com.pulumi.gcp.compute.kotlin.FirewallPolicyRule.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.compute.kotlin
import com.pulumi.core.Output
import com.pulumi.gcp.compute.kotlin.outputs.FirewallPolicyRuleMatch
import com.pulumi.gcp.compute.kotlin.outputs.FirewallPolicyRuleMatch.Companion.toKotlin
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
/**
* Builder for [FirewallPolicyRule].
*/
@PulumiTagMarker
public class FirewallPolicyRuleResourceBuilder internal constructor() {
public var name: String? = null
public var args: FirewallPolicyRuleArgs = FirewallPolicyRuleArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend FirewallPolicyRuleArgsBuilder.() -> Unit) {
val builder = FirewallPolicyRuleArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): FirewallPolicyRule {
val builtJavaResource = com.pulumi.gcp.compute.FirewallPolicyRule(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return FirewallPolicyRule(builtJavaResource)
}
}
/**
* The Compute FirewallPolicyRule resource
* ## Example Usage
* ### Basic_fir_sec_rule
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const basicGlobalNetworksecurityAddressGroup = new gcp.networksecurity.AddressGroup("basic_global_networksecurity_address_group", {
* name: "policy",
* parent: "organizations/123456789",
* description: "Sample global networksecurity_address_group",
* location: "global",
* items: ["208.80.154.224/32"],
* type: "IPV4",
* capacity: 100,
* });
* const folder = new gcp.organizations.Folder("folder", {
* displayName: "policy",
* parent: "organizations/123456789",
* });
* const _default = new gcp.compute.FirewallPolicy("default", {
* parent: folder.id,
* shortName: "policy",
* description: "Resource created for Terraform acceptance testing",
* });
* const primary = new gcp.compute.FirewallPolicyRule("primary", {
* firewallPolicy: _default.name,
* description: "Resource created for Terraform acceptance testing",
* priority: 9000,
* enableLogging: true,
* action: "allow",
* direction: "EGRESS",
* disabled: false,
* match: {
* layer4Configs: [
* {
* ipProtocol: "tcp",
* ports: ["8080"],
* },
* {
* ipProtocol: "udp",
* ports: ["22"],
* },
* ],
* destIpRanges: ["11.100.0.1/32"],
* destFqdns: [],
* destRegionCodes: ["US"],
* destThreatIntelligences: ["iplist-known-malicious-ips"],
* srcAddressGroups: [],
* destAddressGroups: [basicGlobalNetworksecurityAddressGroup.id],
* },
* targetServiceAccounts: ["my@service-account.com"],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* basic_global_networksecurity_address_group = gcp.networksecurity.AddressGroup("basic_global_networksecurity_address_group",
* name="policy",
* parent="organizations/123456789",
* description="Sample global networksecurity_address_group",
* location="global",
* items=["208.80.154.224/32"],
* type="IPV4",
* capacity=100)
* folder = gcp.organizations.Folder("folder",
* display_name="policy",
* parent="organizations/123456789")
* default = gcp.compute.FirewallPolicy("default",
* parent=folder.id,
* short_name="policy",
* description="Resource created for Terraform acceptance testing")
* primary = gcp.compute.FirewallPolicyRule("primary",
* firewall_policy=default.name,
* description="Resource created for Terraform acceptance testing",
* priority=9000,
* enable_logging=True,
* action="allow",
* direction="EGRESS",
* disabled=False,
* match=gcp.compute.FirewallPolicyRuleMatchArgs(
* layer4_configs=[
* gcp.compute.FirewallPolicyRuleMatchLayer4ConfigArgs(
* ip_protocol="tcp",
* ports=["8080"],
* ),
* gcp.compute.FirewallPolicyRuleMatchLayer4ConfigArgs(
* ip_protocol="udp",
* ports=["22"],
* ),
* ],
* dest_ip_ranges=["11.100.0.1/32"],
* dest_fqdns=[],
* dest_region_codes=["US"],
* dest_threat_intelligences=["iplist-known-malicious-ips"],
* src_address_groups=[],
* dest_address_groups=[basic_global_networksecurity_address_group.id],
* ),
* target_service_accounts=["my@service-account.com"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var basicGlobalNetworksecurityAddressGroup = new Gcp.NetworkSecurity.AddressGroup("basic_global_networksecurity_address_group", new()
* {
* Name = "policy",
* Parent = "organizations/123456789",
* Description = "Sample global networksecurity_address_group",
* Location = "global",
* Items = new[]
* {
* "208.80.154.224/32",
* },
* Type = "IPV4",
* Capacity = 100,
* });
* var folder = new Gcp.Organizations.Folder("folder", new()
* {
* DisplayName = "policy",
* Parent = "organizations/123456789",
* });
* var @default = new Gcp.Compute.FirewallPolicy("default", new()
* {
* Parent = folder.Id,
* ShortName = "policy",
* Description = "Resource created for Terraform acceptance testing",
* });
* var primary = new Gcp.Compute.FirewallPolicyRule("primary", new()
* {
* FirewallPolicy = @default.Name,
* Description = "Resource created for Terraform acceptance testing",
* Priority = 9000,
* EnableLogging = true,
* Action = "allow",
* Direction = "EGRESS",
* Disabled = false,
* Match = new Gcp.Compute.Inputs.FirewallPolicyRuleMatchArgs
* {
* Layer4Configs = new[]
* {
* new Gcp.Compute.Inputs.FirewallPolicyRuleMatchLayer4ConfigArgs
* {
* IpProtocol = "tcp",
* Ports = new[]
* {
* "8080",
* },
* },
* new Gcp.Compute.Inputs.FirewallPolicyRuleMatchLayer4ConfigArgs
* {
* IpProtocol = "udp",
* Ports = new[]
* {
* "22",
* },
* },
* },
* DestIpRanges = new[]
* {
* "11.100.0.1/32",
* },
* DestFqdns = new() { },
* DestRegionCodes = new[]
* {
* "US",
* },
* DestThreatIntelligences = new[]
* {
* "iplist-known-malicious-ips",
* },
* SrcAddressGroups = new() { },
* DestAddressGroups = new[]
* {
* basicGlobalNetworksecurityAddressGroup.Id,
* },
* },
* TargetServiceAccounts = new[]
* {
* "[email protected]",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* basicGlobalNetworksecurityAddressGroup, err := networksecurity.NewAddressGroup(ctx, "basic_global_networksecurity_address_group", &networksecurity.AddressGroupArgs{
* Name: pulumi.String("policy"),
* Parent: pulumi.String("organizations/123456789"),
* Description: pulumi.String("Sample global networksecurity_address_group"),
* Location: pulumi.String("global"),
* Items: pulumi.StringArray{
* pulumi.String("208.80.154.224/32"),
* },
* Type: pulumi.String("IPV4"),
* Capacity: pulumi.Int(100),
* })
* if err != nil {
* return err
* }
* folder, err := organizations.NewFolder(ctx, "folder", &organizations.FolderArgs{
* DisplayName: pulumi.String("policy"),
* Parent: pulumi.String("organizations/123456789"),
* })
* if err != nil {
* return err
* }
* _, err = compute.NewFirewallPolicy(ctx, "default", &compute.FirewallPolicyArgs{
* Parent: folder.ID(),
* ShortName: pulumi.String("policy"),
* Description: pulumi.String("Resource created for Terraform acceptance testing"),
* })
* if err != nil {
* return err
* }
* _, err = compute.NewFirewallPolicyRule(ctx, "primary", &compute.FirewallPolicyRuleArgs{
* FirewallPolicy: _default.Name,
* Description: pulumi.String("Resource created for Terraform acceptance testing"),
* Priority: pulumi.Int(9000),
* EnableLogging: pulumi.Bool(true),
* Action: pulumi.String("allow"),
* Direction: pulumi.String("EGRESS"),
* Disabled: pulumi.Bool(false),
* Match: &compute.FirewallPolicyRuleMatchArgs{
* Layer4Configs: compute.FirewallPolicyRuleMatchLayer4ConfigArray{
* &compute.FirewallPolicyRuleMatchLayer4ConfigArgs{
* IpProtocol: pulumi.String("tcp"),
* Ports: pulumi.StringArray{
* pulumi.String("8080"),
* },
* },
* &compute.FirewallPolicyRuleMatchLayer4ConfigArgs{
* IpProtocol: pulumi.String("udp"),
* Ports: pulumi.StringArray{
* pulumi.String("22"),
* },
* },
* },
* DestIpRanges: pulumi.StringArray{
* pulumi.String("11.100.0.1/32"),
* },
* DestFqdns: pulumi.StringArray{},
* DestRegionCodes: pulumi.StringArray{
* pulumi.String("US"),
* },
* DestThreatIntelligences: pulumi.StringArray{
* pulumi.String("iplist-known-malicious-ips"),
* },
* SrcAddressGroups: pulumi.StringArray{},
* DestAddressGroups: pulumi.StringArray{
