algosec_provision_network_connectivity¶
New in version 0.1.0.
Synopsis¶
- Provision network connectivity by creating a change request in AlgoSec FireFlow.
- No change request is created if traffic is already provisioned correctly.
Requirements¶
- algosec can be obtained from PyPi https://pypi.python.org/pypi/algosec
Options¶
parameter | required | default | choices | comments |
---|---|---|---|---|
ip_address |
yes |
IP address (or hostname) of the AlgoSec server.
|
||
user |
yes |
Username credentials to use for auth.
|
||
password |
yes |
Password credentials to use for auth.
|
||
certify_ssl |
no | False |
Set whether or not to validate the AlgoSec server SSL certificate.
This flag might be set to False only in testing environments.
It is highly unrecommended to set it to False in production environments.
|
|
requestor |
yes |
The first and last name of the requestor.
|
||
email |
yes |
The email address of the requestor.
|
||
traffic_lines |
yes |
List of dictionaries, each define a traffic lines that should be added into the change request. Each traffic_line dict object should contain the following keys: action, sources, destinationsand services.
|
||
template |
no | None |
Full name of the template to use for the newly created change request.
|
Examples¶
---
- name: Create Traffic Change Request if needed
hosts: algosec-server
gather_facts: False
roles:
- role: algosec.algosec
tasks:
- name: Grab the credentials from ansible-vault
include_vars: 'algosec-secrets.yml'
no_log: 'yes'
- name: Create Traffic Change Request
# We use delegation to use the local python interpreter (and virtualenv if enabled)
delegate_to: localhost
algosec_provision_network_connectivity:
ip_address: "{{ ip_address }}"
user: "{{ username }}"
password: "{{ password }}"
requestor: Almog Cohen
email: almog@email.com
traffic_lines:
# This is an 'allow' traffic line
- action: true
sources: ["192.168.12.12", "123.123.132.123"]
destinations: ["16.47.71.62", "234.234.234.234"]
services: ["HTTPS", "http", "tcp/80", "tcp/51"]
# This is a drop traffic line
- action: false
sources: ["10.0.0.1"]
destinations: ["10.0.1.0"]
services: ["HTTPS"]
register: result
- name: Print the test results
debug: var=result
Return Values¶
name | description | returned | type | sample |
---|---|---|---|---|
change_request_url | URL for the change request ticket on the AlgoSec server. | success | string | https://local.algosec.com/FireFlow/Ticket/Display.html?id=4447 |