Skip to content

NSX Security Group Resource

Sandeep Sidhu edited this page Jul 6, 2017 · 8 revisions

The SECURITY_GROUP resource allows the creation of Security Groups for use by service policies. Currently this will only have the one security tag to compare on within the group.

Example Usage

resource "nsx_security_group" "ss_sg_test_tes" {
  name = "ovp_ss_sg_test"
  scopeid = "globalroot-0"
  dynamic_membership = [
    {
      set_operator  = "OR"
      rules_operator = "AND"
      rules = [
        {
          key = "VM.SECURITY_TAG"
          value = "dynamicset1_criteria_test"
          criteria = "contains"
        },
        {
          key = "VM.SECURITY_TAG"
          value = "dynamicset1_criteria2"
          criteria = "contains"
        },
        {
          key = "VM.SECURITY_TAG"
          value = "dynamicset1_criteria3"
          criteria = "contains"
        },
        {
          key = "VM.SECURITY_TAG"
          value = "dynamicset1_criteria4"
          criteria = "contains"
        }
      ]
    },
    {
      set_operator  = "OR"
      rules_operator = "AND"
      rules = [
        {
          key = "VM.SECURITY_TAG"
          value = "dynamicset2_criteria1"
          criteria = "starts_with"
        },
        {
          key = "VM.SECURITY_TAG"
          value = "dynamicset2_criteria2"
          criteria = "contains"
        },
        {
          key = "VM.SECURITY_TAG"
          value = "dynamicset2_criteria3"
          criteria = "contains"
        }
      ]
    }
  ]
}

Argument Reference

The following arguments are supported:

  • name - (Required) The name you want to call this security group by.
  • scopeid - (Required) The scopeid.
  • dynamic_membership - (Required) List of dynamic criteria assigned to this security group.
  • set_operator - (Required) Operator for set.
  • rules_operator - (Required) Operator used for the rules of the set.
  • rules - (Required) List of rules which makes up a dynamic set.
  • key - (Required) The key in which the rule should use to match.
  • value - (Required) The value in which the rule should match.
  • criteria - (Required) How the rule should match.