* basicGlobalNetworksecurityAddressGroup.ID(),
* },
* },
* TargetServiceAccounts: pulumi.StringArray{
* pulumi.String("[email protected]"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.networksecurity.AddressGroup;
* import com.pulumi.gcp.networksecurity.AddressGroupArgs;
* import com.pulumi.gcp.organizations.Folder;
* import com.pulumi.gcp.organizations.FolderArgs;
* import com.pulumi.gcp.compute.FirewallPolicy;
* import com.pulumi.gcp.compute.FirewallPolicyArgs;
* import com.pulumi.gcp.compute.FirewallPolicyRule;
* import com.pulumi.gcp.compute.FirewallPolicyRuleArgs;
* import com.pulumi.gcp.compute.inputs.FirewallPolicyRuleMatchArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var basicGlobalNetworksecurityAddressGroup = new AddressGroup("basicGlobalNetworksecurityAddressGroup", AddressGroupArgs.builder()
* .name("policy")
* .parent("organizations/123456789")
* .description("Sample global networksecurity_address_group")
* .location("global")
* .items("208.80.154.224/32")
* .type("IPV4")
* .capacity(100)
* .build());
* var folder = new Folder("folder", FolderArgs.builder()
* .displayName("policy")
* .parent("organizations/123456789")
* .build());
* var default_ = new FirewallPolicy("default", FirewallPolicyArgs.builder()
* .parent(folder.id())
* .shortName("policy")
* .description("Resource created for Terraform acceptance testing")
* .build());
* var primary = new FirewallPolicyRule("primary", FirewallPolicyRuleArgs.builder()
* .firewallPolicy(default_.name())
* .description("Resource created for Terraform acceptance testing")
* .priority(9000)
* .enableLogging(true)
* .action("allow")
* .direction("EGRESS")
* .disabled(false)
* .match(FirewallPolicyRuleMatchArgs.builder()
* .layer4Configs(
* FirewallPolicyRuleMatchLayer4ConfigArgs.builder()
* .ipProtocol("tcp")
* .ports(8080)
* .build(),
* FirewallPolicyRuleMatchLayer4ConfigArgs.builder()
* .ipProtocol("udp")
* .ports(22)
* .build())
* .destIpRanges("11.100.0.1/32")
* .destFqdns()
* .destRegionCodes("US")
* .destThreatIntelligences("iplist-known-malicious-ips")
* .srcAddressGroups()
* .destAddressGroups(basicGlobalNetworksecurityAddressGroup.id())
* .build())
* .targetServiceAccounts("[email protected]")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* basicGlobalNetworksecurityAddressGroup:
* type: gcp:networksecurity:AddressGroup
* name: basic_global_networksecurity_address_group
* properties:
* name: policy
* parent: organizations/123456789
* description: Sample global networksecurity_address_group
* location: global
* items:
* - 208.80.154.224/32
* type: IPV4
* capacity: 100
* folder:
* type: gcp:organizations:Folder
* properties:
* displayName: policy
* parent: organizations/123456789
* default:
* type: gcp:compute:FirewallPolicy
* properties:
* parent: ${folder.id}
* shortName: policy
* description: Resource created for Terraform acceptance testing
* primary:
* type: gcp:compute:FirewallPolicyRule
* properties:
* firewallPolicy: ${default.name}
* description: Resource created for Terraform acceptance testing
* priority: 9000
* enableLogging: true
* action: allow
* direction: EGRESS
* disabled: false
* match:
* layer4Configs:
* - ipProtocol: tcp
* ports:
* - 8080
* - ipProtocol: udp
* ports:
* - 22
* destIpRanges:
* - 11.100.0.1/32
* destFqdns: []
* destRegionCodes:
* - US
* destThreatIntelligences:
* - iplist-known-malicious-ips
* srcAddressGroups: []
* destAddressGroups:
* - ${basicGlobalNetworksecurityAddressGroup.id}
* targetServiceAccounts:
* - [email protected]
* ```
*
* ## Import
* FirewallPolicyRule can be imported using any of these accepted formats:
* * `locations/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}}`
* * `{{firewall_policy}}/{{priority}}`
* When using the `pulumi import` command, FirewallPolicyRule can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:compute/firewallPolicyRule:FirewallPolicyRule default locations/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}}
* ```
