Module firewall

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-openstack repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-openstack repo.

Resources

Resource Firewall

class Firewall extends CustomResource

Manages a v1 firewall resource within OpenStack.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const rule1 = new openstack.firewall.Rule("rule1", {
    action: "deny",
    description: "drop TELNET traffic",
    destinationPort: "23",
    enabled: true,
    protocol: "tcp",
});
const rule2 = new openstack.firewall.Rule("rule2", {
    action: "deny",
    description: "drop NTP traffic",
    destinationPort: "123",
    enabled: false,
    protocol: "udp",
});
const policy1 = new openstack.firewall.Policy("policy1", {
    rules: [
        rule1.id,
        rule2.id,
    ],
});
const firewall1 = new openstack.firewall.Firewall("firewall1", {
    policyId: policy1.id,
});

constructor

new Firewall(name: string, args: FirewallArgs, opts?: pulumi.CustomResourceOptions)

Create a Firewall resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FirewallState, opts?: pulumi.CustomResourceOptions): Firewall

Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Firewall

Returns true if the given object is an instance of Firewall. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property adminStateUp

public adminStateUp: pulumi.Output<boolean | undefined>;

Administrative up/down status for the firewall (must be “true” or “false” if provided - defaults to “true”). Changing this updates the adminStateUp of an existing firewall.

property associatedRouters

public associatedRouters: pulumi.Output<string[]>;

Router(s) to associate this firewall instance with. Must be a list of strings. Changing this updates the associated routers of an existing firewall. Conflicts with noRouters.

property description

public description: pulumi.Output<string | undefined>;

A description for the firewall. Changing this updates the description of an existing firewall.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

A name for the firewall. Changing this updates the name of an existing firewall.

property noRouters

public noRouters: pulumi.Output<boolean | undefined>;

Should this firewall not be associated with any routers (must be “true” or “false” if provide - defaults to “false”). Conflicts with associatedRouters.

property policyId

public policyId: pulumi.Output<string>;

The policy resource id for the firewall. Changing this updates the policyId of an existing firewall.

property region

public region: pulumi.Output<string>;

The region in which to obtain the v1 networking client. A networking client is needed to create a firewall. If omitted, the region argument of the provider is used. Changing this creates a new firewall.

property tenantId

public tenantId: pulumi.Output<string>;

The owner of the floating IP. Required if admin wants to create a firewall for another tenant. Changing this creates a new firewall.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property valueSpecs

public valueSpecs: pulumi.Output<{[key: string]: any} | undefined>;

Map of additional options.

Resource Policy

class Policy extends CustomResource

Manages a v1 firewall policy resource within OpenStack.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const rule1 = new openstack.firewall.Rule("rule1", {
    action: "deny",
    description: "drop TELNET traffic",
    destinationPort: "23",
    enabled: true,
    protocol: "tcp",
});
const rule2 = new openstack.firewall.Rule("rule2", {
    action: "deny",
    description: "drop NTP traffic",
    destinationPort: "123",
    enabled: false,
    protocol: "udp",
});
const policy1 = new openstack.firewall.Policy("policy1", {
    rules: [
        rule1.id,
        rule2.id,
    ],
});

constructor

new Policy(name: string, args?: PolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a Policy resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyState, opts?: pulumi.CustomResourceOptions): Policy

Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Policy

Returns true if the given object is an instance of Policy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property audited

public audited: pulumi.Output<boolean | undefined>;

Audit status of the firewall policy (must be “true” or “false” if provided - defaults to “false”). This status is set to “false” whenever the firewall policy or any of its rules are changed. Changing this updates the audited status of an existing firewall policy.

property description

public description: pulumi.Output<string | undefined>;

A description for the firewall policy. Changing this updates the description of an existing firewall policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

A name for the firewall policy. Changing this updates the name of an existing firewall policy.

property region

public region: pulumi.Output<string>;

The region in which to obtain the v1 networking client. A networking client is needed to create a firewall policy. If omitted, the region argument of the provider is used. Changing this creates a new firewall policy.

property rules

public rules: pulumi.Output<string[] | undefined>;

An array of one or more firewall rules that comprise the policy. Changing this results in adding/removing rules from the existing firewall policy.

property shared

public shared: pulumi.Output<boolean | undefined>;

Sharing status of the firewall policy (must be “true” or “false” if provided). If this is “true” the policy is visible to, and can be used in, firewalls in other tenants. Changing this updates the shared status of an existing firewall policy. Only administrative users can specify if the policy should be shared.

property tenantId

public tenantId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property valueSpecs

public valueSpecs: pulumi.Output<{[key: string]: any} | undefined>;

Map of additional options.

