This page documents the language specification for the openstack package. If you're looking for help working with the inputs, outputs, or functions of openstack resources in a Pulumi program, please see the resource documentation for examples and API reference.

firewall¶

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-openstack repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-openstack repo.

class pulumi_openstack.firewall.AwaitableGetPolicyResult(audited=None, description=None, id=None, name=None, policy_id=None, region=None, rules=None, shared=None, tenant_id=None)¶

class pulumi_openstack.firewall.Firewall(resource_name, opts=None, admin_state_up=None, associated_routers=None, description=None, name=None, no_routers=None, policy_id=None, region=None, tenant_id=None, value_specs=None, __props__=None, __name__=None, __opts__=None)¶

Manages a v1 firewall resource within OpenStack.

import pulumi
import pulumi_openstack as openstack

rule1 = openstack.firewall.Rule("rule1",
    action="deny",
    description="drop TELNET traffic",
    destination_port="23",
    enabled="true",
    protocol="tcp")
rule2 = openstack.firewall.Rule("rule2",
    action="deny",
    description="drop NTP traffic",
    destination_port="123",
    enabled="false",
    protocol="udp")
policy1 = openstack.firewall.Policy("policy1", rules=[
    rule1.id,
    rule2.id,
])
firewall1 = openstack.firewall.Firewall("firewall1", policy_id=policy1.id)

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
admin_state_up (pulumi.Input[bool]) – Administrative up/down status for the firewall (must be “true” or “false” if provided - defaults to “true”). Changing this updates the admin_state_up of an existing firewall.
associated_routers (pulumi.Input[list]) – Router(s) to associate this firewall instance with. Must be a list of strings. Changing this updates the associated routers of an existing firewall. Conflicts with no_routers.
description (pulumi.Input[str]) – A description for the firewall. Changing this updates the description of an existing firewall.
name (pulumi.Input[str]) – A name for the firewall. Changing this updates the name of an existing firewall.
no_routers (pulumi.Input[bool]) – Should this firewall not be associated with any routers (must be “true” or “false” if provide - defaults to “false”). Conflicts with associated_routers.
policy_id (pulumi.Input[str]) – The policy resource id for the firewall. Changing this updates the policy_id of an existing firewall.
region (pulumi.Input[str]) – The region in which to obtain the v1 networking client. A networking client is needed to create a firewall. If omitted, the region argument of the provider is used. Changing this creates a new firewall.
tenant_id (pulumi.Input[str]) – The owner of the floating IP. Required if admin wants to create a firewall for another tenant. Changing this creates a new firewall.
value_specs (pulumi.Input[dict]) – Map of additional options.

admin_state_up: pulumi.Output[bool] = None¶: Administrative up/down status for the firewall (must be “true” or “false” if provided - defaults to “true”). Changing this updates the admin_state_up of an existing firewall.

associated_routers: pulumi.Output[list] = None¶: Router(s) to associate this firewall instance with. Must be a list of strings. Changing this updates the associated routers of an existing firewall. Conflicts with no_routers.

description: pulumi.Output[str] = None¶: A description for the firewall. Changing this updates the description of an existing firewall.

name: pulumi.Output[str] = None¶: A name for the firewall. Changing this updates the name of an existing firewall.

no_routers: pulumi.Output[bool] = None¶: Should this firewall not be associated with any routers (must be “true” or “false” if provide - defaults to “false”). Conflicts with associated_routers.

policy_id: pulumi.Output[str] = None¶: The policy resource id for the firewall. Changing this updates the policy_id of an existing firewall.

region: pulumi.Output[str] = None¶: The region in which to obtain the v1 networking client. A networking client is needed to create a firewall. If omitted, the region argument of the provider is used. Changing this creates a new firewall.

tenant_id: pulumi.Output[str] = None¶: The owner of the floating IP. Required if admin wants to create a firewall for another tenant. Changing this creates a new firewall.

value_specs: pulumi.Output[dict] = None¶: Map of additional options.

static get(resource_name, id, opts=None, admin_state_up=None, associated_routers=None, description=None, name=None, no_routers=None, policy_id=None, region=None, tenant_id=None, value_specs=None)¶

