saltext.vmware.states.vmc_security_groups#
VMC Security group state module
Add new security group, update existing security group and delete existing security group from an SDDC.
Example usage :
Security_group_1:
vmc_security_groups.present:
- hostname: sample-nsx.vmwarevmc.com
- refresh_key: 7jPSGSZpCa8e5Ouks4UY5cZyOtynAhF
- authorization_host: console-stg.cloud.vmware.com
- org_id: 10e1092f-51d0-473a-80f8-137652c39fd0
- sddc_id: b43da080-2626-f64c-88e8-7f31d9d2c306
- domain_id: mgw
- verify_ssl: False
- cert: /path/to/client/certificate
Warning
It is recommended to pass the VMC authentication details using Pillars rather than specifying as plain text in SLS files.
- saltext.vmware.states.vmc_security_groups.present(name, hostname, refresh_key, authorization_host, org_id, sddc_id, domain_id, verify_ssl=True, cert=None, expression=None, description=None, tags='USER_DEFINED_NONE', display_name=None)[source]#
Ensure a given security group exists for given SDDC
- name
Indicates the security group id, any unique string identifying the security group. Also same as the display_name by default.
- hostname
The host name of NSX-T manager
- refresh_key
API Token of the user which is used to get the Access Token required for VMC operations
- authorization_host
Hostname of the VMC cloud console
- org_id
The Id of organization to which the SDDC belongs to
- sddc_id
The Id of SDDC for which the security groups should be added
- domain_id
The domain_id for which the security group should belong to. Possible values: mgw, cgw
- verify_ssl
(Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped.
- cert
(Optional) Path to the SSL client certificate file to connect to VMC Cloud Console. The certificate can be retrieved from browser.
- expression
- Expression for security group members
The expression list must follow below criteria: 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all non-conjunction expressions must be at even indices, separated by a conjunction expression at odd indices. 2. The total of ConditionExpression and NestedExpression in a list should not exceed 5. 3. The total of IPAddressExpression, MACAddressExpression, external IDs in an ExternalIDExpression and paths in a PathExpression must not exceed 500. 4. Each expression must be a valid Expression. See the definition of the Expression type for more information.
- Its list of dicts
Example values
1. [{“member_type”:”VirtualMachine”,”resource_type”:”ExternalIDExpression”, “external_ids”:[“52bf8bd0-95b1-2e58-5180-ccfa743da576”]}]
[{“value”:”Linux”,”member_type”:”VirtualMachine”,”key”:”OSName”, “operator”:”EQUALS”,”resource_type”:”Condition”}, {“resource_type”:”ConjunctionOperator”,”conjunction_operator”:”OR”}, {“member_type”:”VirtualMachine”,”resource_type”:”ExternalIDExpression”, “external_ids”:[“52bf8bd0-95b1-2e58-5180-ccfa743da576”]}]
- [{“ip_addresses”[“10.2.23.1”, “10.2.23.2”],
“resource_type” : “IPAddressExpression”} ]
- description
(Optional) Description of Security Groups
- tags
(Optional) Opaque identifiers meaningful to the user.
tags='[ { "tag": "<tag-key-1>" "scope": "<tag-value-1>" }, { "tag": "<tag-key-2>" "scope": "<tag-value-2>" } ]'
- display_name
Identifier to use when displaying entity in logs or GUI. This is applicable for only update scenario. For create scenario, display_name would be same as security_group_id.
Example values:
{ "expression": [ { "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "resource_type": "Condition" } ], "description": "web group" }
- saltext.vmware.states.vmc_security_groups.absent(name, hostname, refresh_key, authorization_host, org_id, sddc_id, domain_id, verify_ssl=True, cert=None)[source]#
Ensure a given security group does not exist on given SDDC
- name
Indicates the security group id, any unique string identifying the security group.
- hostname
The host name of NSX-T manager
- refresh_key
API Token of the user which is used to get the Access Token required for VMC operations
- authorization_host
Hostname of the VMC cloud console
- org_id
The Id of organization to which the SDDC belongs to
- sddc_id
The Id of SDDC from which the security group should be deleted
- domain_id
The domain_id for which the security group should belong to. Possible values: mgw, cgw
- verify_ssl
(Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped.
- cert
(Optional) Path to the SSL client certificate file to connect to VMC Cloud Console. The certificate can be retrieved from browser.