Resource Rule

class Rule extends CustomResource

Manages a v1 firewall rule resource within OpenStack.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const rule1 = new openstack.firewall.Rule("rule1", {
    action: "deny",
    description: "drop TELNET traffic",
    destinationPort: "23",
    enabled: true,
    protocol: "tcp",
});

constructor

new Rule(name: string, args: RuleArgs, opts?: pulumi.CustomResourceOptions)

Create a Rule resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RuleState, opts?: pulumi.CustomResourceOptions): Rule

Get an existing Rule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Rule

Returns true if the given object is an instance of Rule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property action

public action: pulumi.Output<string>;

Action to be taken ( must be “allow” or “deny”) when the firewall rule matches. Changing this updates the action of an existing firewall rule.

property description

public description: pulumi.Output<string | undefined>;

A description for the firewall rule. Changing this updates the description of an existing firewall rule.

property destinationIpAddress

public destinationIpAddress: pulumi.Output<string | undefined>;

The destination IP address on which the firewall rule operates. Changing this updates the destinationIpAddress of an existing firewall rule.

property destinationPort

public destinationPort: pulumi.Output<string | undefined>;

The destination port on which the firewall rule operates. Changing this updates the destinationPort of an existing firewall rule.

property enabled

public enabled: pulumi.Output<boolean | undefined>;

Enabled status for the firewall rule (must be “true” or “false” if provided - defaults to “true”). Changing this updates the enabled status of an existing firewall rule.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ipVersion

public ipVersion: pulumi.Output<number | undefined>;

IP version, either 4 (default) or 6. Changing this updates the ipVersion of an existing firewall rule.

property name

public name: pulumi.Output<string>;

A unique name for the firewall rule. Changing this updates the name of an existing firewall rule.

property protocol

public protocol: pulumi.Output<string>;

The protocol type on which the firewall rule operates. Valid values are: tcp, udp, icmp, and any. Changing this updates the protocol of an existing firewall rule.

property region

public region: pulumi.Output<string>;

The region in which to obtain the v1 Compute client. A Compute client is needed to create a firewall rule. If omitted, the region argument of the provider is used. Changing this creates a new firewall rule.

property sourceIpAddress

public sourceIpAddress: pulumi.Output<string | undefined>;

The source IP address on which the firewall rule operates. Changing this updates the sourceIpAddress of an existing firewall rule.

property sourcePort

public sourcePort: pulumi.Output<string | undefined>;

The source port on which the firewall rule operates. Changing this updates the sourcePort of an existing firewall rule.

property tenantId

public tenantId: pulumi.Output<string | undefined>;

The owner of the firewall rule. Required if admin wants to create a firewall rule for another tenant. Changing this creates a new firewall rule.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property valueSpecs

public valueSpecs: pulumi.Output<{[key: string]: any} | undefined>;

Map of additional options.

Functions

Function getPolicy

getPolicy(args?: GetPolicyArgs, opts?: pulumi.InvokeOptions): Promise<GetPolicyResult>

Use this data source to get firewall policy information of an available OpenStack firewall policy.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const policy = pulumi.output(openstack.firewall.getPolicy({
    name: "tfTestPolicy",
}, { async: true }));

Others

interface FirewallArgs

interface FirewallArgs

The set of arguments for constructing a Firewall resource.

property adminStateUp

adminStateUp?: pulumi.Input<boolean>;

Administrative up/down status for the firewall (must be “true” or “false” if provided - defaults to “true”). Changing this updates the adminStateUp of an existing firewall.

property associatedRouters

associatedRouters?: pulumi.Input<pulumi.Input<string>[]>;

Router(s) to associate this firewall instance with. Must be a list of strings. Changing this updates the associated routers of an existing firewall. Conflicts with noRouters.

property description

description?: pulumi.Input<string>;

A description for the firewall. Changing this updates the description of an existing firewall.

property name

name?: pulumi.Input<string>;

A name for the firewall. Changing this updates the name of an existing firewall.

property noRouters

noRouters?: pulumi.Input<boolean>;

Should this firewall not be associated with any routers (must be “true” or “false” if provide - defaults to “false”). Conflicts with associatedRouters.

property policyId

policyId: pulumi.Input<string>;

The policy resource id for the firewall. Changing this updates the policyId of an existing firewall.

property region

region?: pulumi.Input<string>;

property tenantId

tenantId?: pulumi.Input<string>;

The owner of the floating IP. Required if admin wants to create a firewall for another tenant. Changing this creates a new firewall.

