openstack_networking_secgroup_rule_v2

For your information

These instructions are a copy of the official OpenStack Terraform provider documentation in the Terraform Registry.

Manages a V2 neutron security group rule resource within OpenStack.Unlike Nova security groups, neutron separates the group from the rulesand also allows an admin to target a specific tenant_id.

Example Usage

resource "openstack_networking_secgroup_v2" "secgroup_1" {
  name        = "secgroup_1"
  description = "My neutron security group"
}

resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 22
  port_range_max    = 22
  remote_ip_prefix  = "0.0.0.0/0"
  security_group_id = openstack_networking_secgroup_v2.secgroup_1.id
}

~> Note: To expose the full port-range 1:65535, use 0 for port_range_minand port_range_max.

Argument Reference

The following arguments are supported:

region — (Optional) The region in which to obtain the V2 networking client.A networking client is needed to create a port. If omitted, the region argument of the provider is used. Changing this creates a newsecurity group rule.
description — (Optional) A description of the rule. Changing this creates a new security group rule.
direction — (Required) The direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
ethertype — (Required) The layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
protocol — (Optional) The layer 4 protocol type, valid values arefollowing. Changing this creates a new security group rule. This is requiredif you want to specify a port range.
- empty string or omitted (any protocol)
- integer value between 0 and 255 (valid IP protocol number)
- tcp
- udp
- icmp
- ah
- dccp
- egp
- esp
- gre
- igmp
- ipv6-encap
- ipv6-frag
- ipv6-icmp
- ipv6-nonxt
- ipv6-opts
- ipv6-route
- ospf
- pgm
- rsvp
- sctp
- udplite
- vrrp
- ipip
port_range_min — (Optional) The lower part of the allowed port range, validinteger value needs to be between 1 and 65535. Changing this creates a newsecurity group rule.
port_range_max — (Optional) The higher part of the allowed port range, validinteger value needs to be between 1 and 65535. Changing this creates a newsecurity group rule.
remote_ip_prefix — (Optional) The remote CIDR, the value needs to be a validCIDR (i.e. 192.168.0.0.0/16). Changing this creates a new security group rule.
remote_group_id — (Optional) The remote group id, the value needs to be anOpenStack ID of a security group in the same tenant. Changing this createsa new security group rule.
security_group_id — (Required) The security group id the rule should belongto, the value needs to be an OpenStack ID of a security group in the sametenant. Changing this creates a new security group rule.
tenant_id — (Optional) The owner of the security group. Required if adminwants to create a port for another tenant. Changing this creates a newsecurity group rule.

Attributes Reference

The following attributes are exported:

region — See Argument Reference above.
description — See Argument Reference above.
direction — See Argument Reference above.
ethertype — See Argument Reference above.
protocol — See Argument Reference above.
port_range_min — See Argument Reference above.
port_range_max — See Argument Reference above.
remote_ip_prefix — See Argument Reference above.
remote_group_id — See Argument Reference above.
security_group_id — See Argument Reference above.
tenant_id — See Argument Reference above.

Import

Security Group Rules can be imported using the id, e.g.

$ terraform import openstack_networking_secgroup_rule_v2.secgroup_rule_1 aeb68ee3-6e9d-4256-955c-9584a6212745