-EC
|
|
send_close_notify: true
|
|
ssl_rating:
|
|
compatibility_rating: SSL_SCORE_EXCELLENT
|
|
performance_rating: SSL_SCORE_EXCELLENT
|
|
security_score: '100.0'
|
|
tenant_ref: Demo
|
|
"""
|
|
|
|
RETURN = '''
|
|
obj:
|
|
description: SSLProfile (api/sslprofile) object
|
|
returned: success, changed
|
|
type: dict
|
|
'''
|
|
|
|
from ansible.module_utils.basic import AnsibleModule
|
|
try:
|
|
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
|
|
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
|
|
except ImportError:
|
|
HAS_AVI = False
|
|
|
|
|
|
def main():
|
|
argument_specs = dict(
|
|
state=dict(default='present',
|
|
choices=['absent', 'present']),
|
|
avi_api_update_method=dict(default='put',
|
|
choices=['put', 'patch']),
|
|
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
|
|
accepted_ciphers=dict(type='str',),
|
|
accepted_versions=dict(type='list',),
|
|
cipher_enums=dict(type='list',),
|
|
description=dict(type='str',),
|
|
dhparam=dict(type='str',),
|
|
enable_ssl_session_reuse=dict(type='bool',),
|
|
name=dict(type='str', required=True),
|
|
prefer_client_cipher_ordering=dict(type='bool',),
|
|
send_close_notify=dict(type='bool',),
|
|
ssl_rating=dict(type='dict',),
|
|
ssl_session_timeout=dict(type='int',),
|
|
tags=dict(type='list',),
|
|
tenant_ref=dict(type='str',),
|
|
type=dict(type='str',),
|
|
url=dict(type='str',),
|
|
uuid=dict(type='str',),
|
|
)
|
|
argument_specs.update(avi_common_argument_spec())
|
|
module = AnsibleModule(
|
|
argument_spec=argument_specs, supports_check_mode=True)
|
|
if not HAS_AVI:
|
|
return module.fail_json(msg=(
|
|
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
|
|
'For more details visit https://github.com/avinetworks/sdk.'))
|
|
return avi_ansible_api(module, 'sslprofile',
|
|
set([]))
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|