-
Notifications
You must be signed in to change notification settings - Fork 16
NSX Security Group Resource
Sandeep Sidhu edited this page Jul 6, 2017
·
8 revisions
The SECURITY_GROUP resource allows the creation of Security Groups for use by service policies. Currently this will only have the one security tag to compare on within the group.
resource "nsx_security_group" "ss_sg_test_tes" {
name = "ovp_ss_sg_test"
scopeid = "globalroot-0"
dynamic_membership = [
{
set_operator = "OR"
rules_operator = "AND"
rules = [
{
key = "VM.SECURITY_TAG"
value = "dynamicset1_criteria_test"
criteria = "contains"
},
{
key = "VM.SECURITY_TAG"
value = "dynamicset1_criteria2"
criteria = "contains"
},
{
key = "VM.SECURITY_TAG"
value = "dynamicset1_criteria3"
criteria = "contains"
},
{
key = "VM.SECURITY_TAG"
value = "dynamicset1_criteria4"
criteria = "contains"
}
]
},
{
set_operator = "OR"
rules_operator = "AND"
rules = [
{
key = "VM.SECURITY_TAG"
value = "dynamicset2_criteria1"
criteria = "starts_with"
},
{
key = "VM.SECURITY_TAG"
value = "dynamicset2_criteria2"
criteria = "contains"
},
{
key = "VM.SECURITY_TAG"
value = "dynamicset2_criteria3"
criteria = "contains"
}
]
}
]
}The following arguments are supported:
-
name- (Required) The name you want to call this security group by. -
scopeid- (Required) The scopeid. -
dynamic_membership- (Required) List of dynamic criteria assigned to this security group. -
set_operator- (Required) Operator for set. -
rules_operator- (Required) Operator used for the rules of the set. -
rules- (Required) List of rules which makes up a dynamic set. -
key- (Required) The key in which the rule should use to match. -
value- (Required) The value in which the rule should match. -
criteria- (Required) How the rule should match.