From 1b7ef47776106ee5b4a29abafb27e71cdcaa1e28 Mon Sep 17 00:00:00 2001 From: Fred-sun <37327967+Fred-sun@users.noreply.github.com> Date: Sat, 22 Jun 2019 00:00:18 +0800 Subject: [PATCH] Update azure_rm_securitygroup related document (#58035) * Update azure_rm_securitygroup related document --- .../cloud/azure/azure_rm_securitygroup.py | 403 ++++++++++-------- .../azure/azure_rm_securitygroup_facts.py | 269 +++++++----- 2 files changed, 376 insertions(+), 296 deletions(-) diff --git a/lib/ansible/modules/cloud/azure/azure_rm_securitygroup.py b/lib/ansible/modules/cloud/azure/azure_rm_securitygroup.py index bdc50f370e3..3fecdd96f03 100644 --- a/lib/ansible/modules/cloud/azure/azure_rm_securitygroup.py +++ b/lib/ansible/modules/cloud/azure/azure_rm_securitygroup.py @@ -18,19 +18,19 @@ DOCUMENTATION = ''' --- module: azure_rm_securitygroup version_added: "2.1" -short_description: Manage Azure network security groups. +short_description: Manage Azure network security groups description: - - Create, update or delete a network security group. A security group contains Access Control List (ACL) rules - that allow or deny network traffic to subnets or individual network interfaces. A security group is created - with a set of default security rules and an empty set of security rules. Shape traffic flow by adding - rules to the empty set of security rules. + - Create, update or delete a network security group. + - A security group contains Access Control List (ACL) rules that allow or deny network traffic to subnets or individual network interfaces. + - A security group is created with a set of default security rules and an empty set of security rules. + - Shape traffic flow by adding rules to the empty set of security rules. options: default_rules: description: - - The set of default rules automatically added to a security group at creation. In general default - rules will not be modified. Modify rules to shape the flow of traffic to or from a subnet or NIC. See - rules below for the makeup of a rule dict. + - The set of default rules automatically added to a security group at creation. + - In general default rules will not be modified. Modify rules to shape the flow of traffic to or from a subnet or NIC. + - See rules below for the makeup of a rule dict. location: description: - Valid azure location. Defaults to location of the resource group. @@ -57,43 +57,44 @@ options: suboptions: name: description: - - Unique name for the rule. + - Unique name for the rule. required: true description: description: - - Short description of the rule's purpose. + - Short description of the rule's purpose. protocol: - description: Accepted traffic protocol. + description: + - Accepted traffic protocol. choices: - - Udp - - Tcp - - "*" + - Udp + - Tcp + - "*" default: "*" source_port_range: description: - - Port or range of ports from which traffic originates. - - It can accept string type or a list of string type. + - Port or range of ports from which traffic originates. + - It can accept string type or a list of string type. default: "*" destination_port_range: description: - - Port or range of ports to which traffic is headed. - - It can accept string type or a list of string type. + - Port or range of ports to which traffic is headed. + - It can accept string type or a list of string type. default: "*" source_address_prefix: description: - - The CIDR or source IP range. - - Asterisk C(*) can also be used to match all source IPs. - - Default tags such as C(VirtualNetwork), C(AzureLoadBalancer) and C(Internet) can also be used. - - If this is an ingress rule, specifies where network traffic originates from. - - It can accept string type or a list of string type. + - The CIDR or source IP range. + - Asterisk C(*) can also be used to match all source IPs. + - Default tags such as C(VirtualNetwork), C(AzureLoadBalancer) and C(Internet) can also be used. + - If this is an ingress rule, specifies where network traffic originates from. + - It can accept string type or a list of string type. default: "*" destination_address_prefix: description: - - The destination address prefix. - - CIDR or destination IP range. - - Asterisk C(*) can also be used to match all source IPs. - - Default tags such as C(VirtualNetwork), C(AzureLoadBalancer) and C(Internet) can also be used. - - It can accept string type or a list of string type. + - The destination address prefix. + - CIDR or destination IP range. + - Asterisk C(*) can also be used to match all source IPs. + - Default tags such as C(VirtualNetwork), C(AzureLoadBalancer) and C(Internet) can also