cisco.dnac.compliance_policys_rules_conditions module -- Resource module for Compliance Policys Rules Conditions

Note

This module is part of the cisco.dnac collection (version 6.46.0).

To install it, use: ansible-galaxy collection install cisco.dnac. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cisco.dnac.compliance_policys_rules_conditions.

New in cisco.dnac 6.46.0

Synopsis

• Manage operations create, update and delete of the resource Compliance Policys Rules Conditions.

• This API operation creates a new condition within the specified compliance policy and rule.

• Deletes a specific condition within the specified compliance policy and rule.

• Updates an existing compliance condition within the specified compliance policy and rule.

Note

This module has a corresponding action plugin.

Requirements

The below requirements are needed on the host that executes this module.

• dnacentersdk >= 2.11.0

• python >= 3.12

Parameters

Parameter	Comments
action dictionary	Compliance Policys Rules Conditions's action.
doesNotMatchAction string	Action to take when the condition does not match. The choice of action influences whether a violation is logged and whether further conditions are evaluated. For detailed enum descriptions, refer to the `Features` tab.
doesNotMatchViolationMessage string	Specify the custom violation message to be used to report violations when the condition does not match and raises violation. This field is applicable and required when `doesNotMatchViolationMessageType` is `CUSTOM_MESSAGE`. Custom variables and automatically generated regular expression group variables can both be used in this field, similar to how they are used in the `value` field.
doesNotMatchViolationMessageType string	The type of message to display when the condition does not match and results in a violation. This provides context about the violation. This field is applicable and required when `doesNotMatchAction` is either `RAISE_VIOLATION_AND_CONTINUE` or `RAISE_VIOLATION_AND_STOP`. For detailed enum descriptions, refer to the `Features` tab.
doesNotMatchViolationSeverity string	The severity level of the violation when the condition does not match. This field is applicable and required when `doesNotMatchAction` is either `RAISE_VIOLATION_AND_CONTINUE` or `RAISE_VIOLATION_AND_STOP`.
matchAction string	Action to take when the condition matches. The choice of action influences whether a violation is logged and whether further conditions are evaluated. For detailed enum descriptions, refer to the `Features` tab.
matchViolationMessage string	Specify the custom violation message to be used to report violations when the condition matches and raises violation. This field is applicable and required when `matchViolationMessageType` is `CUSTOM_MESSAGE`. Custom variables and automatically generated regular expression group variables can both be used in this field, similar to how they are used in the `value` field.
matchViolationMessageType string	The type of message to display when the condition matches and results in a violation. This provides context about the violation. This field is applicable and required when `matchAction` is either `RAISE_VIOLATION_AND_CONTINUE` or `RAISE_VIOLATION_AND_STOP`. For detailed enum descriptions, refer to the `Features` tab.
matchViolationSeverity string	The severity level of the violation when the condition matches. This field is applicable and required when `matchAction` is either `RAISE_VIOLATION_AND_CONTINUE` or `RAISE_VIOLATION_AND_STOP`.
blockEndExpression string	The regular expression defining the end of a block. If not specified, block parsing will continue until new section starts in the configuration. This is applicable only when `parseAsBlocks` is set. This is an optional field. The value, when provided, must be a valid regular expression.
blockStartExpression string	The regular expression defining the start of a block. This is used to identify the beginning of relevant configuration sections. This is applicable and required only when `parseAsBlocks` is set. The value must be a valid regular expression.
blockViolationCriteria string	Criteria determining when a violation is raised based on block evaluation results. This allows for flexible compliance checks depending on whether a single failure or all failures should trigger a violation. For detailed enum descriptions, refer to the `Features` tab.
deviceProperty string	The specific device property to consider as source for the condition. For detailed enum descriptions, refer to the `Features` tab.
dnac_debug boolean	Flag for Cisco DNA Center SDK to enable debugging. Choices: :ansible-option-choices-entry-default:`false` ← (default) :ansible-option-choices-entry:`true`
dnac_host string / required	The Cisco DNA Center hostname.
dnac_password string	The Cisco DNA Center password to authenticate.
dnac_port integer	The Cisco DNA Center port. Default: :ansible-option-default:`443`
dnac_username aliases: user string	The Cisco DNA Center username to authenticate. Default: :ansible-option-default:`"admin"`
dnac_verify boolean	Flag to enable or disable SSL certificate verification. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry-default:`true` ← (default)
dnac_version string	Informs the SDK which version of Cisco DNA Center to use. Default: :ansible-option-default:`"3.1.6.0"`
id string	Id path parameter. The `id` of the condition.
operator string	The operation used to evaluate the condition. String, regular expression, and expressions required for the operator to work are provided in `value` attribute. For detailed enum descriptions, refer to the `Features` tab.
parseAsBlocks boolean	An optional param that indicates whether to parse the configuration as discrete blocks for evaluation. Useful for conditions that apply to specific sections of a configuration file. This is applicable for all condition scopes except `DEVICE_PROPERTIES`. When scope is `PREVIOUSLY_MATCHED_BLOCKS`, this helps extract sub-blocks or portion of the blocks. When this is set, `blockStartExpression` must be provided. Optionally, `blockEndExpression` can be provided to customise blocks further. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
policyId string	PolicyId path parameter. The `id` of the compliance policy.
regexViolationCriteria string	Criteria determining when a violation is raised based on regular expression evaluation results. This allows for flexible compliance checks depending on whether a single failure or all failures should trigger a violation. For detailed enum descriptions, refer to the `Features` tab.
ruleId string	RuleId path parameter. The `id` of the rule within the compliance policy.
scope string	The source of data for the evaluation of the condition. For detailed enum descriptions, refer to the `Features` tab.
showCommand string	The command executed on the device to retrieve output for evaluation. Pattern ^((S|s)(H|h)(O|o)(W|w))\s+.+$ — The string must start with `show` (case-insensitive), followed by at least one space, and then any sequence of characters. For detailed information on using `show` command, refer to the `Features` tab.
validate_response_schema boolean	Flag for Cisco DNA Center SDK to enable the validation of request bodies against a JSON schema. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry-default:`true` ← (default)
value string	The value or pattern used in the condition evaluation. Custom variables and automatically generated regular expression group variables can both be used in this field. For detailed information on using variables, refer to the `Features` tab.

