Try SpotterGet security group facts
Authors: Chris Houseknecht (@chouseknecht), Matt Davis (@nitzmahone)
preview | supported by community
Install with ansible-galaxy collection install community.azure:==1.0.0
collections:
- name: community.azure
version: 1.0.0Get facts for a specific security group or all security groups within a resource group.
- name: Get facts for one security group
community.azure.azure_rm_securitygroup_info:
resource_group: myResourceGroup
name: secgroup001
- name: Get facts for all security groups
community.azure.azure_rm_securitygroup_info:
resource_group: myResourceGroup
name:
description:
- Only show results for a specific security group.
tags:
description:
- Limit results by providing a list of tags. Format tags as 'key' or 'key:value'.
secret:
description:
- Azure client secret. Use when authenticating with a Service Principal.
type: str
tenant:
description:
- Azure tenant ID. Use when authenticating with a Service Principal.
type: str
ad_user:
description:
- Active Directory username. Use when authenticating with an Active Directory user
rather than service principal.
type: str
profile:
description:
- Security profile found in ~/.azure/credentials file.
type: str
log_mode:
description:
- Parent argument.
type: str
log_path:
description:
- Parent argument.
type: str
password:
description:
- Active Directory user password. Use when authenticating with an Active Directory
user rather than service principal.
type: str
client_id:
description:
- Azure client ID. Use when authenticating with a Service Principal.
type: str
thumbprint:
description:
- The thumbprint of the private key specified in I(x509_certificate_path).
- Use when authenticating with a Service Principal.
- Required if I(x509_certificate_path) is defined.
type: str
version_added: 1.14.0
version_added_collection: azure.azcollection
api_profile:
default: latest
description:
- Selects an API profile to use when communicating with Azure services. Default value
of C(latest) is appropriate for public clouds; future values will allow use with
Azure Stack.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
auth_source:
choices:
- auto
- cli
- credential_file
- env
- msi
default: auto
description:
- Controls the source of the credentials to use for authentication.
- Can also be set via the C(ANSIBLE_AZURE_AUTH_SOURCE) environment variable.
- When set to C(auto) (the default) the precedence is module parameters -> C(env)
-> C(credential_file) -> C(cli).
- When set to C(env), the credentials will be read from the environment variables
- When set to C(credential_file), it will read the profile from C(~/.azure/credentials).
- When set to C(cli), the credentials will be sources from the Azure CLI profile.
C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID) can be used
to identify the subscription ID if more than one is present otherwise the default
az cli subscription is used.
- When set to C(msi), the host machine must be an azure resource with an enabled MSI
extension. C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID)
can be used to identify the subscription ID if the resource is granted access to
more than one subscription, otherwise the first subscription is chosen.
- The C(msi) was added in Ansible 2.6.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
resource_group:
description:
- Name of the resource group to use.
required: true
subscription_id:
description:
- Your Azure subscription Id.
type: str
cloud_environment:
default: AzureCloud
description:
- For cloud environments other than the US public cloud, the environment name (as
defined by Azure Python SDK, eg, C(AzureChinaCloud), C(AzureUSGovernment)), or a
metadata discovery endpoint URL (required for Azure Stack). Can also be set via
credential file profile or the C(AZURE_CLOUD_ENVIRONMENT) environment variable.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
adfs_authority_url:
description:
- Azure AD authority url. Use when authenticating with Username/password, and has
your own ADFS authority.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
cert_validation_mode:
choices:
- ignore
- validate
description:
- Controls the certificate validation behavior for Azure endpoints. By default, all
modules will validate the server certificate, but when an HTTPS proxy is in use,
or against Azure Stack, it may be necessary to disable this behavior by passing
C(ignore). Can also be set via credential file profile or the C(AZURE_CERT_VALIDATION)
environment variable.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
x509_certificate_path:
description:
- Path to the X509 certificate used to create the service principal in PEM format.
