OpenStack v3.12.1, Mar 23 23

OpenStack v3.12.1 published on Thursday, Mar 23, 2023 by Pulumi

openstack.compute.SecGroup

Explore with Pulumi AI

OpenStack v3.12.1 published on Thursday, Mar 23, 2023 by Pulumi

Please note that managing security groups through the OpenStack Compute API has been deprecated. Unless you are using an older OpenStack environment, it is recommended to use the openstack.networking.SecGroup and openstack.networking.SecGroupRule resources instead, which uses the OpenStack Networking API.

Notes

ICMP Rules

When using ICMP as the ip_protocol, the from_port sets the ICMP type and the to_port sets the ICMP code. To allow all ICMP types, set each value to -1, like so:

import * as pulumi from "@pulumi/pulumi";

import pulumi

using System.Collections.Generic;
using Pulumi;

return await Deployment.RunAsync(() => 
{
});

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
    }
}

{}

A list of ICMP types and codes can be found here.

Referencing Security Groups

When referencing a security group in a configuration (for example, a configuration creates a new security group and then needs to apply it to an instance being created in the same configuration), it is currently recommended to reference the security group by name and not by ID, like this:

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const test_server = new openstack.compute.Instance("test-server", {
    flavorId: "3",
    imageId: "ad091b52-742f-469e-8f3c-fd81cadf0743",
    keyPair: "my_key_pair_name",
    securityGroups: [openstack_compute_secgroup_v2.secgroup_1.name],
});

import pulumi
import pulumi_openstack as openstack

test_server = openstack.compute.Instance("test-server",
    flavor_id="3",
    image_id="ad091b52-742f-469e-8f3c-fd81cadf0743",
    key_pair="my_key_pair_name",
    security_groups=[openstack_compute_secgroup_v2["secgroup_1"]["name"]])

using System.Collections.Generic;
using Pulumi;
using OpenStack = Pulumi.OpenStack;

return await Deployment.RunAsync(() => 
{
    var test_server = new OpenStack.Compute.Instance("test-server", new()
    {
        FlavorId = "3",
        ImageId = "ad091b52-742f-469e-8f3c-fd81cadf0743",
        KeyPair = "my_key_pair_name",
        SecurityGroups = new[]
        {
            openstack_compute_secgroup_v2.Secgroup_1.Name,
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-openstack/sdk/v3/go/openstack/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewInstance(ctx, "test-server", &compute.InstanceArgs{
			FlavorId: pulumi.String("3"),
			ImageId:  pulumi.String("ad091b52-742f-469e-8f3c-fd81cadf0743"),
			KeyPair:  pulumi.String("my_key_pair_name"),
			SecurityGroups: pulumi.StringArray{
				openstack_compute_secgroup_v2.Secgroup_1.Name,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.openstack.compute.Instance;
import com.pulumi.openstack.compute.InstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test_server = new Instance("test-server", InstanceArgs.builder()        
            .flavorId("3")
            .imageId("ad091b52-742f-469e-8f3c-fd81cadf0743")
            .keyPair("my_key_pair_name")
            .securityGroups(openstack_compute_secgroup_v2.secgroup_1().name())
            .build());

    }
}

resources:
  test-server:
    type: openstack:compute:Instance
    properties:
      flavorId: '3'
      imageId: ad091b52-742f-469e-8f3c-fd81cadf0743
      keyPair: my_key_pair_name
      securityGroups:
        - ${openstack_compute_secgroup_v2.secgroup_1.name}

Example Usage

using System.Collections.Generic;
using Pulumi;
using OpenStack = Pulumi.OpenStack;

