github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/website/source/docs/providers/openstack/r/compute_secgroup_v2.html.markdown (about)

     1  ---
     2  layout: "openstack"
     3  page_title: "OpenStack: openstack_compute_secgroup_v2"
     4  sidebar_current: "docs-openstack-resource-compute-secgroup-v2"
     5  description: |-
     6    Manages a V2 security group resource within OpenStack.
     7  ---
     8  
     9  # openstack\_compute\_secgroup_v2
    10  
    11  Manages a V2 security group resource within OpenStack.
    12  
    13  ## Example Usage
    14  
    15  ```
    16  resource "openstack_compute_secgroup_v2" "secgroup_1" {
    17    name = "my_secgroup"
    18    description = "my security group"
    19    rule {
    20      from_port = 22
    21      to_port = 22
    22      ip_protocol = "tcp"
    23      cidr = "0.0.0.0/0"
    24    }
    25    rule {
    26      from_port = 80
    27      to_port = 80
    28      ip_protocol = "tcp"
    29      cidr = "0.0.0.0/0"
    30    }
    31  }
    32  ```
    33  
    34  ## Argument Reference
    35  
    36  The following arguments are supported:
    37  
    38  * `region` - (Required) The region in which to obtain the V2 Compute client.
    39      A Compute client is needed to create a security group. If omitted, the
    40      `OS_REGION_NAME` environment variable is used. Changing this creates a new
    41      security group.
    42  
    43  * `name` - (Required) A unique name for the security group. Changing this
    44      updates the `name` of an existing security group.
    45  
    46  * `description` - (Required) A description for the security group. Changing this
    47      updates the `description` of an existing security group.
    48  
    49  * `rule` - (Optional) A rule describing how the security group operates. The
    50      rule object structure is documented below. Changing this updates the
    51      security group rules. As shown in the example above, multiple rule blocks
    52      may be used.
    53  
    54  The `rule` block supports:
    55  
    56  * `from_port` - (Required) An integer representing the lower bound of the port
    57  range to open. Changing this creates a new security group rule.
    58  
    59  * `to_port` - (Required) An integer representing the upper bound of the port
    60  range to open. Changing this creates a new security group rule.
    61  
    62  * `ip_protocol` - (Required) The protocol type that will be allowed. Changing
    63  this creates a new security group rule.
    64  
    65  * `cidr` - (Optional) Required if `from_group_id` is empty. The IP range that
    66  will be the source of network traffic to the security group. Use 0.0.0.0./0
    67  to allow all IP addresses. Changing this creates a new security group rule.
    68  
    69  * `from_group_id` - (Optional) Required if `cidr` is empty. The ID of a group
    70  from which to forward traffic to the parent group. Changing
    71  this creates a new security group rule.
    72  
    73  * `self` - (Optional) Required if `cidr` and `from_group_id` is empty. If true,
    74  the security group itself will be added as a source to this ingress rule. `cidr`
    75  and `from_group_id` will be ignored if either are set while `self` is true.
    76  
    77  ## Attributes Reference
    78  
    79  The following attributes are exported:
    80  
    81  * `region` - See Argument Reference above.
    82  * `name` - See Argument Reference above.
    83  * `description` - See Argument Reference above.
    84  * `rule` - See Argument Reference above.
    85  
    86  ## Notes
    87  
    88  ### ICMP Rules
    89  
    90  When using ICMP as the `ip_protocol`, the `from_port` sets the ICMP _type_ and the `to_port` sets the ICMP _code_. To allow all ICMP types, set each value to `-1`, like so:
    91  
    92  ```
    93  rule {
    94    from_port = -1
    95    to_port = -1
    96    ip_protocol = "icmp"
    97    cidr = "0.0.0.0/0"
    98  }
    99  ```
   100  
   101  A list of ICMP types and codes can be found [here](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Control_messages).