Get an existing Firewall resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
admin_state_up (pulumi.Input[bool]) – Administrative up/down status for the firewall (must be “true” or “false” if provided - defaults to “true”). Changing this updates the admin_state_up of an existing firewall.
associated_routers (pulumi.Input[list]) – Router(s) to associate this firewall instance with. Must be a list of strings. Changing this updates the associated routers of an existing firewall. Conflicts with no_routers.
description (pulumi.Input[str]) – A description for the firewall. Changing this updates the description of an existing firewall.
name (pulumi.Input[str]) – A name for the firewall. Changing this updates the name of an existing firewall.
no_routers (pulumi.Input[bool]) – Should this firewall not be associated with any routers (must be “true” or “false” if provide - defaults to “false”). Conflicts with associated_routers.
policy_id (pulumi.Input[str]) – The policy resource id for the firewall. Changing this updates the policy_id of an existing firewall.
region (pulumi.Input[str]) – The region in which to obtain the v1 networking client. A networking client is needed to create a firewall. If omitted, the region argument of the provider is used. Changing this creates a new firewall.
tenant_id (pulumi.Input[str]) – The owner of the floating IP. Required if admin wants to create a firewall for another tenant. Changing this creates a new firewall.
value_specs (pulumi.Input[dict]) – Map of additional options.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_openstack.firewall.GetPolicyResult(audited=None, description=None, id=None, name=None, policy_id=None, region=None, rules=None, shared=None, tenant_id=None)¶

A collection of values returned by getPolicy.

audited = None¶: The audit status of the firewall policy.

description = None¶: The description of the firewall policy.

id = None¶: The provider-assigned unique ID for this managed resource.

name = None¶: See Argument Reference above.

policy_id = None¶: See Argument Reference above.

region = None¶: See Argument Reference above.

rules = None¶: The array of one or more firewall rules that comprise the policy.

shared = None¶: The sharing status of the firewall policy.

tenant_id = None¶: See Argument Reference above.

class pulumi_openstack.firewall.Policy(resource_name, opts=None, audited=None, description=None, name=None, region=None, rules=None, shared=None, tenant_id=None, value_specs=None, __props__=None, __name__=None, __opts__=None)¶

Manages a v1 firewall policy resource within OpenStack.

import pulumi
import pulumi_openstack as openstack

rule1 = openstack.firewall.Rule("rule1",
    action="deny",
    description="drop TELNET traffic",
    destination_port="23",
    enabled="true",
    protocol="tcp")
rule2 = openstack.firewall.Rule("rule2",
    action="deny",
    description="drop NTP traffic",
    destination_port="123",
    enabled="false",
    protocol="udp")
policy1 = openstack.firewall.Policy("policy1", rules=[
    rule1.id,
    rule2.id,
])

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
audited (pulumi.Input[bool]) – Audit status of the firewall policy (must be “true” or “false” if provided - defaults to “false”). This status is set to “false” whenever the firewall policy or any of its rules are changed. Changing this updates the audited status of an existing firewall policy.
description (pulumi.Input[str]) – A description for the firewall policy. Changing this updates the description of an existing firewall policy.
name (pulumi.Input[str]) – A name for the firewall policy. Changing this updates the name of an existing firewall policy.
region (pulumi.Input[str]) – The region in which to obtain the v1 networking client. A networking client is needed to create a firewall policy. If omitted, the region argument of the provider is used. Changing this creates a new firewall policy.
rules (pulumi.Input[list]) – An array of one or more firewall rules that comprise the policy. Changing this results in adding/removing rules from the existing firewall policy.
shared (pulumi.Input[bool]) – Sharing status of the firewall policy (must be “true” or “false” if provided). If this is “true” the policy is visible to, and can be used in, firewalls in other tenants. Changing this updates the shared status of an existing firewall policy. Only administrative users can specify if the policy should be shared.
value_specs (pulumi.Input[dict]) – Map of additional options.

audited: pulumi.Output[bool] = None¶: Audit status of the firewall policy (must be “true” or “false” if provided - defaults to “false”). This status is set to “false” whenever the firewall policy or any of its rules are changed. Changing this updates the audited status of an existing firewall policy.

description: pulumi.Output[str] = None¶: A description for the firewall policy. Changing this updates the description of an existing firewall policy.

name: pulumi.Output[str] = None¶: A name for the firewall policy. Changing this updates the name of an existing firewall policy.

region: pulumi.Output[str] = None¶: The region in which to obtain the v1 networking client. A networking client is needed to create a firewall policy. If omitted, the region argument of the provider is used. Changing this creates a new firewall policy.

rules: pulumi.Output[list] = None¶: An array of one or more firewall rules that comprise the policy. Changing this results in adding/removing rules from the existing firewall policy.

shared: pulumi.Output[bool] = None¶: Sharing status of the firewall policy (must be “true” or “false” if provided). If this is “true” the policy is visible to, and can be used in, firewalls in other tenants. Changing this updates the shared status of an existing firewall policy. Only administrative users can specify if the policy should be shared.

value_specs: pulumi.Output[dict] = None¶: Map of additional options.

static get(resource_name, id, opts=None, audited=None, description=None, name=None, region=None, rules=None, shared=None, tenant_id=None, value_specs=None)¶

Get an existing Policy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
audited (pulumi.Input[bool]) – Audit status of the firewall policy (must be “true” or “false” if provided - defaults to “false”). This status is set to “false” whenever the firewall policy or any of its rules are changed. Changing this updates the audited status of an existing firewall policy.
description (pulumi.Input[str]) – A description for the firewall policy. Changing this updates the description of an existing firewall policy.
name (pulumi.Input[str]) – A name for the firewall policy. Changing this updates the name of an existing firewall policy.
region (pulumi.Input[str]) – The region in which to obtain the v1 networking client. A networking client is needed to create a firewall policy. If omitted, the region argument of the provider is used. Changing this creates a new firewall policy.
rules (pulumi.Input[list]) – An array of one or more firewall rules that comprise the policy. Changing this results in adding/removing rules from the existing firewall policy.
shared (pulumi.Input[bool]) – Sharing status of the firewall policy (must be “true” or “false” if provided). If this is “true” the policy is visible to, and can be used in, firewalls in other tenants. Changing this updates the shared status of an existing firewall policy. Only administrative users can specify if the policy should be shared.
value_specs (pulumi.Input[dict]) – Map of additional options.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_openstack.firewall.Rule(resource_name, opts=None, action=None, description=None, destination_ip_address=None, destination_port=None, enabled=None, ip_version=None, name=None, protocol=None, region=None, source_ip_address=None, source_port=None, tenant_id=None, value_specs=None, __props__=None, __name__=None, __opts__=None)¶

Manages a v1 firewall rule resource within OpenStack.

import pulumi
import pulumi_openstack as openstack

rule1 = openstack.firewall.Rule("rule1",
    action="deny",
    description="drop TELNET traffic",
    destination_port="23",
    enabled="true",
    protocol="tcp")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
action (pulumi.Input[str]) – Action to be taken ( must be “allow” or “deny”) when the firewall rule matches. Changing this updates the action of an existing firewall rule.
description (pulumi.Input[str]) – A description for the firewall rule. Changing this updates the description of an existing firewall rule.
destination_ip_address (pulumi.Input[str]) – The destination IP address on which the firewall rule operates. Changing this updates the destination_ip_address of an existing firewall rule.
destination_port (pulumi.Input[str]) – The destination port on which the firewall rule operates. Changing this updates the destination_port of an existing firewall rule.
enabled (pulumi.Input[bool]) – Enabled status for the firewall rule (must be “true” or “false” if provided - defaults to “true”). Changing this updates the enabled status of an existing firewall rule.
ip_version (pulumi.Input[float]) – IP version, either 4 (default) or 6. Changing this updates the ip_version of an existing firewall rule.
name (pulumi.Input[str]) – A unique name for the firewall rule. Changing this updates the name of an existing firewall rule.
protocol (pulumi.Input[str]) – The protocol type on which the firewall rule operates. Valid values are: tcp, udp, icmp, and any. Changing this updates the protocol of an existing firewall rule.
region (pulumi.Input[str]) – The region in which to obtain the v1 Compute client. A Compute client is needed to create a firewall rule. If omitted, the region argument of the provider is used. Changing this creates a new firewall rule.
source_ip_address (pulumi.Input[str]) – The source IP address on which the firewall rule operates. Changing this updates the source_ip_address of an existing firewall rule.
source_port (pulumi.Input[str]) – The source port on which the firewall rule operates. Changing this updates the source_port of an existing firewall rule.
tenant_id (pulumi.Input[str]) – The owner of the firewall rule. Required if admin wants to create a firewall rule for another tenant. Changing this creates a new firewall rule.
value_specs (pulumi.Input[dict]) – Map of additional options.

action: pulumi.Output[str] = None¶: Action to be taken ( must be “allow” or “deny”) when the firewall rule matches. Changing this updates the action of an existing firewall rule.

description: pulumi.Output[str] = None¶: A description for the firewall rule. Changing this updates the description of an existing firewall rule.

