Menu Close

Chapter 56. security

This chapter describes the commands under the security command.

56.1. security group create

Create a new security group

Usage:

openstack security group create [-h] [-f {json,shell,table,value,yaml}]
                                       [-c COLUMN] [--max-width <integer>]
                                       [--fit-width] [--print-empty]
                                       [--noindent] [--prefix PREFIX]
                                       [--description <description>]
                                       [--project <project>]
                                       [--project-domain <project-domain>]
                                       <name>

Table 56.1. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 56.2. Positional Arguments

ValueSummary

<name>

New security group name

Table 56.3. Output Formatters

ValueSummary

output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 56.4. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 56.5. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--description <description>

Security group description

--project <project>

Owner’s project (name or id)

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

Table 56.6. Shell Formatter

ValueSummary

a format a UNIX shell can parse (variable="value")--prefix PREFIX

Add a prefix to all variable names

56.2. security group delete

Delete security group(s)

Usage:

openstack security group delete [-h] <group> [<group> ...]

Table 56.7. Positional Arguments

ValueSummary

<group>

Security group(s) to delete (name or id)

Table 56.8. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

56.3. security group list

List security groups

Usage:

openstack security group list [-h] [-f {csv,json,table,value,yaml}]
                                     [-c COLUMN] [--max-width <integer>]
                                     [--fit-width] [--print-empty]
                                     [--noindent]
                                     [--quote {all,minimal,none,nonnumeric}]
                                     [--sort-column SORT_COLUMN]
                                     [--project <project>]
                                     [--project-domain <project-domain>]

Table 56.9. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 56.10. CSV Formatter

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 56.11. Output Formatters

ValueSummary

output formatter options-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 56.12. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 56.13. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--project <project>

List security groups according to the project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

56.4. security group rule create

Create a new security group rule

Usage:

openstack security group rule create [-h]
                                            [-f {json,shell,table,value,yaml}]
                                            [-c COLUMN]
                                            [--max-width <integer>]
                                            [--fit-width] [--print-empty]
                                            [--noindent] [--prefix PREFIX]
                                            [--remote-ip <ip-address> | --remote-group <group>]
                                            [--description <description>]
                                            [--dst-port <port-range>]
                                            [--icmp-type <icmp-type>]
                                            [--icmp-code <icmp-code>]
                                            [--protocol <protocol>]
                                            [--ingress | --egress]
                                            [--ethertype <ethertype>]
                                            [--project <project>]
                                            [--project-domain <project-domain>]
                                            <group>

Table 56.14. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 56.15. Positional Arguments

ValueSummary

<group>

Create rule in this security group (name or id)

Table 56.16. Output Formatters

ValueSummary

output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 56.17. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 56.18. Optional Arguments

ValueSummary

--remote-ip <ip-address>

Remote ip address block (may use cidr notation; default for IPv4 rule: 0.0.0.0/0)

--remote-group <group>

Remote security group (name or id)

--icmp-type <icmp-type>

Icmp type for icmp ip protocols

--icmp-code <icmp-code>

Icmp code for icmp ip protocols

--ethertype <ethertype>

Ethertype of network traffic (ipv4, ipv6; default: based on IP protocol)

--ingress

Rule applies to incoming network traffic (default)

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--protocol <protocol>

Ip protocol (ah, dccp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: tcp)

--dst-port <port-range>

Destination port, may be a single port or a starting and ending port range: 137:139. Required for IP protocols TCP and UDP. Ignored for ICMP IP protocols.

-h, --help

Show this help message and exit

--description <description>

Set security group rule description

--project <project>

Owner’s project (name or id)

--egress

Rule applies to outgoing network traffic

Table 56.19. Shell Formatter

ValueSummary

a format a UNIX shell can parse (variable="value")--prefix PREFIX

Add a prefix to all variable names

56.5. security group rule delete

Delete security group rule(s)

Usage:

openstack security group rule delete [-h] <rule> [<rule> ...]

Table 56.20. Positional Arguments

ValueSummary

<rule>

Security group rule(s) to delete (id only)

Table 56.21. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

56.6. security group rule list

List security group rules

Usage:

openstack security group rule list [-h]
                                          [-f {csv,json,table,value,yaml}]
                                          [-c COLUMN] [--max-width <integer>]
                                          [--fit-width] [--print-empty]
                                          [--noindent]
                                          [--quote {all,minimal,none,nonnumeric}]
                                          [--sort-column SORT_COLUMN]
                                          [--protocol <protocol>]
                                          [--ingress | --egress] [--long]
                                          [<group>]

Table 56.22. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 56.23. Positional Arguments

ValueSummary

<group>

List all rules in this security group (name or id)

Table 56.24. CSV Formatter

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 56.25. Output Formatters

ValueSummary

output formatter options-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 56.26. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 56.27. Optional Arguments

ValueSummary

--protocol <protocol>

List rules by the ip protocol (ah, dhcp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255]).

-h, --help

Show this help message and exit

--long

List additional fields in output

--ingress

List rules applied to incoming network traffic

--egress

List rules applied to outgoing network traffic

56.7. security group rule show

Display security group rule details

Usage:

openstack security group rule show [-h]
                                          [-f {json,shell,table,value,yaml}]
                                          [-c COLUMN] [--max-width <integer>]
                                          [--fit-width] [--print-empty]
                                          [--noindent] [--prefix PREFIX]
                                          <rule>

Table 56.28. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 56.29. Positional Arguments

ValueSummary

<rule>

Security group rule to display (id only)

Table 56.30. Output Formatters

ValueSummary

output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 56.31. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 56.32. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

Table 56.33. Shell Formatter

ValueSummary

a format a UNIX shell can parse (variable="value")--prefix PREFIX

Add a prefix to all variable names

56.8. security group set

Set security group properties

Usage:

openstack security group set [-h] [--name <new-name>]
                                    [--description <description>]
                                    <group>

Table 56.34. Positional Arguments

ValueSummary

<group>

Security group to modify (name or id)

Table 56.35. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--description <description>

New security group description

--name <new-name>

New security group name

56.9. security group show

Display security group details

Usage:

openstack security group show [-h] [-f {json,shell,table,value,yaml}]
                                     [-c COLUMN] [--max-width <integer>]
                                     [--fit-width] [--print-empty]
                                     [--noindent] [--prefix PREFIX]
                                     <group>

Table 56.36. Table Formatter

ValueSummary

--print-empty

Print empty table if there is no data to show.

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

Table 56.37. Positional Arguments

ValueSummary

<group>

Security group to display (name or id)

Table 56.38. Output Formatters

ValueSummary

output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 56.39. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 56.40. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

Table 56.41. Shell Formatter

ValueSummary

a format a UNIX shell can parse (variable="value")--prefix PREFIX

Add a prefix to all variable names