github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/website/source/docs/providers/openstack/r/compute_secgroup_v2.html.markdown (about) 1 --- 2 layout: "openstack" 3 page_title: "OpenStack: openstack_compute_secgroup_v2" 4 sidebar_current: "docs-openstack-resource-compute-secgroup-v2" 5 description: |- 6 Manages a V2 security group resource within OpenStack. 7 --- 8 9 # openstack\_compute\_secgroup_v2 10 11 Manages a V2 security group resource within OpenStack. 12 13 ## Example Usage 14 15 ``` 16 resource "openstack_compute_secgroup_v2" "secgroup_1" { 17 name = "my_secgroup" 18 description = "my security group" 19 rule { 20 from_port = 22 21 to_port = 22 22 ip_protocol = "tcp" 23 cidr = "0.0.0.0/0" 24 } 25 rule { 26 from_port = 80 27 to_port = 80 28 ip_protocol = "tcp" 29 cidr = "0.0.0.0/0" 30 } 31 } 32 ``` 33 34 ## Argument Reference 35 36 The following arguments are supported: 37 38 * `region` - (Required) The region in which to obtain the V2 Compute client. 39 A Compute client is needed to create a security group. If omitted, the 40 `OS_REGION_NAME` environment variable is used. Changing this creates a new 41 security group. 42 43 * `name` - (Required) A unique name for the security group. Changing this 44 updates the `name` of an existing security group. 45 46 * `description` - (Required) A description for the security group. Changing this 47 updates the `description` of an existing security group. 48 49 * `rule` - (Optional) A rule describing how the security group operates. The 50 rule object structure is documented below. Changing this updates the 51 security group rules. As shown in the example above, multiple rule blocks 52 may be used. 53 54 The `rule` block supports: 55 56 * `from_port` - (Required) An integer representing the lower bound of the port 57 range to open. Changing this creates a new security group rule. 58 59 * `to_port` - (Required) An integer representing the upper bound of the port 60 range to open. Changing this creates a new security group rule. 61 62 * `ip_protocol` - (Required) The protocol type that will be allowed. Changing 63 this creates a new security group rule. 64 65 * `cidr` - (Optional) Required if `from_group_id` is empty. The IP range that 66 will be the source of network traffic to the security group. Use 0.0.0.0./0 67 to allow all IP addresses. Changing this creates a new security group rule. 68 69 * `from_group_id` - (Optional) Required if `cidr` is empty. The ID of a group 70 from which to forward traffic to the parent group. Changing 71 this creates a new security group rule. 72 73 * `self` - (Optional) Required if `cidr` and `from_group_id` is empty. If true, 74 the security group itself will be added as a source to this ingress rule. `cidr` 75 and `from_group_id` will be ignored if either are set while `self` is true. 76 77 ## Attributes Reference 78 79 The following attributes are exported: 80 81 * `region` - See Argument Reference above. 82 * `name` - See Argument Reference above. 83 * `description` - See Argument Reference above. 84 * `rule` - See Argument Reference above. 85 86 ## Notes 87 88 ### ICMP Rules 89 90 When using ICMP as the `ip_protocol`, the `from_port` sets the ICMP _type_ and the `to_port` sets the ICMP _code_. To allow all ICMP types, set each value to `-1`, like so: 91 92 ``` 93 rule { 94 from_port = -1 95 to_port = -1 96 ip_protocol = "icmp" 97 cidr = "0.0.0.0/0" 98 } 99 ``` 100 101 A list of ICMP types and codes can be found [here](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Control_messages).