Docs
PackagesOpenStack v3.15.2 published on Friday, Mar 29, 2024 by Pulumi
openstack.compute.SecGroup
Explore with Pulumi AI
Manages a V2 security group resource within OpenStack.
Please note that managing security groups through the OpenStack Compute API
has been deprecated. Unless you are using an older OpenStack environment, it is
recommended to use the openstack.networking.SecGroup
and openstack.networking.SecGroupRule
resources instead, which uses the OpenStack Networking API.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";
const secgroup1 = new openstack.compute.SecGroup("secgroup1", {
description: "my security group",
rules: [
{
cidr: "0.0.0.0/0",
fromPort: 22,
ipProtocol: "tcp",
toPort: 22,
},
{
cidr: "0.0.0.0/0",
fromPort: 80,
ipProtocol: "tcp",
toPort: 80,
},
],
});
import pulumi
import pulumi_openstack as openstack
secgroup1 = openstack.compute.SecGroup("secgroup1",
description="my security group",
rules=[
openstack.compute.SecGroupRuleArgs(
cidr="0.0.0.0/0",
from_port=22,
ip_protocol="tcp",
to_port=22,
),
openstack.compute.SecGroupRuleArgs(
cidr="0.0.0.0/0",
from_port=80,
ip_protocol="tcp",
to_port=80,
),
])
package main
import (
"github.com/pulumi/pulumi-openstack/sdk/v3/go/openstack/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewSecGroup(ctx, "secgroup1", &compute.SecGroupArgs{
Description: pulumi.String("my security group"),
Rules: compute.SecGroupRuleArray{
&compute.SecGroupRuleArgs{
Cidr: pulumi.String("0.0.0.0/0"),
FromPort: pulumi.Int(22),
IpProtocol: pulumi.String("tcp"),
ToPort: pulumi.Int(22),
},
&compute.SecGroupRuleArgs{
Cidr: pulumi.String("0.0.0.0/0"),
FromPort: pulumi.Int(80),
IpProtocol: pulumi.String("tcp"),
ToPort: pulumi.Int(80),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using OpenStack = Pulumi.OpenStack;
return await Deployment.RunAsync(() =>
{
var secgroup1 = new OpenStack.Compute.SecGroup("secgroup1", new()
{
Description = "my security group",
Rules = new[]
{
new OpenStack.Compute.Inputs.SecGroupRuleArgs
{
Cidr = "0.0.0.0/0",
FromPort = 22,
IpProtocol = "tcp",
ToPort = 22,
},
new OpenStack.Compute.Inputs.SecGroupRuleArgs
{
Cidr = "0.0.0.0/0",
FromPort = 80,
IpProtocol = "tcp",
ToPort = 80,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.openstack.compute.SecGroup;
import com.pulumi.openstack.compute.SecGroupArgs;
import com.pulumi.openstack.compute.inputs.SecGroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var secgroup1 = new SecGroup("secgroup1", SecGroupArgs.builder()
.description("my security group")
.rules(
SecGroupRuleArgs.builder()
.cidr("0.0.0.0/0")
.fromPort(22)
.ipProtocol("tcp")
.toPort(22)
.build(),
SecGroupRuleArgs.builder()
.cidr("0.0.0.0/0")
.fromPort(80)
.ipProtocol("tcp")
.toPort(80)
.build())
.build());
}
}
resources:
secgroup1:
type: openstack:compute:SecGroup
properties:
description: my security group
rules:
- cidr: 0.0.0.0/0
fromPort: 22
ipProtocol: tcp
toPort: 22
- cidr: 0.0.0.0/0
fromPort: 80
ipProtocol: tcp
toPort: 80
Notes
ICMP Rules
When using ICMP as the ip_protocol, the from_port sets the ICMP type and the to_port sets the ICMP code. To allow all ICMP types, set each value to -1, like so:
import * as pulumi from "@pulumi/pulumi";
import pulumi
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
return await Deployment.RunAsync(() =>
{
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
}
}
{}
A list of ICMP types and codes can be found here.
