Please wait. This can take some minutes ...
Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
com.pulumi.googlenative.compute.alpha.OrganizationSecurityPolicyArgs Maven / Gradle / Ivy
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.googlenative.compute.alpha;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Import;
import com.pulumi.googlenative.compute.alpha.enums.OrganizationSecurityPolicyType;
import com.pulumi.googlenative.compute.alpha.inputs.SecurityPolicyAdaptiveProtectionConfigArgs;
import com.pulumi.googlenative.compute.alpha.inputs.SecurityPolicyAdvancedOptionsConfigArgs;
import com.pulumi.googlenative.compute.alpha.inputs.SecurityPolicyAssociationArgs;
import com.pulumi.googlenative.compute.alpha.inputs.SecurityPolicyCloudArmorConfigArgs;
import com.pulumi.googlenative.compute.alpha.inputs.SecurityPolicyDdosProtectionConfigArgs;
import com.pulumi.googlenative.compute.alpha.inputs.SecurityPolicyRecaptchaOptionsConfigArgs;
import com.pulumi.googlenative.compute.alpha.inputs.SecurityPolicyRuleArgs;
import com.pulumi.googlenative.compute.alpha.inputs.SecurityPolicyUserDefinedFieldArgs;
import java.lang.String;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
public final class OrganizationSecurityPolicyArgs extends com.pulumi.resources.ResourceArgs {
public static final OrganizationSecurityPolicyArgs Empty = new OrganizationSecurityPolicyArgs();
@Import(name="adaptiveProtectionConfig")
private @Nullable Output adaptiveProtectionConfig;
public Optional> adaptiveProtectionConfig() {
return Optional.ofNullable(this.adaptiveProtectionConfig);
}
@Import(name="advancedOptionsConfig")
private @Nullable Output advancedOptionsConfig;
public Optional> advancedOptionsConfig() {
return Optional.ofNullable(this.advancedOptionsConfig);
}
/**
* A list of associations that belong to this policy.
*
*/
@Import(name="associations")
private @Nullable Output> associations;
/**
* @return A list of associations that belong to this policy.
*
*/
public Optional>> associations() {
return Optional.ofNullable(this.associations);
}
@Import(name="cloudArmorConfig")
private @Nullable Output cloudArmorConfig;
public Optional> cloudArmorConfig() {
return Optional.ofNullable(this.cloudArmorConfig);
}
@Import(name="ddosProtectionConfig")
private @Nullable Output ddosProtectionConfig;
public Optional> ddosProtectionConfig() {
return Optional.ofNullable(this.ddosProtectionConfig);
}
/**
* An optional description of this resource. Provide this property when you create the resource.
*
*/
@Import(name="description")
private @Nullable Output description;
/**
* @return An optional description of this resource. Provide this property when you create the resource.
*
*/
public Optional> description() {
return Optional.ofNullable(this.description);
}
/**
* User-provided name of the Organization security plicy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL. The name must be 1-63 characters long, and comply with https://www.ietf.org/rfc/rfc1035.txt. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
*
*/
@Import(name="displayName")
private @Nullable Output displayName;
/**
* @return User-provided name of the Organization security plicy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL. The name must be 1-63 characters long, and comply with https://www.ietf.org/rfc/rfc1035.txt. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
*
*/
public Optional> displayName() {
return Optional.ofNullable(this.displayName);
}
/**
* Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.
*
*/
@Import(name="labels")
private @Nullable Output> labels;
/**
* @return Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.
*
*/
public Optional>> labels() {
return Optional.ofNullable(this.labels);
}
/**
* Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
*
*/
@Import(name="name")
private @Nullable Output name;
/**
* @return Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
*
*/
public Optional> name() {
return Optional.ofNullable(this.name);
}
/**
* Parent ID for this request. The ID can be either be "folders/[FOLDER_ID]" if the parent is a folder or "organizations/[ORGANIZATION_ID]" if the parent is an organization.
