openstack_fw_group_v2
Эта инструкция — копия официальной �документации OpenStack Terraform-провайдера в Terraform Registry.
Manages a v2 firewall group resource within OpenStack.
Firewall v2 has no support for OVN currently.
Example Usage
resource "openstack_fw_rule_v2" "rule_1" {
name = "firewall_rule_2"
description = "drop TELNET traffic"
action = "deny"
protocol = "tcp"
destination_port = "23"
enabled = "true"
}
resource "openstack_fw_rule_v2" "rule_2" {
name = "firewall_rule_1"
description = "drop NTP traffic"
action = "deny"
protocol = "udp"
destination_port = "123"
enabled = "false"
}
resource "openstack_fw_policy_v2" "policy_1" {
name = "firewall_ingress_policy"
rules = [
openstack_fw_rule_v2.rule_1.id,
]
}
resource "openstack_fw_policy_v2" "policy_2" {
name = "firewall_egress_policy"
rules = [
openstack_fw_rule_v2.rule_2.id,
]
}
resource "openstack_fw_group_v2" "group_1" {
name = "firewall_group"
ingress_firewall_policy_id = openstack_fw_policy_v2.policy_1.id
egress_firewall_policy_id = openstack_fw_policy_v2.policy_2.id
}
Argument Reference
The following arguments are supported:
-
region- (Optional) The region in which to obtain the v2 networking client. A networking client is needed to create a firewall group. If omitted, theregionargument of the provider is used. Changing this creates a new firewall group. -
name- (Optional) A name for the firewall group. Changing this updates thenameof an existing firewall. -
description- (Optional) A description for the firewall group. Changing this updates thedescriptionof an existing firewall group. -
tenant_id- (Optional) - This argument conflicts and is interchangeable withproject_id. The owner of the firewall group. Required if admin wants to create a firewall group for another tenant. Changing this creates a new firewall group. -
project_id- (Optional) - This argument conflicts and is interchangeable withtenant_id. The owner of the firewall group. Required if admin wants to create a firewall group for another project. Changing this creates a new firewall group. -
ingress_firewall_policy_id- (Optional) The ingress firewall policy resource id for the firewall group. Changing this updates theingress_firewall_policy_idof an existing firewall group. -
egress_firewall_policy_id- (Optional) The egress firewall policy resource id for the firewall group. Changing this updates theegress_firewall_policy_idof an existing firewall group. -
admin_state_up- (Optional) Administrative up/down status for the firewall group (must be "true" or "false" if provided - defaults to "true"). Changing this updates theadmin_state_upof an existing firewall group. -
ports- (Optional) Port(s) to associate this firewall group with. Must be a list of strings. Changing this updates the associated ports of an existing firewall group. -
shared- (Optional) Sharing status of the firewall group (must be "true" or "false" if provided). If this is "true" the firewall group is visible to, and can be used in, firewalls in other tenants. Changing this updates thesharedstatus of an existing firewall group. Only administrative users can specify if the firewall group should be shared.
Attributes Reference
The following attributes are exported:
region- See Argument Reference above.name- See Argument Reference above.description- See Argument Reference above.tenant_id- See Argument Reference above.project_id- See Argument Reference above.ingress_firewall_policy_id- See Argument Reference above.egress_firewall_policy_id- See Argument Reference above.admin_state_up- See Argument Reference above.ports- See Argument Reference above.shared- See Argument Reference above.status- The status of the firewall group.
Import
Firewall groups can be imported using the id, e.g.
$ terraform import openstack_fw_group_v2.group_1 c9e39fb2-ce20-46c8-a964-25f3898c7a97