Last updated on: 2024-01-16 03:25:50.

bigip_sslo_service_swg – Manage an SSL Orchestrator SWG service

New in version 1.0.0.

Synopsis

  • Manage an SSL Orchestrator Secure Web Gateway service.

Parameters

Parameter Choices/Defaults Configuration Comments
access_profile
string
Specifies a custom SWG-Transparent access profile to apply to the SWG service.
During creation of a new SWG service, when the parameter is not specified, the configuration auto generates the access profile.
dump_json
boolean
    Choices:
  • no ←
  • yes
Sets the module to output a JSON blob for further consumption.
When true does not make any changes on the device and always returns changed=False.
The output provided is idempotent in nature, meaning if there are no changes to be made during MODIFY on an existing service, no JSON output is generated.
log_settings
list / elements=string
Specifies a custom log setting for the SWG service.
name
string / required
Specifies the name of the SWG service object.
The configuration auto-prepends ssloS_ to the object.
Names should be less than 14 characters and not contain dashes -.
named_scope
string
Required when profile_scope is named, and specifies a name string the authentication and SWG policies share to allow access to identity information.
This parameter is ignored when profile_scope is profile.
profile_scope
string
    Choices:
  • profile
  • named
Specifies the level of information sharing. When using named scope, an authentication access profile attached to the topology can share its user identity information with the SWG policy.
rules
list / elements=string
Specifies custom iRules to apply to the SWG service.
service_down_action
string
    Choices:
  • ignore
  • reset
  • drop
Specifies the action taken if the SWG service fails.
state
string
    Choices:
  • present ←
  • absent
When state is present, ensures the object is created or modified.
When state is absent, ensures the service is removed.
swg_policy
string
Specifies the name of the SWG per-request policy to attach to the service configuration.
This parameter is required when creating a new service.
swg_policy_type
string / required
    Choices:
  • standard
  • modern
The custom type of per-request policy attached to the SWG service configuration.
timeout
integer
Default:
300
The amount of time to wait for the CREATE, MODIFY or DELETE task to complete, in seconds.
The accepted value range is between 10 and 1800 seconds.

Notes

Note

  • Requires SSLO >= 9.0

Examples

- name: Create SSLO SWG service with defaults
  bigip_sslo_service_swg:
    name: "swg2"
    swg_policy: "/Common/test-swg"

- name: Modify SSLO SWG service
  bigip_sslo_service_swg:
    name: "swg2"
    profile_scope: "named"
    named_scope: "SSLO"
    access_profile: "/Common/test-access"
    log_settings:
      - "/Common/default-log-setting1"
      - "/Common/default-log-setting2"
    rules:
      - "/Common/test-rule"

- name: Delete SSLO SWG service
  bigip_sslo_service_swg:
    name: "swg2"
    state: "absent"

Return Values

The following are the fields unique to this module:

Key Returned Description
access_profile
string
changed
A custom SWG-Transparent access profile to apply to the SWG service.

Sample:
/Common/my-access-profile
log_settings
string
changed
The custom log setting for the SWG service.

Sample:
/Common/my-log-settings
named_scope
string
changed
The name string the authentication and SWG policies share to allow access to identity information.

Sample:
SSLO
profile_scope
string
changed
The the level of information sharing.

Sample:
named
rules
string
changed
The custom iRules to apply to the SWG service.

Sample:
/Common/my-swg-rule1
service_down_action
string
changed
The action taken if the SWG service fails.

Sample:
reset
swg_policy
string
changed
The name of the SWG per-request policy attached to the service configuration.

Sample:
/Common/my-swg-policy
swg_policy_type
string
changed
The name of the SWG per-request policy attached to the service configuration.

Sample:
/Common/my-swg-policy


Status

Authors

  • Wojciech Wypior (@wojtek0806)
  • Kevin Stewart (@kevingstewart)