Skip to main content
openstack_networking_secgroup_v2
Last update:

openstack_networking_secgroup_v2

For your information

These instructions are a copy of the official OpenStack Terraform provider documentation in the Terraform Registry.

Manages a V2 neutron security group resource within OpenStack.Unlike Nova security groups, neutron separates the group from the rulesand also allows an admin to target a specific tenant_id.

Example Usage

resource "openstack_networking_secgroup_v2" "secgroup_1" {
name = "secgroup_1"
description = "My neutron security group"
}

Argument Reference

The following arguments are supported:

  • region — (Optional) The region in which to obtain the V2 networking client.A networking client is needed to create a port. If omitted, the region argument of the provider is used. Changing this creates a newsecurity group.

  • name — (Required) A unique name for the security group.

  • description — (Optional) A unique name for the security group.

  • tenant_id — (Optional) The owner of the security group. Required if adminwants to create a port for another tenant. Changing this creates a newsecurity group.

  • delete_default_rules — (Optional) Whether or not to delete the defaultegress security rules. This is false by default. See the below notefor more information.

  • stateful — (Optional) Indicates if the security group is stateful orstateless. Update of the stateful argument is allowed when there is no portassociated with the security group. Available only in OpenStack environmentswith the stateful-security-group extension. Defaults to true.

  • tags — (Optional) A set of string tags for the security group.

Attributes Reference

The following attributes are exported:

  • region — See Argument Reference above.
  • name — See Argument Reference above.
  • description — See Argument Reference above.
  • tenant_id — See Argument Reference above.
  • tags — See Argument Reference above.
  • all_tags — The collection of tags assigned on the security group, which havebeen explicitly and implicitly added.

Default Security Group Rules

In most cases, OpenStack will create some egress security group rules for eachnew security group. These security group rules will not be managed byTerraform, so if you prefer to have all aspects of your infrastructuremanaged by Terraform, set delete_default_rules to true and then createseparate security group rules such as the following:

resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_v4" {
direction = "egress"
ethertype = "IPv4"
security_group_id = openstack_networking_secgroup_v2.secgroup.id
}

resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_v6" {
direction = "egress"
ethertype = "IPv6"
security_group_id = openstack_networking_secgroup_v2.secgroup.id
}

Please note that this behavior may differ depending on the configuration ofthe OpenStack cloud. The above illustrates the current default Neutronbehavior. Some OpenStack clouds might provide additional rules and some might not provide any rules at all (in which case the delete_default_rules settingis moot).

Import

Security Groups can be imported using the id, e.g.

$ terraform import openstack_networking_secgroup_v2.secgroup_1 38809219-5e8a-4852-9139-6f461c90e8bc