New in version 2.4.
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| account |
Account the VPC is related to.
|
|
| action_policy |
ingress
|
Action policy of the rule.
aliases: action |
| api_http_method |
|
HTTP method used to query the API endpoint.
If not given, the
CLOUDSTACK_METHOD env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
Fallback value is
get if not specified. |
| api_key |
API key of the CloudStack API.
If not given, the
CLOUDSTACK_KEY env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
|
|
| api_region |
Default: cloudstack
|
Name of the ini section in the
cloustack.ini file.If not given, the
CLOUDSTACK_REGION env variable is considered. |
| api_secret |
Secret key of the CloudStack API.
If not set, the
CLOUDSTACK_SECRET env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
|
|
| api_timeout |
HTTP timeout in seconds.
If not given, the
CLOUDSTACK_TIMEOUT env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
Fallback value is 10 seconds if not specified.
|
|
| api_url |
URL of the CloudStack API e.g. https://cloud.example.com/client/api.
If not given, the
CLOUDSTACK_ENDPOINT env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
|
|
| cidr |
Default: 0.0.0.0/0
|
CIDR of the rule.
|
| domain |
Domain the VPC is related to.
|
|
| end_port |
End port for this rule.
Considered if
protocol=tcp or protocol=udp.If not specified, equal
start_port. |
|
| icmp_code |
Error code for this icmp message.
Considered if
protocol=icmp. |
|
| icmp_type |
Type of the icmp message being sent.
Considered if
protocol=icmp. |
|
|
network_acl
required |
Name of the network ACL.
aliases: acl |
|
| poll_async |
|
Poll async jobs until job has finished.
|
| project |
Name of the project the VPC is related to.
|
|
| protocol |
|
Protocol of the rule
|
| protocol_number |
Protocol number from 1 to 256 required if
protocol=by_number. |
|
|
rule_position
required |
CIDR of the rule.
aliases: number |
|
| start_port |
Start port for this rule.
Considered if
protocol=tcp or protocol=udp.aliases: port |
|
| state |
|
State of the network ACL rule.
|
| tags |
List of tags. Tags are a list of dictionaries having keys
key and value.If you want to delete all tags, set a empty list e.g.
tags: [].aliases: tag |
|
| traffic_type |
|
Traffic type of the rule.
aliases: type |
|
vpc
required |
VPC the network ACL is related to.
|
|
| zone |
Name of the zone the VPC related to.
If not set, default zone is used.
|
Note
cs library’s configuration method if credentials are not provided by the arguments api_url, api_key, api_secret. Configuration is read from several locations, in the following order. The CLOUDSTACK_ENDPOINT, CLOUDSTACK_KEY, CLOUDSTACK_SECRET and CLOUDSTACK_METHOD. CLOUDSTACK_TIMEOUT environment variables. A CLOUDSTACK_CONFIG environment variable pointing to an .ini file. A cloudstack.ini file in the current working directory. A .cloudstack.ini file in the users home directory. Optionally multiple credentials and endpoints can be specified using ini sections in cloudstack.ini. Use the argument api_region to select the section name, default section is cloudstack. See https://github.com/exoscale/cs for more information.# create a network ACL rule, allow port 80 ingress
- local_action:
module: cs_network_acl_rule
network_acl: web
rule_position: 1
vpc: my vpc
traffic_type: ingress
action_policy: allow
port: 80
cidr: 0.0.0.0/0
# create a network ACL rule, deny port range 8000-9000 ingress for 10.20.0.0/16
- local_action:
module: cs_network_acl_rule
network_acl: web
rule_position: 1
vpc: my vpc
traffic_type: ingress
action_policy: deny
start_port: 8000
end_port: 8000
cidr: 10.20.0.0/16
# create a network ACL rule
- local_action:
module: cs_network_acl_rule
network_acl: web
rule_position: 1
vpc: my vpc
traffic_type: ingress
action_policy: deny
start_port: 8000
end_port: 8000
cidr: 10.20.0.0/16
# remove a network ACL rule
- local_action:
module: cs_network_acl_rule
network_acl: web
rule_position: 1
vpc: my vpc
state: absent
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
account
string
|
success |
Account the network ACL rule is related to.
Sample:
example account
|
|
action_policy
string
|
success |
Action policy of the network ACL rule.
Sample:
deny
|
|
cidr
string
|
success |
CIDR of the network ACL rule.
Sample:
0.0.0.0/0
|
|
domain
string
|
success |
Domain the network ACL rule is related to.
Sample:
example domain
|
|
end_port
int
|
success |
End port of the network ACL rule.
Sample:
80
|
|
icmp_code
int
|
success |
ICMP code of the network ACL rule.
Sample:
8
|
|
icmp_type
int
|
success |
ICMP type of the network ACL rule.
|
|
network_acl
string
|
success |
Name of the network ACL.
Sample:
customer acl
|
|
project
string
|
success |
Name of project the network ACL rule is related to.
Sample:
Production
|
|
protocol
string
|
success |
Protocol of the network ACL rule.
Sample:
tcp
|
|
protocol_number
int
|
success |
Protocol number in case protocol is by number.
Sample:
8
|
|
rule_position
int
|
success |
Position of the network ACL rule.
Sample:
1
|
|
start_port
int
|
success |
Start port of the network ACL rule.
Sample:
80
|
|
state
string
|
success |
State of the network ACL rule.
Sample:
Active
|
|
tags
dict
|
success |
List of resource tags associated with the network ACL rule.
Sample:
[ { "key": "foo", "value": "bar" } ]
|
|
traffic_type
string
|
success |
Traffic type of the network ACL rule.
Sample:
ingress
|
|
vpc
string
|
success |
VPC of the network ACL.
Sample:
customer vpc
|
|
zone
string
|
success |
Zone the VPC is related to.
Sample:
ch-gva-2
|
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Hint
If you notice any issues in this documentation you can edit this document to improve it.