Viewing docs for OpenStack v5.4.2
published on Friday, Apr 10, 2026 by Pulumi
published on Friday, Apr 10, 2026 by Pulumi
Viewing docs for OpenStack v5.4.2
published on Friday, Apr 10, 2026 by Pulumi
published on Friday, Apr 10, 2026 by Pulumi
Manages a V2 neutron security group resource within OpenStack. Unlike Nova security groups, neutron separates the group from the rules and also allows an admin to target a specific tenant_id.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";
const secgroup1 = new openstack.networking.SecGroup("secgroup_1", {
name: "secgroup_1",
description: "My neutron security group",
});
import pulumi
import pulumi_openstack as openstack
secgroup1 = openstack.networking.SecGroup("secgroup_1",
name="secgroup_1",
description="My neutron security group")
package main
import (
"github.com/pulumi/pulumi-openstack/sdk/v5/go/openstack/networking"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networking.NewSecGroup(ctx, "secgroup_1", &networking.SecGroupArgs{
Name: pulumi.String("secgroup_1"),
Description: pulumi.String("My neutron security group"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using OpenStack = Pulumi.OpenStack;
return await Deployment.RunAsync(() =>
{
var secgroup1 = new OpenStack.Networking.SecGroup("secgroup_1", new()
{
Name = "secgroup_1",
Description = "My neutron security group",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.openstack.networking.SecGroup;
import com.pulumi.openstack.networking.SecGroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var secgroup1 = new SecGroup("secgroup1", SecGroupArgs.builder()
.name("secgroup_1")
.description("My neutron security group")
.build());
}
}
resources:
secgroup1:
type: openstack:networking:SecGroup
name: secgroup_1
properties:
name: secgroup_1
description: My neutron security group
Default Security Group Rules
In most cases, OpenStack will create some egress security group rules for each
new security group. These security group rules will not be managed by
Terraform, so if you prefer to have all aspects of your infrastructure
managed by Terraform, set deleteDefaultRules to true and then create
separate security group rules such as the following:
import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";
const secgroupRuleV4 = new openstack.networking.SecGroupRule("secgroup_rule_v4", {
direction: "egress",
ethertype: "IPv4",
securityGroupId: secgroup.id,
});
const secgroupRuleV6 = new openstack.networking.SecGroupRule("secgroup_rule_v6", {
direction: "egress",
ethertype: "IPv6",
securityGroupId: secgroup.id,
});
import pulumi
import pulumi_openstack as openstack
secgroup_rule_v4 = openstack.networking.SecGroupRule("secgroup_rule_v4",
direction="egress",
ethertype="IPv4",
security_group_id=secgroup["id"])
secgroup_rule_v6 = openstack.networking.SecGroupRule("secgroup_rule_v6",
direction="egress",
ethertype="IPv6",
security_group_id=secgroup["id"])
package main
import (
"github.com/pulumi/pulumi-openstack/sdk/v5/go/openstack/networking"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networking.NewSecGroupRule(ctx, "secgroup_rule_v4", &networking.SecGroupRuleArgs{
Direction: pulumi.String("egress"),
Ethertype: pulumi.String("IPv4"),
SecurityGroupId: pulumi.Any(secgroup.Id),
})
if err != nil {
return err
}
_, err = networking.NewSecGroupRule(ctx, "secgroup_rule_v6", &networking.SecGroupRuleArgs{
Direction: pulumi.String("egress"),
Ethertype: pulumi.String("IPv6"),
SecurityGroupId: pulumi.Any(secgroup.Id),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using OpenStack = Pulumi.OpenStack;
return await Deployment.RunAsync(() =>
{
var secgroupRuleV4 = new OpenStack.Networking.SecGroupRule("secgroup_rule_v4", new()
{
Direction = "egress",
Ethertype = "IPv4",
SecurityGroupId = secgroup.Id,
});
var secgroupRuleV6 = new OpenStack.Networking.SecGroupRule("secgroup_rule_v6", new()
{
Direction = "egress",
Ethertype = "IPv6",
SecurityGroupId = secgroup.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.openstack.networking.SecGroupRule;
import com.pulumi.openstack.networking.SecGroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var secgroupRuleV4 = new SecGroupRule("secgroupRuleV4", SecGroupRuleArgs.builder()
.direction("egress")
.ethertype("IPv4")
.securityGroupId(secgroup.id())
.build());
var secgroupRuleV6 = new SecGroupRule("secgroupRuleV6", SecGroupRuleArgs.builder()
.direction("egress")
.ethertype("IPv6")
.securityGroupId(secgroup.id())
.build());
}
}
resources:
secgroupRuleV4:
type: openstack:networking:SecGroupRule
name: secgroup_rule_v4
properties:
direction: egress
ethertype: IPv4
securityGroupId: ${secgroup.id}
secgroupRuleV6:
type: openstack:networking:SecGroupRule
name: secgroup_rule_v6
properties:
direction: egress
ethertype: IPv6
securityGroupId: ${secgroup.id}
Please note that this behavior may differ depending on the configuration of
the OpenStack cloud. The above illustrates the current default Neutron
behavior. Some OpenStack clouds might provide additional rules and some might
not provide any rules at all (in which case the deleteDefaultRules setting
is moot).
