ngine_io.cloudstack.cs_network_acl_rule – Manages network access control list (ACL) rules on Apache CloudStack based clouds.
Note
This plugin is part of the ngine_io.cloudstack collection (version 2.2.2).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ngine_io.cloudstack
.
To use it in a playbook, specify: ngine_io.cloudstack.cs_network_acl_rule
.
New in version 0.1.0: of ngine_io.cloudstack
Requirements
The below requirements are needed on the host that executes this module.
python >= 2.6
cs >= 0.9.0
Parameters
Parameter |
Comments |
---|---|
Account the VPC is related to. |
|
Action policy of the rule. Choices:
|
|
HTTP method used to query the API endpoint. If not given, the Choices:
|
|
API key of the CloudStack API. If not given, the |
|
Secret key of the CloudStack API. If not set, the |
|
HTTP timeout in seconds. If not given, the Default: 10 |
|
URL of the CloudStack API e.g. https://cloud.example.com/client/api. If not given, the |
|
Verify CA authority cert file. If not given, the |
|
CIDRs of the rule. Default: [“0.0.0.0/0”] |
|
Domain the VPC is related to. |
|
End port for this rule. Considered if protocol=tcp or protocol=udp. If not specified, equal start_port. |
|
Error code for this icmp message. Considered if protocol=icmp. |
|
Type of the icmp message being sent. Considered if protocol=icmp. |
|
Name of the network ACL. |
|
Poll async jobs until job has finished. Choices:
|
|
Name of the project the VPC is related to. |
|
Protocol of the rule Choices:
|
|
Protocol number from 1 to 256 required if protocol=by_number. |
|
The position of the network ACL rule. |
|
Start port for this rule. Considered if protocol=tcp or protocol=udp. |
|
State of the network ACL rule. Choices:
|
|
List of tags. Tags are a list of dictionaries having keys key and value. If you want to delete all tags, set a empty list e.g. tags: []. |
|
Traffic type of the rule. Choices:
|
|
VPC the network ACL is related to. |
|
Name of the zone the VPC related to. |
Notes
Note
A detailed guide about cloudstack modules can be found in the CloudStack Cloud Guide.
This module supports check mode.
Examples
- name: create a network ACL rule, allow port 80 ingress
ngine_io.cloudstack.cs_network_acl_rule:
network_acl: web
rule_position: 1
vpc: my vpc
zone: zone01
traffic_type: ingress
action_policy: allow
port: 80
cidr: 0.0.0.0/0
- name: create a network ACL rule, deny port range 8000-9000 ingress for 10.20.0.0/16 and 10.22.0.0/16
ngine_io.cloudstack.cs_network_acl_rule:
network_acl: web
rule_position: 1
vpc: my vpc
zone: zone01
traffic_type: ingress
action_policy: deny
start_port: 8000
end_port: 9000
cidrs:
- 10.20.0.0/16
- 10.22.0.0/16
- name: remove a network ACL rule
ngine_io.cloudstack.cs_network_acl_rule:
network_acl: web
rule_position: 1
vpc: my vpc
zone: zone01
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Account the network ACL rule is related to. Returned: success Sample: “example account” |
|
Action policy of the network ACL rule. Returned: success Sample: “deny” |
|
CIDR of the network ACL rule. Returned: success Sample: “0.0.0.0/0” |
|
CIDRs of the network ACL rule. Returned: success Sample: [“0.0.0.0/0”] |
|
Domain the network ACL rule is related to. Returned: success Sample: “example domain” |
|
End port of the network ACL rule. Returned: success Sample: 80 |
|
ICMP code of the network ACL rule. Returned: success Sample: 8 |
|
ICMP type of the network ACL rule. Returned: success Sample: 0 |
|
Name of the network ACL. Returned: success Sample: “customer acl” |
|
Name of project the network ACL rule is related to. Returned: success Sample: “Production” |
|
Protocol of the network ACL rule. Returned: success Sample: “tcp” |
|
Protocol number in case protocol is by number. Returned: success Sample: 8 |
|
Position of the network ACL rule. Returned: success Sample: 1 |
|
Start port of the network ACL rule. Returned: success Sample: 80 |
|
State of the network ACL rule. Returned: success Sample: “Active” |
|
List of resource tags associated with the network ACL rule. Returned: success Sample: “[ { \”key\”: \”foo\”, \”value\”: \”bar\” } ]” |
|
Traffic type of the network ACL rule. Returned: success Sample: “ingress” |
|
VPC of the network ACL. Returned: success Sample: “customer vpc” |
|
Zone the VPC is related to. Returned: success Sample: “ch-gva-2” |
Authors
René Moser (@resmo)