*
*/
@Import(name="parentId")
private @Nullable Output parentId;
/**
* @return Parent ID for this request. The ID can be either be "folders/[FOLDER_ID]" if the parent is a folder or "organizations/[ORGANIZATION_ID]" if the parent is an organization.
*
*/
public Optional> parentId() {
return Optional.ofNullable(this.parentId);
}
@Import(name="recaptchaOptionsConfig")
private @Nullable Output recaptchaOptionsConfig;
public Optional> recaptchaOptionsConfig() {
return Optional.ofNullable(this.recaptchaOptionsConfig);
}
/**
* An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
*
*/
@Import(name="requestId")
private @Nullable Output requestId;
/**
* @return An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
*
*/
public Optional> requestId() {
return Optional.ofNullable(this.requestId);
}
/**
* A list of rules that belong to this policy. There must always be a default rule which is a rule with priority 2147483647 and match all condition (for the match condition this means match "*" for srcIpRanges and for the networkMatch condition every field must be either match "*" or not set). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.
*
*/
@Import(name="rules")
private @Nullable Output> rules;
/**
* @return A list of rules that belong to this policy. There must always be a default rule which is a rule with priority 2147483647 and match all condition (for the match condition this means match "*" for srcIpRanges and for the networkMatch condition every field must be either match "*" or not set). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.
*
*/
public Optional>> rules() {
return Optional.ofNullable(this.rules);
}
/**
* The type indicates the intended use of the security policy. - CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. - CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache. - CLOUD_ARMOR_INTERNAL_SERVICE: Cloud Armor internal service policies can be configured to filter HTTP requests targeting services managed by Traffic Director in a service mesh. They filter requests before the request is served from the application. - CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time.
*
*/
@Import(name="type")
private @Nullable Output type;
/**
* @return The type indicates the intended use of the security policy. - CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. - CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache. - CLOUD_ARMOR_INTERNAL_SERVICE: Cloud Armor internal service policies can be configured to filter HTTP requests targeting services managed by Traffic Director in a service mesh. They filter requests before the request is served from the application. - CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time.
*
*/
public Optional> type() {
return Optional.ofNullable(this.type);
}
/**
* Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Example: userDefinedFields: - name: "ipv4_fragment_offset" base: IPV4 offset: 6 size: 2 mask: "0x1fff"
*
*/
@Import(name="userDefinedFields")
private @Nullable Output> userDefinedFields;
/**
* @return Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Example: userDefinedFields: - name: "ipv4_fragment_offset" base: IPV4 offset: 6 size: 2 mask: "0x1fff"
*
*/
public Optional>> userDefinedFields() {
return Optional.ofNullable(this.userDefinedFields);
}
private OrganizationSecurityPolicyArgs() {}
private OrganizationSecurityPolicyArgs(OrganizationSecurityPolicyArgs $) {
this.adaptiveProtectionConfig = $.adaptiveProtectionConfig;
this.advancedOptionsConfig = $.advancedOptionsConfig;
this.associations = $.associations;
this.cloudArmorConfig = $.cloudArmorConfig;
this.ddosProtectionConfig = $.ddosProtectionConfig;
this.description = $.description;
this.displayName = $.displayName;
this.labels = $.labels;
this.name = $.name;
this.parentId = $.parentId;
this.recaptchaOptionsConfig = $.recaptchaOptionsConfig;
this.requestId = $.requestId;
this.rules = $.rules;
this.type = $.type;
this.userDefinedFields = $.userDefinedFields;
}
public static Builder builder() {
return new Builder();
}
public static Builder builder(OrganizationSecurityPolicyArgs defaults) {
return new Builder(defaults);
}
public static final class Builder {
private OrganizationSecurityPolicyArgs $;
public Builder() {
$ = new OrganizationSecurityPolicyArgs();
}
public Builder(OrganizationSecurityPolicyArgs defaults) {
$ = new OrganizationSecurityPolicyArgs(Objects.requireNonNull(defaults));
}
public Builder adaptiveProtectionConfig(@Nullable Output adaptiveProtectionConfig) {
$.adaptiveProtectionConfig = adaptiveProtectionConfig;
return this;
}
public Builder adaptiveProtectionConfig(SecurityPolicyAdaptiveProtectionConfigArgs adaptiveProtectionConfig) {
return adaptiveProtectionConfig(Output.of(adaptiveProtectionConfig));
}
public Builder advancedOptionsConfig(@Nullable Output advancedOptionsConfig) {
$.advancedOptionsConfig = advancedOptionsConfig;
return this;
}
public Builder advancedOptionsConfig(SecurityPolicyAdvancedOptionsConfigArgs advancedOptionsConfig) {
return advancedOptionsConfig(Output.of(advancedOptionsConfig));
}
/**
* @param associations A list of associations that belong to this policy.
