Terraform module, which creates security groups on OpenStack.
This module aims to implement many combinations of arguments supported by OpenStack and the latest stable version of Terraform:
- Full control of security group rules if needed.
- Ingress and egress rule blocks for convenience.
- Support to separate IPv4 and IPv6 rules in different lists.
Terraform 1.8.0
There are several ways to use this module but here are two examples below:
The ingress_rules and egress_rules blocks let you define and separate these rules in different lists, which might be useful in some situations. Values for the defined keys are limited to what is described in the documentation for OpenStack Neutron Security Group Rule v2:
| Key | Description | Example |
|---|---|---|
| description | A description of the rule. | HTTP |
| protocol | The layer 4 protocol type. | tcp |
| port_range_min | The lower part of the allowed port range. | 8080 |
| port_range_max | The higher part of the allowed port range. | 8081 |
| port | One port instead of range. Overrides port_range_minand port_range_max. |
80 |
| remote_ip_prefix | The remote CIDR. | 0.0.0.0/0 |
| remote_group_id | The remote group id. If the same group ID shall be referenced, then write @self |
@self |
module "ingress_egress_rules_sg" {
source = "haxorof/security-group/openstack"
name = "ingress-egress-rules-sg"
description = "Security group that allows inbound VRRP within the group (IPv4), HTTPS/HTTP open for any (IPv4+IPv6)."
ingress_rules = [
{ description = "HTTPS", protocol = "tcp", port = 443 },
{ description = "HTTP", protocol = "tcp", port = 80 },
]
ingress_rules_ipv4 = [
{ description = "VRRP", protocol = "vrrp", remote_group_id = "@self" },
]
egress_rules_ipv4 = [
{ description = "VRRP", protocol = "vrrp", remote_group_id = "@self" },
]
}rules block is the most raw form but also gives you the most flexibility. Values for the defined keys are limited to what is described in the documentation for OpenStack Neutron Security Group Rule v2:
| Key | Description | Example |
|---|---|---|
| description | A description of the rule. | HTTP |
| direction | The direction of the rule. | ingress |
| protocol | The layer 4 protocol type. | tcp |
| port_range_min | The lower part of the allowed port range. | 8080 |
| port_range_max | The higher part of the allowed port range. | 8081 |
| port | One port instead of range. Overrides port_range_minand port_range_max. |
80 |
| remote_ip_prefix | The remote CIDR. | 0.0.0.0/0 |
| remote_group_id | The remote group id. If the same group ID shall be referenced, then write @self |
@self |
module "raw_rules_sg" {
source = "haxorof/security-group/openstack"
name = "raw-rules-sg"
description = "Security group that allows inbound VRRP within the group (IPv4), HTTPS/HTTP open for any (IPv4+IPv6)."
rules = [
{ description = "HTTPS", direction = "ingress", protocol = "tcp", port = 443 },
{ description = "HTTP", direction = "ingress", protocol = "tcp", port = 80 },
]
rules_ipv4 = [
{ description = "VRRP", direction = "ingress", protocol = "vrrp", remote_group_id = "@self" },
{ description = "VRRP", direction = "egress", protocol = "vrrp", remote_group_id = "@self" },
]
}This is an open-source project under the MIT license.