* ```sh
* $ pulumi import gcp:compute/firewallPolicyRule:FirewallPolicyRule default {{firewall_policy}}/{{priority}}
* ```
*/
public class FirewallPolicyRule internal constructor(
override val javaResource: com.pulumi.gcp.compute.FirewallPolicyRule,
) : KotlinCustomResource(javaResource, FirewallPolicyRuleMapper) {
/**
* The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
*/
public val action: Output
get() = javaResource.action().applyValue({ args0 -> args0 })
/**
* An optional description for this resource.
*/
public val description: Output?
get() = javaResource.description().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The direction in which this rule applies. Possible values: INGRESS, EGRESS
*/
public val direction: Output
get() = javaResource.direction().applyValue({ args0 -> args0 })
/**
* Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and
* traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
*/
public val disabled: Output?
get() = javaResource.disabled().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured
* export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on
* "goto_next" rules.
*/
public val enableLogging: Output?
get() = javaResource.enableLogging().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The firewall policy of the resource.
*/
public val firewallPolicy: Output
get() = javaResource.firewallPolicy().applyValue({ args0 -> args0 })
/**
* Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules
*/
public val kind: Output
get() = javaResource.kind().applyValue({ args0 -> args0 })
/**
* A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
*/
public val match: Output
get() = javaResource.match().applyValue({ args0 -> args0.let({ args0 -> toKotlin(args0) }) })
/**
* An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
*/
public val priority: Output
get() = javaResource.priority().applyValue({ args0 -> args0 })
/**
* Calculation of the complexity of a single firewall policy rule.
*/
public val ruleTupleCount: Output
get() = javaResource.ruleTupleCount().applyValue({ args0 -> args0 })
/**
* A fully-qualified URL of a SecurityProfileGroup resource. Example:
* https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
* It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
*/
public val securityProfileGroup: Output?
get() = javaResource.securityProfileGroup().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get
* this rule. If this field is left blank, all VMs within the organization will receive the rule.
*/
public val targetResources: Output>?
get() = javaResource.targetResources().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* A list of service accounts indicating the sets of instances that are applied with this rule.
*/
public val targetServiceAccounts: Output>?
get() = javaResource.targetServiceAccounts().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
* 'apply_security_profile_group' and cannot be set for other actions.
*/
public val tlsInspect: Output?
get() = javaResource.tlsInspect().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
}
public object FirewallPolicyRuleMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.gcp.compute.FirewallPolicyRule::class == javaResource::class
override fun map(javaResource: Resource): FirewallPolicyRule = FirewallPolicyRule(
javaResource as
com.pulumi.gcp.compute.FirewallPolicyRule,
)
}
/**
* @see [FirewallPolicyRule].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [FirewallPolicyRule].
*/
public suspend fun firewallPolicyRule(
name: String,
block: suspend FirewallPolicyRuleResourceBuilder.() -> Unit,
): FirewallPolicyRule {
val builder = FirewallPolicyRuleResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [FirewallPolicyRule].
* @param name The _unique_ name of the resulting resource.
*/
public fun firewallPolicyRule(name: String): FirewallPolicyRule {
val builder = FirewallPolicyRuleResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy