clc_firewall_policy – Create/delete/update firewall policies

From Get docs
Ansible/docs/2.8/modules/clc firewall policy module


clc_firewall_policy – Create/delete/update firewall policies

New in version 2.0.


Synopsis

  • Create or delete or update firewall policies on Centurylink Cloud

Requirements

The below requirements are needed on the host that executes this module.

  • python = 2.7
  • requests >= 2.5.0
  • clc-sdk

Parameters

Parameter Choices/Defaults Comments

destination

-

The list of destination addresses for traffic on the terminating firewall. This is required when state is 'present'

destination_account_alias

-

CLC alias for the destination account

enabled

-

  • yes

  • no

Default:

"yes"

Whether the firewall policy is enabled or disabled

firewall_policy_id

-

Id of the firewall policy. This is required to update or delete an existing firewall policy

location

- / required

Target datacenter for the firewall policy

ports

-

  • any
  • icmp
  • TCP/123
  • UDP/123
  • TCP/123-456
  • UDP/123-456

The list of ports associated with the policy. TCP and UDP can take in single ports or port ranges.

source

-

The list of source addresses for traffic on the originating firewall. This is required when state is 'present'

source_account_alias

- / required

CLC alias for the source account

state

-

  • present

  • absent

Whether to create or delete the firewall policy

wait

boolean

  • no
  • yes

Whether to wait for the provisioning tasks to finish before returning.



Notes

Note

  • To use this module, it is required to set the below environment variables which enables access to the Centurylink Cloud - CLC_V2_API_USERNAME, the account login id for the centurylink cloud - CLC_V2_API_PASSWORD, the account password for the centurylink cloud
  • Alternatively, the module accepts the API token and account alias. The API token can be generated using the CLC account login and password via the HTTP api call @ https://api.ctl.io/v2/authentication/login - CLC_V2_API_TOKEN, the API token generated from https://api.ctl.io/v2/authentication/login - CLC_ACCT_ALIAS, the account alias associated with the centurylink cloud
  • Users can set CLC_V2_API_URL to specify an endpoint for pointing to a different CLC environment.


Examples

---
- name: Create Firewall Policy
  hosts: localhost
  gather_facts: False
  connection: local
  tasks:
    - name: Create / Verify an Firewall Policy at CenturyLink Cloud
      clc_firewall:
        source_account_alias: WFAD
        location: VA1
        state: present
        source: 10.128.216.0/24
        destination: 10.128.216.0/24
        ports: Any
        destination_account_alias: WFAD

---
- name: Delete Firewall Policy
  hosts: localhost
  gather_facts: False
  connection: local
  tasks:
    - name: Delete an Firewall Policy at CenturyLink Cloud
      clc_firewall:
        source_account_alias: WFAD
        location: VA1
        state: absent
        firewall_policy_id: c62105233d7a4231bd2e91b9c791e43e1

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

firewall_policy

dictionary

success

The fire wall policy information


Sample:

{'destination': ['10.1.1.0/24', '10.2.2.0/24'], 'destinationAccount': 'wfad', 'enabled': True, 'id': 'fc36f1bfd47242e488a9c44346438c05', 'links': [{'href': 'http://api.ctl.io/v2-experimental/firewallPolicies/wfad/uc1/fc36f1bfd47242e488a9c44346438c05', 'rel': 'self', 'verbs': ['GET', 'PUT', 'DELETE']}], 'ports': ['any'], 'source': ['10.1.1.0/24', '10.2.2.0/24'], 'status': 'active'}

firewall_policy_id

string

success

The fire wall policy id


Sample:

fc36f1bfd47242e488a9c44346438c05




Status

Authors

  • CLC Runner (@clc-runner)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/clc_firewall_policy_module.html