SecGroup

Manages a V2 security group resource within OpenStack.

Please note that managing security groups through the OpenStack Compute API has been deprecated. Unless you are using an older OpenStack environment, it is recommended to use the openstack.networking.SecGroup and openstack.networking.SecGroupRule resources instead, which uses the OpenStack Networking API.

Notes

ICMP Rules

When using ICMP as the ip_protocol, the from_port sets the ICMP type and the to_port sets the ICMP code. To allow all ICMP types, set each value to -1, like so:

import * as pulumi from "@pulumi/pulumi";

import pulumi

using Pulumi;

class MyStack : Stack
{
    public MyStack()
    {
    }

}

A list of ICMP types and codes can be found here.

Referencing Security Groups

When referencing a security group in a configuration (for example, a configuration creates a new security group and then needs to apply it to an instance being created in the same configuration), it is currently recommended to reference the security group by name and not by ID, like this:

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const test_server = new openstack.compute.Instance("test-server", {
    flavorId: "3",
    imageId: "ad091b52-742f-469e-8f3c-fd81cadf0743",
    keyPair: "my_key_pair_name",
    securityGroups: [openstack_compute_secgroup_v2_secgroup_1.name],
});

import pulumi
import pulumi_openstack as openstack

test_server = openstack.compute.Instance("test-server",
    flavor_id="3",
    image_id="ad091b52-742f-469e-8f3c-fd81cadf0743",
    key_pair="my_key_pair_name",
    security_groups=[openstack_compute_secgroup_v2["secgroup_1"]["name"]])

using Pulumi;
using OpenStack = Pulumi.OpenStack;

class MyStack : Stack
{
    public MyStack()
    {
        var test_server = new OpenStack.Compute.Instance("test-server", new OpenStack.Compute.InstanceArgs
        {
            FlavorId = "3",
            ImageId = "ad091b52-742f-469e-8f3c-fd81cadf0743",
            KeyPair = "my_key_pair_name",
            SecurityGroups = 
            {
                openstack_compute_secgroup_v2.Secgroup_1.Name,
            },
        });
    }

}

Example Usage

using Pulumi;
using OpenStack = Pulumi.OpenStack;

class MyStack : Stack
{
    public MyStack()
    {
        var secgroup1 = new OpenStack.Compute.SecGroup("secgroup1", new OpenStack.Compute.SecGroupArgs
        {
            Description = "my security group",
            Rules = 
            {
                new OpenStack.Compute.Inputs.SecGroupRuleArgs
                {
                    Cidr = "0.0.0.0/0",
                    FromPort = 22,
                    IpProtocol = "tcp",
                    ToPort = 22,
                },
                new OpenStack.Compute.Inputs.SecGroupRuleArgs
                {
                    Cidr = "0.0.0.0/0",
                    FromPort = 80,
                    IpProtocol = "tcp",
                    ToPort = 80,
                },
            },
        });
    }

}

Coming soon!

import pulumi
import pulumi_openstack as openstack

secgroup1 = openstack.compute.SecGroup("secgroup1",
    description="my security group",
    rules=[
        {
            "cidr": "0.0.0.0/0",
            "fromPort": 22,
            "ipProtocol": "tcp",
            "toPort": 22,
        },
        {
            "cidr": "0.0.0.0/0",
            "fromPort": 80,
            "ipProtocol": "tcp",
            "toPort": 80,
        },
    ])

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const secgroup1 = new openstack.compute.SecGroup("secgroup_1", {
    description: "my security group",
    rules: [
        {
            cidr: "0.0.0.0/0",
            fromPort: 22,
            ipProtocol: "tcp",
            toPort: 22,
        },
        {
            cidr: "0.0.0.0/0",
            fromPort: 80,
            ipProtocol: "tcp",
            toPort: 80,
        },
    ],
});

Create a SecGroup Resource

new SecGroup(name: string, args: SecGroupArgs, opts?: CustomResourceOptions);

def SecGroup(resource_name, opts=None, description=None, name=None, region=None, rules=None, __props__=None);

func NewSecGroup(ctx *Context, name string, args SecGroupArgs, opts ...ResourceOption) (*SecGroup, error)

public SecGroup(string name, SecGroupArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args SecGroupArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecGroupArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecGroupArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

SecGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The SecGroup resource accepts the following input properties:

Description string: A description for the security group. Changing this updates the description of an existing security group.
Name string: A unique name for the security group. Changing this updates the name of an existing security group.
Region string: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
Rules List<Pulumi.OpenStack.Compute.Inputs.SecGroupRuleArgs>: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

Description string: A description for the security group. Changing this updates the description of an existing security group.
Name string: A unique name for the security group. Changing this updates the name of an existing security group.
Region string: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
Rules []SecGroupRule: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

description string: A description for the security group. Changing this updates the description of an existing security group.
name string: A unique name for the security group. Changing this updates the name of an existing security group.
region string: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
rules SecGroupRule[]: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

description str: A description for the security group. Changing this updates the description of an existing security group.
name str: A unique name for the security group. Changing this updates the name of an existing security group.
region str: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
rules List[SecGroupRule]: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecGroup resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

Look up an Existing SecGroup Resource

Get an existing SecGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecGroupState, opts?: CustomResourceOptions): SecGroup

static get(resource_name, id, opts=None, description=None, name=None, region=None, rules=None, __props__=None);

func GetSecGroup(ctx *Context, name string, id IDInput, state *SecGroupState, opts ...ResourceOption) (*SecGroup, error)

public static SecGroup Get(string name, Input<string> id, SecGroupState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Description string: A description for the security group. Changing this updates the description of an existing security group.
Name string: A unique name for the security group. Changing this updates the name of an existing security group.
Region string: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
Rules List<Pulumi.OpenStack.Compute.Inputs.SecGroupRuleArgs>: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

Description string: A description for the security group. Changing this updates the description of an existing security group.
Name string: A unique name for the security group. Changing this updates the name of an existing security group.
Region string: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
Rules []SecGroupRule: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

description string: A description for the security group. Changing this updates the description of an existing security group.
name string: A unique name for the security group. Changing this updates the name of an existing security group.
region string: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
rules SecGroupRule[]: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

description str: A description for the security group. Changing this updates the description of an existing security group.
name str: A unique name for the security group. Changing this updates the name of an existing security group.
region str: The region in which to obtain the V2 Compute client. A Compute client is needed to create a security group. If omitted, the region argument of the provider is used. Changing this creates a new security group.
rules List[SecGroupRule]: A rule describing how the security group operates. The rule object structure is documented below. Changing this updates the security group rules. As shown in the example above, multiple rule blocks may be used.

Supporting Types

SecGroupRule

See the input and output API doc for this type.

FromPort int: An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
IpProtocol string: The protocol type that will be allowed. Changing this creates a new security group rule.
ToPort int: An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
Cidr string: Required if from_group_id or self is empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined with from_group_id or self.
FromGroupId string: Required if cidr or self is empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined with cidr or self.
Id string
Self bool: Required if cidr and from_group_id is empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined with cidr or from_group_id.

FromPort int: An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
IpProtocol string: The protocol type that will be allowed. Changing this creates a new security group rule.
ToPort int: An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
Cidr string: Required if from_group_id or self is empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined with from_group_id or self.
FromGroupId string: Required if cidr or self is empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined with cidr or self.
Id string
Self bool: Required if cidr and from_group_id is empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined with cidr or from_group_id.

fromPort number: An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
ipProtocol string: The protocol type that will be allowed. Changing this creates a new security group rule.
toPort number: An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
cidr string: Required if from_group_id or self is empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined with from_group_id or self.
fromGroupId string: Required if cidr or self is empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined with cidr or self.
id string
self boolean: Required if cidr and from_group_id is empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined with cidr or from_group_id.

fromPort float: An integer representing the lower bound of the port range to open. Changing this creates a new security group rule.
ipProtocol str: The protocol type that will be allowed. Changing this creates a new security group rule.
toPort float: An integer representing the upper bound of the port range to open. Changing this creates a new security group rule.
cidr str: Required if from_group_id or self is empty. The IP range that will be the source of network traffic to the security group. Use 0.0.0.0/0 to allow all IP addresses. Changing this creates a new security group rule. Cannot be combined with from_group_id or self.
fromGroupId str: Required if cidr or self is empty. The ID of a group from which to forward traffic to the parent group. Changing this creates a new security group rule. Cannot be combined with cidr or self.
id str
self bool: Required if cidr and from_group_id is empty. If true, the security group itself will be added as a source to this ingress rule. Cannot be combined with cidr or from_group_id.

Package Details

Repository: https://github.com/pulumi/pulumi-openstack
License: Apache-2.0
Notes: This Pulumi package is based on the openstack Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud