cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update azure_rm_securitygroup related document (#58035)

Browse source 
* Update azure_rm_securitygroup related document
This commit is contained in:
Fred-sun 2019-06-22 00:00:18 +08:00 committed by Sandra McCann
parent 1c49a9110a
commit 1b7ef47776
2 changed files with 376 additions and 296 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

403
lib/ansible/modules/cloud/azure/azure_rm_securitygroup.py
View file

@ -18,19 +18,19 @@ DOCUMENTATION = '''
--- ---
module: azure_rm_securitygroup module: azure_rm_securitygroup
version_added: "2.1" version_added: "2.1"
short_description: Manage Azure network security groups. short_description: Manage Azure network security groups
description: description:
- Create, update or delete a network security group. A security group contains Access Control List (ACL) rules - Create, update or delete a network security group.
that allow or deny network traffic to subnets or individual network interfaces. A security group is created - A security group contains Access Control List (ACL) rules that allow or deny network traffic to subnets or individual network interfaces.
with a set of default security rules and an empty set of security rules. Shape traffic flow by adding - A security group is created with a set of default security rules and an empty set of security rules.
rules to the empty set of security rules. - Shape traffic flow by adding rules to the empty set of security rules.
options: options:
default_rules: default_rules:
description: description:
- The set of default rules automatically added to a security group at creation. In general default - The set of default rules automatically added to a security group at creation.
rules will not be modified. Modify rules to shape the flow of traffic to or from a subnet or NIC. See - In general default rules will not be modified. Modify rules to shape the flow of traffic to or from a subnet or NIC.
rules below for the makeup of a rule dict. - See rules below for the makeup of a rule dict.
location: location:
description: description:
- Valid azure location. Defaults to location of the resource group. - Valid azure location. Defaults to location of the resource group.
@ -57,43 +57,44 @@ options:
suboptions: suboptions:
name: name:
description: description:
- Unique name for the rule. - Unique name for the rule.
required: true required: true
description: description:
description: description:
- Short description of the rule's purpose. - Short description of the rule's purpose.
protocol: protocol:
description: Accepted traffic protocol. description:
- Accepted traffic protocol.
choices: choices:
- Udp - Udp
- Tcp - Tcp
- "*" - "*"
default: "*" default: "*"
source_port_range: source_port_range:
description: description:
- Port or range of ports from which traffic originates. - Port or range of ports from which traffic originates.
- It can accept string type or a list of string type. - It can accept string type or a list of string type.
default: "*" default: "*"
destination_port_range: destination_port_range:
description: description:
- Port or range of ports to which traffic is headed. - Port or range of ports to which traffic is headed.
- It can accept string type or a list of string type. - It can accept string type or a list of string type.
default: "*" default: "*"
source_address_prefix: source_address_prefix:
description: description:
- The CIDR or source IP range. - The CIDR or source IP range.
- Asterisk C(*) can also be used to match all source IPs. - Asterisk C(*) can also be used to match all source IPs.
- Default tags such as C(VirtualNetwork), C(AzureLoadBalancer) and C(Internet) can also be used. - Default tags such as C(VirtualNetwork), C(AzureLoadBalancer) and C(Internet) can also be used.
- If this is an ingress rule, specifies where network traffic originates from. - If this is an ingress rule, specifies where network traffic originates from.
- It can accept string type or a list of string type. - It can accept string type or a list of string type.
default: "*" default: "*"
destination_address_prefix: destination_address_prefix:
description: description:
- The destination address prefix. - The destination address prefix.
- CIDR or destination IP range. - CIDR or destination IP range.
- Asterisk C(*) can also be used to match all source IPs. - Asterisk C(*) can also be used to match all source IPs.
- Default tags such as C(VirtualNetwork), C(AzureLoadBalancer) and C(Internet) can also be used. - Default tags such as C(VirtualNetwork), C(AzureLoadBalancer) and C(Internet) can also be used.
- It can accept string type or a list of string type. - It can accept string type or a list of string type.
default: "*" default: "*"
source_application_security_groups: source_application_security_groups:
description: description:
@ -108,31 +109,30 @@ options:
- List of the destination application security groups. - List of the destination application security groups.
- It could be list of resource id. - It could be list of resource id.
- It could be list of names in same resource group. - It could be list of names in same resource group.