Referencing Security Groups
When referencing a security group in a configuration (for example, a configuration creates a new security group and then needs to apply it to an instance being created in the same configuration), it is currently recommended to reference the security group by name and not by ID, like this:
import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";
const test_server = new openstack.compute.Instance("test-server", {
imageId: "ad091b52-742f-469e-8f3c-fd81cadf0743",
flavorId: "3",
keyPair: "my_key_pair_name",
securityGroups: [openstack_compute_secgroup_v2.secgroup_1.name],
});
import pulumi
import pulumi_openstack as openstack
test_server = openstack.compute.Instance("test-server",
image_id="ad091b52-742f-469e-8f3c-fd81cadf0743",
flavor_id="3",
key_pair="my_key_pair_name",
security_groups=[openstack_compute_secgroup_v2["secgroup_1"]["name"]])
package main
import (
"github.com/pulumi/pulumi-openstack/sdk/v3/go/openstack/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewInstance(ctx, "test-server", &compute.InstanceArgs{
ImageId: pulumi.String("ad091b52-742f-469e-8f3c-fd81cadf0743"),
FlavorId: pulumi.String("3"),
KeyPair: pulumi.String("my_key_pair_name"),
SecurityGroups: pulumi.StringArray{
openstack_compute_secgroup_v2.Secgroup_1.Name,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using OpenStack = Pulumi.OpenStack;
return await Deployment.RunAsync(() =>
{
var test_server = new OpenStack.Compute.Instance("test-server", new()
{
ImageId = "ad091b52-742f-469e-8f3c-fd81cadf0743",
FlavorId = "3",
KeyPair = "my_key_pair_name",
SecurityGroups = new[]
{
openstack_compute_secgroup_v2.Secgroup_1.Name,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.openstack.compute.Instance;
import com.pulumi.openstack.compute.InstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test_server = new Instance("test-server", InstanceArgs.builder()
.imageId("ad091b52-742f-469e-8f3c-fd81cadf0743")
.flavorId("3")
.keyPair("my_key_pair_name")
.securityGroups(openstack_compute_secgroup_v2.secgroup_1().name())
.build());
}
}
resources:
test-server:
type: openstack:compute:Instance
properties:
imageId: ad091b52-742f-469e-8f3c-fd81cadf0743
flavorId: '3'
keyPair: my_key_pair_name
securityGroups:
- ${openstack_compute_secgroup_v2.secgroup_1.name}
Create SecGroup Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecGroup(name: string, args: SecGroupArgs, opts?: CustomResourceOptions);@overload
def SecGroup(resource_name: str,
args: SecGroupArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecGroup(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
name: Optional[str] = None,
region: Optional[str] = None,
rules: Optional[Sequence[SecGroupRuleArgs]] = None)func NewSecGroup(ctx *Context, name string, args SecGroupArgs, opts ...ResourceOption) (*SecGroup, error)public SecGroup(string name, SecGroupArgs args, CustomResourceOptions? opts = null)
public SecGroup(String name, SecGroupArgs args)
public SecGroup(String name, SecGroupArgs args, CustomResourceOptions options)
type: openstack:compute:SecGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecGroupArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecGroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecGroupArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var secGroupResource = new OpenStack.Compute.SecGroup("secGroupResource", new()
{
Description = "string",
Name = "string",
Region = "string",
Rules = new[]
{
new OpenStack.Compute.Inputs.SecGroupRuleArgs
{
FromPort = 0,
IpProtocol = "string",
ToPort = 0,
Cidr = "string",
FromGroupId = "string",
Id = "string",
Self = false,
},
},
});
example, err := compute.NewSecGroup(ctx, "secGroupResource", &compute.SecGroupArgs{
Description: pulumi.String("string"),
Name: pulumi.String("string"),
Region: pulumi.String("string"),
Rules: compute.SecGroupRuleArray{
&compute.SecGroupRuleArgs{
FromPort: pulumi.Int(0),
IpProtocol: pulumi.String("string"),
ToPort: pulumi.Int(0),
Cidr: pulumi.String("string"),
FromGroupId: pulumi.String("string"),
Id: pulumi.String("string"),
Self: pulumi.Bool(false),
},
},
})
var secGroupResource = new SecGroup("secGroupResource", SecGroupArgs.builder()
.description("string")
.name("string")
.region("string")
.rules(SecGroupRuleArgs.builder()
.fromPort(0)
.ipProtocol("string")
.toPort(0)
.cidr("string")
.fromGroupId("string")
.id("string")
.self(false)
.build())
.build());
sec_group_resource = openstack.compute.SecGroup("secGroupResource",
description="string",
name="string",
region="string",
rules=[openstack.compute.SecGroupRuleArgs(
from_port=0,
ip_protocol="string",
to_port=0,
cidr="string",
from_group_id="string",
id="string",
self=False,
)])
const secGroupResource = new openstack.compute.SecGroup("secGroupResource", {
description: "string",
name: "string",
region: "string",
rules: [{
fromPort: 0,
ipProtocol: "string",
toPort: 0,
cidr: "string",
fromGroupId: "string",
id: "string",
self: false,
}],
});
type: openstack:compute:SecGroup
properties:
description: string
name: string
region: string
rules:
- cidr: string
fromGroupId: string
fromPort: 0
id: string
ipProtocol: string
self: false
toPort: 0
SecGroup Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The SecGroup resource accepts the following input properties:
- Description string
- A description for the security group. Changing this
updates the
descriptionof an existing security group. - Name string
- A unique name for the security group. Changing this
updates the
nameof an existing security group. - Region string
- The region in which to obtain the V2 Compute client.
