github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/website/source/docs/providers/openstack/r/compute_secgroup_v2.html.markdown

github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/website/source/docs/providers/openstack/r/compute_secgroup_v2.html.markdown (about)

     1  ---
     2  layout: "openstack"
     3  page_title: "OpenStack: openstack_compute_secgroup_v2"
     4  sidebar_current: "docs-openstack-resource-compute-secgroup-v2"
     5  description: |-
     6    Manages a V2 security group resource within OpenStack.
     7  ---
     8  
     9  # openstack\_compute\_secgroup_v2
    10  
    11  Manages a V2 security group resource within OpenStack.
    12  
    13  ## Example Usage
    14  
    15  ```hcl
    16  resource "openstack_compute_secgroup_v2" "secgroup_1" {
    17    name        = "my_secgroup"
    18    description = "my security group"
    19  
    20    rule {
    21      from_port   = 22
    22      to_port     = 22
    23      ip_protocol = "tcp"
    24      cidr        = "0.0.0.0/0"
    25    }
    26  
    27    rule {
    28      from_port   = 80
    29      to_port     = 80
    30      ip_protocol = "tcp"
    31      cidr        = "0.0.0.0/0"
    32    }
    33  }
    34  ```
    35  
    36  ## Argument Reference
    37  
    38  The following arguments are supported:
    39  
    40  * `region` - (Required) The region in which to obtain the V2 Compute client.
    41      A Compute client is needed to create a security group. If omitted, the
    42      `OS_REGION_NAME` environment variable is used. Changing this creates a new
    43      security group.
    44  
    45  * `name` - (Required) A unique name for the security group. Changing this
    46      updates the `name` of an existing security group.
    47  
    48  * `description` - (Required) A description for the security group. Changing this
    49      updates the `description` of an existing security group.
    50  
    51  * `rule` - (Optional) A rule describing how the security group operates. The
    52      rule object structure is documented below. Changing this updates the
    53      security group rules. As shown in the example above, multiple rule blocks
    54      may be used.
    55  
    56  The `rule` block supports:
    57  
    58  * `from_port` - (Required) An integer representing the lower bound of the port
    59  range to open. Changing this creates a new security group rule.
    60  
    61  * `to_port` - (Required) An integer representing the upper bound of the port
    62  range to open. Changing this creates a new security group rule.
    63  
    64  * `ip_protocol` - (Required) The protocol type that will be allowed. Changing
    65  this creates a new security group rule.
    66  
    67  * `cidr` - (Optional) Required if `from_group_id` or `self` is empty. The IP range
    68  that will be the source of network traffic to the security group. Use 0.0.0.0/0
    69  to allow all IP addresses. Changing this creates a new security group rule. Cannot
    70  be combined with `from_group_id` or `self`.
    71  
    72  * `from_group_id` - (Optional) Required if `cidr` or `self` is empty. The ID of a
    73  group from which to forward traffic to the parent group. Changing this creates a
    74  new security group rule. Cannot be combined with `cidr` or `self`.
    75  
    76  * `self` - (Optional) Required if `cidr` and `from_group_id` is empty. If true,
    77  the security group itself will be added as a source to this ingress rule. Cannot
    78  be combined with `cidr` or `from_group_id`.
    79  
    80  ## Attributes Reference
    81  
    82  The following attributes are exported:
    83  
    84  * `region` - See Argument Reference above.
    85  * `name` - See Argument Reference above.
    86  * `description` - See Argument Reference above.
    87  * `rule` - See Argument Reference above.
    88  
    89  ## Notes
    90  
    91  ### ICMP Rules
    92  
    93  When using ICMP as the `ip_protocol`, the `from_port` sets the ICMP _type_ and the `to_port` sets the ICMP _code_. To allow all ICMP types, set each value to `-1`, like so:
    94  
    95  ```hcl
    96  rule {
    97    from_port = -1
    98    to_port = -1
    99    ip_protocol = "icmp"
   100    cidr = "0.0.0.0/0"
   101  }
   102  ```
   103  
   104  A list of ICMP types and codes can be found [here](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Control_messages).
   105  
   106  ### Referencing Security Groups
   107  
   108  When referencing a security group in a configuration (for example, a configuration creates a new security group and then needs to apply it to an instance being created in the same configuration), it is currently recommended to reference the security group by name and not by ID, like this:
   109  
   110  ```hcl
   111  resource "openstack_compute_instance_v2" "test-server" {
   112    name            = "tf-test"
   113    image_id        = "ad091b52-742f-469e-8f3c-fd81cadf0743"
   114    flavor_id       = "3"
   115    key_pair        = "my_key_pair_name"
   116    security_groups = ["${openstack_compute_secgroup_v2.secgroup_1.name}"]
   117  }
   118  ```
   119  
   120  ## Import
   121  
   122  Security Groups can be imported using the `id`, e.g.
   123  
   124  ```
   125  $ terraform import openstack_compute_secgroup_v2.my_secgroup 1bc30ee9-9d5b-4c30-bdd5-7f1e663f5edf
   126  ```