Dre4m Shell
Server IP : 85.214.239.14  /  Your IP : 18.218.212.107
Web Server : Apache/2.4.62 (Debian)
System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64
User : www-data ( 33)
PHP Version : 7.4.18
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /usr/lib/python3/dist-packages/ansible_collections/cisco/ise/playbooks/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ HOME SHELL ]     

Current File : /usr/lib/python3/dist-packages/ansible_collections/cisco/ise/playbooks/playbookstest.yml
---
- hosts: ise_servers
  gather_facts: false
  vars:
    itemTest:
      name: "Cisco_Ansible_Test_09_12"
      accessType: "ACCESS_ACCEPT"
      description: "Test"
      authzProfileType: "SWITCH"
      vlan:
        nameID: "172_28_1_0-VN_IOT"
        tagID: 1
      trackMovement: false
      agentlessPosture: false
      serviceTemplate: false
      profileName: "Cisco"
  tasks:
  ## https://github.com/CiscoISE/ansible-ise/issues/72
  ## post 400
  # - name: Get all Network Access Authorization Rules
  #   cisco.ise.network_access_authorization_rules:
  #     state: present
  #     policyId: acd4b55d-dca3-4b93-a160-8a2d01669827
  #     rule:
  #       default: false
  #       #id: d9e67664-799d-4ad9-a407-8365117c18e5
  #       name: Ansible B TEST
  #       hitCounts: 0
  #       rank: 0
  #       state: enabled
  #       condition:
  #         conditionType: ConditionAndBlock
  #         isNegate: false
  #         children:
  #           - conditionType: ConditionReference
  #             isNegate: false
  #             name: Wireless_Access
  #             id: ff6008e0-5c35-48a3-9fab-e0e709983369
  #             # description: >-
  #             #   Default condition used to match any authentication request from Cisco
  #             #   Wireless LAN Controller.
  #           - conditionType: ConditionAttributes
  #             isNegate: false
  #             dictionaryName: IdentityGroup
  #             attributeName: Name
  #             operator: equals
  #             #dictionaryValue: null
  #             attributeValue: 'Endpoint Identity Groups:Blocked List'
  #     profile:
  #       - Blackhole_Wireless_Access
  #     #securityGroup: null
  #   register: result

  # - name: Get all Network Access Authorization Rules
  #   cisco.ise.network_access_authorization_rules_info:
  #     policyId: acd4b55d-dca3-4b93-a160-8a2d01669827
  #   register: result

  ## https://github.com/CiscoISE/ansible-ise/issues/74

  # - name: Create or update Authorization profile
  #   cisco.ise.authorization_profile:
  #     name: "{{  itemTest.name  }}"
  #     accessType: "{{  itemTest.accessType  }}"
  #     description:  "{{ itemTest.description  }}"
  #     authzProfileType:  "{{  itemTest.authzProfileType  }}"
  #     vlan:
  #       nameID: "{{  itemTest.vlan.nameID  }}"
  #       tagID:
  #         "{{itemTest.vlan.tagID|int}}"
  #     trackMovement:  "{{ itemTest.trackMovement  }}"
  #     agentlessPosture:  "{{ itemTest.agentlessPosture  }}"
  #     serviceTemplate:  "{{  itemTest.serviceTemplate  }}"
  #     profileName:  "{{  itemTest.profileName  }}"
  #   register: result
  
  # - name: Get all Authorization Profile
  #   cisco.ise.authorization_profile_info:
  #     name: Cisco_Temporal_Onboard
  #   register: result

  # - name: debug
  #   debug:
  #      msg: "{{ itemTest.vlan.tagID | int == 0 }}"

  # - name: debug
  #   debug:
  #      msg: |
  #        {{ item.vlanID | int }}
  #   loop:
  #     - { "vlanID": "1" }
  #     - { "vlanID": "2" }
  #     - { "vlanID": 2 }

  # - name: debug
  #   debug:
  #      var: |-
  #         {{ item.vlanID | int }}
  #   loop:
  #     - { "vlanID": 1 }
  #     - { "vlanID": "2" }

  ## https://github.com/CiscoISE/ansible-ise/issues/76
  ## Node group creation is not idempotent
  ## fatal: [localhost]: FAILED! => {"changed": false, "msg": "An error occured when executing operation. The error was: [409] - The request could not be processed because it conflicts with some established rule of the system.\n{\n  \"error\" : {\n    \"message\" : \"NodeGroup 'TestGroup1' already exist.\"\n  },\n  \"version\" : \"1.0.0\"\n}"}
  # - name: Create test node group.
  #   cisco.ise.node_group:
  #     state: present
  #     description: "Testing creation and idempotency"
  #     name: "TesAnsible76"
  #     nodeGroupName: "TesAnsible76"
  #     forceDelete: true
  #   register: result

  # - name: Get all Node Group
  #   cisco.ise.node_group_info:
  #     nodeGroupName: "NodeGroup2"
  #   register: result

  ##https://github.com/CiscoISE/ansible-ise/issues/79
  ## Cannot update
  # - name: Create or update an network_access_authentication_rules
  #   cisco.ise.network_access_authentication_rules:
  #     state: present
  #     rule:
  #       default: false
  #       name: TestAnsibleIssue79
  #       hitCounts: 00
  #       rank: 0
  #       state: enabled
  #       #id: b086e85e-6118-4b67-8efc-05d692423afb
  #       condition:
  #         conditionType: ConditionReference
  #         isNegate: false
  #         dictionaryName: Network Access
  #         attributeName: EapAuthentication
  #         operator: equals
  #         attributeValue: EAP-MSCHAPv2
  #         name: EAP-MSCHAPv2
  #         id: c456a490-0429-4fd4-91d7-efd1eb1f855a
  #     ifAuthFail: REJECT
  #     ifUserNotFound: REJECT
  #     ifProcessFail: DROP
  #     policyId: acd4b55d-dca3-4b93-a160-8a2d01669827
  #   register: result

  
  ##https://github.com/CiscoISE/ansible-ise/issues/77
  ## Get error
  ## node_group_node_info
  # - name: Get all Node Group Node
  #   cisco.ise.node_group_node_info:
  #     nodeGroupName: TesAnsible76
  #   register: result

  ##https://github.com/CiscoISE/ansible-ise/issues/81
  ## Unable to update Authorization Policies
  ##network_access_authorization_rules
  - name: CRUD
    cisco.ise.network_access_authorization_rules:
      state: present
      #state: absent
      rule:
        default: false
        name: TestAnsibleIssue81
        rank: 0
        state: enabled
        condition:
          conditionType: ConditionAttributes
          isNegate: false
          dictionaryName: IdentityGroup
          attributeName: Name
          operator: equals
          attributeValue: 'Endpoint Identity Groups:IAC_Lab1'
      profile:
        - Blackhole_Wireless_Access
      #securityGroup: BYOD
      policyId: acd4b55d-dca3-4b93-a160-8a2d01669827
    register: result

  - name: Print Authorization profile
    ansible.builtin.debug:
      var: result

Anon7 - 2022
AnonSec Team