*
* @return builder
*
*/
public Builder associations(@Nullable Output> associations) {
$.associations = associations;
return this;
}
/**
* @param associations A list of associations that belong to this policy.
*
* @return builder
*
*/
public Builder associations(List associations) {
return associations(Output.of(associations));
}
/**
* @param associations A list of associations that belong to this policy.
*
* @return builder
*
*/
public Builder associations(SecurityPolicyAssociationArgs... associations) {
return associations(List.of(associations));
}
public Builder cloudArmorConfig(@Nullable Output cloudArmorConfig) {
$.cloudArmorConfig = cloudArmorConfig;
return this;
}
public Builder cloudArmorConfig(SecurityPolicyCloudArmorConfigArgs cloudArmorConfig) {
return cloudArmorConfig(Output.of(cloudArmorConfig));
}
public Builder ddosProtectionConfig(@Nullable Output ddosProtectionConfig) {
$.ddosProtectionConfig = ddosProtectionConfig;
return this;
}
public Builder ddosProtectionConfig(SecurityPolicyDdosProtectionConfigArgs ddosProtectionConfig) {
return ddosProtectionConfig(Output.of(ddosProtectionConfig));
}
/**
* @param description An optional description of this resource. Provide this property when you create the resource.
*
* @return builder
*
*/
public Builder description(@Nullable Output description) {
$.description = description;
return this;
}
/**
* @param description An optional description of this resource. Provide this property when you create the resource.
*
* @return builder
*
*/
public Builder description(String description) {
return description(Output.of(description));
}
/**
* @param displayName User-provided name of the Organization security plicy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL. The name must be 1-63 characters long, and comply with https://www.ietf.org/rfc/rfc1035.txt. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
*
* @return builder
*
*/
public Builder displayName(@Nullable Output displayName) {
$.displayName = displayName;
return this;
}
/**
* @param displayName User-provided name of the Organization security plicy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL. The name must be 1-63 characters long, and comply with https://www.ietf.org/rfc/rfc1035.txt. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
*
* @return builder
*
*/
public Builder displayName(String displayName) {
return displayName(Output.of(displayName));
}
/**
* @param labels Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.
*
* @return builder
*
*/
public Builder labels(@Nullable Output> labels) {
$.labels = labels;
return this;
}
/**
* @param labels Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.
*
* @return builder
*
*/
public Builder labels(Map labels) {
return labels(Output.of(labels));
}
/**
* @param name Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
*
* @return builder
*
*/
public Builder name(@Nullable Output name) {
$.name = name;
return this;
}
/**
* @param name Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
*
* @return builder
*
*/
public Builder name(String name) {
return name(Output.of(name));
}
/**
* @param parentId Parent ID for this request. The ID can be either be "folders/[FOLDER_ID]" if the parent is a folder or "organizations/[ORGANIZATION_ID]" if the parent is an organization.
*
* @return builder
*
*/
public Builder parentId(@Nullable Output parentId) {
$.parentId = parentId;
return this;
}
/**
* @param parentId Parent ID for this request. The ID can be either be "folders/[FOLDER_ID]" if the parent is a folder or "organizations/[ORGANIZATION_ID]" if the parent is an organization.
