community.general.cs_securitygroup_rule (0.1.1) — module

Install collection

Install with ansible-galaxy collection install community.general:==0.1.1

Add to requirements.yml

  collections:
    - name: community.general
      version: 0.1.1

Description

Add and remove security group rules.

Requirements

• python >= 2.6
• cs >= 0.6.10

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

---
- name: allow inbound port 80/tcp from 1.2.3.4 added to security group 'default'
  cs_securitygroup_rule:
    security_group: default
    port: 80
    cidr: 1.2.3.4/32
  delegate_to: localhost

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: allow tcp/udp outbound added to security group 'default'
  cs_securitygroup_rule:
    security_group: default
    type: egress
    start_port: 1
    end_port: 65535
    protocol: '{{ item }}'
  with_items:
  - tcp
  - udp
  delegate_to: localhost

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: allow inbound icmp from 0.0.0.0/0 added to security group 'default'
  cs_securitygroup_rule:
    security_group: default
    protocol: icmp
    icmp_code: -1
    icmp_type: -1
  delegate_to: localhost

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default'
  cs_securitygroup_rule:
    security_group: default
    port: 80
    state: absent
  delegate_to: localhost

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: allow inbound port 80/tcp from security group web added to security group 'default'
  cs_securitygroup_rule:
    security_group: default
    port: 80
    user_security_group: web
  delegate_to: localhost

Inputs

    
cidr:
    default: 0.0.0.0/0
    description:
    - CIDR (full notation) to be used for security group rule.
    type: str

type:
    choices:
    - ingress
    - egress
    default: ingress
    description:
    - Ingress or egress security group rule.
    type: str

state:
    choices:
    - present
    - absent
    default: present
    description:
    - State of the security group rule.
    type: str

api_key:
    description:
    - API key of the CloudStack API.
    - If not given, the C(CLOUDSTACK_KEY) env variable is considered.
    - As the last option, the value is taken from the ini config file, also see the notes.
    type: str

api_url:
    description:
    - URL of the CloudStack API e.g. https://cloud.example.com/client/api.
    - If not given, the C(CLOUDSTACK_ENDPOINT) env variable is considered.
    - As the last option, the value is taken from the ini config file, also see the notes.
    type: str

project:
    description:
    - Name of the project the security group to be created in.
    type: str

end_port:
    description:
    - End port for this rule. Required if I(protocol=tcp) or I(protocol=udp), but I(start_port)
      will be used if not set.
    type: int

protocol:
    choices:
    - tcp
    - udp
    - icmp
    - ah
    - esp
    - gre
    default: tcp
    description:
    - Protocol of the security group rule.
    type: str

icmp_code:
    description:
    - Error code for this icmp message. Required if I(protocol=icmp).
    type: int

icmp_type:
    description:
    - Type of the icmp message being sent. Required if I(protocol=icmp).
    type: int

api_region:
    default: cloudstack
    description:
    - Name of the ini section in the C(cloustack.ini) file.
    - If not given, the C(CLOUDSTACK_REGION) env variable is considered.
    type: str

api_secret:
    description:
    - Secret key of the CloudStack API.
    - If not set, the C(CLOUDSTACK_SECRET) env variable is considered.
    - As the last option, the value is taken from the ini config file, also see the notes.
    type: str

poll_async:
    default: true
    description:
    - Poll async jobs until job has finished.
    type: bool

start_port:
    aliases:
    - port
    description:
    - Start port for this rule. Required if I(protocol=tcp) or I(protocol=udp).
    type: int

api_timeout:
    description:
    - HTTP timeout in seconds.
    - If not given, the C(CLOUDSTACK_TIMEOUT) env variable is considered.
    - As the last option, the value is taken from the ini config file, also see the notes.
    - Fallback value is 10 seconds if not specified.
    type: int

security_group:
    description:
    - Name of the security group the rule is related to. The security group must be existing.
    required: true
    type: str

api_http_method:
    choices:
    - get
    - post
    description:
    - HTTP method used to query the API endpoint.
    - If not given, the C(CLOUDSTACK_METHOD) env variable is considered.
    - As the last option, the value is taken from the ini config file, also see the notes.
    - Fallback value is C(get) if not specified.
    type: str

user_security_group:
    description:
    - Security group this rule is based of.
    type: str

Outputs

cidr:
  description: CIDR of the rule.
  returned: success and cidr is defined
  sample: 0.0.0.0/0
  type: str
end_port:
  description: end port of the rule.
  returned: success
  sample: 80
  type: int
id:
  description: UUID of the of the rule.
  returned: success
  sample: a6f7a5fc-43f8-11e5-a151-feff819cdc9f
  type: str
protocol:
  description: protocol of the rule.
  returned: success
  sample: tcp
  type: str
security_group:
  description: security group of the rule.
  returned: success
  sample: default
  type: str
start_port:
  description: start port of the rule.
  returned: success
  sample: 80
  type: int
type:
  description: type of the rule.
  returned: success
  sample: ingress
  type: str
user_security_group:
  description: user security group of the rule.
  returned: success and user_security_group is defined
  sample: default
  type: str