- It could be list of dict containing resource_group and name. - It could be list of dict containing I(resource_group) and I(name).
- It is mutually exclusive with C(destination_address_prefix) and C(destination_address_prefixes). - It is mutually exclusive with C(destination_address_prefix) and C(destination_address_prefixes).
type: list type: list
access: access:
description: description:
- Whether or not to allow the traffic flow. - Whether or not to allow the traffic flow.
choices: choices:
- Allow - Allow
- Deny - Deny
default: Allow default: Allow
priority: priority:
description: description:
- Order in which to apply the rule. Must a unique integer between 100 and 4096 inclusive. - Order in which to apply the rule. Must a unique integer between 100 and 4096 inclusive.
required: true required: true
direction: direction:
description: description:
- Indicates the direction of the traffic flow. - Indicates the direction of the traffic flow.
choices: choices:
- Inbound - Inbound
- Outbound - Outbound
default: Inbound default: Inbound
state: state:
description: description:
- Assert the state of the security group. Set to C(present) to create or update a security group. Set to - Assert the state of the security group. Set to C(present) to create or update a security group. Set to C(absent) to remove a security group.
C(absent) to remove a security group.
default: present default: present
choices: choices:
- absent - absent
@ -143,8 +143,8 @@ extends_documentation_fragment:
- azure_tags - azure_tags
author: author:
- "Chris Houseknecht (@chouseknecht)" - Chris Houseknecht (@chouseknecht)
- "Matt Davis (@nitzmahone)" - Matt Davis (@nitzmahone)
''' '''
@ -213,146 +213,191 @@ EXAMPLES = '''
RETURN = ''' RETURN = '''
state: state:
description: Current state of the security group. description:
- Current state of the security group.
returned: always returned: always
type: dict type: complex
sample: { contains:
"default_rules": [ default_rules:
{ description:
"access": "Allow", - The default security rules of network security group.
"description": "Allow inbound traffic from all VMs in VNET", returned: always
"destination_address_prefix": "VirtualNetwork", type: list
"destination_port_range": "*", sample: [
"direction": "Inbound", {
"etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', "access": "Allow",
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowVnetInBound", "description": "Allow inbound traffic from all VMs in VNET",
"name": "AllowVnetInBound", "destination_address_prefix": "VirtualNetwork",
"priority": 65000, "destination_port_range": "*",
"protocol": "*", "direction": "Inbound",
"provisioning_state": "Succeeded", "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"',
"source_address_prefix": "VirtualNetwork", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowVnetInBound",
"source_port_range": "*" "name": "AllowVnetInBound",
}, "priority": 65000,
{ "protocol": "*",
"access": "Allow", "provisioning_state": "Succeeded",
"description": "Allow inbound traffic from azure load balancer", "source_address_prefix": "VirtualNetwork",
"destination_address_prefix": "*", "source_port_range": "*"
"destination_port_range": "*", },
"direction": "Inbound", {
"etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', "access": "Allow",
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowAzureLoadBalancerInBound", "description": "Allow inbound traffic from azure load balancer",
"name": "AllowAzureLoadBalancerInBound", "destination_address_prefix": "*",
"priority": 65001, "destination_port_range": "*",
"protocol": "*", "direction": "Inbound",
"provisioning_state": "Succeeded", "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"',
"source_address_prefix": "AzureLoadBalancer", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowAzureLoadBalancerInBound",
"source_port_range": "*" "name": "AllowAzureLoadBalancerInBound",
}, "priority": 65001,
{ "protocol": "*",
"access": "Deny", "provisioning_state": "Succeeded",
"description": "Deny all inbound traffic", "source_address_prefix": "AzureLoadBalancer",
"destination_address_prefix": "*", "source_port_range": "*"
"destination_port_range": "*", },
"direction": "Inbound", {
"etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', "access": "Deny",
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/DenyAllInBound", "description": "Deny all inbound traffic",
"name": "DenyAllInBound", "destination_address_prefix": "*",
"priority": 65500, "destination_port_range": "*",
"protocol": "*", "direction": "Inbound",
"provisioning_state": "Succeeded", "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"',
"source_address_prefix": "*", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/DenyAllInBound",
"source_port_range": "*" "name": "DenyAllInBound",
}, "priority": 65500,
{ "protocol": "*",
"access": "Allow", "provisioning_state": "Succeeded",
"description": "Allow outbound traffic from all VMs to all VMs in VNET", "source_address_prefix": "*",
"destination_address_prefix": "VirtualNetwork", "source_port_range": "*"
"destination_port_range": "*", },
"direction": "Outbound", {
"etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', "access": "Allow",
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowVnetOutBound", "description": "Allow outbound traffic from all VMs to all VMs in VNET",
"name": "AllowVnetOutBound", "destination_address_prefix": "VirtualNetwork",
"priority": 65000, "destination_port_range": "*",
"protocol": "*", "direction": "Outbound",
"provisioning_state": "Succeeded", "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"',
"source_address_prefix": "VirtualNetwork", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowVnetOutBound",
"source_port_range": "*" "name": "AllowVnetOutBound",
}, "priority": 65000,
{ "protocol": "*",
"access": "Allow", "provisioning_state": "Succeeded",
"description": "Allow outbound traffic from all VMs to Internet", "source_address_prefix": "VirtualNetwork",
"destination_address_prefix": "Internet", "source_port_range": "*"
"destination_port_range": "*", },
"direction": "Outbound", {
"etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', "access": "Allow",
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowInternetOutBound", "description": "Allow outbound traffic from all VMs to Internet",
"name": "AllowInternetOutBound", "destination_address_prefix": "Internet",
"priority": 65001, "destination_port_range": "*",
"protocol": "*", "direction": "Outbound",
"provisioning_state": "Succeeded", "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"',
"source_address_prefix": "*", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowInternetOutBound",
"source_port_range": "*" "name": "AllowInternetOutBound",
}, "priority": 65001,
{ "protocol": "*",
"access": "Deny", "provisioning_state": "Succeeded",
"description": "Deny all outbound traffic", "source_address_prefix": "*",
"destination_address_prefix": "*", "source_port_range": "*"
"destination_port_range": "*", },
"direction": "Outbound", {
"etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', "access": "Deny",
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/DenyAllOutBound", "description": "Deny all outbound traffic",
"name": "DenyAllOutBound", "destination_address_prefix": "*",
"priority": 65500, "destination_port_range": "*",
"protocol": "*", "direction": "Outbound",
"provisioning_state": "Succeeded", "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"',
"source_address_prefix": "*", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/DenyAllOutBound",
"source_port_range": "*" "name": "DenyAllOutBound",
} "priority": 65500,
], "protocol": "*",
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup", "provisioning_state": "Succeeded",
"location": "westus", "source_address_prefix": "*",
"name": "mysecgroup", "source_port_range": "*"
"network_interfaces": [], }
"rules": [ ]
{ id:
"access": "Deny", description:
"description": null, - The resource ID.
"destination_address_prefix": "*", returned: always
"destination_port_range": "22", type: str
"direction": "Inbound", sample: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup"
"etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', location:
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/securityRules/DenySSH", description:
"name": "DenySSH", - The resource location.
"priority": 100, returned: always
"protocol": "Tcp", type: str
"provisioning_state": "Succeeded", sample: "westus"
"source_address_prefix": "*", name:
"source_port_range": "*" description:
}, - Name of the secrurity group.
{ returned: always
"access": "Allow", type: str
"description": null, sample: "mysecgroup"
"destination_address_prefix": "*", network_interfaces:
"destination_port_range": "22", description:
"direction": "Inbound", - A collection of references to network interfaces.
"etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', returned: always
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/securityRules/AllowSSH", type: list
"name": "AllowSSH", sample: []
"priority": 101, rules:
"protocol": "Tcp", description:
"provisioning_state": "Succeeded", - A collection of security rules of the network security group.
