Microsoft Azure Microsoft Azure: Network - Security Groups

Summary

This module contains actions for viewing & managing Azure Network security groups.

Actions

azure.network.security_groups.

create_rule

Add a security rule to a security group.

Minimum Plugin Version: 1.1.0

Idempotent Action

This action will do nothing if a matching rule already exists in the security group.

Input
  • azure_client: an AzureClient dictionary

  • subscription_id: the subscription ID

  • name: the security group name

  • resource_group_name: the resource group name

  • rule_name: the rule name

  • access: allow or deny

  • protocol: tcp, udp, or * for any

  • direction: inbound or outbound

  • source_port_range: provide a single port or port range

  • destination_port_range: provide a single port or port range

  • source_address_prefix: an IP address range

  • destination_address_prefix: an IP address range

  • priority: rules are processed in priority order; the lower the number, the higher the priority

  • rule_description: description of the rule (optional)

Output

Nothing is outputted by this action.

Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
- azure.network.security_groups.create_rule:
    protocol: tcp
    direction: inbound
    source_port_range: "*"
    destination_address_prefix: "*"
    name: ppa-dev
    resource_group_name: ppa
    rule_name: inbound rule 80
    rule_description: this is the description
    access: allow
    priority: 200
    destination_port_range: 80
  load:
    source_address_prefix: source_address
    azure_client: azure_secrets
    subscription_id: subscription_id

azure.network.security_groups.

delete_rule

Delete a security rule from a security group.

Minimum Plugin Version: 1.1.0

Input
  • azure_client: an AzureClient dictionary

  • subscription_id: the subscription ID

  • name: the security group name

  • resource_group_name: the resource group name

  • rule_name: the rule name

Output

Nothing is outputted by this action.

Example
1
2
3
4
5
6
7
- azure.network.security_groups.delete_rule:
    name: ppa-dev
    resource_group_name: ppa
    rule_name: inbound 80
  load:
    azure_client: azure_secrets
    subscription_id: subscription_id

azure.network.security_groups.

get_all

Get all security groups.

Minimum Plugin Version: 1.1.0

Input
  • azure_client: an AzureClient dictionary

  • subscription_id: the subscription ID

  • resource_group_name: the resource group name (Optional)

Output

A list of SecurityGroup dictionaries.

Example
1
2
3
4
5
- azure.network.security_groups.get_all:
  load:
    azure_client: azure_secrets
    subscription_id: subscription_id
  save: all_security_groups

azure.network.security_groups.

get_by_name

Get a security group with a specific name.

Minimum Plugin Version: 1.1.0

Input
  • azure_client: an AzureClient dictionary

  • subscription_id: the subscription ID

  • name: the security group name

  • resource_group_name: the resource group name

Output

A SecurityGroup dictionary.

Example
1
2
3
4
5
6
7
- azure.network.security_groups.get_by_name:
    name: ppa-dev
    resource_group_name: ppa
  load:
    azure_client: azure_secrets
    subscription_id: subscription_id
  save: selected_group

azure.network.security_groups.

input_security_rules_table

Display a list of security rules in a table, & allow the task operator to make a selection.

The table will have the following columns:

  • Name
  • Description
  • Protocol
  • Direction
  • Access
  • Priority
  • Source Port Range
  • Source Address Prefix
  • Source Address Prefixes
  • Destination Port Range
  • Destination Address Prefix
  • Destination Address Prefixes

Minimum Plugin Version: 1.1.0

Input
  • text: the title of the table

  • group: a SecurityGroup dictionary

  • minimum: The minimum number of acceptable selections (Optional)

  • maximum: The maximum number of acceptable selections (Optional)

Output

A list of SecurityGroupRule dictionaries.

Tip
  • If neither a minimum or maximum is provided, the task operator will be able to submit 0 selections.

  • If minimum or maximum are provided, the operation will repeat until a valid number of selections is made.

Example

Finding groups with get_all, saving them as all_groups, & waiting for a single selection:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
- azure.network.security_groups.get_by_name:
    name: ppa-dev
    resource_group_name: ppa
  load:
    azure_client: azure_secrets
    subscription_id: subscription_id
  save: group

- azure.network.security_groups.input_security_rules_table:
    text: Choose a security rule
    minimum: 1
    maximum: 1
  load:
    group: group
  save: selected_rules

azure.network.security_groups.

input_table

Display a list of instances in a table, & allow the task operator to make a selection.

The table will have the following columns:

  • Name
  • ID
  • Location
  • Tags
  • Number of Security Rules

Minimum Plugin Version: 1.1.0

Input
  • text: the title of the table

  • groups: a list of SecurityGroup dictionaries to display in the table

  • minimum: The minimum number of acceptable selections (Optional)

  • maximum: The maximum number of acceptable selections (Optional)

Output

A list of SecurityGroup dictionaries.

Tip
  • If neither a minimum or maximum is provided, the task operator will be able to submit 0 selections.

  • If minimum or maximum are provided, the operation will repeat until a valid number of selections is made.

Example

Finding groups with get_all, saving them as all_groups, & waiting for a single selection:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
- azure.network.security_groups.get_all:
  load:
    subscription_id: subscription_id
    azure_client: azure_secrets
  save: all_groups

- azure.network.security_groups.input_table:
    text: Choose a security group
    minimum: 1
    maximum: 1
  load:
    groups: all_groups
  save: selected_groups

azure.network.security_groups.

output_security_rules_table

Display the security rules for a security group in a table.

The table will have the following columns:

  • Name
  • Description
  • Protocol
  • Direction
  • Access
  • Priority
  • Source Port Range
  • Source Address Prefix
  • Source Address Prefixes
  • Destination Port Range
  • Destination Address Prefix
  • Destination Address Prefixes

Minimum Plugin Version: 1.1.0

Input
  • text: the title of the table

  • group: a single SecurityGroup dictionary

Output

Nothing is outputted by this action.

Example

Finding a security group with get_by_name, saving it as group, & displaying the inbound rules:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
- azure.network.security_groups.get_by_name:
    name: ppa-dev
    resource_group_name: ppa
  load:
    azure_client: azure_secrets
    subscription_id: subscription_id
  save: group

- azure.network.security_groups.output_security_rules_table:
    text: Security rules for ppa-dev
  load:
    group: group

azure.network.security_groups.

output_table

Display a list of security groups in a table.

The table will have the following columns:

  • Name
  • ID
  • Location
  • Tags
  • Number of Security Rules

Minimum Plugin Version: 1.1.0

Input
  • text: the title of the table

  • groups: a single or list of SecurityGroup dictionaries

Output

Nothing is outputted by this action.

Example

Finding all groups in a resource group with get_all, saving them as all_groups, & displaying them:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
- azure.network.security_groups.get_all:
    resource_group_name: ppa
  load:
    subscription_id: subscription_id
    azure_client: azure_secrets
  save: all_groups

- azure.network.security_groups.output_table:
    text: All Groups
  load:
    groups: all_groups