destination_ip_address: pulumi.Output[str] = None¶: The destination IP address on which the firewall rule operates. Changing this updates the destination_ip_address of an existing firewall rule.

destination_port: pulumi.Output[str] = None¶: The destination port on which the firewall rule operates. Changing this updates the destination_port of an existing firewall rule.

enabled: pulumi.Output[bool] = None¶: Enabled status for the firewall rule (must be “true” or “false” if provided - defaults to “true”). Changing this updates the enabled status of an existing firewall rule.

ip_version: pulumi.Output[float] = None¶: IP version, either 4 (default) or 6. Changing this updates the ip_version of an existing firewall rule.

name: pulumi.Output[str] = None¶: A unique name for the firewall rule. Changing this updates the name of an existing firewall rule.

protocol: pulumi.Output[str] = None¶: The protocol type on which the firewall rule operates. Valid values are: tcp, udp, icmp, and any. Changing this updates the protocol of an existing firewall rule.

region: pulumi.Output[str] = None¶: The region in which to obtain the v1 Compute client. A Compute client is needed to create a firewall rule. If omitted, the region argument of the provider is used. Changing this creates a new firewall rule.

source_ip_address: pulumi.Output[str] = None¶: The source IP address on which the firewall rule operates. Changing this updates the source_ip_address of an existing firewall rule.

source_port: pulumi.Output[str] = None¶: The source port on which the firewall rule operates. Changing this updates the source_port of an existing firewall rule.

tenant_id: pulumi.Output[str] = None¶: The owner of the firewall rule. Required if admin wants to create a firewall rule for another tenant. Changing this creates a new firewall rule.

value_specs: pulumi.Output[dict] = None¶: Map of additional options.

static get(resource_name, id, opts=None, action=None, description=None, destination_ip_address=None, destination_port=None, enabled=None, ip_version=None, name=None, protocol=None, region=None, source_ip_address=None, source_port=None, tenant_id=None, value_specs=None)¶

Get an existing Rule resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
action (pulumi.Input[str]) – Action to be taken ( must be “allow” or “deny”) when the firewall rule matches. Changing this updates the action of an existing firewall rule.
description (pulumi.Input[str]) – A description for the firewall rule. Changing this updates the description of an existing firewall rule.
destination_ip_address (pulumi.Input[str]) – The destination IP address on which the firewall rule operates. Changing this updates the destination_ip_address of an existing firewall rule.
destination_port (pulumi.Input[str]) – The destination port on which the firewall rule operates. Changing this updates the destination_port of an existing firewall rule.
enabled (pulumi.Input[bool]) – Enabled status for the firewall rule (must be “true” or “false” if provided - defaults to “true”). Changing this updates the enabled status of an existing firewall rule.
ip_version (pulumi.Input[float]) – IP version, either 4 (default) or 6. Changing this updates the ip_version of an existing firewall rule.
name (pulumi.Input[str]) – A unique name for the firewall rule. Changing this updates the name of an existing firewall rule.
protocol (pulumi.Input[str]) – The protocol type on which the firewall rule operates. Valid values are: tcp, udp, icmp, and any. Changing this updates the protocol of an existing firewall rule.
region (pulumi.Input[str]) – The region in which to obtain the v1 Compute client. A Compute client is needed to create a firewall rule. If omitted, the region argument of the provider is used. Changing this creates a new firewall rule.
source_ip_address (pulumi.Input[str]) – The source IP address on which the firewall rule operates. Changing this updates the source_ip_address of an existing firewall rule.
source_port (pulumi.Input[str]) – The source port on which the firewall rule operates. Changing this updates the source_port of an existing firewall rule.
tenant_id (pulumi.Input[str]) – The owner of the firewall rule. Required if admin wants to create a firewall rule for another tenant. Changing this creates a new firewall rule.
value_specs (pulumi.Input[dict]) – Map of additional options.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

pulumi_openstack.firewall.get_policy(name=None, policy_id=None, region=None, tenant_id=None, opts=None)¶

Use this data source to get firewall policy information of an available OpenStack firewall policy.

import pulumi
import pulumi_openstack as openstack

policy = openstack.firewall.get_policy(name="tf_test_policy")

Parameters

name (str) – The name of the firewall policy.
policy_id (str) – The ID of the firewall policy.
region (str) – The region in which to obtain the V2 Neutron client. A Neutron client is needed to retrieve firewall policy ids. If omitted, the region argument of the provider is used.
tenant_id (str) – The owner of the firewall policy.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

firewall¶

On This Page