"source_address_prefix": "174.109.158.0/24", returned: always
"source_port_range": "*" type: list
} sample: [
], {
"subnets": [], "access": "Deny",
"tags": { "description": null,
"delete": "on-exit", "destination_address_prefix": "*",
"foo": "bar", "destination_port_range": "22",
"testing": "testing" "direction": "Inbound",
}, "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"',
"type": "Microsoft.Network/networkSecurityGroups" "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/securityRules/DenySSH",
} "name": "DenySSH",
"priority": 100,
"protocol": "Tcp",
"provisioning_state": "Succeeded",
"source_address_prefix": "*",
"source_port_range": "*"
},
{
"access": "Allow",
"description": null,
"destination_address_prefix": "*",
"destination_port_range": "22",
"direction": "Inbound",
"etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"',
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/securityRules/AllowSSH",
"name": "AllowSSH",
"priority": 101,
"protocol": "Tcp",
"provisioning_state": "Succeeded",
"source_address_prefix": "174.109.158.0/24",
"source_port_range": "*"
}
]
subnets:
description:
- A collection of references to subnets.
returned: always
type: list
sample: []
tags:
description:
- Tags to assign to the security group.
returned: always
type: dict
sample: {
"delete": "on-exit",
"foo": "bar",
"testing": "testing"
}
type:
description:
- The resource type.
returned: always
type: str
sample: "Microsoft.Network/networkSecurityGroups"
''' # NOQA ''' # NOQA
try: try:

269
lib/ansible/modules/cloud/azure/azure_rm_securitygroup_facts.py
View file

@ -20,7 +20,7 @@ module: azure_rm_securitygroup_facts
version_added: "2.1" version_added: "2.1"
short_description: Get security group facts. short_description: Get security group facts
description: description:
- Get facts for a specific security group or all security groups within a resource group. - Get facts for a specific security group or all security groups within a resource group.
@ -41,8 +41,8 @@ extends_documentation_fragment:
- azure - azure
author: author:
- "Chris Houseknecht (@chouseknecht)" - Chris Houseknecht (@chouseknecht)
- "Matt Davis (@nitzmahone)" - Matt Davis (@nitzmahone)
''' '''
@ -60,21 +60,47 @@ EXAMPLES = '''
RETURN = ''' RETURN = '''
azure_securitygroups: azure_securitygroups:
description: List containing security group dicts. description:
- List containing security group dicts.
returned: always returned: always
type: list type: complex
example: [{ contains:
"etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', etag:
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001", description:
"location": "eastus2", - A unique read-only string that changes whenever the resource is updated.
"name": "secgroup001", returned: always
"properties": { type: str
"defaultSecurityRules": [ sample: 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"'
{ id:
"etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', description:
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowVnetInBound", - Resource ID.
"name": "AllowVnetInBound", returned: always
"properties": { type: str
sample: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001"
location:
description:
- Resource location.
returned: always
type: str
sample: "eastus2"
name:
description:
- Resource name.
returned: always
type: str
sample: "secgroup001"
properties:
description:
- List of security group's properties.
returned: always
type: dict
sample: {
"defaultSecurityRules": [
{
"etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"',
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowVnetInBound",
"name": "AllowVnetInBound",
"properties": {
"access": "Allow", "access": "Allow",
"description": "Allow inbound traffic from all VMs in VNET", "description": "Allow inbound traffic from all VMs in VNET",
"destinationAddressPrefix": "VirtualNetwork", "destinationAddressPrefix": "VirtualNetwork",
@ -85,106 +111,115 @@ azure_securitygroups:
"provisioningState": "Succeeded", "provisioningState": "Succeeded",
"sourceAddressPrefix": "VirtualNetwork", "sourceAddressPrefix": "VirtualNetwork",
"sourcePortRange": "*" "sourcePortRange": "*"
} }
}, },
{ {
"etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"',
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowAzureLoadBalancerInBound", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowAzureLoadBalancerInBound",
"name": "AllowAzureLoadBalancerInBound", "name": "AllowAzureLoadBalancerInBound",
"properties": { "properties": {
"access": "Allow", "access": "Allow",
"description": "Allow inbound traffic from azure load balancer", "description": "Allow inbound traffic from azure load balancer",
"destinationAddressPrefix": "*", "destinationAddressPrefix": "*",
