community.general.hwc_vpc_security_group_rule – Creates a resource of Vpc/SecurityGroupRule in Huawei Cloud

Note

This plugin is part of the community.general collection (version 2.5.1).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.hwc_vpc_security_group_rule.

New in version 0.2.0: of community.general

Synopsis

  • vpc security group management.

Requirements

The below requirements are needed on the host that executes this module.

  • keystoneauth1 >= 3.6.0

Parameters

Parameter Choices/Defaults Comments
description
string
Provides supplementary information about the security group rule. The value is a string of no more than 255 characters that can contain letters and digits.
direction
string / required
Specifies the direction of access control. The value can be egress or ingress.
domain
string / required
The name of the Domain to scope to (Identity v3). (currently only domain names are supported, and not domain IDs).
ethertype
string
Specifies the IP protocol version. The value can be IPv4 or IPv6. If you do not set this parameter, IPv4 is used by default.
id
string
The id of resource to be managed.
identity_endpoint
string / required
The Identity authentication URL.
password
string / required
The password to login with.
port_range_max
integer
Specifies the end port number. The value ranges from 1 to 65535. If the protocol is not icmp, the value cannot be smaller than the port_range_min value. An empty value indicates all ports.
port_range_min
integer
Specifies the start port number. The value ranges from 1 to 65535. The value cannot be greater than the port_range_max value. An empty value indicates all ports.
project
string / required
The name of the Tenant (Identity v2) or Project (Identity v3). (currently only project names are supported, and not project IDs).
protocol
string
Specifies the protocol type. The value can be icmp, tcp, or udp. If the parameter is left blank, the security group supports all protocols.
region
string
The region to which the project belongs.
remote_group_id
string
Specifies the ID of the peer security group. The value is exclusive with parameter remote_ip_prefix.
remote_ip_prefix
string
Specifies the remote IP address. If the access control direction is set to egress, the parameter specifies the source IP address. If the access control direction is set to ingress, the parameter specifies the destination IP address. The value can be in the CIDR format or IP addresses. The parameter is exclusive with parameter remote_group_id.
security_group_id
string / required
Specifies the security group rule ID, which uniquely identifies the security group rule.
state
string
    Choices:
  • present ←
  • absent
Whether the given object should exist in Huawei Cloud.
user
string / required
The user name to login with (currently only user names are supported, and not user IDs).

Notes

Note

  • If id option is provided, it takes precedence over enterprise_project_id for security group rule selection.

  • security_group_id is used for security group rule selection. If more than one security group rule with this options exists, execution is aborted.

  • No parameter support updating. If one of option is changed, the module will create a new resource.

  • For authentication, you can set identity_endpoint using the ANSIBLE_HWC_IDENTITY_ENDPOINT env variable.

  • For authentication, you can set user using the ANSIBLE_HWC_USER env variable.

  • For authentication, you can set password using the ANSIBLE_HWC_PASSWORD env variable.

  • For authentication, you can set domain using the ANSIBLE_HWC_DOMAIN env variable.

  • For authentication, you can set project using the ANSIBLE_HWC_PROJECT env variable.

  • For authentication, you can set region using the ANSIBLE_HWC_REGION env variable.

  • Environment variables values will only be used if the playbook values are not set.

Examples

# create a security group rule
- name: Create a security group
  hwc_vpc_security_group:
    name: "ansible_network_security_group_test"
  register: sg
- name: Create a security group rule
  community.general.hwc_vpc_security_group_rule:
    direction: "ingress"
    protocol: "tcp"
    ethertype: "IPv4"
    port_range_max: 22
    security_group_id: "{{ sg.id }}"
    port_range_min: 22
    remote_ip_prefix: "0.0.0.0/0"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
description
string
success
Provides supplementary information about the security group rule. The value is a string of no more than 255 characters that can contain letters and digits.

direction
string
success
Specifies the direction of access control. The value can be egress or ingress.

ethertype
string
success
Specifies the IP protocol version. The value can be IPv4 or IPv6. If you do not set this parameter, IPv4 is used by default.

port_range_max
integer
success
Specifies the end port number. The value ranges from 1 to 65535. If the protocol is not icmp, the value cannot be smaller than the port_range_min value. An empty value indicates all ports.

port_range_min
integer
success
Specifies the start port number. The value ranges from 1 to 65535. The value cannot be greater than the port_range_max value. An empty value indicates all ports.

protocol
string
success
Specifies the protocol type. The value can be icmp, tcp, or udp. If the parameter is left blank, the security group supports all protocols.

remote_group_id
string
success
Specifies the ID of the peer security group. The value is exclusive with parameter remote_ip_prefix.

remote_ip_prefix
string
success
Specifies the remote IP address. If the access control direction is set to egress, the parameter specifies the source IP address. If the access control direction is set to ingress, the parameter specifies the destination IP address. The value can be in the CIDR format or IP addresses. The parameter is exclusive with parameter remote_group_id.

security_group_id
string
success
Specifies the security group rule ID, which uniquely identifies the security group rule.



Authors

  • Huawei Inc. (@huaweicloud)