jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2026-01-03 07:00:28 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
fd498fbfff150bde5ca2b951d98aaa23cbd2ab10
opentf/website/source/docs/providers/cloudstack/r/security_group_rule.html.markdown
Sander van Harmelen 1619a8138f provider/cloudstack: enhance security groups and rules (#9645) 
* govendor: update go-cloudstack dependency

* Separate security groups and rules

This commit separates the creation and management of security groups and security group rules.

It extends the `icmp` options so you can supply `icmp_type` and `icmp_code` to enbale more specific configs.

And it adds lifecycle management of security group rules, so that security groups do not have to be recreated when rules are added or removed.

This is particulary helpful since the `cloudstack_instance` cannot update a security group without having to recreate the instance.

In CloudStack >= 4.9.0 it is possible to update security groups of existing instances, but as that is just added to the latest version it seems a bit too soon to start using this (causing backwards incompatibility issues for people or service providers running older versions).

* Add and update documentation

* Add acceptance tests
2016-10-27 11:10:15 +02:00

2.2 KiB
Raw Blame History

layout, page_title, sidebar_current, description
layout page_title sidebar_current description
cloudstack CloudStack: cloudstack_security_group_rule docs-cloudstack-resource-security-group-rule Authorizes and revokes both ingress and egress rulea for a given security group.

cloudstack_security_group_rule

Authorizes and revokes both ingress and egress rulea for a given security group.

Example Usage

resource "cloudstack_security_group_rule" "web" {
  security_group_id = "e340b62b-fbc2-4081-8f67-e40455c44bce"

  rule {
    cidr_list = ["0.0.0.0/0"]
    protocol  = "tcp"
    ports     = ["80", "443"]
  }

  rule {
    cidr_list                = ["192.168.0.0/24", "192.168.1.0/25"]
    protocol                 = "tcp"
    ports                    = ["80-90", "443"]
    traffic_type             = "egress"
    user_security_group_list = ["group01", "group02"]
  }
}

Argument Reference

The following arguments are supported:

  • security_group_id - (Required) The security group ID for which to create the rules. Changing this forces a new resource to be created.

  • rule - (Required) Can be specified multiple times. Each rule block supports fields documented below.

The rule block supports:

  • cidr_list - (Optional) A CIDR list to allow access to the given ports.

  • protocol - (Required) The name of the protocol to allow. Valid options are: tcp, udp, icmp, all or a valid protocol number.

  • icmp_type - (Optional) The ICMP type to allow, or -1 to allow any. This can only be specified if the protocol is ICMP. (defaults 0)

  • icmp_code - (Optional) The ICMP code to allow, or -1 to allow any. This can only be specified if the protocol is ICMP. (defaults 0)

  • ports - (Optional) List of ports and/or port ranges to allow. This can only be specified if the protocol is TCP, UDP, ALL or a valid protocol number.

  • traffic_type - (Optional) The traffic type for the rule. Valid options are: ingress or egress (defaults ingress).

  • user_security_group_list - (Optional) A list of security groups to apply the rules to.

Attributes Reference

The following attributes are exported:

  • id - The security group ID for which the rules are created.
Reference in New Issue View Git Blame Copy Permalink