Chapter 71. security

This chapter describes the commands under the security command.

71.1. security group create

Create a new security group

Usage:

openstack security group create [-h] [-f {json,shell,table,value,yaml}]
                                       [-c COLUMN] [--noindent]
                                       [--prefix PREFIX]
                                       [--max-width <integer>] [--fit-width]
                                       [--print-empty]
                                       [--description <description>]
                                       [--project <project>]
                                       [--project-domain <project-domain>]
                                       [--tag <tag> | --no-tag]
                                       <name>

Table 71.1. Positional Arguments

ValueSummary

<name>

New security group name

Table 71.2. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--description <description>

Security group description

--project <project>

Owner’s project (name or id)

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--tag <tag>

Tag to be added to the security group (repeat option to set multiple tags)

--no-tag

No tags associated with the security group

Table 71.3. Output Formatters

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 71.4. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 71.5. Shell Formatter

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 71.6. Table Formatter

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

71.2. security group delete

Delete security group(s)

Usage:

openstack security group delete [-h] <group> [<group> ...]

Table 71.7. Positional Arguments

ValueSummary

<group>

Security group(s) to delete (name or id)

Table 71.8. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

71.3. security group list

List security groups

Usage:

openstack security group list [-h] [-f {csv,json,table,value,yaml}]
                                     [-c COLUMN]
                                     [--quote {all,minimal,none,nonnumeric}]
                                     [--noindent] [--max-width <integer>]
                                     [--fit-width] [--print-empty]
                                     [--sort-column SORT_COLUMN]
                                     [--project <project>]
                                     [--project-domain <project-domain>]
                                     [--tags <tag>[,<tag>,...]]
                                     [--any-tags <tag>[,<tag>,...]]
                                     [--not-tags <tag>[,<tag>,...]]
                                     [--not-any-tags <tag>[,<tag>,...]]

Table 71.9. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--project <project>

List security groups according to the project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--tags <tag>[,<tag>,…​]

List security group which have all given tag(s) (Comma-separated list of tags)

--any-tags <tag>[,<tag>,…​]

List security group which have any given tag(s) (Comma-separated list of tags)

--not-tags <tag>[,<tag>,…​]

Exclude security group which have all given tag(s) (Comma-separated list of tags)

--not-any-tags <tag>[,<tag>,…​]

Exclude security group which have any given tag(s) (Comma-separated list of tags)

Table 71.10. Output Formatters

ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 71.11. CSV Formatter

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 71.12. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 71.13. Table Formatter

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

71.4. security group rule create

Create a new security group rule

Usage:

openstack security group rule create [-h]
                                            [-f {json,shell,table,value,yaml}]
                                            [-c COLUMN] [--noindent]
                                            [--prefix PREFIX]
                                            [--max-width <integer>]
                                            [--fit-width] [--print-empty]
                                            [--remote-ip <ip-address> | --remote-group <group>]
                                            [--description <description>]
                                            [--dst-port <port-range>]
                                            [--icmp-type <icmp-type>]
                                            [--icmp-code <icmp-code>]
                                            [--protocol <protocol>]
                                            [--ingress | --egress]
                                            [--ethertype <ethertype>]
                                            [--project <project>]
                                            [--project-domain <project-domain>]
                                            <group>

Table 71.14. Positional Arguments

ValueSummary

<group>

Create rule in this security group (name or id)

Table 71.15. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--remote-ip <ip-address>

Remote ip address block (may use cidr notation; default for IPv4 rule: 0.0.0.0/0, default for IPv6 rule: ::/0)

--remote-group <group>

Remote security group (name or id)

--description <description>

Set security group rule description

--dst-port <port-range>

Destination port, may be a single port or a starting and ending port range: 137:139. Required for IP protocols TCP and UDP. Ignored for ICMP IP protocols.

