#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright (c) 2021, Cisco Systems
# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
DOCUMENTATION = r"""
module: device_administration_authorization_rules
short_description: Resource module for Device Administration Authorization Rules
description:
- Manage operations create, update and delete of the resource Device Administration Authorization Rules.
- Device Admin - Create authorization rule.
- Device Admin - Delete authorization rule.
- Device Admin - Update authorization rule.
version_added: '1.0.0'
extends_documentation_fragment:
- cisco.ise.module
author: Rafael Campos (@racampos)
options:
commands:
description: Command sets enforce the specified list of commands that can be executed by a device administrator.
elements: str
type: list
id:
description: Id path parameter. Rule id.
type: str
link:
description: Device Administration Authorization Rules's link.
suboptions:
href:
description: Device Administration Authorization Rules's href.
type: str
rel:
description: Device Administration Authorization Rules's rel.
type: str
type:
description: Device Administration Authorization Rules's type.
type: str
type: dict
policyId:
description: PolicyId path parameter. Policy id.
type: str
profile:
description: Device admin profiles control the initial login session of the device administrator.
type: str
rule:
description: Common attributes in rule authentication/authorization.
suboptions:
condition:
description: Device Administration Authorization Rules's condition.
suboptions:
attributeId:
description: Dictionary attribute id (Optional), used for additional verification.
type: str
attributeName:
description: Dictionary attribute name.
type: str
attributeValue:
description: - Attribute value for condition
- Value type is specified in dictionary object
- if multiple values
allowed is specified in dictionary object
.
type: str
children:
description: In case type is andBlock or orBlock addtional conditions will be aggregated under this logical (OR/AND) condition.
elements: dict
suboptions:
conditionType:
description: - Inidicates whether the record is the condition itself(data) or a logical(or,and) aggregation
- Data
type enum(reference,single) indicates than "conditonId" OR "ConditionAttrs" fields should contain condition data but not both
- Logical aggreation(and,or) enum indicates that additional conditions are present under the children field
.
type: str
isNegate:
description: Indicates whereas this condition is in negate mode.
type: bool
link:
description: Device Administration Authorization Rules's link.
suboptions:
href:
description: Device Administration Authorization Rules's href.
type: str
rel:
description: Device Administration Authorization Rules's rel.
type: str
type:
description: Device Administration Authorization Rules's type.
type: str
type: dict
type: list
conditionType:
description: - Inidicates whether the record is the condition itself(data) or a logical(or,and) aggregation
- Data type
enum(reference,single) indicates than "conditonId" OR "ConditionAttrs" fields should contain condition data but not both
- Logical
aggreation(and,or) enum indicates that additional conditions are present under the children field
.
type: str
datesRange:
description: Defines for which date/s TimeAndDate condition will be matched or NOT matched if used in exceptionDates prooperty
Options are - Date range, for specific date, the same date should be used for start/end date
Default - no specific dates
In order to reset the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, dd = day, yyyy = year)
.
suboptions:
endDate:
description: Device Administration Authorization Rules's endDate.
type: str
startDate:
description: Device Administration Authorization Rules's startDate.
type: str
type: dict
datesRangeException:
description: Defines for which date/s TimeAndDate condition will be matched or NOT matched if used in exceptionDates prooperty
Options are - Date range, for specific date, the same date should be used for start/end date
Default - no specific dates
In order to reset the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, dd = day, yyyy = year)
.
suboptions:
endDate:
description: Device Administration Authorization Rules's endDate.
type: str
startDate:
description: Device Administration Authorization Rules's startDate.
type: str
type: dict
description:
description: Condition description.
type: str
dictionaryName:
description: Dictionary name.
type: str
dictionaryValue:
description: Dictionary value.
type: str
hoursRange:
description: Defines for which hours a TimeAndDate condition will be matched or not matched if used in exceptionHours property
Time foramt - hh mm ( h = hour , mm = minutes )
Default - All Day
.
suboptions:
endTime:
description: Device Administration Authorization Rules's endTime.
type: str
startTime:
description: Device Administration Authorization Rules's startTime.
type: str
type: dict
hoursRangeException:
description: Defines for which hours a TimeAndDate condition will be matched or not matched if used in exceptionHours property
Time foramt - hh mm ( h = hour , mm = minutes )
Default - All Day
.
suboptions:
endTime:
description: Device Administration Authorization Rules's endTime.
type: str
startTime:
description: Device Administration Authorization Rules's startTime.
type: str
type: dict
id:
description: Device Administration Authorization Rules's id.
type: str
isNegate:
description: Indicates whereas this condition is in negate mode.
type: bool
link:
description: Device Administration Authorization Rules's link.
suboptions:
href:
description: Device Administration Authorization Rules's href.
type: str
rel:
description: Device Administration Authorization Rules's rel.
type: str
type:
description: Device Administration Authorization Rules's type.
type: str
type: dict
name:
description: Condition name.
type: str
operator:
description: Equality operator.
type: str
weekDays:
description: Defines for which days this condition will be matched
Days format - Arrays of WeekDay enums
Default - List
of All week days
.
elements: str
type: list
weekDaysException:
description: Defines for which days this condition will NOT be matched
Days format - Arrays of WeekDay enums
Default -
Not enabled
.
elements: str
type: list
type: dict
default:
description: Indicates if this rule is the default one.
type: bool
hitCounts:
description: The amount of times the rule was matched.
type: int
id:
description: The identifier of the rule.
type: str
name:
description: Rule name, Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses.
