community.general.hwc_vpc_security_group_rule module – Creates a resource of Vpc/SecurityGroupRule in Huawei Cloud
Note
This module is part of the community.general collection (version 10.1.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.general.hwc_vpc_security_group_rule
.
New in community.general 0.2.0
Synopsis
vpc security group management.
Requirements
The below requirements are needed on the host that executes this module.
keystoneauth1 >= 3.6.0
Parameters
Parameter |
Comments |
---|---|
Provides supplementary information about the security group rule. The value is a string of no more than 255 characters that can contain letters and digits. |
|
Specifies the direction of access control. The value can be egress or ingress. |
|
The name of the Domain to scope to (Identity v3). Currently only domain names are supported, and not domain IDs. |
|
Specifies the IP protocol version. The value can be IPv4 or IPv6. If you do not set this parameter, IPv4 is used by default. |
|
The ID of resource to be managed. |
|
The Identity authentication URL. |
|
The password to login with. |
|
Specifies the end port number. The value ranges from 1 to 65535. If the protocol is not icmp, the value cannot be smaller than the port_range_min value. An empty value indicates all ports. |
|
Specifies the start port number. The value ranges from 1 to 65535. The value cannot be greater than the port_range_max value. An empty value indicates all ports. |
|
The name of the Tenant (Identity v2) or Project (Identity v3). Currently only project names are supported, and not project IDs. |
|
Specifies the protocol type. The value can be icmp, tcp, or udp. If the parameter is left blank, the security group supports all protocols. |
|
The region to which the project belongs. |
|
Specifies the ID of the peer security group. The value is exclusive with parameter remote_ip_prefix. |
|
Specifies the remote IP address. If the access control direction is set to egress, the parameter specifies the source IP address. If the access control direction is set to ingress, the parameter specifies the destination IP address. The value can be in the CIDR format or IP addresses. The parameter is exclusive with parameter remote_group_id. |
|
Specifies the security group rule ID, which uniquely identifies the security group rule. |
|
Whether the given object should exist in Huawei Cloud. Choices:
|
|
The user name to login with. Currently only user names are supported, and not user IDs. |
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Notes
Note
If
id
option is provided, it takes precedence oversecurity_group_id
for security group rule selection.security_group_id
is used for security group rule selection. If more than one security group rule with this options exists, execution is aborted.No parameter support updating. If one of option is changed, the module will create a new resource.
For authentication, you can set identity_endpoint using the
ANSIBLE_HWC_IDENTITY_ENDPOINT
environment variable.For authentication, you can set user using the
ANSIBLE_HWC_USER
environment variable.For authentication, you can set password using the
ANSIBLE_HWC_PASSWORD
environment variable.For authentication, you can set domain using the
ANSIBLE_HWC_DOMAIN
environment variable.For authentication, you can set project using the
ANSIBLE_HWC_PROJECT
environment variable.For authentication, you can set region using the
ANSIBLE_HWC_REGION
environment variable.Environment variables values will only be used if the playbook values are not set.
Examples
# create a security group rule
- name: Create a security group
hwc_vpc_security_group:
name: "ansible_network_security_group_test"
register: sg
- name: Create a security group rule
community.general.hwc_vpc_security_group_rule:
direction: "ingress"
protocol: "tcp"
ethertype: "IPv4"
port_range_max: 22
security_group_id: "{{ sg.id }}"
port_range_min: 22
remote_ip_prefix: "0.0.0.0/0"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Provides supplementary information about the security group rule. The value is a string of no more than 255 characters that can contain letters and digits. Returned: success |
|
Specifies the direction of access control. The value can be egress or ingress. Returned: success |
|
Specifies the IP protocol version. The value can be IPv4 or IPv6. If you do not set this parameter, IPv4 is used by default. Returned: success |
|
Specifies the end port number. The value ranges from 1 to 65535. If the protocol is not icmp, the value cannot be smaller than the port_range_min value. An empty value indicates all ports. Returned: success |
|
Specifies the start port number. The value ranges from 1 to 65535. The value cannot be greater than the port_range_max value. An empty value indicates all ports. Returned: success |
|
Specifies the protocol type. The value can be icmp, tcp, or udp. If the parameter is left blank, the security group supports all protocols. Returned: success |
|
Specifies the ID of the peer security group. The value is exclusive with parameter remote_ip_prefix. Returned: success |
|
Specifies the remote IP address. If the access control direction is set to egress, the parameter specifies the source IP address. If the access control direction is set to ingress, the parameter specifies the destination IP address. The value can be in the CIDR format or IP addresses. The parameter is exclusive with parameter remote_group_id. Returned: success |
|
Specifies the security group rule ID, which uniquely identifies the security group rule. Returned: success |