Create SecGroup Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecGroup(name: string, args?: SecGroupArgs, opts?: CustomResourceOptions);@overload
def SecGroup(resource_name: str,
args: Optional[SecGroupArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def SecGroup(resource_name: str,
opts: Optional[ResourceOptions] = None,
delete_default_rules: Optional[bool] = None,
description: Optional[str] = None,
name: Optional[str] = None,
region: Optional[str] = None,
stateful: Optional[bool] = None,
tags: Optional[Sequence[str]] = None,
tenant_id: Optional[str] = None)func NewSecGroup(ctx *Context, name string, args *SecGroupArgs, opts ...ResourceOption) (*SecGroup, error)public SecGroup(string name, SecGroupArgs? args = null, CustomResourceOptions? opts = null)
public SecGroup(String name, SecGroupArgs args)
public SecGroup(String name, SecGroupArgs args, CustomResourceOptions options)
type: openstack:networking:SecGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecGroupArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecGroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecGroupArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secGroupResource = new OpenStack.Networking.SecGroup("secGroupResource", new()
{
DeleteDefaultRules = false,
Description = "string",
Name = "string",
Region = "string",
Stateful = false,
Tags = new[]
{
"string",
},
TenantId = "string",
});
example, err := networking.NewSecGroup(ctx, "secGroupResource", &networking.SecGroupArgs{
DeleteDefaultRules: pulumi.Bool(false),
Description: pulumi.String("string"),
Name: pulumi.String("string"),
Region: pulumi.String("string"),
Stateful: pulumi.Bool(false),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
TenantId: pulumi.String("string"),
})
var secGroupResource = new SecGroup("secGroupResource", SecGroupArgs.builder()
.deleteDefaultRules(false)
.description("string")
.name("string")
.region("string")
.stateful(false)
.tags("string")
.tenantId("string")
.build());
sec_group_resource = openstack.networking.SecGroup("secGroupResource",
delete_default_rules=False,
description="string",
name="string",
region="string",
stateful=False,
tags=["string"],
tenant_id="string")
const secGroupResource = new openstack.networking.SecGroup("secGroupResource", {
deleteDefaultRules: false,
description: "string",
name: "string",
region: "string",
stateful: false,
tags: ["string"],
tenantId: "string",
});
type: openstack:networking:SecGroup
properties:
deleteDefaultRules: false
description: string
name: string
region: string
stateful: false
tags:
- string
tenantId: string
SecGroup Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecGroup resource accepts the following input properties:
- Delete
Default boolRules - Whether or not to delete the default
egress security rules. This is
falseby default. See the below note for more information. - Description string
- A unique name for the security group.
- Name string
- A unique name for the security group.
- Region string
- The region in which to obtain the V2 networking client.
A networking client is needed to create a port. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - Stateful bool
- Indicates if the security group is stateful or
stateless. Update of the stateful argument is allowed when there is no port
associated with the security group. Available only in OpenStack environments
with the
stateful-security-groupextension. Defaults to true. - List<string>
- A set of string tags for the security group.
- Tenant
Id string - The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group.
- Delete
Default boolRules - Whether or not to delete the default
egress security rules. This is
falseby default. See the below note for more information. - Description string
- A unique name for the security group.
- Name string
- A unique name for the security group.
- Region string
- The region in which to obtain the V2 networking client.
A networking client is needed to create a port. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - Stateful bool
- Indicates if the security group is stateful or
stateless. Update of the stateful argument is allowed when there is no port
associated with the security group. Available only in OpenStack environments
with the
stateful-security-groupextension. Defaults to true. - []string
- A set of string tags for the security group.
