security_internal_policies - Internal Policy Resource
+++++++++++++++++++++++++++++++++++++++++++++++++++++
.. versionadded:: 1.0.0
.. contents::
:local:
:depth: 1
Synopsis
--------
Internal Policy Resource.
Use API "/resource-api/v2/security/internal-policies".
Requirements
------------
The below requirements are needed on the host that executes this module.
- ansible>=2.17.0
Parameters
----------
.. raw:: html
- state The state of the module. "present" means create or update the resource, "absent" means delete the resource.type: strchoices: ['present', 'absent']default: present
- force_behavior Specify this option to force the method to use to interact with the resource.type: strchoices: ['none', 'read', 'create', 'update', 'delete']default: none
- bypass_validation Bypass validation of the module.type: booldefault: False
- params The parameters of the module.[Required]type: dict
- primary_key [Required]type: str
- enabled type: bool
- scope type: strchoices: ['all', 'specify', 'thin-edge', 'vpn-user']
- users type: listelements: dict
- primary_key type: str
- datasource type: strchoices: ['auth/user-groups', 'auth/users']
- destinations type: listelements: dict
- primary_key type: str
- datasource type: strchoices: ['network/host-groups', 'network/hosts', 'security/ip-threat-feeds']
- services type: listelements: dict
- primary_key type: str
- datasource type: strchoices: ['security/service-groups', 'security/services']
- action type: strchoices: ['accept', 'deny']
- schedule type: dict
- primary_key type: str
- datasource type: strchoices: ['security/onetime-schedules', 'security/recurring-schedules', 'security/schedule-groups']
- comments type: str
- profile_group type: dict
- group type: dict
- primary_key type: str
- datasource type: str
- force_cert_inspection type: bool
- log_traffic type: strchoices: ['all', 'disable', 'utm']
- sources type: listelements: dict
- primary_key type: str
- datasource type: strchoices: ['endpoint/ztna-tags', 'infra/extenders', 'infra/fortigates', 'infra/ssids', 'network/host-groups', 'network/hosts', 'security/ip-threat-feeds']
- captive_portal_exempt type: bool
Examples
-------------
.. code-block:: yaml
- name: Security internal policies
hosts: fortisase
gather_facts: false
vars:
primary_key: "saas_app_ansible2"
tasks:
- name: Create/Update security internal policies
fortinet.fortisase.security_internal_policies:
state: present
params:
primary_key: "{{ primary_key }}"
enabled: true
scope: "vpn-user"
users:
- primary_key: "gui_test"
datasource: "auth/user-groups"
destinations:
- primary_key: "gui_test"
datasource: "network/hosts"
action: "deny"
log_traffic: "all"
profile_group:
group:
primary_key: "internal"
datasource: "security/profile-groups"
force_cert_inspection: false
sources:
- primary_key: "gui_test"
datasource: "endpoint/ztna-tags"
schedule:
primary_key: "always"
datasource: "security/recurring-schedules"
comments: "Secure SaaS Access Policy"
services:
- primary_key: "ALL_TCP"
datasource: "security/services"
- name: Delete security internal policies
fortinet.fortisase.security_internal_policies:
state: absent
params:
primary_key: "{{ primary_key }}"
Return Values
-------------
.. raw:: html
- http_code type: intreturned: always
- response type: rawreturned: always
Authors
-------
- Xinwei Du (@dux-fortinet)