Index Configuration Object
The Palo Alto Networks Strata Cloud Manager Ansible Collection provides a comprehensive set of modules for managing SCM configuration objects. These modules enable you to automate the creation, modification, and deletion of various network and security components.
Module Categories
The modules are organized into these categories:
Network Objects
These modules manage the fundamental building blocks of your network security policy:
| Module | Description | Info Module |
|---|---|---|
| address | Manage address objects | address_info |
| address_group | Manage address groups | address_group_info |
| application | Manage applications | application_info |
| application_group | Manage application groups | application_group_info |
| dynamic_user_group | Manage dynamic user groups | dynamic_user_group_info |
| external_dynamic_lists | Manage external dynamic lists | external_dynamic_lists_info |
| hip_object | Manage HIP objects | hip_object_info |
| hip_profile | Manage HIP profiles | hip_profile_info |
| service | Manage service objects | service_info |
| service_group | Manage service groups | service_group_info |
| tag | Manage tag objects | tag_info |
| http_server_profiles | Manage HTTP server profiles | http_server_profiles_info |
| log_forwarding_profile | Manage log forwarding profiles | log_forwarding_profile_info |
| quarantined_devices | Manage quarantined devices | quarantined_devices_info |
| region | Manage geographic region objects | region_info |
| syslog_server_profiles | Manage syslog server profiles | syslog_server_profiles_info |
Network Configuration
These modules configure the network infrastructure and connectivity:
| Module | Description | Info Module |
|---|---|---|
| security_zone | Manage security zones | |
| ike_crypto_profile | Manage IKE crypto profiles | ike_crypto_profile_info |
| ike_gateway | Manage IKE gateways | |
| ipsec_crypto_profile | Manage IPsec crypto profiles | |
| ipsec_tunnel | Manage IPsec tunnels | |
| bgp_routing | Manage BGP routing configuration | bgp_routing_info |
Deployment
These modules manage deployment-related configurations:
| Module | Description | Info Module |
|---|---|---|
| agent_versions | Manage agent versions | agent_versions_info |
| bandwidth_allocations | Manage bandwidth allocations | bandwidth_allocations_info |
| internal_dns_servers | Manage internal DNS servers | internal_dns_servers_info |
| remote_networks | Manage remote networks | remote_networks_info |
| network_locations | Manage network locations | |
| service_connections | Manage service connections | service_connections_info |
Security Services
These modules configure security policies and profiles:
| Module | Description | Info Module |
|---|---|---|
| security_rule | Manage security rules | security_rule_info |
| anti_spyware_profile | Manage anti-spyware profiles | anti_spyware_profile_info |
| decryption_profile | Manage decryption profiles | decryption_profile_info |
| dns_security_profile | Manage DNS security profiles | dns_security_profile_info |
| security_profiles_group | Manage security profile groups | security_profiles_group_info |
| url_categories | Manage URL categories | url_categories_info |
| vulnerability_protection_profile | Manage vulnerability protection profiles | vulnerability_protection_profile_info |
| wildfire_antivirus_profiles | Manage WildFire antivirus profiles | wildfire_antivirus_profiles_info |
Common Module Parameters
All modules share the following common parameters:
Provider
The provider parameter is required for all modules and contains SCM authentication credentials:
provider:
client_id: "your_client_id"
client_secret: "your_client_secret"
tsg_id: "your_tsg_id"
log_level: "INFO" # Optional, defaults to INFO
State
Most modules support the following state parameters:
present: Ensures the resource exists with the specified configurationabsent: Ensures the resource does not exist
Location Parameters
Most modules require exactly one of the following location parameters:
folder: The folder where the resource is storedsnippet: The configuration snippet for the resourcedevice: The device where the resource is defined
Information Modules
Information modules retrieve data without making changes:
- They follow the naming pattern
<resource>_info(e.g.,address_info) - They support filters to narrow down results
- They return lists of matching objects or detailed information about specific objects
Return Values
Most modules return these common values:
| Name | Description | Type | Sample |
|---|---|---|---|
changed |
Whether changes were made | boolean | true |
scm_object |
The SCM object details | dictionary | {"id": "123", "name": "test-address"} |
Using Check Mode
All modules support Ansible's check mode. When run with --check, the module will report what
changes would be made without actually making them: