saltext.vmware.states.vmc_security_groups#

VMC Security group state module

Add new security group, update existing security group and delete existing security group from an SDDC.

Example usage :

Security_group_1:
  vmc_security_groups.present:
    - hostname: sample-nsx.vmwarevmc.com
    - refresh_key: 7jPSGSZpCa8e5Ouks4UY5cZyOtynAhF
    - authorization_host: console-stg.cloud.vmware.com
    - org_id: 10e1092f-51d0-473a-80f8-137652c39fd0
    - sddc_id: b43da080-2626-f64c-88e8-7f31d9d2c306
    - domain_id: mgw
    - verify_ssl: False
    - cert: /path/to/client/certificate

Warning

It is recommended to pass the VMC authentication details using Pillars rather than specifying as plain text in SLS files.

saltext.vmware.states.vmc_security_groups.present(name, hostname, refresh_key, authorization_host, org_id, sddc_id, domain_id, verify_ssl=True, cert=None, expression=None, description=None, tags='USER_DEFINED_NONE', display_name=None)[source]#

Ensure a given security group exists for given SDDC

name

Indicates the security group id, any unique string identifying the security group. Also same as the display_name by default.

hostname

The host name of NSX-T manager

refresh_key

API Token of the user which is used to get the Access Token required for VMC operations

authorization_host

Hostname of the VMC cloud console

org_id

The Id of organization to which the SDDC belongs to

sddc_id

The Id of SDDC for which the security groups should be added

domain_id

The domain_id for which the security group should belong to. Possible values: mgw, cgw

verify_ssl

(Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped.

cert

(Optional) Path to the SSL client certificate file to connect to VMC Cloud Console. The certificate can be retrieved from browser.

expression
Expression for security group members

The expression list must follow below criteria: 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all non-conjunction expressions must be at even indices, separated by a conjunction expression at odd indices. 2. The total of ConditionExpression and NestedExpression in a list should not exceed 5. 3. The total of IPAddressExpression, MACAddressExpression, external IDs in an ExternalIDExpression and paths in a PathExpression must not exceed 500. 4. Each expression must be a valid Expression. See the definition of the Expression type for more information.

Its list of dicts

Example values

1. [{“member_type”:”VirtualMachine”,”resource_type”:”ExternalIDExpression”, “external_ids”:[“52bf8bd0-95b1-2e58-5180-ccfa743da576”]}]

  1. [{“value”:”Linux”,”member_type”:”VirtualMachine”,”key”:”OSName”, “operator”:”EQUALS”,”resource_type”:”Condition”}, {“resource_type”:”ConjunctionOperator”,”conjunction_operator”:”OR”}, {“member_type”:”VirtualMachine”,”resource_type”:”ExternalIDExpression”, “external_ids”:[“52bf8bd0-95b1-2e58-5180-ccfa743da576”]}]

  2. [{“ip_addresses”[“10.2.23.1”, “10.2.23.2”],

    “resource_type” : “IPAddressExpression”} ]

description

(Optional) Description of Security Groups

tags

(Optional) Opaque identifiers meaningful to the user.

tags='[
    {
        "tag": "<tag-key-1>"
        "scope": "<tag-value-1>"
    },
    {
        "tag": "<tag-key-2>"
        "scope": "<tag-value-2>"
    }
]'
display_name

Identifier to use when displaying entity in logs or GUI. This is applicable for only update scenario. For create scenario, display_name would be same as security_group_id.

Example values:

{
    "expression": [
      {
        "member_type": "VirtualMachine",
        "value": "webvm",
        "key": "Tag",
        "operator": "EQUALS",
        "resource_type": "Condition"
      }
    ],
    "description": "web group"
}
saltext.vmware.states.vmc_security_groups.absent(name, hostname, refresh_key, authorization_host, org_id, sddc_id, domain_id, verify_ssl=True, cert=None)[source]#

Ensure a given security group does not exist on given SDDC

name

Indicates the security group id, any unique string identifying the security group.

hostname

The host name of NSX-T manager

refresh_key

API Token of the user which is used to get the Access Token required for VMC operations

authorization_host

Hostname of the VMC cloud console

org_id

The Id of organization to which the SDDC belongs to

sddc_id

The Id of SDDC from which the security group should be deleted

domain_id

The domain_id for which the security group should belong to. Possible values: mgw, cgw

verify_ssl

(Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped.

cert

(Optional) Path to the SSL client certificate file to connect to VMC Cloud Console. The certificate can be retrieved from browser.