"destinationPortRange": "*", "destinationPortRange": "*",
"direction": "Inbound", "direction": "Inbound",
"priority": 65001, "priority": 65001,
"protocol": "*", "protocol": "*",
"provisioningState": "Succeeded", "provisioningState": "Succeeded",
"sourceAddressPrefix": "AzureLoadBalancer", "sourceAddressPrefix": "AzureLoadBalancer",
"sourcePortRange": "*" "sourcePortRange": "*"
} }
}, },
{ {
"etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"',
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/DenyAllInBound", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/DenyAllInBound",
"name": "DenyAllInBound", "name": "DenyAllInBound",
"properties": { "properties": {
"access": "Deny", "access": "Deny",
"description": "Deny all inbound traffic", "description": "Deny all inbound traffic",
"destinationAddressPrefix": "*", "destinationAddressPrefix": "*",
"destinationPortRange": "*", "destinationPortRange": "*",
"direction": "Inbound", "direction": "Inbound",
"priority": 65500, "priority": 65500,
"protocol": "*", "protocol": "*",
"provisioningState": "Succeeded", "provisioningState": "Succeeded",
"sourceAddressPrefix": "*", "sourceAddressPrefix": "*",
"sourcePortRange": "*" "sourcePortRange": "*"
} }
}, },
{ {
"etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"',
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowVnetOutBound", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowVnetOutBound",
"name": "AllowVnetOutBound", "name": "AllowVnetOutBound",
"properties": { "properties": {
"access": "Allow", "access": "Allow",
"description": "Allow outbound traffic from all VMs to all VMs in VNET", "description": "Allow outbound traffic from all VMs to all VMs in VNET",
"destinationAddressPrefix": "VirtualNetwork", "destinationAddressPrefix": "VirtualNetwork",
"destinationPortRange": "*", "destinationPortRange": "*",
"direction": "Outbound", "direction": "Outbound",
"priority": 65000, "priority": 65000,
"protocol": "*", "protocol": "*",
"provisioningState": "Succeeded", "provisioningState": "Succeeded",
"sourceAddressPrefix": "VirtualNetwork", "sourceAddressPrefix": "VirtualNetwork",
"sourcePortRange": "*" "sourcePortRange": "*"
} }
}, },
{ {
"etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"',
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowInternetOutBound", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowInternetOutBound",
"name": "AllowInternetOutBound", "name": "AllowInternetOutBound",
"properties": { "properties": {
"access": "Allow", "access": "Allow",
"description": "Allow outbound traffic from all VMs to Internet", "description": "Allow outbound traffic from all VMs to Internet",
"destinationAddressPrefix": "Internet", "destinationAddressPrefix": "Internet",
"destinationPortRange": "*", "destinationPortRange": "*",
"direction": "Outbound", "direction": "Outbound",
"priority": 65001, "priority": 65001,
"protocol": "*", "protocol": "*",
"provisioningState": "Succeeded", "provisioningState": "Succeeded",
"sourceAddressPrefix": "*", "sourceAddressPrefix": "*",
"sourcePortRange": "*" "sourcePortRange": "*"
} }
}, },
{ {
"etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"',
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/DenyAllOutBound", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/DenyAllOutBound",
"name": "DenyAllOutBound", "name": "DenyAllOutBound",
"properties": { "properties": {
"access": "Deny", "access": "Deny",
"description": "Deny all outbound traffic", "description": "Deny all outbound traffic",
"destinationAddressPrefix": "*", "destinationAddressPrefix": "*",
"destinationPortRange": "*", "destinationPortRange": "*",
"direction": "Outbound", "direction": "Outbound",
"priority": 65500, "priority": 65500,
"protocol": "*", "protocol": "*",
"provisioningState": "Succeeded", "provisioningState": "Succeeded",
"sourceAddressPrefix": "*", "sourceAddressPrefix": "*",
"sourcePortRange": "*" "sourcePortRange": "*"
} }
} }
], ],
"networkInterfaces": [ "networkInterfaces": [
{ {
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkInterfaces/nic004" "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkInterfaces/nic004"
} }
], ],
"provisioningState": "Succeeded", "provisioningState": "Succeeded",
"resourceGuid": "ebd00afa-5dc8-446f-810a-50dd6f671588", "resourceGuid": "ebd00afa-5dc8-446f-810a-50dd6f671588",
"securityRules": [] "securityRules": []
}, }
"tags": {}, tags:
"type": "Microsoft.Network/networkSecurityGroups" descripition:
}] - Tags to assign to the security group.
returned: always
type: dict
sample: { 'tag': 'value' }
type:
description:
- Type of the resource.
returned: always
type: str
sample: "Microsoft.Network/networkSecurityGroups"
''' # NOQA ''' # NOQA