- Tenant
Id string - The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group.
- delete
Default BooleanRules - Whether or not to delete the default
egress security rules. This is
falseby default. See the below note for more information. - description String
- A unique name for the security group.
- name String
- A unique name for the security group.
- region String
- The region in which to obtain the V2 networking client.
A networking client is needed to create a port. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - stateful Boolean
- Indicates if the security group is stateful or
stateless. Update of the stateful argument is allowed when there is no port
associated with the security group. Available only in OpenStack environments
with the
stateful-security-groupextension. Defaults to true. - List<String>
- A set of string tags for the security group.
- tenant
Id String - The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group.
- delete
Default booleanRules - Whether or not to delete the default
egress security rules. This is
falseby default. See the below note for more information. - description string
- A unique name for the security group.
- name string
- A unique name for the security group.
- region string
- The region in which to obtain the V2 networking client.
A networking client is needed to create a port. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - stateful boolean
- Indicates if the security group is stateful or
stateless. Update of the stateful argument is allowed when there is no port
associated with the security group. Available only in OpenStack environments
with the
stateful-security-groupextension. Defaults to true. - string[]
- A set of string tags for the security group.
- tenant
Id string - The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group.
- delete_
default_ boolrules - Whether or not to delete the default
egress security rules. This is
falseby default. See the below note for more information. - description str
- A unique name for the security group.
- name str
- A unique name for the security group.
- region str
- The region in which to obtain the V2 networking client.
A networking client is needed to create a port. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - stateful bool
- Indicates if the security group is stateful or
stateless. Update of the stateful argument is allowed when there is no port
associated with the security group. Available only in OpenStack environments
with the
stateful-security-groupextension. Defaults to true. - Sequence[str]
- A set of string tags for the security group.
- tenant_
id str - The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group.
- delete
Default BooleanRules - Whether or not to delete the default
egress security rules. This is
falseby default. See the below note for more information. - description String
- A unique name for the security group.
- name String
- A unique name for the security group.
- region String
- The region in which to obtain the V2 networking client.
A networking client is needed to create a port. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - stateful Boolean
- Indicates if the security group is stateful or
stateless. Update of the stateful argument is allowed when there is no port
associated with the security group. Available only in OpenStack environments
with the
stateful-security-groupextension. Defaults to true. - List<String>
- A set of string tags for the security group.
- tenant
Id String - The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group.
Outputs
All input properties are implicitly available as output properties. Additionally, the SecGroup resource produces the following output properties:
- List<string>
- The collection of tags assigned on the security group, which have been explicitly and implicitly added.
- Id string
- The provider-assigned unique ID for this managed resource.
- []string
- The collection of tags assigned on the security group, which have been explicitly and implicitly added.
- Id string
- The provider-assigned unique ID for this managed resource.
- List<String>
- The collection of tags assigned on the security group, which have been explicitly and implicitly added.
- id String
- The provider-assigned unique ID for this managed resource.
- string[]
- The collection of tags assigned on the security group, which have been explicitly and implicitly added.
- id string
- The provider-assigned unique ID for this managed resource.
- Sequence[str]
- The collection of tags assigned on the security group, which have been explicitly and implicitly added.
- id str
- The provider-assigned unique ID for this managed resource.
- List<String>
- The collection of tags assigned on the security group, which have been explicitly and implicitly added.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SecGroup Resource
Get an existing SecGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecGroupState, opts?: CustomResourceOptions): SecGroup@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
all_tags: Optional[Sequence[str]] = None,
delete_default_rules: Optional[bool] = None,
description: Optional[str] = None,
name: Optional[str] = None,
region: Optional[str] = None,
stateful: Optional[bool] = None,
tags: Optional[Sequence[str]] = None,
tenant_id: Optional[str] = None) -> SecGroupfunc GetSecGroup(ctx *Context, name string, id IDInput, state *SecGroupState, opts ...ResourceOption) (*SecGroup, error)public static SecGroup Get(string name, Input<string> id, SecGroupState? state, CustomResourceOptions? opts = null)public static SecGroup get(String name, Output<String> id, SecGroupState state, CustomResourceOptions options)resources: _: type: openstack:networking:SecGroup get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- List<string>
- The collection of tags assigned on the security group, which have been explicitly and implicitly added.
