Try SpotterGet security group facts
| "added in version" 0.1.2 of azure.azcollection"
Authors: Chris Houseknecht (@chouseknecht), Matt Davis (@nitzmahone)
Install with ansible-galaxy collection install azure.azcollection:==2.3.0
collections:
- name: azure.azcollection
version: 2.3.0Get facts for a specific security group or all security groups within a resource group.
- name: Get facts for one security group
azure_rm_securitygroup_info:
resource_group: myResourceGroup
name: secgroup001
- name: Get facts for all security groups
azure_rm_securitygroup_info:
resource_group: myResourceGroup
name:
description:
- Only show results for a specific security group.
type: str
tags:
description:
- Limit results by providing a list of tags. Format tags as 'key' or 'key:value'.
elements: str
type: list
secret:
description:
- Azure client secret. Use when authenticating with a Service Principal.
type: str
tenant:
description:
- Azure tenant ID. Use when authenticating with a Service Principal.
type: str
ad_user:
description:
- Active Directory username. Use when authenticating with an Active Directory user
rather than service principal.
type: str
profile:
description:
- Security profile found in ~/.azure/credentials file.
type: str
log_mode:
description:
- Parent argument.
type: str
log_path:
description:
- Parent argument.
type: str
password:
description:
- Active Directory user password. Use when authenticating with an Active Directory
user rather than service principal.
type: str
client_id:
description:
- Azure client ID. Use when authenticating with a Service Principal or Managed Identity
(msi).
- Can also be set via the C(AZURE_CLIENT_ID) environment variable.
type: str
thumbprint:
description:
- The thumbprint of the private key specified in I(x509_certificate_path).
- Use when authenticating with a Service Principal.
- Required if I(x509_certificate_path) is defined.
type: str
version_added: 1.14.0
version_added_collection: azure.azcollection
api_profile:
default: latest
description:
- Selects an API profile to use when communicating with Azure services. Default value
of C(latest) is appropriate for public clouds; future values will allow use with
Azure Stack.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
auth_source:
choices:
- auto
- cli
- credential_file
- env
- msi
default: auto
description:
- Controls the source of the credentials to use for authentication.
- Can also be set via the C(ANSIBLE_AZURE_AUTH_SOURCE) environment variable.
- When set to C(auto) (the default) the precedence is module parameters -> C(env)
-> C(credential_file) -> C(cli).
- When set to C(env), the credentials will be read from the environment variables
- When set to C(credential_file), it will read the profile from C(~/.azure/credentials).
- When set to C(cli), the credentials will be sources from the Azure CLI profile.
C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID) can be used
to identify the subscription ID if more than one is present otherwise the default
az cli subscription is used.
- When set to C(msi), the host machine must be an azure resource with an enabled MSI
extension. C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID)
can be used to identify the subscription ID if the resource is granted access to
more than one subscription, otherwise the first subscription is chosen.
- The C(msi) was added in Ansible 2.6.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
resource_group:
description:
- Name of the resource group to use.
required: true
type: str
subscription_id:
description:
- Your Azure subscription Id.
type: str
cloud_environment:
default: AzureCloud
description:
- For cloud environments other than the US public cloud, the environment name (as
defined by Azure Python SDK, eg, C(AzureChinaCloud), C(AzureUSGovernment)), or a
metadata discovery endpoint URL (required for Azure Stack). Can also be set via
credential file profile or the C(AZURE_CLOUD_ENVIRONMENT) environment variable.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
adfs_authority_url:
description:
- Azure AD authority url. Use when authenticating with Username/password, and has
your own ADFS authority.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
cert_validation_mode:
choices:
- ignore
- validate
description:
- Controls the certificate validation behavior for Azure endpoints. By default, all
modules will validate the server certificate, but when an HTTPS proxy is in use,
or against Azure Stack, it may be necessary to disable this behavior by passing
C(ignore). Can also be set via credential file profile or the C(AZURE_CERT_VALIDATION)
environment variable.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
x509_certificate_path:
description:
- Path to the X509 certificate used to create the service principal in PEM format.
- The certificate must be appended to the private key.
- Use when authenticating with a Service Principal.
type: path
version_added: 1.14.0
version_added_collection: azure.azcollection
disable_instance_discovery:
default: false
description:
- Determines whether or not instance discovery is performed when attempting to authenticate.