be used. + - It can accept string type or a list of string type. default: "*" source_application_security_groups: description: @@ -108,31 +109,30 @@ options: - List of the destination application security groups. - It could be list of resource id. - It could be list of names in same resource group. - - It could be list of dict containing resource_group and name. + - It could be list of dict containing I(resource_group) and I(name). - It is mutually exclusive with C(destination_address_prefix) and C(destination_address_prefixes). type: list access: description: - - Whether or not to allow the traffic flow. + - Whether or not to allow the traffic flow. choices: - - Allow - - Deny + - Allow + - Deny default: Allow priority: description: - - Order in which to apply the rule. Must a unique integer between 100 and 4096 inclusive. + - Order in which to apply the rule. Must a unique integer between 100 and 4096 inclusive. required: true direction: description: - - Indicates the direction of the traffic flow. + - Indicates the direction of the traffic flow. choices: - - Inbound - - Outbound + - Inbound + - Outbound default: Inbound state: description: - - Assert the state of the security group. Set to C(present) to create or update a security group. Set to - C(absent) to remove a security group. + - Assert the state of the security group. Set to C(present) to create or update a security group. Set to C(absent) to remove a security group. default: present choices: - absent @@ -143,8 +143,8 @@ extends_documentation_fragment: - azure_tags author: - - "Chris Houseknecht (@chouseknecht)" - - "Matt Davis (@nitzmahone)" + - Chris Houseknecht (@chouseknecht) + - Matt Davis (@nitzmahone) ''' @@ -213,146 +213,191 @@ EXAMPLES = ''' RETURN = ''' state: - description: Current state of the security group. + description: + - Current state of the security group. returned: always - type: dict - sample: { - "default_rules": [ - { - "access": "Allow", - "description": "Allow inbound traffic from all VMs in VNET", - "destination_address_prefix": "VirtualNetwork", - "destination_port_range": "*", - "direction": "Inbound", - "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowVnetInBound", - "name": "AllowVnetInBound", - "priority": 65000, - "protocol": "*", - "provisioning_state": "Succeeded", - "source_address_prefix": "VirtualNetwork", - "source_port_range": "*" - }, - { - "access": "Allow", - "description": "Allow inbound traffic from azure load balancer", - "destination_address_prefix": "*", - "destination_port_range": "*", - "direction": "Inbound", - "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowAzureLoadBalancerInBound", - "name": "AllowAzureLoadBalancerInBound", - "priority": 65001, - "protocol": "*", - "provisioning_state": "Succeeded", - "source_address_prefix": "AzureLoadBalancer", - "source_port_range": "*" - }, - { - "access": "Deny", - "description": "Deny all inbound traffic", - "destination_address_prefix": "*", - "destination_port_range": "*", - "direction": "Inbound", - "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/DenyAllInBound", - "name": "DenyAllInBound", - "priority": 65500, - "protocol": "*", - "provisioning_state": "Succeeded", - "source_address_prefix": "*", - "source_port_range": "*" - }, - { - "access": "Allow", - "description": "Allow outbound traffic from all VMs to all VMs in VNET", - "destination_address_prefix": "VirtualNetwork", - "destination_port_range": "*", - "direction": "Outbound", - "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowVnetOutBound", - "name": "AllowVnetOutBound", - "priority": 65000, - "protocol": "*", - "provisioning_state": "Succeeded", - "source_address_prefix": "VirtualNetwork", - "source_port_range": "*" - }, - { - "access": "Allow", - "description": "Allow outbound traffic from all VMs to Internet", - "destination_address_prefix": "Internet", - "destination_port_range": "*", - "direction": "Outbound", - "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowInternetOutBound", - "name": "AllowInternetOutBound", - "priority": 65001, - "protocol": "*", - "provisioning_state": "Succeeded", - "source_address_prefix": "*", - "source_port_range": "*" - }, - { - "access": "Deny", - "description": "Deny all outbound traffic", - "destination_address_prefix": "*", - "destination_port_range": "*", - "direction": "Outbound", - "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/DenyAllOutBound", - "name": "DenyAllOutBound", - "priority": 65500, - "protocol": "*", - "provisioning_state": "Succeeded", - "source_address_prefix": "*", - "source_port_range": "*" - } - ], - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup", - "location": "westus", - "name": "mysecgroup", - "network_interfaces": [], - "rules": [ - { - "access": "Deny", - "description": null, - "destination_address_prefix": "*", - "destination_port_range": "22", - "direction": "Inbound", - "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/securityRules/DenySSH", - "name": "DenySSH", - "priority": 100, - "protocol": "Tcp", - "provisioning_state": "Succeeded", - "source_address_prefix": "*", - "source_port_range": "*" - }, - { - "access": "Allow", - "description": null, - "destination_address_prefix": "*", - "destination_port_range": "22", - "direction": "Inbound", - "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/securityRules/AllowSSH", - "name": "AllowSSH", - "priority": 101, - "protocol": "Tcp", - "provisioning_state": "Succeeded", - "source_address_prefix": "174.109.158.0/24", - "source_port_range": "*" - } - ], - "subnets": [], - "tags": { - "delete": "on-exit", - "foo": "bar", - "testing": "testing" - }, - "type": "Microsoft.Network/networkSecurityGroups" - } + type: complex + contains: + default_rules: + description: + - The default security rules of network security group. + returned: always + type: list + sample: [ + { + "access": "Allow", + "description": "Allow inbound traffic from all VMs in VNET", + "destination_address_prefix": "VirtualNetwork", + "destination_port_range": "*", + "direction": "Inbound", + "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowVnetInBound", + "name": "AllowVnetInBound", + "priority": 65000, + "protocol": "*", + "provisioning_state": "Succeeded", + "source_address_prefix": "VirtualNetwork", + "source_port_range": "*" + }, + { + "access": "Allow", + "description": "Allow inbound traffic from azure load balancer", + "destination_address_prefix": "*", + "destination_port_range": "*", + "direction": "Inbound", + "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowAzureLoadBalancerInBound", + "name": "AllowAzureLoadBalancerInBound", + "priority": 65001, + "protocol": "*", + "provisioning_state": "Succeeded", + "source_address_prefix": "AzureLoadBalancer", + "source_port_range": "*" + }, + { + "access": "Deny", + "description": "Deny all inbound traffic", + "destination_address_prefix": "*", + "destination_port_range": "*", + "direction": "Inbound", + "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/DenyAllInBound", + "name": "DenyAllInBound", + "priority": 65500, + "protocol": "*", + "provisioning_state": "Succeeded", + "source_address_prefix": "*", + "source_port_range": "*" + }, + { + "access": "Allow", + "description": "Allow outbound traffic from all VMs to all VMs in VNET", + "destination_address_prefix": "VirtualNetwork", + "destination_port_range": "*", + "direction": "Outbound", + "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowVnetOutBound", + "name": "AllowVnetOutBound", + "priority": 65000, + "protocol": "*", + "provisioning_state": "Succeeded", + "source_address_prefix": "VirtualNetwork", + "source_port_range": "*" + }, + { + "access": "Allow", + "description": "Allow outbound traffic from all VMs to Internet", + "destination_address_prefix": "Internet", + "destination_port_range": "*", + "direction": "Outbound", + "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/AllowInternetOutBound", + "name": "AllowInternetOutBound", + "priority": 65001, + "protocol": "*", + "provisioning_state": "Succeeded", + "source_address_prefix": "*", + "source_port_range": "*" + }, + { + "access": "Deny", + "description": "Deny all outbound traffic", + "destination_address_prefix": "*", + "destination_port_range": "*", + "direction": "Outbound", + "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/defaultSecurityRules/DenyAllOutBound", + "name": "DenyAllOutBound", + "priority": 65500, + "protocol": "*", + "provisioning_state": "Succeeded", + "source_address_prefix": "*", + "source_port_range": "*" + } + ] + id: + description: + - The resource ID. + returned: always + type: str + sample: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup" + location: + description: + - The resource location. + returned: always + type: str + sample: "westus" + name: + description: + - Name of the secrurity group. + returned: always + type: str + sample: "mysecgroup" + network_interfaces: + description: + - A collection of references to network interfaces. + returned: always + type: list + sample: [] + rules: + description: + - A collection of security rules of the network security group. + returned: always + type: list + sample: [ + { + "access": "Deny", + "description": null, + "destination_address_prefix": "*", + "destination_port_range": "22", + "direction": "Inbound", + "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/securityRules/DenySSH", + "name": "DenySSH", + "priority": 100, + "protocol": "Tcp", + "provisioning_state": "Succeeded", + "source_address_prefix": "*", + "source_port_range": "*" + }, + { + "access": "Allow", + "description": null, + "destination_address_prefix": "*", + "destination_port_range": "22", + "direction": "Inbound", + "etag": 'W/"edf48d56-b315-40ca-a85d-dbcb47f2da7d"', + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/mysecgroup/securityRules/AllowSSH", + "name": "AllowSSH", + "priority": 101, + "protocol": "Tcp", + "provisioning_state": "Succeeded", + "source_address_prefix": "174.109.158.0/24", + "source_port_range": "*" + } + ] + subnets: + description: + - A collection of references to subnets. + returned: always + type: list + sample: [] + tags: + description: + - Tags to assign to the security group. + returned: always + type: dict + sample: { + "delete": "on-exit", + "foo": "bar", + "testing": "testing" + } + type: + description: + - The resource type. + returned: always + type: str + sample: "Microsoft.Network/networkSecurityGroups" ''' # NOQA try: diff --git a/lib/ansible/modules/cloud/azure/azure_rm_securitygroup_facts.py b/lib/ansible/modules/cloud/azure/azure_rm_securitygroup_facts.py index 6b50748d4f8..dc912364b5c 100644 --- a/lib/ansible/modules/cloud/azure/azure_rm_securitygroup_facts.py +++ b/lib/ansible/modules/cloud/azure/azure_rm_securitygroup_facts.py @@ -20,7 +20,7 @@ module: azure_rm_securitygroup_facts version_added: "2.1" -short_description: Get security group facts. +short_description: Get security group facts description: - Get facts for a specific security group or all security groups within a resource group. @@ -41,8 +41,8 @@ extends_documentation_fragment: - azure author: - - "Chris Houseknecht (@chouseknecht)" - - "Matt Davis (@nitzmahone)" + - Chris Houseknecht (@chouseknecht) + - Matt Davis (@nitzmahone) ''' @@ -60,21 +60,47 @@ EXAMPLES = ''' RETURN = ''' azure_securitygroups: - description: List containing security group dicts. + description: + - List containing security group dicts. returned: always - type: list - example: [{ - "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001", - "location": "eastus2", - "name": "secgroup001", - "properties": { - "defaultSecurityRules": [ - { - "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowVnetInBound", - "name": "AllowVnetInBound", - "properties": { + type: complex + contains: + etag: + description: + - A unique read-only string that changes whenever the resource is updated. + returned: always + type: str + sample: 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"' + id: + description: + - Resource ID. + returned: always + type: str + sample: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001" + location: + description: + - Resource location. + returned: always + type: str + sample: "eastus2" + name: + description: + - Resource name. + returned: always + type: str + sample: "secgroup001" + properties: + description: + - List of security group's properties. + returned: always + type: dict + sample: { + "defaultSecurityRules": [ + { + "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowVnetInBound", + "name": "AllowVnetInBound", + "properties": { "access": "Allow", "description": "Allow inbound traffic from all VMs in VNET", "destinationAddressPrefix": "VirtualNetwork", @@ -85,106 +111,115 @@ azure_securitygroups: "provisioningState": "Succeeded", "sourceAddressPrefix": "VirtualNetwork", "sourcePortRange": "*" - } - }, - { - "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowAzureLoadBalancerInBound", - "name": "AllowAzureLoadBalancerInBound", - "properties": { - "access": "Allow", - "description": "Allow inbound traffic from azure load balancer", - "destinationAddressPrefix": "*", - "destinationPortRange": "*", - "direction": "Inbound", - "priority": 65001, - "protocol": "*", - "provisioningState": "Succeeded", - "sourceAddressPrefix": "AzureLoadBalancer", - "sourcePortRange": "*" - } - }, - { - "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/DenyAllInBound", - "name": "DenyAllInBound", - "properties": { - "access": "Deny", - "description": "Deny all inbound traffic", - "destinationAddressPrefix": "*", - "destinationPortRange": "*", - "direction": "Inbound", - "priority": 65500, - "protocol": "*", - "provisioningState": "Succeeded", - "sourceAddressPrefix": "*", - "sourcePortRange": "*" - } - }, - { - "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowVnetOutBound", - "name": "AllowVnetOutBound", - "properties": { - "access": "Allow", - "description": "Allow outbound traffic from all VMs to all VMs in VNET", - "destinationAddressPrefix": "VirtualNetwork", - "destinationPortRange": "*", - "direction": "Outbound", - "priority": 65000, - "protocol": "*", - "provisioningState": "Succeeded", - "sourceAddressPrefix": "VirtualNetwork", - "sourcePortRange": "*" - } - }, - { - "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowInternetOutBound", - "name": "AllowInternetOutBound", - "properties": { - "access": "Allow", - "description": "Allow outbound traffic from all VMs to Internet", - "destinationAddressPrefix": "Internet", - "destinationPortRange": "*", - "direction": "Outbound", - "priority": 65001, - "protocol": "*", - "provisioningState": "Succeeded", - "sourceAddressPrefix": "*", - "sourcePortRange": "*" - } - }, - { - "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/DenyAllOutBound", - "name": "DenyAllOutBound", - "properties": { - "access": "Deny", - "description": "Deny all outbound traffic", - "destinationAddressPrefix": "*", - "destinationPortRange": "*", - "direction": "Outbound", - "priority": 65500, - "protocol": "*", - "provisioningState": "Succeeded", - "sourceAddressPrefix": "*", - "sourcePortRange": "*" - } - } - ], - "networkInterfaces": [ - { - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkInterfaces/nic004" - } - ], - "provisioningState": "Succeeded", - "resourceGuid": "ebd00afa-5dc8-446f-810a-50dd6f671588", - "securityRules": [] - }, - "tags": {}, - "type": "Microsoft.Network/networkSecurityGroups" - }] + } + }, + { + "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowAzureLoadBalancerInBound", + "name": "AllowAzureLoadBalancerInBound", + "properties": { + "access": "Allow", + "description": "Allow inbound traffic from azure load balancer", + "destinationAddressPrefix": "*", + "destinationPortRange": "*", + "direction": "Inbound", + "priority": 65001, + "protocol": "*", + "provisioningState": "Succeeded", + "sourceAddressPrefix": "AzureLoadBalancer", + "sourcePortRange": "*" + } + }, + { + "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/DenyAllInBound", + "name": "DenyAllInBound", + "properties": { + "access": "Deny", + "description": "Deny all inbound traffic", + "destinationAddressPrefix": "*", + "destinationPortRange": "*", + "direction": "Inbound", + "priority": 65500, + "protocol": "*", + "provisioningState": "Succeeded", + "sourceAddressPrefix": "*", + "sourcePortRange": "*" + } + }, + { + "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowVnetOutBound", + "name": "AllowVnetOutBound", + "properties": { + "access": "Allow", + "description": "Allow outbound traffic from all VMs to all VMs in VNET", + "destinationAddressPrefix": "VirtualNetwork", + "destinationPortRange": "*", + "direction": "Outbound", + "priority": 65000, + "protocol": "*", + "provisioningState": "Succeeded", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*" + } + }, + { + "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/AllowInternetOutBound", + "name": "AllowInternetOutBound", + "properties": { + "access": "Allow", + "description": "Allow outbound traffic from all VMs to Internet", + "destinationAddressPrefix": "Internet", + "destinationPortRange": "*", + "direction": "Outbound", + "priority": 65001, + "protocol": "*", + "provisioningState": "Succeeded", + "sourceAddressPrefix": "*", + "sourcePortRange": "*" + } + }, + { + "etag": 'W/"d036f4d7-d977-429a-a8c6-879bc2523399"', + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/secgroup001/defaultSecurityRules/DenyAllOutBound", + "name": "DenyAllOutBound", + "properties": { + "access": "Deny", + "description": "Deny all outbound traffic", + "destinationAddressPrefix": "*", + "destinationPortRange": "*", + "direction": "Outbound", + "priority": 65500, + "protocol": "*", + "provisioningState": "Succeeded", + "sourceAddressPrefix": "*", + "sourcePortRange": "*" + } + } + ], + "networkInterfaces": [ + { + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/myResourceGroup/providers/Microsoft.Network/networkInterfaces/nic004" + } + ], + "provisioningState": "Succeeded", + "resourceGuid": "ebd00afa-5dc8-446f-810a-50dd6f671588", + "securityRules": [] + } + tags: + descripition: + - Tags to assign to the security group. + returned: always + type: dict + sample: { 'tag': 'value' } + type: + description: + - Type of the resource. + returned: always + type: str + sample: "Microsoft.Network/networkSecurityGroups" ''' # NOQA