A Compute client is needed to create a security group. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - Rules
List<Pulumi.
Open Stack. Compute. Inputs. Sec Group Rule> - A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.
- Description string
- A description for the security group. Changing this
updates the
descriptionof an existing security group. - Name string
- A unique name for the security group. Changing this
updates the
nameof an existing security group. - Region string
- The region in which to obtain the V2 Compute client.
A Compute client is needed to create a security group. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - Rules
[]Sec
Group Rule Args - A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.
- description String
- A description for the security group. Changing this
updates the
descriptionof an existing security group. - name String
- A unique name for the security group. Changing this
updates the
nameof an existing security group. - region String
- The region in which to obtain the V2 Compute client.
A Compute client is needed to create a security group. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - rules
List<Sec
Group Rule> - A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.
- description string
- A description for the security group. Changing this
updates the
descriptionof an existing security group. - name string
- A unique name for the security group. Changing this
updates the
nameof an existing security group. - region string
- The region in which to obtain the V2 Compute client.
A Compute client is needed to create a security group. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - rules
Sec
Group Rule[] - A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.
- description str
- A description for the security group. Changing this
updates the
descriptionof an existing security group. - name str
- A unique name for the security group. Changing this
updates the
nameof an existing security group. - region str
- The region in which to obtain the V2 Compute client.
A Compute client is needed to create a security group. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - rules
Sequence[Sec
Group Rule Args] - A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.
- description String
- A description for the security group. Changing this
updates the
descriptionof an existing security group. - name String
- A unique name for the security group. Changing this
updates the
nameof an existing security group. - region String
- The region in which to obtain the V2 Compute client.
A Compute client is needed to create a security group. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - rules List<Property Map>
- A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.
Outputs
All input properties are implicitly available as output properties. Additionally, the SecGroup resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SecGroup Resource
Get an existing SecGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecGroupState, opts?: CustomResourceOptions): SecGroup@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
name: Optional[str] = None,
region: Optional[str] = None,
rules: Optional[Sequence[SecGroupRuleArgs]] = None) -> SecGroupfunc GetSecGroup(ctx *Context, name string, id IDInput, state *SecGroupState, opts ...ResourceOption) (*SecGroup, error)public static SecGroup Get(string name, Input<string> id, SecGroupState? state, CustomResourceOptions? opts = null)public static SecGroup get(String name, Output<String> id, SecGroupState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
- A description for the security group. Changing this
updates the
descriptionof an existing security group. - Name string
- A unique name for the security group. Changing this
updates the
nameof an existing security group. - Region string
- The region in which to obtain the V2 Compute client.
A Compute client is needed to create a security group. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - Rules
List<Pulumi.
Open Stack. Compute. Inputs. Sec Group Rule> - A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.
- Description string
- A description for the security group. Changing this
updates the
descriptionof an existing security group. - Name string
- A unique name for the security group. Changing this
updates the
nameof an existing security group. - Region string
- The region in which to obtain the V2 Compute client.
A Compute client is needed to create a security group. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - Rules
[]Sec
Group Rule Args - A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.
