endpoint_ztna_rules - ZTNA Rule Resource
++++++++++++++++++++++++++++++++++++++++
.. versionadded:: 1.0.0
.. contents::
:local:
:depth: 1
Synopsis
--------
ZTNA Rule Resource.
Use API "/resource-api/v2/endpoint/ztna-rules".
Requirements
------------
The below requirements are needed on the host that executes this module.
- ansible>=2.17.0
Parameters
----------
.. raw:: html
- state The state of the module. "present" means create or update the resource, "absent" means delete the resource.type: strchoices: ['present', 'absent']default: present
- force_behavior Specify this option to force the method to use to interact with the resource.type: strchoices: ['none', 'read', 'create', 'update', 'delete']default: none
- bypass_validation Bypass validation of the module.type: booldefault: False
- params The parameters of the module.[Required]type: dict
- primary_key [Required]type: str
- status type: strchoices: ['disable', 'enable']
- tag type: dict
- primary_key type: str
- datasource type: str
- comments type: str
- rules type: listelements: dict
- id type: int
- os type: strchoices: ['android', 'ios', 'linux', 'macos', 'windows']
- type type: strchoices: ['ad-groups', 'anti-virus', 'certificate', 'crowdstrike-zta-score', 'cve', 'ems-management', 'fct-version', 'file', 'ip-range', 'logged-in-domain', 'on-fabric-status', 'os-version', 'registry-key', 'running-process', 'sandbox-detection', 'security', 'security-status', 'user-identity', 'vulnerable-devices', 'windows-security']
- service type: strchoices: ['Custom', 'Google', 'LinkedIn', 'Salesforce']
- account type: str
- match_type type: strchoices: ['regex', 'simple', 'wildcard']
- subject type: str
- issuer type: str
- content type: strchoices: ['AV Signature is up-to-date', 'AV Software is installed and running', 'Application Guard is enabled', 'Automatic Updates are enabled', 'Biometrics Protected', 'Bitlocker Disk Encryption is enabled on OS disk', 'Bitlocker Disk Encryption is enabled on all disks', 'Critical', 'Exploit Guard is enabled', 'High or higher', 'Jail-broken', 'Low or higher', 'Medium or higher', 'Passcode Enabled', 'Windows Defender is enabled', 'Windows Firewall is enabled']
- path type: str
- negated type: bool
- enable_latest_update_check type: bool
- check_updates_within_days type: int
- comparator type: strchoices: ['<', '<=', '=', '>', '>=']
- condition type: dict
- key type: str
- is_dword type: bool
- comparator type: strchoices: ['!=', '<', '<=', '=', '>', '>=']
- value type: str
- logic type: dict
- windows type: raw
- macos type: raw
- linux type: raw
- ios type: raw
- android type: raw
Examples
-------------
.. code-block:: yaml
- name: Ztna rule
hosts: fortisase
gather_facts: false
vars:
policy: "policy1"
tag: "tag_example"
rule_name: "rule_example"
tasks:
- name: Create a new endpoint profile, do nothing if the endpoint profile already exists
fortinet.fortisase.endpoint_policies:
state: present
params:
primary_key: "{{ policy }}"
enabled: true
- name: Create/Update ztna tag, do nothing if the ztna tag already exists
fortinet.fortisase.endpoint_ztna_tags:
state: present
params:
primary_key: "{{ tag }}"
name: "{{ tag }}"
- name: Create/Update ztna rule
fortinet.fortisase.endpoint_ztna_rules:
state: present
params:
primary_key: "{{ rule_name }}"
status: "enable" # "enable" or "disable"
tag:
primary_key: "{{ tag }}"
datasource: "endpoint/ztna-tags"
comments: "example comment"
rules:
- os: "windows" # "windows", "macos", "linux", "ios", "android"
type: "anti-virus"
content: "AV Software is installed and running"
- name: Delete ztna rule
fortinet.fortisase.endpoint_ztna_rules:
state: absent
params:
primary_key: "{{ rule_name }}"
Return Values
-------------
.. raw:: html
- http_code type: intreturned: always
- response type: rawreturned: always
Authors
-------
- Xinwei Du (@dux-fortinet)