community.general.clc_firewall_policy module – Create/delete/update firewall policies

Note

This module is part of the community.general collection (version 9.4.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.general.clc_firewall_policy.

Synopsis

  • Create or delete or update firewall policies on Centurylink Cloud

Requirements

The below requirements are needed on the host that executes this module.

  • python = 2.7

  • requests >= 2.5.0

  • clc-sdk

Parameters

Parameter

Comments

destination

list / elements=string

The list of destination addresses for traffic on the terminating firewall. This is required when state is ‘present’

destination_account_alias

string

CLC alias for the destination account

enabled

string

Whether the firewall policy is enabled or disabled

Choices:

  • "True" ← (default)

  • "False"

firewall_policy_id

string

Id of the firewall policy. This is required to update or delete an existing firewall policy

location

string / required

Target datacenter for the firewall policy

ports

list / elements=string

The list of ports associated with the policy. TCP and UDP can take in single ports or port ranges.

Example: ['any', 'icmp', 'TCP/123', 'UDP/123', 'TCP/123-456', 'UDP/123-456'].

source

list / elements=string

The list of source addresses for traffic on the originating firewall. This is required when state is ‘present’

source_account_alias

string / required

CLC alias for the source account

state

string

Whether to create or delete the firewall policy

Choices:

  • "present" ← (default)

  • "absent"

wait

string

Whether to wait for the provisioning tasks to finish before returning.

Default: "True"

Attributes

Attribute

Support

Description

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: none

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Notes

Note

  • To use this module, it is required to set the below environment variables which enables access to the Centurylink Cloud - CLC_V2_API_USERNAME, the account login id for the centurylink cloud - CLC_V2_API_PASSWORD, the account password for the centurylink cloud

  • Alternatively, the module accepts the API token and account alias. The API token can be generated using the CLC account login and password via the HTTP api call @ https://api.ctl.io/v2/authentication/login - CLC_V2_API_TOKEN, the API token generated from https://api.ctl.io/v2/authentication/login - CLC_ACCT_ALIAS, the account alias associated with the centurylink cloud

  • Users can set CLC_V2_API_URL to specify an endpoint for pointing to a different CLC environment.

Examples

---
- name: Create Firewall Policy
  hosts: localhost
  gather_facts: false
  connection: local
  tasks:
    - name: Create / Verify an Firewall Policy at CenturyLink Cloud
      clc_firewall:
        source_account_alias: WFAD
        location: VA1
        state: present
        source: 10.128.216.0/24
        destination: 10.128.216.0/24
        ports: Any
        destination_account_alias: WFAD

- name: Delete Firewall Policy
  hosts: localhost
  gather_facts: false
  connection: local
  tasks:
    - name: Delete an Firewall Policy at CenturyLink Cloud
      clc_firewall:
        source_account_alias: WFAD
        location: VA1
        state: absent
        firewall_policy_id: c62105233d7a4231bd2e91b9c791e43e1

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

firewall_policy

dictionary

The fire wall policy information

Returned: success

Sample: {"destination": ["10.1.1.0/24", "10.2.2.0/24"], "destinationAccount": "wfad", "enabled": true, "id": "fc36f1bfd47242e488a9c44346438c05", "links": [{"href": "http://api.ctl.io/v2-experimental/firewallPolicies/wfad/uc1/fc36f1bfd47242e488a9c44346438c05", "rel": "self", "verbs": ["GET", "PUT", "DELETE"]}], "ports": ["any"], "source": ["10.1.1.0/24", "10.2.2.0/24"], "status": "active"}

firewall_policy_id

string

The fire wall policy id

Returned: success

Sample: "fc36f1bfd47242e488a9c44346438c05"

Authors

  • CLC Runner (@clc-runner)