Setting this to true will completely disable both instance discovery and authority
validation. This functionality is intended for use in scenarios where the metadata
endpoint cannot be reached such as in private clouds or Azure Stack. The process
of instance discovery entails retrieving authority metadata from https://login.microsoft.com/
to validate the authority. By setting this to **True**, the validation of the authority
is disabled. As a result, it is crucial to ensure that the configured authority
host is valid and trustworthy.
- Set via credential file profile or the C(AZURE_DISABLE_INSTANCE_DISCOVERY) environment
variable.
type: bool
version_added: 2.3.0
version_added_collection: azure.azcollection
securitygroups:
contains:
default_rules:
description:
- The default security rules of network security group.
returned: always
sample:
- access: Allow
description: Allow inbound traffic from all VMs in VNET
destination_address_prefix: VirtualNetwork
destination_port_range: '*'
direction: Inbound
etag: W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"
id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowVnetInBound
name: AllowVnetInBound
priority: 65000
protocol: '*'
provisioning_state: Succeeded
source_address_prefix: VirtualNetwork
source_port_range: '*'
- access: Allow
description: Allow inbound traffic from azure load balancer
destination_address_prefix: '*'
destination_port_range: '*'
direction: Inbound
etag: W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"
id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowAzureLoadBalancerInBound
name: AllowAzureLoadBalancerInBound
priority: 65001
protocol: '*'
provisioning_state: Succeeded
source_address_prefix: AzureLoadBalancer
source_port_range: '*'
- access: Deny
description: Deny all inbound traffic
destination_address_prefix: '*'
destination_port_range: '*'
direction: Inbound
etag: W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"
id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/DenyAllInBound
name: DenyAllInBound
priority: 65500
protocol: '*'
provisioning_state: Succeeded
source_address_prefix: '*'
source_port_range: '*'
- access: Allow
description: Allow outbound traffic from all VMs to all VMs in VNET
destination_address_prefix: VirtualNetwork
destination_port_range: '*'
direction: Outbound
etag: W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"
id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowVnetOutBound
name: AllowVnetOutBound
priority: 65000
protocol: '*'
provisioning_state: Succeeded
source_address_prefix: VirtualNetwork
source_port_range: '*'
- access: Allow
description: Allow outbound traffic from all VMs to Internet
destination_address_prefix: Internet
destination_port_range: '*'
direction: Outbound
etag: W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"
id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowInternetOutBound
name: AllowInternetOutBound
priority: 65001
protocol: '*'
provisioning_state: Succeeded
source_address_prefix: '*'
source_port_range: '*'
- access: Deny
description: Deny all outbound traffic
destination_address_prefix: '*'
destination_port_range: '*'
direction: Outbound
etag: W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"
id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/DenyAllOutBound
name: DenyAllOutBound
priority: 65500
protocol: '*'
provisioning_state: Succeeded
source_address_prefix: '*'
source_port_range: '*'
type: list
etag:
description:
- A unique read-only string that changes whenever the resource is updated.
returned: always
sample: W/"d036f4d7-d977-429a-a8c6-879bc2523399"
type: str
id:
description:
- Resource ID.
returned: always
sample: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001
type: str
location:
description:
- Resource location.
returned: always
sample: eastus2
type: str
name:
description:
- Resource name.
returned: always
sample: secgroup001
type: str
network_interfaces:
description:
- A collection of references to network interfaces.
returned: always
sample: []
type: list
rules:
description:
- A collection of security rules of the network security group.
returned: always
sample:
- access: Deny
description: null
destination_address_prefix: '*'
destination_port_range: '22'
direction: Inbound
etag: W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"
id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/securityRules/DenySSH
name: DenySSH
priority: 100
protocol: Tcp
provisioning_state: Succeeded
source_address_prefix: '*'
source_port_range: '*'
- access: Allow
description: null
destination_address_prefix: '*'
destination_port_range: '22'
direction: Inbound
etag: W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"
id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/securityRules/AllowSSH
name: AllowSSH
priority: 101
protocol: Tcp
provisioning_state: Succeeded
source_address_prefix: 174.109.158.0/24
source_port_range: '*'
type: list
subnets:
description:
- A collection of references to subnets.
returned: always
sample: []
type: list
tags:
description:
- Tags to assign to the security group.
returned: always
sample:
tag: value
type: dict
type:
description:
- Type of the resource.
returned: always
sample: Microsoft.Network/networkSecurityGroups
type: str
description:
- List containing security group dicts.
returned: always
type: complex