Chapter 69. security

This chapter describes the commands under the security command.

69.1. security group create

Create a new security group

Usage:

openstack security group create [-h] [-f {json,shell,table,value,yaml}]
                                       [-c COLUMN] [--noindent]
                                       [--prefix PREFIX]
                                       [--max-width <integer>] [--fit-width]
                                       [--print-empty]
                                       [--description <description>]
                                       [--project <project>]
                                       [--project-domain <project-domain>]
                                       [--tag <tag> | --no-tag]
                                       <name>

Table 69.1. Positional arguments

ValueSummary

<name>

New security group name

Table 69.2. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--description <description>

Security group description

--project <project>

Owner’s project (name or id)

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--tag <tag>

Tag to be added to the security group (repeat option to set multiple tags)

--no-tag

No tags associated with the security group

Table 69.3. Output formatter options

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 69.4. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 69.5. Shell formatter options

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 69.6. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

69.2. security group delete

Delete security group(s)

Usage:

openstack security group delete [-h] <group> [<group> ...]

Table 69.7. Positional arguments

ValueSummary

<group>

Security group(s) to delete (name or id)

Table 69.8. Command arguments

ValueSummary

-h, --help

Show this help message and exit

69.3. security group list

List security groups

Usage:

openstack security group list [-h] [-f {csv,json,table,value,yaml}]
                                     [-c COLUMN]
                                     [--quote {all,minimal,none,nonnumeric}]
                                     [--noindent] [--max-width <integer>]
                                     [--fit-width] [--print-empty]
                                     [--sort-column SORT_COLUMN]
                                     [--project <project>]
                                     [--project-domain <project-domain>]
                                     [--tags <tag>[,<tag>,...]]
                                     [--any-tags <tag>[,<tag>,...]]
                                     [--not-tags <tag>[,<tag>,...]]
                                     [--not-any-tags <tag>[,<tag>,...]]

Table 69.9. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--project <project>

List security groups according to the project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--tags <tag>[,<tag>,…​]

List security group which have all given tag(s) (Comma-separated list of tags)

--any-tags <tag>[,<tag>,…​]

List security group which have any given tag(s) (Comma-separated list of tags)

--not-tags <tag>[,<tag>,…​]

Exclude security group which have all given tag(s) (Comma-separated list of tags)

--not-any-tags <tag>[,<tag>,…​]

Exclude security group which have any given tag(s) (Comma-separated list of tags)

Table 69.10. Output formatter options

ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 69.11. CSV formatter options

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 69.12. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 69.13. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

69.4. security group rule create

Create a new security group rule

Usage:

openstack security group rule create [-h]
                                            [-f {json,shell,table,value,yaml}]
                                            [-c COLUMN] [--noindent]
                                            [--prefix PREFIX]
                                            [--max-width <integer>]
                                            [--fit-width] [--print-empty]
                                            [--remote-ip <ip-address> | --remote-group <group>]
                                            [--description <description>]
                                            [--dst-port <port-range>]
                                            [--icmp-type <icmp-type>]
                                            [--icmp-code <icmp-code>]
                                            [--protocol <protocol>]
                                            [--ingress | --egress]
                                            [--ethertype <ethertype>]
                                            [--project <project>]
                                            [--project-domain <project-domain>]
                                            <group>

Table 69.14. Positional arguments

ValueSummary

<group>

Create rule in this security group (name or id)

Table 69.15. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--remote-ip <ip-address>

Remote ip address block (may use cidr notation; default for IPv4 rule: 0.0.0.0/0, default for IPv6 rule: ::/0)

--remote-group <group>

Remote security group (name or id)

--description <description>

Set security group rule description

--dst-port <port-range>

Destination port, may be a single port or a starting and ending port range: 137:139. Required for IP protocols TCP and UDP. Ignored for ICMP IP protocols.

