generic_element - Create, modify or delete elements inheriting from Element

Synopsis

  • This module allows elements that inherit from smc.base.model.Element to be created, deleted or modified. Any valid smc-python element is one that has a direct entry point in the SMC API. In order to create an element, you must provide any attributes required by the elements create signature. This module uses an ‘update or create’ logic, therefore it is not possible to create the same element twice. If the element exists and the attributes provided are different, the element will be updated before returned.

Requirements (on host that executes module)

  • smc-python

Options

parameter required default choices comments
elements
 yes
A list of the elements to create, modify or delete
Dictionary object elements
parameter required default choices comments
element
 no
Specify the type of attribute for the given element. This value is the API entry point that correlates to the given smc-python object instance.
smc_address
 no

FQDN with port of SMC. The default value is the environment variable SMC_ADDRESS
smc_alt_filepath
 no

Provide an alternate path location to read the credentials from. File is expected to be stored in ~.smcrc. If provided, url and api_key settings are not required and will be ignored.
smc_api_key
 no

API key for api client. The default value is the environment variable SMC_API_KEY Required if url
smc_api_version
 no

Optional API version to connect to. If none is provided, the latests LTS SMC API version will be used based on the Management Center version. Can be set though the environment variable SMC_API_VERSION
smc_domain
 no

Optional domain to log in to. If no domain is provided, 'Shared Domain' is used. Can be set throuh the environment variable SMC_DOMAIN
smc_extra_args
 no
Extra arguments to pass to login constructor. These are generally only used if specifically requested by support personnel.
Dictionary object smc_extra_args
parameter required default choices comments
verify
 no True
  • yes
  • no
Is the connection to SMC is HTTPS, you can set this to True, or provide a path to a client certificate to verify the SMC SSL certificate. You can also explicitly set this to False.
smc_logging
 no
Optionally enable SMC API logging to a file
Dictionary object smc_logging
parameter required default choices comments
path
 yes
Full path to the log file
level
 no
Log level as specified by the standard python logging library, in int format. Default setting is logging.DEBUG.
smc_timeout
 no

Optional timeout for connections to the SMC. Can be set through environment SMC_TIMEOUT

Examples

- name: Create a VPN Profile
  generic_element:
    smc_logging:
      level: 10
      path: ansible-smc.log
    elements:
    - vpn_profile:
        name: MyVPNProfile
        comment: mycomment
        capabilities:
          aes256_for_ike: True
          aes256_for_ipsec: True
          dh_group_2_for_ike: True
          esp_for_ipsec: True
          ike_v2: True
          main_mode: True
          pre_shared_key_for_ike: True
          sa_per_net: True
          sha1_for_ike: True
          sha1_for_ipsec: True
          sha2_ike_hash_length: 256
          sha2_ipsec_hash_length: 256
          vpn_client_rsa_signature_for_ike: True
          vpn_client_sa_per_net: True

Return Values

Common return values are documented Return Values, the following are the fields unique to this module:

name description returned type sample
state
Full json definition of NGFW
 always list [{'action': 'none', 'name': 'MyVPNProfile', 'typeof': 'vpn_profile'}]
changed
Whether or not an element was changed
 always bool


Author

  • Forcepoint

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.