SecGroupRule

Manages a V2 neutron security group rule resource within OpenStack. Unlike Nova security groups, neutron separates the group from the rules and also allows an admin to target a specific tenant_id.

Example Usage

using Pulumi;
using OpenStack = Pulumi.OpenStack;

class MyStack : Stack
{
    public MyStack()
    {
        var secgroup1 = new OpenStack.Networking.SecGroup("secgroup1", new OpenStack.Networking.SecGroupArgs
        {
            Description = "My neutron security group",
        });
        var secgroupRule1 = new OpenStack.Networking.SecGroupRule("secgroupRule1", new OpenStack.Networking.SecGroupRuleArgs
        {
            Direction = "ingress",
            Ethertype = "IPv4",
            PortRangeMax = 22,
            PortRangeMin = 22,
            Protocol = "tcp",
            RemoteIpPrefix = "0.0.0.0/0",
            SecurityGroupId = secgroup1.Id,
        });
    }

}

Coming soon!

import pulumi
import pulumi_openstack as openstack

secgroup1 = openstack.networking.SecGroup("secgroup1", description="My neutron security group")
secgroup_rule1 = openstack.networking.SecGroupRule("secgroupRule1",
    direction="ingress",
    ethertype="IPv4",
    port_range_max=22,
    port_range_min=22,
    protocol="tcp",
    remote_ip_prefix="0.0.0.0/0",
    security_group_id=secgroup1.id)

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const secgroup1 = new openstack.networking.SecGroup("secgroup_1", {
    description: "My neutron security group",
});
const secgroupRule1 = new openstack.networking.SecGroupRule("secgroup_rule_1", {
    direction: "ingress",
    ethertype: "IPv4",
    portRangeMax: 22,
    portRangeMin: 22,
    protocol: "tcp",
    remoteIpPrefix: "0.0.0.0/0",
    securityGroupId: secgroup1.id,
});

Create a SecGroupRule Resource

new SecGroupRule(name: string, args: SecGroupRuleArgs, opts?: CustomResourceOptions);

def SecGroupRule(resource_name, opts=None, description=None, direction=None, ethertype=None, port_range_max=None, port_range_min=None, protocol=None, region=None, remote_group_id=None, remote_ip_prefix=None, security_group_id=None, tenant_id=None, __props__=None);

func NewSecGroupRule(ctx *Context, name string, args SecGroupRuleArgs, opts ...ResourceOption) (*SecGroupRule, error)

public SecGroupRule(string name, SecGroupRuleArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args SecGroupRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecGroupRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecGroupRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

SecGroupRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The SecGroupRule resource accepts the following input properties:

Direction string: The direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
Ethertype string: The layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
SecurityGroupId string: The security group id the rule should belong to, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
Description string: A description of the rule. Changing this creates a new security group rule.
PortRangeMax int: The higher part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
PortRangeMin int: The lower part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
Protocol string: The layer 4 protocol type, valid values are following. Changing this creates a new security group rule. This is required if you want to specify a port range. * tcp * udp * icmp * ah * dccp * egp * esp * gre * igmp * ipv6-encap * ipv6-frag * ipv6-icmp * ipv6-nonxt * ipv6-opts * ipv6-route * ospf * pgm * rsvp * sctp * udplite * vrrp
Region string: The region in which to obtain the V2 networking client. A networking client is needed to create a port. If omitted, the region argument of the provider is used. Changing this creates a new security group rule.
RemoteGroupId string: The remote group id, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
RemoteIpPrefix string: The remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
TenantId string: The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group rule.

Direction string: The direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
Ethertype string: The layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
SecurityGroupId string: The security group id the rule should belong to, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
Description string: A description of the rule. Changing this creates a new security group rule.
PortRangeMax int: The higher part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
PortRangeMin int: The lower part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
Protocol string: The layer 4 protocol type, valid values are following. Changing this creates a new security group rule. This is required if you want to specify a port range. * tcp * udp * icmp * ah * dccp * egp * esp * gre * igmp * ipv6-encap * ipv6-frag * ipv6-icmp * ipv6-nonxt * ipv6-opts * ipv6-route * ospf * pgm * rsvp * sctp * udplite * vrrp
Region string: The region in which to obtain the V2 networking client. A networking client is needed to create a port. If omitted, the region argument of the provider is used. Changing this creates a new security group rule.
RemoteGroupId string: The remote group id, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
RemoteIpPrefix string: The remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
TenantId string: The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group rule.

direction string: The direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
ethertype string: The layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
securityGroupId string: The security group id the rule should belong to, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
description string: A description of the rule. Changing this creates a new security group rule.
portRangeMax number: The higher part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
portRangeMin number: The lower part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
protocol string: The layer 4 protocol type, valid values are following. Changing this creates a new security group rule. This is required if you want to specify a port range. * tcp * udp * icmp * ah * dccp * egp * esp * gre * igmp * ipv6-encap * ipv6-frag * ipv6-icmp * ipv6-nonxt * ipv6-opts * ipv6-route * ospf * pgm * rsvp * sctp * udplite * vrrp
region string: The region in which to obtain the V2 networking client. A networking client is needed to create a port. If omitted, the region argument of the provider is used. Changing this creates a new security group rule.
remoteGroupId string: The remote group id, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
remoteIpPrefix string: The remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
tenantId string: The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group rule.

