community.general.utm_aaa_group – Create, update or destroy an aaa group object in Sophos UTM.
Note
This plugin is part of the community.general collection (version 3.8.1).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.utm_aaa_group
.
Synopsis
- Create, update or destroy an aaa group object in Sophos UTM.
- This module needs to have the REST Ability of the UTM to be activated.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
adirectory_groups list / elements=string | List of adirectory group strings. | |
adirectory_groups_sids dictionary | Dictionary of group sids. | |
backend_match string |
| The backend for the group. |
comment string | Default: "" | Comment that describes the AAA group. |
dynamic string |
| Group type. Is static if none is selected. |
edirectory_groups list / elements=string | List of edirectory group strings. | |
headers dictionary | A dictionary of additional headers to be sent to POST and PUT requests. Is needed for some modules | |
ipsec_dn string | The ipsec dn string. | |
ldap_attribute string | The ldap attribute to check against. | |
ldap_attribute_value string | The ldap attribute value to check against. | |
members list / elements=string | Default: [] | A list of user ref names (aaa/user). |
name string / required | The name of the object. Will be used to identify the entry. | |
network string | Default: "" | The network reference name. The objects contains the known ip addresses for the authentication object (network/aaa). |
radius_groups list / elements=string | Default: [] | A list of radius group strings. |
state string |
| The desired state of the object. present will create or update an objectabsent will delete an object if it was present |
tacacs_groups list / elements=string | Default: [] | A list of tacacs group strings. |
utm_host string / required | The REST Endpoint of the Sophos UTM. | |
utm_port integer | Default: 4444 | The port of the REST interface. |
utm_protocol string |
| The protocol of the REST Endpoint. |
utm_token string / required | The token used to identify at the REST-API. See https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf?la=en, Chapter 2.4.2. | |
validate_certs boolean |
| Whether the REST interface's ssl certificate should be verified or not. |
Examples
- name: Create UTM aaa_group community.general.utm_aaa_group: utm_host: sophos.host.name utm_token: abcdefghijklmno1234 name: TestAAAGroupEntry backend_match: ldap dynamic: directory_groups ldap_attributes: memberof ldap_attributes_value: "cn=groupname,ou=Groups,dc=mydomain,dc=com" network: REF_OBJECT_STRING state: present - name: Remove UTM aaa_group community.general.utm_aaa_group: utm_host: sophos.host.name utm_token: abcdefghijklmno1234 name: TestAAAGroupEntry state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
result complex | success | The utm object that was created. | |
_locked boolean | success | Whether or not the object is currently locked. | |
_ref string | success | The reference name of the object. | |
_type string | success | The type of the object. | |
adirectory_groups string | success | List of Active Directory Groups. | |
adirectory_groups_sids list / elements=string | success | List of Active Directory Groups SIDS. | |
backend_match string | success | The backend to use. | |
comment string | success | The comment string. | |
dynamic string | success | Whether the group match is ipsec_dn or directory_group. | |
edirectory_groups string | success | List of eDirectory Groups. | |
ipsec_dn string | success | ipsec_dn identifier to match. | |
ldap_attribute string | success | The LDAP Attribute to match against. | |
ldap_attribute_value string | success | The LDAP Attribute Value to match against. | |
members list / elements=string | success | List of member identifiers of the group. | |
name string | success | The name of the object. | |
network string | success | The identifier of the network (network/aaa). | |
radius_group string | success | The radius group identifier. | |
tacacs_group string | success | The tacacs group identifier. |
Authors
- Johannes Brunswicker (@MatrixCrawler)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/utm_aaa_group_module.html