- Delete
Default boolRules - Whether or not to delete the default
egress security rules. This is
falseby default. See the below note for more information. - Description string
- A unique name for the security group.
- Name string
- A unique name for the security group.
- Region string
- The region in which to obtain the V2 networking client.
A networking client is needed to create a port. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - Stateful bool
- Indicates if the security group is stateful or
stateless. Update of the stateful argument is allowed when there is no port
associated with the security group. Available only in OpenStack environments
with the
stateful-security-groupextension. Defaults to true. - List<string>
- A set of string tags for the security group.
- Tenant
Id string - The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group.
- []string
- The collection of tags assigned on the security group, which have been explicitly and implicitly added.
- Delete
Default boolRules - Whether or not to delete the default
egress security rules. This is
falseby default. See the below note for more information. - Description string
- A unique name for the security group.
- Name string
- A unique name for the security group.
- Region string
- The region in which to obtain the V2 networking client.
A networking client is needed to create a port. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - Stateful bool
- Indicates if the security group is stateful or
stateless. Update of the stateful argument is allowed when there is no port
associated with the security group. Available only in OpenStack environments
with the
stateful-security-groupextension. Defaults to true. - []string
- A set of string tags for the security group.
- Tenant
Id string - The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group.
- List<String>
- The collection of tags assigned on the security group, which have been explicitly and implicitly added.
- delete
Default BooleanRules - Whether or not to delete the default
egress security rules. This is
falseby default. See the below note for more information. - description String
- A unique name for the security group.
- name String
- A unique name for the security group.
- region String
- The region in which to obtain the V2 networking client.
A networking client is needed to create a port. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - stateful Boolean
- Indicates if the security group is stateful or
stateless. Update of the stateful argument is allowed when there is no port
associated with the security group. Available only in OpenStack environments
with the
stateful-security-groupextension. Defaults to true. - List<String>
- A set of string tags for the security group.
- tenant
Id String - The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group.
- string[]
- The collection of tags assigned on the security group, which have been explicitly and implicitly added.
- delete
Default booleanRules - Whether or not to delete the default
egress security rules. This is
falseby default. See the below note for more information. - description string
- A unique name for the security group.
- name string
- A unique name for the security group.
- region string
- The region in which to obtain the V2 networking client.
A networking client is needed to create a port. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - stateful boolean
- Indicates if the security group is stateful or
stateless. Update of the stateful argument is allowed when there is no port
associated with the security group. Available only in OpenStack environments
with the
stateful-security-groupextension. Defaults to true. - string[]
- A set of string tags for the security group.
- tenant
Id string - The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group.
- Sequence[str]
- The collection of tags assigned on the security group, which have been explicitly and implicitly added.
- delete_
default_ boolrules - Whether or not to delete the default
egress security rules. This is
falseby default. See the below note for more information. - description str
- A unique name for the security group.
- name str
- A unique name for the security group.
- region str
- The region in which to obtain the V2 networking client.
A networking client is needed to create a port. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - stateful bool
- Indicates if the security group is stateful or
stateless. Update of the stateful argument is allowed when there is no port
associated with the security group. Available only in OpenStack environments
with the
stateful-security-groupextension. Defaults to true. - Sequence[str]
- A set of string tags for the security group.
- tenant_
id str - The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group.
- List<String>
- The collection of tags assigned on the security group, which have been explicitly and implicitly added.
- delete
Default BooleanRules - Whether or not to delete the default
egress security rules. This is
falseby default. See the below note for more information. - description String
- A unique name for the security group.
- name String
- A unique name for the security group.
- region String
- The region in which to obtain the V2 networking client.
A networking client is needed to create a port. If omitted, the
regionargument of the provider is used. Changing this creates a new security group. - stateful Boolean
- Indicates if the security group is stateful or
stateless. Update of the stateful argument is allowed when there is no port
associated with the security group. Available only in OpenStack environments
with the
stateful-security-groupextension. Defaults to true. - List<String>
- A set of string tags for the security group.
- tenant
Id String - The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group.
Import
Security Groups can be imported using the id, e.g.
$ pulumi import openstack:networking/secGroup:SecGroup secgroup_1 38809219-5e8a-4852-9139-6f461c90e8bc
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- OpenStack pulumi/pulumi-openstack
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
openstackTerraform Provider.
Viewing docs for OpenStack v5.4.2
published on Friday, Apr 10, 2026 by Pulumi
published on Friday, Apr 10, 2026 by Pulumi