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

interface FirewallState

interface FirewallState

Input properties used for looking up and filtering Firewall resources.

property adminStateUp

adminStateUp?: pulumi.Input<boolean>;

Administrative up/down status for the firewall (must be “true” or “false” if provided - defaults to “true”). Changing this updates the adminStateUp of an existing firewall.

property associatedRouters

associatedRouters?: pulumi.Input<pulumi.Input<string>[]>;

Router(s) to associate this firewall instance with. Must be a list of strings. Changing this updates the associated routers of an existing firewall. Conflicts with noRouters.

property description

description?: pulumi.Input<string>;

A description for the firewall. Changing this updates the description of an existing firewall.

property name

name?: pulumi.Input<string>;

A name for the firewall. Changing this updates the name of an existing firewall.

property noRouters

noRouters?: pulumi.Input<boolean>;

Should this firewall not be associated with any routers (must be “true” or “false” if provide - defaults to “false”). Conflicts with associatedRouters.

property policyId

policyId?: pulumi.Input<string>;

The policy resource id for the firewall. Changing this updates the policyId of an existing firewall.

property region

region?: pulumi.Input<string>;

property tenantId

tenantId?: pulumi.Input<string>;

The owner of the floating IP. Required if admin wants to create a firewall for another tenant. Changing this creates a new firewall.

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

interface GetPolicyArgs

interface GetPolicyArgs

A collection of arguments for invoking getPolicy.

property name

name?: undefined | string;

The name of the firewall policy.

property policyId

policyId?: undefined | string;

The ID of the firewall policy.

property region

region?: undefined | string;

The region in which to obtain the V2 Neutron client. A Neutron client is needed to retrieve firewall policy ids. If omitted, the region argument of the provider is used.

property tenantId

tenantId?: undefined | string;

The owner of the firewall policy.

interface GetPolicyResult

interface GetPolicyResult

A collection of values returned by getPolicy.

property audited

audited: boolean;

The audit status of the firewall policy.

property description

description: string;

The description of the firewall policy.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name?: undefined | string;

See Argument Reference above.

property policyId

policyId?: undefined | string;

See Argument Reference above.

property region

region: string;

See Argument Reference above.

property rules

rules: string[];

The array of one or more firewall rules that comprise the policy.

property shared

shared: boolean;

The sharing status of the firewall policy.

property tenantId

tenantId: string;

See Argument Reference above.

interface PolicyArgs

interface PolicyArgs

The set of arguments for constructing a Policy resource.

property audited

audited?: pulumi.Input<boolean>;

property description

description?: pulumi.Input<string>;

A description for the firewall policy. Changing this updates the description of an existing firewall policy.

property name

name?: pulumi.Input<string>;

A name for the firewall policy. Changing this updates the name of an existing firewall policy.

property region

region?: pulumi.Input<string>;

property rules

rules?: pulumi.Input<pulumi.Input<string>[]>;

An array of one or more firewall rules that comprise the policy. Changing this results in adding/removing rules from the existing firewall policy.

property shared

shared?: pulumi.Input<boolean>;

property tenantId

tenantId?: pulumi.Input<string>;

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

interface PolicyState

interface PolicyState

Input properties used for looking up and filtering Policy resources.

property audited

audited?: pulumi.Input<boolean>;

property description

description?: pulumi.Input<string>;

A description for the firewall policy. Changing this updates the description of an existing firewall policy.

property name

name?: pulumi.Input<string>;

A name for the firewall policy. Changing this updates the name of an existing firewall policy.

property region

region?: pulumi.Input<string>;

property rules

rules?: pulumi.Input<pulumi.Input<string>[]>;

