aci_contract_subject - Manage initial Contract Subjects (vz:Subj)¶

New in version 2.4.

Synopsis
Parameters
Notes
Examples
Return Values
Status
Maintenance
- Author

Synopsis ¶

Manage initial Contract Subjects on Cisco ACI fabrics.

Parameters ¶

Parameter	Choices/Defaults	Comments
certificate_name		The X.509 certificate name attached to the APIC AAA user used for signature-based authentication. It defaults to the `private_key` basename, without extension. aliases: cert_name
consumer_match	Choices: all at_least_one at_most_one none	The match criteria across consumers. The APIC defaults to `at_least_one` when unset during creation.
contract		The name of the Contract. aliases: contract_name
description		Description for the contract subject. aliases: descr
dscp	Choices: AF11 AF12 AF13 AF21 AF22 AF23 AF31 AF32 AF33 AF41 AF42 AF43 CS0 CS1 CS2 CS3 CS4 CS5 CS6 CS7 EF VA unspecified	The target DSCP. The APIC defaults to `unspecified` when unset during creation. aliases: target
host required		IP Address or hostname of APIC resolvable by Ansible control host. aliases: hostname
output_level	Choices: debug info normal ←	Influence the output of this ACI module. `normal` means the standard output, incl. `current` dict `info` adds informational output, incl. `previous`, `proposed` and `sent` dicts `debug` adds debugging output, incl. `filter_string`, `method`, `response`, `status` and `url` information
password required		The password to use for authentication. This option is mutual exclusive with `private_key`. If `private_key` is provided too, it will be used instead.
port		Port number to be used for REST connection. The default value depends on parameter `use_ssl`.
priority	Choices: level1 level2 level3 unspecified	The QoS class. The APIC defaults to `unspecified` when unset during creation.
private_key required		PEM formatted file that contains your private key to be used for signature-based authentication. The name of the key (without extension) is used as the certificate name in ACI, unless `certificate_name` is specified. This option is mutual exclusive with `password`. If `password` is provided too, it will be ignored. aliases: cert_key
provider_match	Choices: all at_least_one at_most_one none	The match criteria across providers. The APIC defaults to `at_least_one` when unset during creation.
reverse_filter bool	Choices: no yes	Determines if the APIC should reverse the src and dst ports to allow the return traffic back, since ACI is stateless filter. The APIC defaults to `yes` when unset during creation.
state	Choices: absent present ← query	Use `present` or `absent` for adding or removing. Use `query` for listing an object or multiple objects.
subject		The contract subject name. aliases: contract_subject, name, subject_name
tenant		The name of the tenant. aliases: tenant_name
timeout int	Default: 30	The socket level timeout in seconds.
use_proxy bool	Choices: no yes ←	If `no`, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
use_ssl bool	Choices: no yes ←	If `no`, an HTTP connection will be used instead of the default HTTPS connection.
username	Default: admin	The username to use for authentication. aliases: user
validate_certs bool	Choices: no yes ←	If `no`, SSL certificates will not be validated. This should only set to `no` when used on personally controlled sites using self-signed certificates.

Notes ¶

Note

The tenant and contract used must exist before using this module in your playbook.
The aci_tenant and aci_contract modules can be used for this.
More information about the internal APIC class vz:Subj from the APIC Management Information Model reference.
Please read the Cisco ACI Guide for more detailed information on how to manage your ACI infrastructure using Ansible.

Examples ¶

- name: Add a new contract subject
  aci_contract_subject:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    contract: web_to_db
    subject: default
    description: test
    reverse_filter: yes
    priority: level1
    dscp: unspecified
    state: present
  register: query_result

- name: Remove a contract subject
  aci_contract_subject:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    contract: web_to_db
    subject: default
    state: absent
  delegate_to: localhost

- name: Query a contract subject
  aci_contract_subject:
    host: apic
    username: admin
    password: SomeSecretPassword
    tenant: production
    contract: web_to_db
    subject: default
    state: query
  delegate_to: localhost
  register: query_result

- name: Query all contract subjects
  aci_contract_subject:
    host: apic
    username: admin
    password: SomeSecretPassword
    state: query
  delegate_to: localhost
  register: query_result

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
current list	success	The existing configuration from the APIC after the module has finished Sample: [{'fvTenant': {'attributes': {'dn': 'uni/tn-production', 'ownerKey': '', 'name': 'production', 'descr': 'Production environment', 'nameAlias': '', 'ownerTag': ''}}}]
error dict	failure	The error information as returned from the APIC Sample: {'text': 'unknown managed object class foo', 'code': '122'}
filter_string string	failure or debug	The filter string used for the request Sample: ?rsp-prop-include=config-only
method string	failure or debug	The HTTP method used for the request to the APIC Sample: POST
previous list	info	The original configuration from the APIC before the module has started Sample: [{'fvTenant': {'attributes': {'dn': 'uni/tn-production', 'ownerKey': '', 'name': 'production', 'descr': 'Production', 'nameAlias': '', 'ownerTag': ''}}}]
proposed dict	info	The assembled configuration from the user-provided parameters Sample: {'fvTenant': {'attributes': {'name': 'production', 'descr': 'Production environment'}}}
raw string	parse error	The raw output returned by the APIC REST API (xml or json) Sample: <?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>
response string	failure or debug	The HTTP response from the APIC Sample: OK (30 bytes)
sent list	info	The actual/minimal configuration pushed to the APIC Sample: {'fvTenant': {'attributes': {'descr': 'Production environment'}}}
status int	failure or debug	The HTTP status from the APIC Sample: 200
url string	failure or debug	The HTTP url used for the request to the APIC Sample: https://10.11.12.13/api/mo/uni/tn-production.json

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance ¶

This module is flagged as certified which means that it is maintained by an Ansible Partner. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by an Ansible Partner, see here.

Author ¶

Swetha Chunduri (@schunduri)

Hint

If you notice any issues in this documentation you can edit this document to improve it.