--icmp-type <icmp-type>

Icmp type for icmp ip protocols

--icmp-code <icmp-code>

Icmp code for icmp ip protocols

--protocol <protocol>

Ip protocol (ah, dccp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols))

--ingress

Rule applies to incoming network traffic (default)

--egress

Rule applies to outgoing network traffic

--ethertype <ethertype>

Ethertype of network traffic (ipv4, ipv6; default: based on IP protocol)

--project <project>

Owner’s project (name or id)

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

Table 71.16. Output Formatters

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 71.17. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 71.18. Shell Formatter

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 71.19. Table Formatter

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

71.5. security group rule delete

Delete security group rule(s)

Usage:

openstack security group rule delete [-h] <rule> [<rule> ...]

Table 71.20. Positional Arguments

ValueSummary

<rule>

Security group rule(s) to delete (id only)

Table 71.21. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

71.6. security group rule list

List security group rules

Usage:

openstack security group rule list [-h]
                                          [-f {csv,json,table,value,yaml}]
                                          [-c COLUMN]
                                          [--quote {all,minimal,none,nonnumeric}]
                                          [--noindent] [--max-width <integer>]
                                          [--fit-width] [--print-empty]
                                          [--sort-column SORT_COLUMN]
                                          [--protocol <protocol>]
                                          [--ethertype <ethertype>]
                                          [--ingress | --egress] [--long]
                                          [<group>]

Table 71.22. Positional Arguments

ValueSummary

<group>

List all rules in this security group (name or id)

Table 71.23. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--protocol <protocol>

List rules by the ip protocol (ah, dhcp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols))

--ethertype <ethertype>

List rules by the ethertype (ipv4 or ipv6)

--ingress

List rules applied to incoming network traffic

--egress

List rules applied to outgoing network traffic

--long

List additional fields in output

Table 71.24. Output Formatters

ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 71.25. CSV Formatter

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 71.26. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 71.27. Table Formatter

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

71.7. security group rule show

Display security group rule details

Usage:

openstack security group rule show [-h]
                                          [-f {json,shell,table,value,yaml}]
                                          [-c COLUMN] [--noindent]
                                          [--prefix PREFIX]
                                          [--max-width <integer>]
                                          [--fit-width] [--print-empty]
                                          <rule>

Table 71.28. Positional Arguments

ValueSummary

<rule>

Security group rule to display (id only)

Table 71.29. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

Table 71.30. Output Formatters

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 71.31. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 71.32. Shell Formatter

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 71.33. Table Formatter

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

71.8. security group set

Set security group properties

Usage:

openstack security group set [-h] [--name <new-name>]
                                    [--description <description>]
                                    [--tag <tag>] [--no-tag]
                                    <group>

Table 71.34. Positional Arguments

ValueSummary

<group>

Security group to modify (name or id)

Table 71.35. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--name <new-name>

New security group name

--description <description>

New security group description

--tag <tag>

Tag to be added to the security group (repeat option to set multiple tags)

--no-tag

Clear tags associated with the security group. specify both --tag and --no-tag to overwrite current tags

71.9. security group show

Display security group details

Usage:

openstack security group show [-h] [-f {json,shell,table,value,yaml}]
                                     [-c COLUMN] [--noindent]
                                     [--prefix PREFIX] [--max-width <integer>]
                                     [--fit-width] [--print-empty]
                                     <group>

Table 71.36. Positional Arguments

ValueSummary

<group>

Security group to display (name or id)

Table 71.37. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

Table 71.38. Output Formatters

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 71.39. JSON Formatter

ValueSummary

--noindent

Whether to disable indenting the json

Table 71.40. Shell Formatter

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 71.41. Table Formatter

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

71.10. security group unset

Unset security group properties

Usage:

openstack security group unset [-h] [--tag <tag> | --all-tag] <group>

Table 71.42. Positional Arguments

ValueSummary

<group>

Security group to modify (name or id)

Table 71.43. Optional Arguments

ValueSummary

-h, --help

Show this help message and exit

--tag <tag>

Tag to be removed from the security group (repeat option to remove multiple tags)

--all-tag

Clear all tags associated with the security group