resource "openstack_networking_secgroup_v2" "ping" {
name = "ping"
description = "ICMP for ping"
}
resource "openstack_networking_secgroup_v2" "ssh" {
name = "ssh"
description = "ssh connection"
}
resource "openstack_networking_secgroup_v2" "http" {
name = "http"
description = "http/https"
}
resource "openstack_networking_secgroup_rule_v2" "ping" {
for_each = var.security_public_cidr
description = each.value
direction = "ingress"
ethertype = strcontains(each.key, ":") ? "IPv6" : "IPv4"
port_range_min = strcontains(each.key, ":") ? 128 : 8
port_range_max = 0
protocol = "icmp"
remote_ip_prefix = each.key
security_group_id = openstack_networking_secgroup_v2.ping.id
# for update:
# protocol = strcontains(each.key, ":") ? "ipv6-icmp" : "icmp"
}
resource "openstack_networking_secgroup_rule_v2" "ssh" {
for_each = var.security_public_cidr
description = each.value
direction = "ingress"
ethertype = strcontains(each.key, ":") ? "IPv6" : "IPv4"
port_range_min = 22
port_range_max = 22
protocol = "tcp"
remote_ip_prefix = each.key
security_group_id = openstack_networking_secgroup_v2.ssh.id
}
resource "openstack_networking_secgroup_rule_v2" "http" {
for_each = var.security_public_cidr
description = each.value
direction = "ingress"
ethertype = strcontains(each.key, ":") ? "IPv6" : "IPv4"
port_range_min = 80
port_range_max = 80
protocol = "tcp"
remote_ip_prefix = each.key
security_group_id = openstack_networking_secgroup_v2.http.id
}
resource "openstack_networking_secgroup_rule_v2" "https" {
for_each = var.security_public_cidr
description = each.value
direction = "ingress"
ethertype = strcontains(each.key, ":") ? "IPv6" : "IPv4"
port_range_min = 443
port_range_max = 443
protocol = "tcp"
remote_ip_prefix = each.key
security_group_id = openstack_networking_secgroup_v2.http.id
}