ngine_io / ngine_io.cloudstack / 2.3.0 / module / cs_network_acl_rule Manages network access control list (ACL) rules on Apache CloudStack based clouds. | "added in version" 0.1.0 of ngine_io.cloudstack" Authors: René Moser (@resmo)ngine_io.cloudstack.cs_network_acl_rule (2.3.0) — module
Install with ansible-galaxy collection install ngine_io.cloudstack:==2.3.0
collections: - name: ngine_io.cloudstack version: 2.3.0
Add, update and remove network ACL rules.
- name: create a network ACL rule, allow port 80 ingress ngine_io.cloudstack.cs_network_acl_rule: network_acl: web rule_position: 1 vpc: my vpc zone: zone01 traffic_type: ingress action_policy: allow port: 80 cidr: 0.0.0.0/0
- name: create a network ACL rule, deny port range 8000-9000 ingress for 10.20.0.0/16 and 10.22.0.0/16 ngine_io.cloudstack.cs_network_acl_rule: network_acl: web rule_position: 1 vpc: my vpc zone: zone01 traffic_type: ingress action_policy: deny start_port: 8000 end_port: 9000 cidrs: - 10.20.0.0/16 - 10.22.0.0/16
- name: remove a network ACL rule ngine_io.cloudstack.cs_network_acl_rule: network_acl: web rule_position: 1 vpc: my vpc zone: zone01 state: absent
vpc: description: - VPC the network ACL is related to. required: true type: str tags: aliases: - tag description: - List of tags. Tags are a list of dictionaries having keys I(key) and I(value). - 'If you want to delete all tags, set a empty list e.g. I(tags: []).' elements: dict type: list zone: description: - Name of the zone the VPC related to. required: true type: str cidrs: aliases: - cidr default: - 0.0.0.0/0 description: - CIDRs of the rule. elements: str type: list state: choices: - present - absent default: present description: - State of the network ACL rule. type: str domain: description: - Domain the VPC is related to. type: str account: description: - Account the VPC is related to. type: str api_key: description: - API key of the CloudStack API. - If not given, the C(CLOUDSTACK_KEY) env variable is considered. required: true type: str api_url: description: - URL of the CloudStack API e.g. https://cloud.example.com/client/api. - If not given, the C(CLOUDSTACK_ENDPOINT) env variable is considered. required: true type: str project: description: - Name of the project the VPC is related to. type: str end_port: description: - End port for this rule. - Considered if I(protocol=tcp) or I(protocol=udp). - If not specified, equal I(start_port). type: int protocol: choices: - tcp - udp - icmp - all - by_number default: tcp description: - Protocol of the rule type: str icmp_code: description: - Error code for this icmp message. - Considered if I(protocol=icmp). type: int icmp_type: description: - Type of the icmp message being sent. - Considered if I(protocol=icmp). type: int api_secret: description: - Secret key of the CloudStack API. - If not set, the C(CLOUDSTACK_SECRET) env variable is considered. required: true type: str poll_async: default: true description: - Poll async jobs until job has finished. type: bool start_port: aliases: - port description: - Start port for this rule. - Considered if I(protocol=tcp) or I(protocol=udp). type: int api_timeout: default: 10 description: - HTTP timeout in seconds. - If not given, the C(CLOUDSTACK_TIMEOUT) env variable is considered. type: int network_acl: aliases: - acl description: - Name of the network ACL. required: true type: str traffic_type: aliases: - type choices: - ingress - egress default: ingress description: - Traffic type of the rule. type: str action_policy: aliases: - action choices: - allow - deny default: allow description: - Action policy of the rule. type: str rule_position: aliases: - number description: - The position of the network ACL rule. required: true type: int api_http_method: choices: - get - post default: get description: - HTTP method used to query the API endpoint. - If not given, the C(CLOUDSTACK_METHOD) env variable is considered. type: str protocol_number: description: - Protocol number from 1 to 256 required if I(protocol=by_number). type: int api_verify_ssl_cert: description: - Verify CA authority cert file. - If not given, the C(CLOUDSTACK_VERIFY) env variable is considered. type: str
account: description: Account the network ACL rule is related to. returned: success sample: example account type: str action_policy: description: Action policy of the network ACL rule. returned: success sample: deny type: str cidr: description: CIDR of the network ACL rule. returned: success sample: 0.0.0.0/0 type: str cidrs: description: CIDRs of the network ACL rule. returned: success sample: - 0.0.0.0/0 type: list domain: description: Domain the network ACL rule is related to. returned: success sample: example domain type: str end_port: description: End port of the network ACL rule. returned: success sample: 80 type: int icmp_code: description: ICMP code of the network ACL rule. returned: success sample: 8 type: int icmp_type: description: ICMP type of the network ACL rule. returned: success sample: 0 type: int network_acl: description: Name of the network ACL. returned: success sample: customer acl type: str project: description: Name of project the network ACL rule is related to. returned: success sample: Production type: str protocol: description: Protocol of the network ACL rule. returned: success sample: tcp type: str protocol_number: description: Protocol number in case protocol is by number. returned: success sample: 8 type: int rule_position: description: Position of the network ACL rule. returned: success sample: 1 type: int start_port: description: Start port of the network ACL rule. returned: success sample: 80 type: int state: description: State of the network ACL rule. returned: success sample: Active type: str tags: description: List of resource tags associated with the network ACL rule. returned: success sample: '[ { "key": "foo", "value": "bar" } ]' type: list traffic_type: description: Traffic type of the network ACL rule. returned: success sample: ingress type: str vpc: description: VPC of the network ACL. returned: success sample: customer vpc type: str zone: description: Zone the VPC is related to. returned: success sample: ch-gva-2 type: str