resource "openstack_networking_secgroup_v2" "ping" { name = "ping" description = "ICMP for ping" } resource "openstack_networking_secgroup_v2" "ssh" { name = "ssh" description = "ssh connection" } resource "openstack_networking_secgroup_v2" "http" { name = "http" description = "http/https" } resource "openstack_networking_secgroup_rule_v2" "ping" { for_each = var.security_public_cidr description = each.value direction = "ingress" ethertype = strcontains(each.key, ":") ? "IPv6" : "IPv4" port_range_min = strcontains(each.key, ":") ? 128 : 8 port_range_max = 0 protocol = "icmp" remote_ip_prefix = each.key security_group_id = openstack_networking_secgroup_v2.ping.id # for update: # protocol = strcontains(each.key, ":") ? "ipv6-icmp" : "icmp" } resource "openstack_networking_secgroup_rule_v2" "ssh" { for_each = var.security_public_cidr description = each.value direction = "ingress" ethertype = strcontains(each.key, ":") ? "IPv6" : "IPv4" port_range_min = 22 port_range_max = 22 protocol = "tcp" remote_ip_prefix = each.key security_group_id = openstack_networking_secgroup_v2.ssh.id } resource "openstack_networking_secgroup_rule_v2" "http" { for_each = var.security_public_cidr description = each.value direction = "ingress" ethertype = strcontains(each.key, ":") ? "IPv6" : "IPv4" port_range_min = 80 port_range_max = 80 protocol = "tcp" remote_ip_prefix = each.key security_group_id = openstack_networking_secgroup_v2.http.id } resource "openstack_networking_secgroup_rule_v2" "https" { for_each = var.security_public_cidr description = each.value direction = "ingress" ethertype = strcontains(each.key, ":") ? "IPv6" : "IPv4" port_range_min = 443 port_range_max = 443 protocol = "tcp" remote_ip_prefix = each.key security_group_id = openstack_networking_secgroup_v2.http.id }