return await Deployment.RunAsync(() => 
{
    var secgroup1 = new OpenStack.Compute.SecGroup("secgroup1", new()
    {
        Description = "my security group",
        Rules = new[]
        {
            new OpenStack.Compute.Inputs.SecGroupRuleArgs
            {
                Cidr = "0.0.0.0/0",
                FromPort = 22,
                IpProtocol = "tcp",
                ToPort = 22,
            },
            new OpenStack.Compute.Inputs.SecGroupRuleArgs
            {
                Cidr = "0.0.0.0/0",
                FromPort = 80,
                IpProtocol = "tcp",
                ToPort = 80,
            },
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-openstack/sdk/v3/go/openstack/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewSecGroup(ctx, "secgroup1", &compute.SecGroupArgs{
			Description: pulumi.String("my security group"),
			Rules: compute.SecGroupRuleArray{
				&compute.SecGroupRuleArgs{
					Cidr:       pulumi.String("0.0.0.0/0"),
					FromPort:   pulumi.Int(22),
					IpProtocol: pulumi.String("tcp"),
					ToPort:     pulumi.Int(22),
				},
				&compute.SecGroupRuleArgs{
					Cidr:       pulumi.String("0.0.0.0/0"),
					FromPort:   pulumi.Int(80),
					IpProtocol: pulumi.String("tcp"),
					ToPort:     pulumi.Int(80),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.openstack.compute.SecGroup;
import com.pulumi.openstack.compute.SecGroupArgs;
import com.pulumi.openstack.compute.inputs.SecGroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var secgroup1 = new SecGroup("secgroup1", SecGroupArgs.builder()        
            .description("my security group")
            .rules(            
                SecGroupRuleArgs.builder()
                    .cidr("0.0.0.0/0")
                    .fromPort(22)
                    .ipProtocol("tcp")
                    .toPort(22)
                    .build(),
                SecGroupRuleArgs.builder()
                    .cidr("0.0.0.0/0")
                    .fromPort(80)
                    .ipProtocol("tcp")
                    .toPort(80)
                    .build())
            .build());

    }
}

import pulumi
import pulumi_openstack as openstack

secgroup1 = openstack.compute.SecGroup("secgroup1",
    description="my security group",
    rules=[
        openstack.compute.SecGroupRuleArgs(
            cidr="0.0.0.0/0",
            from_port=22,
            ip_protocol="tcp",
            to_port=22,
        ),
        openstack.compute.SecGroupRuleArgs(
            cidr="0.0.0.0/0",
            from_port=80,
            ip_protocol="tcp",
            to_port=80,
        ),
    ])

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const secgroup1 = new openstack.compute.SecGroup("secgroup1", {
    description: "my security group",
    rules: [
        {
            cidr: "0.0.0.0/0",
            fromPort: 22,
            ipProtocol: "tcp",
            toPort: 22,
        },
        {
            cidr: "0.0.0.0/0",
            fromPort: 80,
            ipProtocol: "tcp",
            toPort: 80,
        },
    ],
});

resources:
  secgroup1:
    type: openstack:compute:SecGroup
    properties:
      description: my security group
      rules:
        - cidr: 0.0.0.0/0
          fromPort: 22
          ipProtocol: tcp
          toPort: 22
        - cidr: 0.0.0.0/0
          fromPort: 80
          ipProtocol: tcp
          toPort: 80

ICMP Rules

using System.Collections.Generic;
using Pulumi;

return await Deployment.RunAsync(() => 
{
});

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
    }
}

import pulumi

import * as pulumi from "@pulumi/pulumi";

{}

Referencing Security Groups

using System.Collections.Generic;
using Pulumi;
using OpenStack = Pulumi.OpenStack;

return await Deployment.RunAsync(() => 
{
    var test_server = new OpenStack.Compute.Instance("test-server", new()
    {
        FlavorId = "3",
        ImageId = "ad091b52-742f-469e-8f3c-fd81cadf0743",
        KeyPair = "my_key_pair_name",
        SecurityGroups = new[]
        {
            openstack_compute_secgroup_v2.Secgroup_1.Name,
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-openstack/sdk/v3/go/openstack/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewInstance(ctx, "test-server", &compute.InstanceArgs{
			FlavorId: pulumi.String("3"),
			ImageId:  pulumi.String("ad091b52-742f-469e-8f3c-fd81cadf0743"),
			KeyPair:  pulumi.String("my_key_pair_name"),
			SecurityGroups: pulumi.StringArray{
				openstack_compute_secgroup_v2.Secgroup_1.Name,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.openstack.compute.Instance;
import com.pulumi.openstack.compute.InstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test_server = new Instance("test-server", InstanceArgs.builder()        
            .flavorId("3")
            .imageId("ad091b52-742f-469e-8f3c-fd81cadf0743")
            .keyPair("my_key_pair_name")
            .securityGroups(openstack_compute_secgroup_v2.secgroup_1().name())
            .build());