An array of one or more firewall rules that comprise the policy. Changing this results in adding/removing rules from the existing firewall policy.

property shared

shared?: pulumi.Input<boolean>;

property tenantId

tenantId?: pulumi.Input<string>;

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

interface RuleArgs

interface RuleArgs

The set of arguments for constructing a Rule resource.

property action

action: pulumi.Input<string>;

Action to be taken ( must be “allow” or “deny”) when the firewall rule matches. Changing this updates the action of an existing firewall rule.

property description

description?: pulumi.Input<string>;

A description for the firewall rule. Changing this updates the description of an existing firewall rule.

property destinationIpAddress

destinationIpAddress?: pulumi.Input<string>;

The destination IP address on which the firewall rule operates. Changing this updates the destinationIpAddress of an existing firewall rule.

property destinationPort

destinationPort?: pulumi.Input<string>;

The destination port on which the firewall rule operates. Changing this updates the destinationPort of an existing firewall rule.

property enabled

enabled?: pulumi.Input<boolean>;

Enabled status for the firewall rule (must be “true” or “false” if provided - defaults to “true”). Changing this updates the enabled status of an existing firewall rule.

property ipVersion

ipVersion?: pulumi.Input<number>;

IP version, either 4 (default) or 6. Changing this updates the ipVersion of an existing firewall rule.

property name

name?: pulumi.Input<string>;

A unique name for the firewall rule. Changing this updates the name of an existing firewall rule.

property protocol

protocol: pulumi.Input<string>;

The protocol type on which the firewall rule operates. Valid values are: tcp, udp, icmp, and any. Changing this updates the protocol of an existing firewall rule.

property region

region?: pulumi.Input<string>;

property sourceIpAddress

sourceIpAddress?: pulumi.Input<string>;

The source IP address on which the firewall rule operates. Changing this updates the sourceIpAddress of an existing firewall rule.

property sourcePort

sourcePort?: pulumi.Input<string>;

The source port on which the firewall rule operates. Changing this updates the sourcePort of an existing firewall rule.

property tenantId

tenantId?: pulumi.Input<string>;

The owner of the firewall rule. Required if admin wants to create a firewall rule for another tenant. Changing this creates a new firewall rule.

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

interface RuleState

interface RuleState

Input properties used for looking up and filtering Rule resources.

property action

action?: pulumi.Input<string>;

Action to be taken ( must be “allow” or “deny”) when the firewall rule matches. Changing this updates the action of an existing firewall rule.

property description

description?: pulumi.Input<string>;

A description for the firewall rule. Changing this updates the description of an existing firewall rule.

property destinationIpAddress

destinationIpAddress?: pulumi.Input<string>;

The destination IP address on which the firewall rule operates. Changing this updates the destinationIpAddress of an existing firewall rule.

property destinationPort

destinationPort?: pulumi.Input<string>;

The destination port on which the firewall rule operates. Changing this updates the destinationPort of an existing firewall rule.

property enabled

enabled?: pulumi.Input<boolean>;

Enabled status for the firewall rule (must be “true” or “false” if provided - defaults to “true”). Changing this updates the enabled status of an existing firewall rule.

property ipVersion

ipVersion?: pulumi.Input<number>;

IP version, either 4 (default) or 6. Changing this updates the ipVersion of an existing firewall rule.

property name

name?: pulumi.Input<string>;

A unique name for the firewall rule. Changing this updates the name of an existing firewall rule.

property protocol

protocol?: pulumi.Input<string>;

The protocol type on which the firewall rule operates. Valid values are: tcp, udp, icmp, and any. Changing this updates the protocol of an existing firewall rule.

property region

region?: pulumi.Input<string>;

property sourceIpAddress

sourceIpAddress?: pulumi.Input<string>;

The source IP address on which the firewall rule operates. Changing this updates the sourceIpAddress of an existing firewall rule.

property sourcePort

sourcePort?: pulumi.Input<string>;

The source port on which the firewall rule operates. Changing this updates the sourcePort of an existing firewall rule.

property tenantId

tenantId?: pulumi.Input<string>;

The owner of the firewall rule. Required if admin wants to create a firewall rule for another tenant. Changing this creates a new firewall rule.

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Module firewall

Resources

Functions

Others

Resources

Example Usage

Example Usage

Example Usage

Functions

Example Usage

Others