type: str
rank:
description: The rank(priority) in relation to other rules. Lower rank is higher priority.
type: int
state:
description: The state that the rule is in. A disabled rule cannot be matched.
type: str
type: dict
requirements:
- ciscoisesdk >= 2.2.3
- python >= 3.5
seealso:
- name: Cisco ISE documentation for Device Administration - Authorization Rules
description: Complete reference of the Device Administration - Authorization Rules API.
link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi
notes:
- SDK Method used are
device_administration_authorization_rules.DeviceAdministrationAuthorizationRules.create_device_admin_authorization_rule,
device_administration_authorization_rules.DeviceAdministrationAuthorizationRules.delete_device_admin_authorization_rule_by_id,
device_administration_authorization_rules.DeviceAdministrationAuthorizationRules.update_device_admin_authorization_rule_by_id,
- Paths used are
post /device-admin/policy-set/{policyId}/authorization,
delete /device-admin/policy-set/{policyId}/authorization/{id},
put /device-admin/policy-set/{policyId}/authorization/{id},
"""
EXAMPLES = r"""
- name: Create
cisco.ise.device_administration_authorization_rules:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: present
commands:
- string
link:
href: string
rel: string
type: string
policyId: string
profile: string
rule:
condition:
attributeId: string
attributeName: string
attributeValue: string
children:
- conditionType: string
isNegate: true
link:
href: string
rel: string
type: string
conditionType: string
datesRange:
endDate: string
startDate: string
datesRangeException:
endDate: string
startDate: string
description: string
dictionaryName: string
dictionaryValue: string
hoursRange:
endTime: string
startTime: string
hoursRangeException:
endTime: string
startTime: string
id: string
isNegate: true
link:
href: string
rel: string
type: string
name: string
operator: string
weekDays:
- string
weekDaysException:
- string
default: true
hitCounts: 0
id: string
name: string
rank: 0
state: string
- name: Update by id
cisco.ise.device_administration_authorization_rules:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: present
commands:
- string
id: string
link:
href: string
rel: string
type: string
policyId: string
profile: string
rule:
condition:
attributeId: string
attributeName: string
attributeValue: string
children:
- conditionType: string
isNegate: true
link:
href: string
rel: string
type: string
conditionType: string
datesRange:
endDate: string
startDate: string
datesRangeException:
endDate: string
startDate: string
description: string
dictionaryName: string
dictionaryValue: string
hoursRange:
endTime: string
startTime: string
hoursRangeException:
endTime: string
startTime: string
id: string
isNegate: true
link:
href: string
rel: string
type: string
name: string
operator: string
weekDays:
- string
weekDaysException:
- string
default: true
hitCounts: 0
id: string
name: string
rank: 0
state: string
- name: Delete by id
cisco.ise.device_administration_authorization_rules:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: absent
id: string
policyId: string
"""
RETURN = r"""
ise_response:
description: A dictionary or list with the response returned by the Cisco ISE Python SDK
returned: always
type: dict
sample: >
{
"commands": [
"string"
],
"link": {
"href": "string",
"rel": "string",
"type": "string"
},
"profile": "string",
"rule": {
"condition": {
"conditionType": "string",
"isNegate": true,
"link": {
"href": "string",
"rel": "string",
"type": "string"
},
"description": "string",
"id": "string",
"name": "string",
"attributeName": "string",
"attributeId": "string",
"attributeValue": "string",
"dictionaryName": "string",
"dictionaryValue": "string",
"operator": "string",
"children": [
{
"conditionType": "string",
"isNegate": true,
"link": {
"href": "string",
"rel": "string",
"type": "string"
}
}
],
"datesRange": {
"endDate": "string",
"startDate": "string"
},
"datesRangeException": {
"endDate": "string",
"startDate": "string"
},
"hoursRange": {
"endTime": "string",
"startTime": "string"
},
"hoursRangeException": {
"endTime": "string",
"startTime": "string"
},
"weekDays": [
"string"
],
"weekDaysException": [
"string"
]
},
"default": true,
"hitCounts": 0,
"id": "string",
"name": "string",
"rank": 0,
"state": "string"
}
}
ise_update_response:
description: A dictionary or list with the response returned by the Cisco ISE Python SDK
returned: always
version_added: '1.1.0'
type: dict
sample: >
{
"response": {
"commands": [
"string"
],
"link": {
"href": "string",
"rel": "string",
"type": "string"
},
"profile": "string",
"rule": {
"condition": {
"conditionType": "string",
"isNegate": true,
"link": {
"href": "string",
"rel": "string",
"type": "string"
},
"description": "string",
"id": "string",
"name": "string",
"attributeName": "string",
"attributeId": "string",
"attributeValue": "string",
"dictionaryName": "string",
"dictionaryValue": "string",
"operator": "string",
"children": [
{
"conditionType": "string",
"isNegate": true,
"link": {
"href": "string",
"rel": "string",
"type": "string"
}
}
],
"datesRange": {
"endDate": "string",
"startDate": "string"
},
"datesRangeException": {
"endDate": "string",
"startDate": "string"
},
"hoursRange": {
"endTime": "string",
"startTime": "string"
},
"hoursRangeException": {
"endTime": "string",
"startTime": "string"
},
"weekDays": [
"string"
],
"weekDaysException": [
"string"
]
},
"default": true,
"hitCounts": 0,
"id": "string",
"name": "string",
"rank": 0,
"state": "string"
}
},
"version": "string"
}
"""