I need to create an instance which has two ports. The ports are already created and have their id's. The heat template creates the security group, my question is how do I attach the security group to the corresponding ports in the HOT?
Do we have any OS::Neturon::secuirtyGroupAttachment, which accepts portId and secuirtyGroupId?
Sorry, I know its not really helpful, but based on the HEAT template guide (https://docs.openstack.org/heat/train/template_guide/index.html) there doesn't seems to be something like this. :(
You could only create the ports within your heat-template too and choose the security groups while creating the ports: (https://docs.openstack.org/heat/train/template_guide/openstack.html#OS::Neutron::Port-attr-security_groups). Based on the documention HEAT allows you to update the security-group of a port, when you update your stack with openstack stack update, but this requires, that the port was created by HEAT.
The problem is, that it is not intended in HEAT to edit existing resources. HEAT allows you to update and delete a by HEAT created stack. When HEAT would also allow to change all already existing resources, the update and delete of a stack would become really difficult, if there sould be something like VolumeAttachment to attach volumes to a server, for every single resource.
So my advice would be to also create the port within your HEAT-templete instead of using an existing.