*
* @return builder
*
*/
public Builder parentId(String parentId) {
return parentId(Output.of(parentId));
}
public Builder recaptchaOptionsConfig(@Nullable Output recaptchaOptionsConfig) {
$.recaptchaOptionsConfig = recaptchaOptionsConfig;
return this;
}
public Builder recaptchaOptionsConfig(SecurityPolicyRecaptchaOptionsConfigArgs recaptchaOptionsConfig) {
return recaptchaOptionsConfig(Output.of(recaptchaOptionsConfig));
}
/**
* @param requestId An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
*
* @return builder
*
*/
public Builder requestId(@Nullable Output requestId) {
$.requestId = requestId;
return this;
}
/**
* @param requestId An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
*
* @return builder
*
*/
public Builder requestId(String requestId) {
return requestId(Output.of(requestId));
}
/**
* @param rules A list of rules that belong to this policy. There must always be a default rule which is a rule with priority 2147483647 and match all condition (for the match condition this means match "*" for srcIpRanges and for the networkMatch condition every field must be either match "*" or not set). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.
*
* @return builder
*
*/
public Builder rules(@Nullable Output> rules) {
$.rules = rules;
return this;
}
/**
* @param rules A list of rules that belong to this policy. There must always be a default rule which is a rule with priority 2147483647 and match all condition (for the match condition this means match "*" for srcIpRanges and for the networkMatch condition every field must be either match "*" or not set). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.
*
* @return builder
*
*/
public Builder rules(List rules) {
return rules(Output.of(rules));
}
/**
* @param rules A list of rules that belong to this policy. There must always be a default rule which is a rule with priority 2147483647 and match all condition (for the match condition this means match "*" for srcIpRanges and for the networkMatch condition every field must be either match "*" or not set). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.
*
* @return builder
*
*/
public Builder rules(SecurityPolicyRuleArgs... rules) {
return rules(List.of(rules));
}
/**
* @param type The type indicates the intended use of the security policy. - CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. - CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache. - CLOUD_ARMOR_INTERNAL_SERVICE: Cloud Armor internal service policies can be configured to filter HTTP requests targeting services managed by Traffic Director in a service mesh. They filter requests before the request is served from the application. - CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time.
*
* @return builder
*
*/
public Builder type(@Nullable Output type) {
$.type = type;
return this;
}
/**
* @param type The type indicates the intended use of the security policy. - CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. - CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache. - CLOUD_ARMOR_INTERNAL_SERVICE: Cloud Armor internal service policies can be configured to filter HTTP requests targeting services managed by Traffic Director in a service mesh. They filter requests before the request is served from the application. - CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time.
*
* @return builder
*
*/
public Builder type(OrganizationSecurityPolicyType type) {
return type(Output.of(type));
}
/**
* @param userDefinedFields Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Example: userDefinedFields: - name: "ipv4_fragment_offset" base: IPV4 offset: 6 size: 2 mask: "0x1fff"
*
* @return builder
*
*/
public Builder userDefinedFields(@Nullable Output> userDefinedFields) {
$.userDefinedFields = userDefinedFields;
return this;
}
/**
* @param userDefinedFields Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Example: userDefinedFields: - name: "ipv4_fragment_offset" base: IPV4 offset: 6 size: 2 mask: "0x1fff"
*
* @return builder
*
*/
public Builder userDefinedFields(List userDefinedFields) {
return userDefinedFields(Output.of(userDefinedFields));
}
/**
* @param userDefinedFields Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Example: userDefinedFields: - name: "ipv4_fragment_offset" base: IPV4 offset: 6 size: 2 mask: "0x1fff"
*
* @return builder
*
*/
public Builder userDefinedFields(SecurityPolicyUserDefinedFieldArgs... userDefinedFields) {
return userDefinedFields(List.of(userDefinedFields));
}
public OrganizationSecurityPolicyArgs build() {
return $;
}
}
}