--icmp-type <icmp-type>

Icmp type for icmp ip protocols

--icmp-code <icmp-code>

Icmp code for icmp ip protocols

--protocol <protocol>

Ip protocol (ah, dccp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols))

--ingress

Rule applies to incoming network traffic (default)

--egress

Rule applies to outgoing network traffic

--ethertype <ethertype>

Ethertype of network traffic (ipv4, ipv6; default: based on IP protocol)

--project <project>

Owner’s project (name or id)

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

Table 69.16. Output formatter options

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 69.17. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 69.18. Shell formatter options

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 69.19. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

69.5. security group rule delete

Delete security group rule(s)

Usage:

openstack security group rule delete [-h] <rule> [<rule> ...]

Table 69.20. Positional arguments

ValueSummary

<rule>

Security group rule(s) to delete (id only)

Table 69.21. Command arguments

ValueSummary

-h, --help

Show this help message and exit

69.6. security group rule list

List security group rules

Usage:

openstack security group rule list [-h]
                                          [-f {csv,json,table,value,yaml}]
                                          [-c COLUMN]
                                          [--quote {all,minimal,none,nonnumeric}]
                                          [--noindent] [--max-width <integer>]
                                          [--fit-width] [--print-empty]
                                          [--sort-column SORT_COLUMN]
                                          [--protocol <protocol>]
                                          [--ethertype <ethertype>]
                                          [--ingress | --egress] [--long]
                                          [<group>]

Table 69.22. Positional arguments

ValueSummary

<group>

List all rules in this security group (name or id)

Table 69.23. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--protocol <protocol>

List rules by the ip protocol (ah, dhcp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols))

--ethertype <ethertype>

List rules by the ethertype (ipv4 or ipv6)

--ingress

List rules applied to incoming network traffic

--egress

List rules applied to outgoing network traffic

--long

List additional fields in output

Table 69.24. Output formatter options

ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Table 69.25. CSV formatter options

ValueSummary

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

Table 69.26. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 69.27. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

69.7. security group rule show

Display security group rule details

Usage:

openstack security group rule show [-h]
                                          [-f {json,shell,table,value,yaml}]
                                          [-c COLUMN] [--noindent]
                                          [--prefix PREFIX]
                                          [--max-width <integer>]
                                          [--fit-width] [--print-empty]
                                          <rule>

Table 69.28. Positional arguments

ValueSummary

<rule>

Security group rule to display (id only)

Table 69.29. Command arguments

ValueSummary

-h, --help

Show this help message and exit

Table 69.30. Output formatter options

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 69.31. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 69.32. Shell formatter options

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 69.33. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

69.8. security group set

Set security group properties

Usage:

openstack security group set [-h] [--name <new-name>]
                                    [--description <description>]
                                    [--tag <tag>] [--no-tag]
                                    <group>

Table 69.34. Positional arguments

ValueSummary

<group>

Security group to modify (name or id)

Table 69.35. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--name <new-name>

New security group name

--description <description>

New security group description

--tag <tag>

Tag to be added to the security group (repeat option to set multiple tags)

--no-tag

Clear tags associated with the security group. specify both --tag and --no-tag to overwrite current tags

69.9. security group show

Display security group details

Usage:

openstack security group show [-h] [-f {json,shell,table,value,yaml}]
                                     [-c COLUMN] [--noindent]
                                     [--prefix PREFIX] [--max-width <integer>]
                                     [--fit-width] [--print-empty]
                                     <group>

Table 69.36. Positional arguments

ValueSummary

<group>

Security group to display (name or id)

Table 69.37. Command arguments

ValueSummary

-h, --help

Show this help message and exit

Table 69.38. Output formatter options

ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated

Table 69.39. JSON formatter options

ValueSummary

--noindent

Whether to disable indenting the json

Table 69.40. Shell formatter options

ValueSummary

--prefix PREFIX

Add a prefix to all variable names

Table 69.41. Table formatter options

ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

69.10. security group unset

Unset security group properties

Usage:

openstack security group unset [-h] [--tag <tag> | --all-tag] <group>

Table 69.42. Positional arguments

ValueSummary

<group>

Security group to modify (name or id)

Table 69.43. Command arguments

ValueSummary

-h, --help

Show this help message and exit

--tag <tag>

Tag to be removed from the security group (repeat option to remove multiple tags)

--all-tag

Clear all tags associated with the security group