ingress = "22:192.168.0.0/24:tcp,80:172.16.120.0/16:tcp,8080:0.0.0.0/0:tcp"
egress = "22:192.168.0.0/24:tcp,80:172.16.120.0/16:tcp,8081:127.0.0.0/0:udp"
resource "openstack_compute_secgroup_v2" "secgroup_1" {
name = "secgroup"
description = "my security group"
count = "${length(split(",",var.ingress))}"
rule {
from_port = "${element(split(":",element(split(",",var.ingress),count.index)), 0)}"
to_port = "${element(split(":",element(split(",",var.ingress),count.index)), 0)}"
ip_protocol = "${element(split(":",element(split(",",var.ingress),count.index)), 2)}"
cidr = "${element(split(":",element(split(",",var.ingress),count.index)), 1)}"
}
}
Note: This will create multiple security groups if you want single security group and multiple rules use following code:
resource "openstack_networking_secgroup_v2" "secgroup" {
name = "secgroup"
description = "My neutron security group"
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ingress" {
count = "${length(split(",",var.ingress))}"
direction = "ingress"
ethertype = "IPv4"
protocol = "${element(split(":",element(split(",",var.ingress),count.index)), 2)}"
port_range_min = "${element(split(":",element(split(",",var.ingress),count.index)), 0)}"
port_range_max = "${element(split(":",element(split(",",var.ingress),count.index)), 0)}"
remote_ip_prefix = "${element(split(":",element(split(",",var.ingress),count.index)), 1)}"
security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_egress" {
count = "${length(split(",",var.egress))}"
direction = "egress"
ethertype = "IPv4"
protocol = "${element(split(":",element(split(",",var.egress),count.index)), 2)}"
port_range_min = "${element(split(":",element(split(",",var.egress),count.index)), 0)}"
port_range_max = "${element(split(":",element(split(",",var.egress),count.index)), 0)}"
remote_ip_prefix = "${element(split(":",element(split(",",var.egress),count.index)), 1)}"
security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
}
egress = "22:192.168.0.0/24:tcp,80:172.16.120.0/16:tcp,8081:127.0.0.0/0:udp"
resource "openstack_compute_secgroup_v2" "secgroup_1" {
name = "secgroup"
description = "my security group"
count = "${length(split(",",var.ingress))}"
rule {
from_port = "${element(split(":",element(split(",",var.ingress),count.index)), 0)}"
to_port = "${element(split(":",element(split(",",var.ingress),count.index)), 0)}"
ip_protocol = "${element(split(":",element(split(",",var.ingress),count.index)), 2)}"
cidr = "${element(split(":",element(split(",",var.ingress),count.index)), 1)}"
}
}
Note: This will create multiple security groups if you want single security group and multiple rules use following code:
resource "openstack_networking_secgroup_v2" "secgroup" {
name = "secgroup"
description = "My neutron security group"
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ingress" {
count = "${length(split(",",var.ingress))}"
direction = "ingress"
ethertype = "IPv4"
protocol = "${element(split(":",element(split(",",var.ingress),count.index)), 2)}"
port_range_min = "${element(split(":",element(split(",",var.ingress),count.index)), 0)}"
port_range_max = "${element(split(":",element(split(",",var.ingress),count.index)), 0)}"
remote_ip_prefix = "${element(split(":",element(split(",",var.ingress),count.index)), 1)}"
security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_egress" {
count = "${length(split(",",var.egress))}"
direction = "egress"
ethertype = "IPv4"
protocol = "${element(split(":",element(split(",",var.egress),count.index)), 2)}"
port_range_min = "${element(split(":",element(split(",",var.egress),count.index)), 0)}"
port_range_max = "${element(split(":",element(split(",",var.egress),count.index)), 0)}"
remote_ip_prefix = "${element(split(":",element(split(",",var.egress),count.index)), 1)}"
security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
}
Comments
Post a Comment