ngine_io.cloudstack.cs_network_acl_rule – Manages network access control list (ACL) rules on Apache CloudStack based clouds.
Note
This plugin is part of the ngine_io.cloudstack collection (version 2.2.2).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install ngine_io.cloudstack.
To use it in a playbook, specify: ngine_io.cloudstack.cs_network_acl_rule.
New in version 0.1.0: of ngine_io.cloudstack
Synopsis
- Add, update and remove network ACL rules.
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.6
- cs >= 0.9.0
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| account
string
|
Account the VPC is related to.
|
|
| action_policy
string
|
|
Action policy of the rule.
aliases: action |
| api_http_method
string
|
|
HTTP method used to query the API endpoint.
If not given, the CLOUDSTACK_METHOD env variable is considered.
|
| api_key
string / required
|
API key of the CloudStack API.
If not given, the CLOUDSTACK_KEY env variable is considered.
|
|
| api_secret
string / required
|
Secret key of the CloudStack API.
If not set, the CLOUDSTACK_SECRET env variable is considered.
|
|
| api_timeout
integer
|
Default:
10
|
HTTP timeout in seconds.
If not given, the CLOUDSTACK_TIMEOUT env variable is considered.
|
| api_url
string / required
|
URL of the CloudStack API e.g. https://cloud.example.com/client/api.
If not given, the CLOUDSTACK_ENDPOINT env variable is considered.
|
|
| api_verify_ssl_cert
string
|
Verify CA authority cert file.
If not given, the CLOUDSTACK_VERIFY env variable is considered.
|
|
| cidrs
list / elements=string
|
Default:
["0.0.0.0/0"]
|
CIDRs of the rule.
aliases: cidr |
| domain
string
|
Domain the VPC is related to.
|
|
| end_port
integer
|
End port for this rule.
Considered if protocol=tcp or protocol=udp.
If not specified, equal start_port.
|
|
| icmp_code
integer
|
Error code for this icmp message.
Considered if protocol=icmp.
|
|
| icmp_type
integer
|
Type of the icmp message being sent.
Considered if protocol=icmp.
|
|
| network_acl
string / required
|
Name of the network ACL.
aliases: acl |
|
| poll_async
boolean
|
|
Poll async jobs until job has finished.
|
| project
string
|
Name of the project the VPC is related to.
|
|
| protocol
string
|
|
Protocol of the rule
|
| protocol_number
integer
|
Protocol number from 1 to 256 required if protocol=by_number.
|
|
| rule_position
integer / required
|
The position of the network ACL rule.
aliases: number |
|
| start_port
integer
|
Start port for this rule.
Considered if protocol=tcp or protocol=udp.
aliases: port |
|
| state
string
|
|
State of the network ACL rule.
|
| tags
list / elements=dictionary
|
List of tags. Tags are a list of dictionaries having keys key and value.
If you want to delete all tags, set a empty list e.g. tags: [].
aliases: tag |
|
| traffic_type
string
|
|
Traffic type of the rule.
aliases: type |
| vpc
string / required
|
VPC the network ACL is related to.
|
|
| zone
string / required
|
Name of the zone the VPC related to.
|
Notes
Note
- A detailed guide about cloudstack modules can be found in the CloudStack Cloud Guide.
- This module supports check mode.
Examples
- name: create a network ACL rule, allow port 80 ingress
ngine_io.cloudstack.cs_network_acl_rule:
network_acl: web
rule_position: 1
vpc: my vpc
zone: zone01
traffic_type: ingress
action_policy: allow
port: 80
cidr: 0.0.0.0/0
- name: create a network ACL rule, deny port range 8000-9000 ingress for 10.20.0.0/16 and 10.22.0.0/16
ngine_io.cloudstack.cs_network_acl_rule:
network_acl: web
rule_position: 1
vpc: my vpc
zone: zone01
traffic_type: ingress
action_policy: deny
start_port: 8000
end_port: 9000
cidrs:
- 10.20.0.0/16
- 10.22.0.0/16
- name: remove a network ACL rule
ngine_io.cloudstack.cs_network_acl_rule:
network_acl: web
rule_position: 1
vpc: my vpc
zone: zone01
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| account
string
|
success |
Account the network ACL rule is related to.
Sample:
example account
|
| action_policy
string
|
success |
Action policy of the network ACL rule.
Sample:
deny
|
| cidr
string
|
success |
CIDR of the network ACL rule.
Sample:
0.0.0.0/0
|
| cidrs
list / elements=string
|
success |
CIDRs of the network ACL rule.
Sample:
['0.0.0.0/0']
|
| domain
string
|
success |
Domain the network ACL rule is related to.
Sample:
example domain
|
| end_port
integer
|
success |
End port of the network ACL rule.
Sample:
80
|
| icmp_code
integer
|
success |
ICMP code of the network ACL rule.
Sample:
8
|
| icmp_type
integer
|
success |
ICMP type of the network ACL rule.
|
| network_acl
string
|
success |
Name of the network ACL.
Sample:
customer acl
|
| project
string
|
success |
Name of project the network ACL rule is related to.
Sample:
Production
|
| protocol
string
|
success |
Protocol of the network ACL rule.
Sample:
tcp
|
| protocol_number
integer
|
success |
Protocol number in case protocol is by number.
Sample:
8
|
| rule_position
integer
|
success |
Position of the network ACL rule.
Sample:
1
|
| start_port
integer
|
success |
Start port of the network ACL rule.
Sample:
80
|
| state
string
|
success |
State of the network ACL rule.
Sample:
Active
|
| tags
list / elements=string
|
success |
List of resource tags associated with the network ACL rule.
Sample:
[ { "key": "foo", "value": "bar" } ]
|
| traffic_type
string
|
success |
Traffic type of the network ACL rule.
Sample:
ingress
|
| vpc
string
|
success |
VPC of the network ACL.
Sample:
customer vpc
|
| zone
string
|
success |
Zone the VPC is related to.
Sample:
ch-gva-2
|
Authors
- René Moser (@resmo)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/ngine_io/cloudstack/cs_network_acl_rule_module.html