algosec_provision_network_connectivity¶

New in version 0.1.0.

Synopsis
Requirements
Options
Examples
Return Values

Synopsis ¶

Provision network connectivity by creating a change request in AlgoSec FireFlow.
No change request is created if traffic is already provisioned correctly.

Requirements ¶

algosec can be obtained from PyPi https://pypi.python.org/pypi/algosec

Options ¶

parameter	required	default	choices	comments
ip_address	yes			IP address (or hostname) of the AlgoSec server.
user	yes			Username credentials to use for auth.
password	yes			Password credentials to use for auth.
certify_ssl	no	False		Set whether or not to validate the AlgoSec server SSL certificate. This flag might be set to False only in testing environments. It is highly unrecommended to set it to False in production environments.
requestor	yes			The first and last name of the requestor.
email	yes			The email address of the requestor.
traffic_lines	yes			List of dictionaries, each define a traffic lines that should be added into the change request. Each traffic_line dict object should contain the following keys: action, sources, destinationsand services. action - Boolean. True to allow traffic or False to drop it. sources - list of IP addresses or BusinessFlow objects destinations - list of IP addresses or BusinessFlow objects services - list of services of the traffic to allow. Accepted services are as defined on AlgoSec BusinessFlow or by port/proto format (e.g. tcp/50,udp/100,ssh). Please usage examples in the `Examples`_ section.
template	no	None		Full name of the template to use for the newly created change request.

Examples ¶

---
- name: Create Traffic Change Request if needed
  hosts: algosec-server
  gather_facts: False

  roles:
    - role: algosec.algosec

  tasks:
  - name: Grab the credentials from ansible-vault
    include_vars: 'algosec-secrets.yml'
    no_log: 'yes'

  - name: Create Traffic Change Request
    # We use delegation to use the local python interpreter (and virtualenv if enabled)
    delegate_to: localhost
    algosec_provision_network_connectivity:
      ip_address: "{{ ip_address }}"
      user: "{{ username }}"
      password: "{{ password }}"

      requestor: Almog Cohen
      email: almog@email.com
      traffic_lines:
        # This is an 'allow' traffic line
        - action: true
          sources: ["192.168.12.12", "123.123.132.123"]
          destinations: ["16.47.71.62", "234.234.234.234"]
          services: ["HTTPS", "http", "tcp/80", "tcp/51"]
        # This is a drop traffic line
        - action: false
          sources: ["10.0.0.1"]
          destinations: ["10.0.1.0"]
          services: ["HTTPS"]

    register: result

  - name: Print the test results
    debug: var=result

Return Values ¶

name	description	returned	type	sample
change_request_url	URL for the change request ticket on the AlgoSec server.	success	string	https://local.algosec.com/FireFlow/Ticket/Display.html?id=4447

Read the Docs v: latest

Versions: latest; stable

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.