`orca security-group`¶

Manage Neutron security groups.

The reference below is generated from the live CLI by mkdocs-click. It always reflects the version installed.

orca security-group¶

Manage security groups.

Usage:

orca security-group [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

cleanup: Find security groups not attached to any port.
clone: Clone a security group (copy all rules to a new group).
create: Create a security group.
delete: Delete a security group.
list: List security groups.
rule: Manage security group rules.
rule-add: [deprecated, use 'security-group rule add' instead]
rule-delete: [deprecated, use 'security-group rule delete' instead]
show: Show security group details and rules.
update: Update a security group.
update: Update a security group.
update: Update a security group.

orca security-group cleanup¶

Find security groups not attached to any port.

Lists orphaned SGs that are likely leftovers from tests or deleted instances. Use --delete to remove them.

The 'default' security group is always skipped.

Examples: orca security-group cleanup # dry run orca security-group cleanup --delete # interactive delete orca security-group cleanup --delete -y # auto-delete all

Usage:

orca security-group cleanup [OPTIONS]

Options:

Name	Type	Description	Default
`--delete`, `-d`	boolean	Actually delete the unused security groups.	`False`
`--yes`, `-y`	boolean	Skip confirmation (with --delete).	`False`
`--help`	boolean	Show this message and exit.	`False`

orca security-group clone¶

Clone a security group (copy all rules to a new group).

Examples: orca security-group clone my-new-sg orca security-group clone prod-sg --description "Production rules"

Usage:

orca security-group clone [OPTIONS] SOURCE_ID NEW_NAME

Options:

Name	Type	Description	Default
`--description`	text	Description for the new group.	None
`--help`	boolean	Show this message and exit.	`False`

orca security-group create¶

Create a security group.

Usage:

orca security-group create [OPTIONS] NAME

Options:

Name	Type	Description	Default
`--description`	text	Description.	``
`--help`	boolean	Show this message and exit.	`False`

orca security-group delete¶

Delete a security group.

Usage:

orca security-group delete [OPTIONS] GROUP_ID

Options:

Name	Type	Description	Default
`--yes`, `-y`	boolean	Skip confirmation.	`False`
`--help`	boolean	Show this message and exit.	`False`

orca security-group list¶

List security groups.

Usage:

orca security-group list [OPTIONS]

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca security-group rule¶

Manage security group rules.

Usage:

orca security-group rule [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

add: Add a rule to a security group.
add: Add a rule to a security group.
delete: Delete a security group rule.
list: List security group rules (across all groups, or filtered).
show: Show a security group rule's details.

orca security-group rule add¶

Add a rule to a security group.

Examples: orca security-group rule-add --direction ingress --protocol tcp --port-min 22 orca security-group rule-add --direction ingress --protocol tcp --port-min 80 --port-max 443 --remote-ip 0.0.0.0/0

Usage:

orca security-group rule add [OPTIONS] GROUP_ID

Options:

Name	Type	Description	Default
`--direction`	choice (`ingress` \| `egress`)	N/A	`Sentinel.UNSET`
`--protocol`	text	Protocol (tcp, udp, icmp, or number).	None
`--port-min`	integer	Min port (or single port).	None
`--port-max`	integer	Max port. Defaults to port-min.	None
`--remote-ip`	text	Remote IP prefix (CIDR).	None
`--remote-group`	text	Remote security group ID.	None
`--ethertype`	choice (`IPv4` \| `IPv6`)	N/A	`IPv4`
`--help`	boolean	Show this message and exit.	`False`

orca security-group rule add¶

Add a rule to a security group.

Examples: orca security-group rule-add --direction ingress --protocol tcp --port-min 22 orca security-group rule-add --direction ingress --protocol tcp --port-min 80 --port-max 443 --remote-ip 0.0.0.0/0

Usage:

orca security-group rule add [OPTIONS] GROUP_ID

Options:

Name	Type	Description	Default
`--direction`	choice (`ingress` \| `egress`)	N/A	`Sentinel.UNSET`
`--protocol`	text	Protocol (tcp, udp, icmp, or number).	None
`--port-min`	integer	Min port (or single port).	None
`--port-max`	integer	Max port. Defaults to port-min.	None
`--remote-ip`	text	Remote IP prefix (CIDR).	None
`--remote-group`	text	Remote security group ID.	None
`--ethertype`	choice (`IPv4` \| `IPv6`)	N/A	`IPv4`
`--help`	boolean	Show this message and exit.	`False`

orca security-group rule delete¶

Delete a security group rule.

Usage:

orca security-group rule delete [OPTIONS] RULE_ID

Options:

Name	Type	Description	Default
`--yes`, `-y`	boolean	Skip confirmation.	`False`
`--help`	boolean	Show this message and exit.	`False`

orca security-group rule list¶

List security group rules (across all groups, or filtered).

Examples: orca security-group rule list orca security-group rule list --group-id orca security-group rule list --direction ingress --protocol tcp

Usage:

orca security-group rule list [OPTIONS]

Options:

Name	Type	Description	Default
`--group-id`	text	Filter rules to a single security group.	None
`--direction`	choice (`ingress` \| `egress`)	Filter by direction.	None
`--protocol`	text	Filter by protocol.	None
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca security-group rule show¶

Show a security group rule's details.

Usage:

orca security-group rule show [OPTIONS] RULE_ID

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca security-group rule-add¶

Add a rule to a security group.

Examples: orca security-group rule-add --direction ingress --protocol tcp --port-min 22 orca security-group rule-add --direction ingress --protocol tcp --port-min 80 --port-max 443 --remote-ip 0.0.0.0/0

Usage:

orca security-group rule-add [OPTIONS] GROUP_ID

Options:

Name	Type	Description	Default
`--direction`	choice (`ingress` \| `egress`)	N/A	`Sentinel.UNSET`
`--protocol`	text	Protocol (tcp, udp, icmp, or number).	None
`--port-min`	integer	Min port (or single port).	None
`--port-max`	integer	Max port. Defaults to port-min.	None
`--remote-ip`	text	Remote IP prefix (CIDR).	None
`--remote-group`	text	Remote security group ID.	None
`--ethertype`	choice (`IPv4` \| `IPv6`)	N/A	`IPv4`
`--help`	boolean	Show this message and exit.	`False`

orca security-group rule-delete¶

Delete a security group rule.

Usage:

orca security-group rule-delete [OPTIONS] RULE_ID

Options:

Name	Type	Description	Default
`--yes`, `-y`	boolean	Skip confirmation.	`False`
`--help`	boolean	Show this message and exit.	`False`

orca security-group show¶

Show security group details and rules.

Usage:

orca security-group show [OPTIONS] GROUP_ID

Options:

Name	Type	Description	Default
`--noindent`	boolean	Disable JSON indentation.	`False`
`--max-width`	integer	Maximum table width (0 = unlimited).	None
`--fit-width`	boolean	Fit table to terminal width.	`False`
`--column`, `-c`	text	Column to include (repeatable). Shows all if omitted.	`Sentinel.UNSET`
`--format`, `-f`	choice (`table` \| `json` \| `value`)	Output format.	`table`
`--help`	boolean	Show this message and exit.	`False`

orca security-group update¶

Update a security group.

Usage:

orca security-group update [OPTIONS] GROUP_ID

Options:

Name	Type	Description	Default
`--name`	text	New name.	None
`--description`	text	New description.	None
`--help`	boolean	Show this message and exit.	`False`

orca security-group update¶

Update a security group.

Usage:

orca security-group update [OPTIONS] GROUP_ID

Options:

Name	Type	Description	Default
`--name`	text	New name.	None
`--description`	text	New description.	None
`--help`	boolean	Show this message and exit.	`False`

orca security-group update¶

Update a security group.

Usage:

orca security-group update [OPTIONS] GROUP_ID

Options:

Name	Type	Description	Default
`--name`	text	New name.	None
`--description`	text	New description.	None
`--help`	boolean	Show this message and exit.	`False`