direction str: The direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
ethertype str: The layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
security_group_id str: The security group id the rule should belong to, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
description str: A description of the rule. Changing this creates a new security group rule.
port_range_max float: The higher part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
port_range_min float: The lower part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
protocol str: The layer 4 protocol type, valid values are following. Changing this creates a new security group rule. This is required if you want to specify a port range. * tcp * udp * icmp * ah * dccp * egp * esp * gre * igmp * ipv6-encap * ipv6-frag * ipv6-icmp * ipv6-nonxt * ipv6-opts * ipv6-route * ospf * pgm * rsvp * sctp * udplite * vrrp
region str: The region in which to obtain the V2 networking client. A networking client is needed to create a port. If omitted, the region argument of the provider is used. Changing this creates a new security group rule.
remote_group_id str: The remote group id, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
remote_ip_prefix str: The remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
tenant_id str: The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group rule.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecGroupRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

Look up an Existing SecGroupRule Resource

Get an existing SecGroupRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecGroupRuleState, opts?: CustomResourceOptions): SecGroupRule

static get(resource_name, id, opts=None, description=None, direction=None, ethertype=None, port_range_max=None, port_range_min=None, protocol=None, region=None, remote_group_id=None, remote_ip_prefix=None, security_group_id=None, tenant_id=None, __props__=None);

func GetSecGroupRule(ctx *Context, name string, id IDInput, state *SecGroupRuleState, opts ...ResourceOption) (*SecGroupRule, error)

public static SecGroupRule Get(string name, Input<string> id, SecGroupRuleState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Description string: A description of the rule. Changing this creates a new security group rule.
Direction string: The direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
Ethertype string: The layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
PortRangeMax int: The higher part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
PortRangeMin int: The lower part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
Protocol string: The layer 4 protocol type, valid values are following. Changing this creates a new security group rule. This is required if you want to specify a port range. * tcp * udp * icmp * ah * dccp * egp * esp * gre * igmp * ipv6-encap * ipv6-frag * ipv6-icmp * ipv6-nonxt * ipv6-opts * ipv6-route * ospf * pgm * rsvp * sctp * udplite * vrrp
Region string: The region in which to obtain the V2 networking client. A networking client is needed to create a port. If omitted, the region argument of the provider is used. Changing this creates a new security group rule.
RemoteGroupId string: The remote group id, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
RemoteIpPrefix string: The remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
SecurityGroupId string: The security group id the rule should belong to, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
TenantId string: The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group rule.

Description string: A description of the rule. Changing this creates a new security group rule.
Direction string: The direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
Ethertype string: The layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
PortRangeMax int: The higher part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
PortRangeMin int: The lower part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
Protocol string: The layer 4 protocol type, valid values are following. Changing this creates a new security group rule. This is required if you want to specify a port range. * tcp * udp * icmp * ah * dccp * egp * esp * gre * igmp * ipv6-encap * ipv6-frag * ipv6-icmp * ipv6-nonxt * ipv6-opts * ipv6-route * ospf * pgm * rsvp * sctp * udplite * vrrp
Region string: The region in which to obtain the V2 networking client. A networking client is needed to create a port. If omitted, the region argument of the provider is used. Changing this creates a new security group rule.
RemoteGroupId string: The remote group id, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
RemoteIpPrefix string: The remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
SecurityGroupId string: The security group id the rule should belong to, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
TenantId string: The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group rule.

description string: A description of the rule. Changing this creates a new security group rule.
direction string: The direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
ethertype string: The layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
portRangeMax number: The higher part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
portRangeMin number: The lower part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
protocol string: The layer 4 protocol type, valid values are following. Changing this creates a new security group rule. This is required if you want to specify a port range. * tcp * udp * icmp * ah * dccp * egp * esp * gre * igmp * ipv6-encap * ipv6-frag * ipv6-icmp * ipv6-nonxt * ipv6-opts * ipv6-route * ospf * pgm * rsvp * sctp * udplite * vrrp
region string: The region in which to obtain the V2 networking client. A networking client is needed to create a port. If omitted, the region argument of the provider is used. Changing this creates a new security group rule.
remoteGroupId string: The remote group id, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
remoteIpPrefix string: The remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
securityGroupId string: The security group id the rule should belong to, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
tenantId string: The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group rule.

description str: A description of the rule. Changing this creates a new security group rule.
direction str: The direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
ethertype str: The layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
port_range_max float: The higher part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
port_range_min float: The lower part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule.
protocol str: The layer 4 protocol type, valid values are following. Changing this creates a new security group rule. This is required if you want to specify a port range. * tcp * udp * icmp * ah * dccp * egp * esp * gre * igmp * ipv6-encap * ipv6-frag * ipv6-icmp * ipv6-nonxt * ipv6-opts * ipv6-route * ospf * pgm * rsvp * sctp * udplite * vrrp
region str: The region in which to obtain the V2 networking client. A networking client is needed to create a port. If omitted, the region argument of the provider is used. Changing this creates a new security group rule.
remote_group_id str: The remote group id, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
remote_ip_prefix str: The remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
security_group_id str: The security group id the rule should belong to, the value needs to be an Openstack ID of a security group in the same tenant. Changing this creates a new security group rule.
tenant_id str: The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group rule.

Package Details

Repository: https://github.com/pulumi/pulumi-openstack
License: Apache-2.0
Notes: This Pulumi package is based on the openstack Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud