openstack_networking_secgroup_v2
These instructions are a copy of the official OpenStack Terraform provider documentation in the Terraform Registry.
Manages a V2 neutron security group resource within OpenStack.Unlike Nova security groups, neutron separates the group from the rulesand also allows an admin to target a specific tenant_id.
Example Usage
resource "openstack_networking_secgroup_v2" "secgroup_1" {
name = "secgroup_1"
description = "My neutron security group"
}
Argument Reference
The following arguments are supported:
-
region
— (Optional) The region in which to obtain the V2 networking client.A networking client is needed to create a port. If omitted, theregion
argument of the provider is used. Changing this creates a newsecurity group. -
name
— (Required) A unique name for the security group. -
description
— (Optional) A unique name for the security group. -
tenant_id
— (Optional) The owner of the security group. Required if adminwants to create a port for another tenant. Changing this creates a newsecurity group. -
delete_default_rules
— (Optional) Whether or not to delete the defaultegress security rules. This isfalse
by default. See the below notefor more information. -
stateful
— (Optional) Indicates if the security group is stateful orstateless. Update of the stateful argument is allowed when there is no portassociated with the security group. Available only in OpenStack environmentswith thestateful-security-group
extension. Defaults to true. -
tags
— (Optional) A set of string tags for the security group.
Attributes Reference
The following attributes are exported:
region
— See Argument Reference above.name
— See Argument Reference above.description
— See Argument Reference above.tenant_id
— See Argument Reference above.tags
— See Argument Reference above.all_tags
— The collection of tags assigned on the security group, which havebeen explicitly and implicitly added.
Default Security Group Rules
In most cases, OpenStack will create some egress security group rules for eachnew security group. These security group rules will not be managed byTerraform, so if you prefer to have all aspects of your infrastructuremanaged by Terraform, set delete_default_rules
to true
and then createseparate security group rules such as the following:
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_v4" {
direction = "egress"
ethertype = "IPv4"
security_group_id = openstack_networking_secgroup_v2.secgroup.id
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_v6" {
direction = "egress"
ethertype = "IPv6"
security_group_id = openstack_networking_secgroup_v2.secgroup.id
}
Please note that this behavior may differ depending on the configuration ofthe OpenStack cloud. The above illustrates the current default Neutronbehavior. Some OpenStack clouds might provide additional rules and some might not provide any rules at all (in which case the delete_default_rules
settingis moot).
Import
Security Groups can be imported using the id
, e.g.
$ terraform import openstack_networking_secgroup_v2.secgroup_1 38809219-5e8a-4852-9139-6f461c90e8bc