    }
}

import pulumi
import pulumi_openstack as openstack

test_server = openstack.compute.Instance("test-server",
    flavor_id="3",
    image_id="ad091b52-742f-469e-8f3c-fd81cadf0743",
    key_pair="my_key_pair_name",
    security_groups=[openstack_compute_secgroup_v2["secgroup_1"]["name"]])

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const test_server = new openstack.compute.Instance("test-server", {
    flavorId: "3",
    imageId: "ad091b52-742f-469e-8f3c-fd81cadf0743",
    keyPair: "my_key_pair_name",
    securityGroups: [openstack_compute_secgroup_v2.secgroup_1.name],
});

resources:
  test-server:
    type: openstack:compute:Instance
    properties:
      flavorId: '3'
      imageId: ad091b52-742f-469e-8f3c-fd81cadf0743
      keyPair: my_key_pair_name
      securityGroups:
        - ${openstack_compute_secgroup_v2.secgroup_1.name}

Create SecGroup Resource

new SecGroup(name: string, args: SecGroupArgs, opts?: CustomResourceOptions);

@overload
def SecGroup(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             description: Optional[str] = None,
             name: Optional[str] = None,
             region: Optional[str] = None,
             rules: Optional[Sequence[SecGroupRuleArgs]] = None)
@overload
def SecGroup(resource_name: str,
             args: SecGroupArgs,
             opts: Optional[ResourceOptions] = None)

func NewSecGroup(ctx *Context, name string, args SecGroupArgs, opts ...ResourceOption) (*SecGroup, error)

public SecGroup(string name, SecGroupArgs args, CustomResourceOptions? opts = null)

public SecGroup(String name, SecGroupArgs args)
public SecGroup(String name, SecGroupArgs args, CustomResourceOptions options)

type: openstack:compute:SecGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecGroupArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecGroupArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecGroupArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecGroupArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecGroupArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

SecGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SecGroup resource accepts the following input properties:

Description string: A description for the security group. Changing this updates the description of an existing security group.
Name string: A unique name for the security group. Changing this updates the name of an existing security group.
Region string: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
Rules List<Pulumi.OpenStack.Compute.Inputs.SecGroupRuleArgs>: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

Description string: A description for the security group. Changing this updates the description of an existing security group.
Name string: A unique name for the security group. Changing this updates the name of an existing security group.
Region string: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
Rules []SecGroupRuleArgs: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

description String: A description for the security group. Changing this updates the description of an existing security group.
name String: A unique name for the security group. Changing this updates the name of an existing security group.
region String: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
rules List<SecGroupRuleArgs>: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

description string: A description for the security group. Changing this updates the description of an existing security group.
name string: A unique name for the security group. Changing this updates the name of an existing security group.
region string: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
rules SecGroupRuleArgs[]: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

description str: A description for the security group. Changing this updates the description of an existing security group.
name str: A unique name for the security group. Changing this updates the name of an existing security group.
region str: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
rules Sequence[SecGroupRuleArgs]: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

description String: A description for the security group. Changing this updates the description of an existing security group.
name String: A unique name for the security group. Changing this updates the name of an existing security group.
region String: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
rules List<Property Map>: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecGroup resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing SecGroup Resource

Get an existing SecGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecGroupState, opts?: CustomResourceOptions): SecGroup

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        name: Optional[str] = None,
        region: Optional[str] = None,
        rules: Optional[Sequence[SecGroupRuleArgs]] = None) -> SecGroup

func GetSecGroup(ctx *Context, name string, id IDInput, state *SecGroupState, opts ...ResourceOption) (*SecGroup, error)

public static SecGroup Get(string name, Input<string> id, SecGroupState? state, CustomResourceOptions? opts = null)

public static SecGroup get(String name, Output<String> id, SecGroupState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Description string: A description for the security group. Changing this updates the description of an existing security group.
Name string: A unique name for the security group. Changing this updates the name of an existing security group.
Region string: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
Rules List<Pulumi.OpenStack.Compute.Inputs.SecGroupRuleArgs>: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

Description string: A description for the security group. Changing this updates the description of an existing security group.
Name string: A unique name for the security group. Changing this updates the name of an existing security group.
Region string: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
Rules []SecGroupRuleArgs: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

description String: A description for the security group. Changing this updates the description of an existing security group.
name String: A unique name for the security group. Changing this updates the name of an existing security group.
region String: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
rules List<SecGroupRuleArgs>: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

description string: A description for the security group. Changing this updates the description of an existing security group.
name string: A unique name for the security group. Changing this updates the name of an existing security group.
region string: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
rules SecGroupRuleArgs[]: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

description str: A description for the security group. Changing this updates the description of an existing security group.
name str: A unique name for the security group. Changing this updates the name of an existing security group.
region str: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
rules Sequence[SecGroupRuleArgs]: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

description String: A description for the security group. Changing this updates the description of an existing security group.
name String: A unique name for the security group. Changing this updates the name of an existing security group.
region String: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
rules List<Property Map>: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

Supporting Types

SecGroupRule

FromPort int: An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
IpProtocol string: The protocol type that will be allowed. Changing this creates a new security group rule.
ToPort int: An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
Cidr string: Required if from_group_id or self is empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined with from_group_id or self.
FromGroupId string: Required if cidr or self is empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined with cidr or self.
Id string
Self bool: Required if cidr and from_group_id is empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined with cidr or from_group_id.

FromPort int: An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
IpProtocol string: The protocol type that will be allowed. Changing this creates a new security group rule.
ToPort int: An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
Cidr string: Required if from_group_id or self is empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined with from_group_id or self.
FromGroupId string: Required if cidr or self is empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined with cidr or self.
Id string
Self bool: Required if cidr and from_group_id is empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined with cidr or from_group_id.

fromPort Integer: An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
ipProtocol String: The protocol type that will be allowed. Changing this creates a new security group rule.
toPort Integer: An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
cidr String: Required if from_group_id or self is empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined with from_group_id or self.
fromGroupId String: Required if cidr or self is empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined with cidr or self.
id String
self Boolean: Required if cidr and from_group_id is empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined with cidr or from_group_id.

fromPort number: An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
ipProtocol string: The protocol type that will be allowed. Changing this creates a new security group rule.
toPort number: An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
cidr string: Required if from_group_id or self is empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined with from_group_id or self.
fromGroupId string: Required if cidr or self is empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined with cidr or self.
id string
self boolean: Required if cidr and from_group_id is empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined with cidr or from_group_id.

from_port int: An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
ip_protocol str: The protocol type that will be allowed. Changing this creates a new security group rule.
to_port int: An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
cidr str: Required if from_group_id or self is empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined with from_group_id or self.
from_group_id str: Required if cidr or self is empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined with cidr or self.
id str
self bool: Required if cidr and from_group_id is empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined with cidr or from_group_id.

fromPort Number: An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
ipProtocol String: The protocol type that will be allowed. Changing this creates a new security group rule.
toPort Number: An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
cidr String: Required if from_group_id or self is empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined with from_group_id or self.
fromGroupId String: Required if cidr or self is empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined with cidr or self.
id String
self Boolean: Required if cidr and from_group_id is empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined with cidr or from_group_id.

Import

Security Groups can be imported using the id, e.g.

 $ pulumi import openstack:compute/secGroup:SecGroup my_secgroup 1bc30ee9-9d5b-4c30-bdd5-7f1e663f5edf

Package Details

Repository: OpenStack pulumi/pulumi-openstack
License: Apache-2.0
Notes: This Pulumi package is based on the openstack Terraform Provider.

OpenStack v3.12.1 published on Thursday, Mar 23, 2023 by Pulumi

pulumi/pulumi-openstack

openstack.compute.SecGroup

On this page

On this page

Notes

ICMP Rules

Referencing Security Groups

Example Usage

ICMP Rules

Referencing Security Groups

Create SecGroup Resource

SecGroup Resource Properties

Inputs

Outputs

Look up Existing SecGroup Resource

Supporting Types

SecGroupRule

Import

Package Details

On this page

On this page