endpoint_ztna_rules - ZTNA Rule Resource

Added in version 1.0.0.

Synopsis

ZTNA Rule Resource.

Use API “/resource-api/v2/endpoint/ztna-rules”.

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.17.0

Parameters

  • state The state of the module. "present" means create or update the resource, "absent" means delete the resource.type: strchoices: ['present', 'absent']default: present
  • force_behavior Specify this option to force the method to use to interact with the resource.type: strchoices: ['none', 'read', 'create', 'update', 'delete']default: none
  • bypass_validation Bypass validation of the module.type: booldefault: False
  • params The parameters of the module.[Required]type: dict
    • primary_key [Required]type: str
    • status type: strchoices: ['disable', 'enable']
    • tag type: dict
      • primary_key type: str
      • datasource type: str
    • comments type: str
    • rules type: listelements: dict
      • id type: int
      • os type: strchoices: ['android', 'ios', 'linux', 'macos', 'windows']
      • type type: strchoices: ['ad-groups', 'anti-virus', 'certificate', 'crowdstrike-zta-score', 'cve', 'ems-management', 'fct-version', 'file', 'ip-range', 'logged-in-domain', 'on-fabric-status', 'os-version', 'registry-key', 'running-process', 'sandbox-detection', 'security', 'security-status', 'user-identity', 'vulnerable-devices', 'windows-security']
      • service type: strchoices: ['Custom', 'Google', 'LinkedIn', 'Salesforce']
      • account type: str
      • match_type type: strchoices: ['regex', 'simple', 'wildcard']
      • subject type: str
      • issuer type: str
      • content type: strchoices: ['AV Signature is up-to-date', 'AV Software is installed and running', 'Application Guard is enabled', 'Automatic Updates are enabled', 'Biometrics Protected', 'Bitlocker Disk Encryption is enabled on OS disk', 'Bitlocker Disk Encryption is enabled on all disks', 'Critical', 'Exploit Guard is enabled', 'High or higher', 'Jail-broken', 'Low or higher', 'Medium or higher', 'Passcode Enabled', 'Windows Defender is enabled', 'Windows Firewall is enabled']
      • path type: str
      • negated type: bool
      • enable_latest_update_check type: bool
      • check_updates_within_days type: int
      • comparator type: strchoices: ['<', '<=', '=', '>', '>=']
      • condition type: dict
        • key type: str
        • is_dword type: bool
        • comparator type: strchoices: ['!=', '<', '<=', '=', '>', '>=']
        • value type: str
    • logic type: dict
      • windows type: raw
      • macos type: raw
      • linux type: raw
      • ios type: raw
      • android type: raw

Examples

- name: Ztna rule
  hosts: fortisase
  gather_facts: false
  vars:
    policy: "policy1"
    tag: "tag_example"
    rule_name: "rule_example"
  tasks:
    - name: Create a new endpoint profile, do nothing if the endpoint profile already exists
      fortinet.fortisase.endpoint_policies:
        state: present
        params:
          primary_key: "{{ policy }}"
          enabled: true
    - name: Create/Update ztna tag, do nothing if the ztna tag already exists
      fortinet.fortisase.endpoint_ztna_tags:
        state: present
        params:
          primary_key: "{{ tag }}"
          name: "{{ tag }}"
    - name: Create/Update ztna rule
      fortinet.fortisase.endpoint_ztna_rules:
        state: present
        params:
          primary_key: "{{ rule_name }}"
          status: "enable" # "enable" or "disable"
          tag:
            primary_key: "{{ tag }}"
            datasource: "endpoint/ztna-tags"
          comments: "example comment"
          rules:
            - os: "windows" # "windows", "macos", "linux", "ios", "android"
              type: "anti-virus"
              content: "AV Software is installed and running"
    - name: Delete ztna rule
      fortinet.fortisase.endpoint_ztna_rules:
        state: absent
        params:
          primary_key: "{{ rule_name }}"

Return Values

  • http_code type: intreturned: always
  • response type: rawreturned: always

Authors

  • Xinwei Du (@dux-fortinet)