- description String
- A description for the security group. Changing this
updates the
descriptionof an existing security group. - name String
- A unique name for the security group. Changing this
updates the
nameof an existing security group. - region String
- The region in which to obtain the V2 Compute client.
A Compute client is needed to create a security group. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - rules
List<Sec
Group Rule> - A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.
- description string
- A description for the security group. Changing this
updates the
descriptionof an existing security group. - name string
- A unique name for the security group. Changing this
updates the
nameof an existing security group. - region string
- The region in which to obtain the V2 Compute client.
A Compute client is needed to create a security group. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - rules
Sec
Group Rule[] - A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.
- description str
- A description for the security group. Changing this
updates the
descriptionof an existing security group. - name str
- A unique name for the security group. Changing this
updates the
nameof an existing security group. - region str
- The region in which to obtain the V2 Compute client.
A Compute client is needed to create a security group. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - rules
Sequence[Sec
Group Rule Args] - A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.
- description String
- A description for the security group. Changing this
updates the
descriptionof an existing security group. - name String
- A unique name for the security group. Changing this
updates the
nameof an existing security group. - region String
- The region in which to obtain the V2 Compute client.
A Compute client is needed to create a security group. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - rules List<Property Map>
- A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.
Supporting Types
SecGroupRule, SecGroupRuleArgs
- From
Port int - An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
- Ip
Protocol string - The protocol type that will be allowed. Changing this creates a new security group rule.
- To
Port int - An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
- Cidr string
- Required if
from_group_idorselfis empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined withfrom_group_idorself. - From
Group stringId - Required if
cidrorselfis empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined withcidrorself. - Id string
- Self bool
- Required if
cidrandfrom_group_idis empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined withcidrorfrom_group_id.
- From
Port int - An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
- Ip
Protocol string - The protocol type that will be allowed. Changing this creates a new security group rule.
- To
Port int - An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
- Cidr string
- Required if
from_group_idorselfis empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined withfrom_group_idorself. - From
Group stringId - Required if
cidrorselfis empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined withcidrorself. - Id string
- Self bool
- Required if
cidrandfrom_group_idis empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined withcidrorfrom_group_id.
- from
Port Integer - An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
- ip
Protocol String - The protocol type that will be allowed. Changing this creates a new security group rule.
- to
Port Integer - An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
- cidr String
- Required if
from_group_idorselfis empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined withfrom_group_idorself. - from
Group StringId - Required if
cidrorselfis empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined withcidrorself. - id String
- self Boolean
- Required if
cidrandfrom_group_idis empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined withcidrorfrom_group_id.
- from
Port number - An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
- ip
Protocol string - The protocol type that will be allowed. Changing this creates a new security group rule.
- to
Port number - An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
- cidr string
- Required if
from_group_idorselfis empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined withfrom_group_idorself. - from
Group stringId - Required if
cidrorselfis empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined withcidrorself. - id string
- self boolean
- Required if
cidrandfrom_group_idis empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined withcidrorfrom_group_id.
- from_
port int - An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
- ip_
protocol str - The protocol type that will be allowed. Changing this creates a new security group rule.
- to_
port int - An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
- cidr str
- Required if
from_group_idorselfis empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined withfrom_group_idorself. - from_
group_ strid - Required if
cidrorselfis empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined withcidrorself. - id str
- self bool
- Required if
cidrandfrom_group_idis empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined withcidrorfrom_group_id.
- from
Port Number - An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
- ip
Protocol String - The protocol type that will be allowed. Changing this creates a new security group rule.
- to
Port Number - An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
- cidr String
- Required if
from_group_idorselfis empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined withfrom_group_idorself. - from
Group StringId - Required if
cidrorselfis empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined withcidrorself. - id String
- self Boolean
- Required if
cidrandfrom_group_idis empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined withcidrorfrom_group_id.
Import
Security Groups can be imported using the id, e.g.
$ pulumi import openstack:compute/secGroup:SecGroup my_secgroup 1bc30ee9-9d5b-4c30-bdd5-7f1e663f5edf
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- OpenStack pulumi/pulumi-openstack
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
openstackTerraform Provider.