Notes

Note

• SDK Method used are compliance.Compliance.create_a_new_condition, compliance.Compliance.delete_a_specific_condition, compliance.Compliance.update_an_existing_condition,

• Paths used are post /dna/intent/api/v1/compliancePolicys/{policyId}/rules/{ruleId}/conditions, delete /dna/intent/api/v1/compliancePolicys/{policyId}/rules/{ruleId}/conditions/{id}, put /dna/intent/api/v1/compliancePolicys/{policyId}/rules/{ruleId}/conditions/{id},

• Does not support check_mode

• The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco DNAC SDK

• The parameters starting with dnac_ are used by the Cisco DNAC Python SDK to establish the connection

See Also

See also

Cisco DNA Center documentation for Compliance CreateANewCondition

Complete reference of the CreateANewCondition API.

Cisco DNA Center documentation for Compliance DeleteASpecificCondition

Complete reference of the DeleteASpecificCondition API.

Cisco DNA Center documentation for Compliance UpdateAnExistingCondition

Complete reference of the UpdateAnExistingCondition API.

Examples

---
- name: Create
  cisco.dnac.compliance_policys_rules_conditions:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    state: present
    action:
      doesNotMatchAction: string
      doesNotMatchViolationMessage: string
      doesNotMatchViolationMessageType: string
      doesNotMatchViolationSeverity: string
      matchAction: string
      matchViolationMessage: string
      matchViolationMessageType: string
      matchViolationSeverity: string
    blockEndExpression: string
    blockStartExpression: string
    blockViolationCriteria: string
    deviceProperty: string
    operator: string
    parseAsBlocks: true
    policyId: string
    regexViolationCriteria: string
    ruleId: string
    scope: string
    showCommand: string
    value: string
- name: Delete by id
  cisco.dnac.compliance_policys_rules_conditions:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    state: absent
    id: string
    policyId: string
    ruleId: string
- name: Update by id
  cisco.dnac.compliance_policys_rules_conditions:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    state: present
    action:
      doesNotMatchAction: string
      doesNotMatchViolationMessage: string
      doesNotMatchViolationMessageType: string
      doesNotMatchViolationSeverity: string
      matchAction: string
      matchViolationMessage: string
      matchViolationMessageType: string
      matchViolationSeverity: string
    blockEndExpression: string
    blockStartExpression: string
    blockViolationCriteria: string
    deviceProperty: string
    id: string
    operator: string
    parseAsBlocks: true
    policyId: string
    regexViolationCriteria: string
    ruleId: string
    scope: string
    showCommand: string
    value: string

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
dnac_response dictionary	A dictionary or list with the response returned by the Cisco DNAC Python SDK Returned: always Sample: :ansible-rv-sample-value:`{"response": {"taskId": "string", "url": "string"}, "version": "string"}`

Authors

• Rafael Campos (@racampos)

Collection links

Issue Tracker Repository (Sources)