- The certificate must be appended to the private key.
- Use when authenticating with a Service Principal.
type: path
version_added: 1.14.0
version_added_collection: azure.azcollection
securitygroups:
contains:
etag:
description:
- A unique read-only string that changes whenever the resource is updated.
returned: always
sample: W/"d036f4d7-d977-429a-a8c6-879bc2523399"
type: str
id:
description:
- Resource ID.
returned: always
sample: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001
type: str
location:
description:
- Resource location.
returned: always
sample: eastus2
type: str
name:
description:
- Resource name.
returned: always
sample: secgroup001
type: str
properties:
description:
- List of security group's properties.
returned: always
sample:
defaultSecurityRules:
- etag: W/"d036f4d7-d977-429a-a8c6-879bc2523399"
id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowVnetInBound
name: AllowVnetInBound
properties:
access: Allow
description: Allow inbound traffic from all VMs in VNET
destinationAddressPrefix: VirtualNetwork
destinationPortRange: '*'
direction: Inbound
priority: 65000
protocol: '*'
provisioningState: Succeeded
sourceAddressPrefix: VirtualNetwork
sourcePortRange: '*'
- etag: W/"d036f4d7-d977-429a-a8c6-879bc2523399"
id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowAzureLoadBalancerInBound
name: AllowAzureLoadBalancerInBound
properties:
access: Allow
description: Allow inbound traffic from azure load balancer
destinationAddressPrefix: '*'
destinationPortRange: '*'
direction: Inbound
priority: 65001
protocol: '*'
provisioningState: Succeeded
sourceAddressPrefix: AzureLoadBalancer
sourcePortRange: '*'
- etag: W/"d036f4d7-d977-429a-a8c6-879bc2523399"
id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/DenyAllInBound
name: DenyAllInBound
properties:
access: Deny
description: Deny all inbound traffic
destinationAddressPrefix: '*'
destinationPortRange: '*'
direction: Inbound
priority: 65500
protocol: '*'
provisioningState: Succeeded
sourceAddressPrefix: '*'
sourcePortRange: '*'
- etag: W/"d036f4d7-d977-429a-a8c6-879bc2523399"
id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowVnetOutBound
name: AllowVnetOutBound
properties:
access: Allow
description: Allow outbound traffic from all VMs to all VMs in VNET
destinationAddressPrefix: VirtualNetwork
destinationPortRange: '*'
direction: Outbound
priority: 65000
protocol: '*'
provisioningState: Succeeded
sourceAddressPrefix: VirtualNetwork
sourcePortRange: '*'
- etag: W/"d036f4d7-d977-429a-a8c6-879bc2523399"
id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowInternetOutBound
name: AllowInternetOutBound
properties:
access: Allow
description: Allow outbound traffic from all VMs to Internet
destinationAddressPrefix: Internet
destinationPortRange: '*'
direction: Outbound
priority: 65001
protocol: '*'
provisioningState: Succeeded
sourceAddressPrefix: '*'
sourcePortRange: '*'
- etag: W/"d036f4d7-d977-429a-a8c6-879bc2523399"
id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/DenyAllOutBound
name: DenyAllOutBound
properties:
access: Deny
description: Deny all outbound traffic
destinationAddressPrefix: '*'
destinationPortRange: '*'
direction: Outbound
priority: 65500
protocol: '*'
provisioningState: Succeeded
sourceAddressPrefix: '*'
sourcePortRange: '*'
networkInterfaces:
- id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkInterfaces/nic004
provisioningState: Succeeded
resourceGuid: ebd00afa-5dc8-446f-810a-50dd6f671588
securityRules: []
type: dict
tags:
description:
- Tags to assign to the security group.
returned: always
sample:
tag: value
type: dict
type:
description:
- Type of the resource.
returned: always
sample: Microsoft.Network/networkSecurityGroups
type: str
description:
- List containing security group dicts.
returned: always
type: complex