Skip to content
Snippets Groups Projects
Select Git revision
  • renovate/hashicorp-terraform-1.x
  • master default protected
  • 0.3.1
  • 0.3.0
  • before-fork
  • 0.2.1
  • 0.2.0
  • v0.1.1
  • v0.1.0
9 results
user avatar
Update dependency hashicorp/terraform to v1.2.6
Renovate Bot authored 
Signed-off-by: default avatarRenovate Bot <renovate@cri.epita.fr>
406d1187
History
user avatar 406d1187
History
Name Last commit Last update
examples/mixed
.editorconfig
.envrc
.gitignore
.gitlab-ci.yml
LICENSE
README.md
flake.lock
flake.nix
main.tf
outputs.tf
renovate.json
variables.tf
README.md

Terraform OpenStack Security Group Module

Terraform module Module downloads

Terraform module which creates security groups on OpenStack.

Features

This module aims to implement many combinations of arguments supported by OpenStack and latest stable version of Terraform:

  • Full control of security group rules if need.
  • Ingress and egress rule blocks for convenience.
  • Support to separate IPv4 and IPv6 rules in different lists.

Terraform versions

Terraform 0.12.

Usage

There are several ways to use this module but here are two examples below:

Ingress/Egress rule blocks

ingress_rules and egress_rules blocks lets you define and separate these rules in different lists which might be useful in some situations. Values for the defined keys are limited what is described in the documentation for OpenStack Neutron Security Group Rule v2:

Key Description Example
description A description of the rule. HTTP
protocol The layer 4 protocol type. tcp
port_range_min The lower part of the allowed port range. 8080
port_range_max The higher part of the allowed port range. 8081
port One port instead of range. Overrides port_range_minand port_range_max. 80
remote_ip_prefix The remote CIDR. 0.0.0.0/0
remote_group_id The remote group id. If same group ID shall be referenced then write @self @self 
module "ingress_egress_rules_sg" {
  source      = "haxorof/security-group/openstack"
  name        = "ingress-egress-rules-sg"
  description = "Security group that allows inbound VRRP within the group (IPv4), HTTPS/HTTP open for any (IPv4+IPv6)."

  ingress_rules = [
    { description = "HTTPS", protocol = "tcp", port = 443 },
    { description = "HTTP", protocol = "tcp", port = 80 },
  ]

  ingress_rules_ipv4 = [
    { description = "VRRP", protocol = "vrrp", remote_group_id = "@self" },
  ]

  egress_rules_ipv4 = [
    { description = "VRRP", protocol = "vrrp", remote_group_id = "@self" },
  ]
}

Rule blocks

rules block is the most raw form but also gives you the most flexibility. Values for the defined keys are limited what is described in the documentation for OpenStack Neutron Security Group Rule v2:

Key Description Example
description A description of the rule. HTTP
direction The direction of the rule. ingress
protocol The layer 4 protocol type. tcp
port_range_min The lower part of the allowed port range. 8080
port_range_max The higher part of the allowed port range. 8081
port One port instead of range. Overrides port_range_minand port_range_max. 80
remote_ip_prefix The remote CIDR. 0.0.0.0/0
remote_group_id The remote group id. If same group ID shall be referenced then write @self @self 
module "raw_rules_sg" {
  source      = "haxorof/security-group/openstack"
  name        = "raw-rules-sg"
  description = "Security group that allows inbound VRRP within the group (IPv4), HTTPS/HTTP open for any (IPv4+IPv6)."

  rules = [
    { description = "HTTPS", direction = "ingress", protocol = "tcp", port = 443 },
    { description = "HTTP", direction = "ingress", protocol = "tcp", port = 80 },
  ]

  rules_ipv4 = [
    { description = "VRRP", direction = "ingress", protocol = "vrrp", remote_group_id = "@self" },
    { description = "VRRP", direction = "egress", protocol = "vrrp", remote_group_id = "@self" },
  ]
}

Examples

License

This is an open source project under the MIT license.