All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.compute.kotlin.OrganizationSecurityPolicyRuleArgs.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.compute.kotlin

import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs.builder
import com.pulumi.gcp.compute.kotlin.inputs.OrganizationSecurityPolicyRuleMatchArgs
import com.pulumi.gcp.compute.kotlin.inputs.OrganizationSecurityPolicyRuleMatchArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName

/**
 * A rule for the OrganizationSecurityPolicy.
 * To get more information about OrganizationSecurityPolicyRule, see:
 * * [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/organizationSecurityPolicies/addRule)
 * * How-to Guides
 *     * [Creating firewall rules](https://cloud.google.com/vpc/docs/using-firewall-policies#create-rules)
 * ## Example Usage
 * ### Organization Security Policy Rule Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
 *     displayName: "tf-test",
 *     parent: "organizations/123456789",
 * });
 * const policyOrganizationSecurityPolicyRule = new gcp.compute.OrganizationSecurityPolicyRule("policy", {
 *     policyId: policy.id,
 *     action: "allow",
 *     direction: "INGRESS",
 *     enableLogging: true,
 *     match: {
 *         config: {
 *             srcIpRanges: [
 *                 "192.168.0.0/16",
 *                 "10.0.0.0/8",
 *             ],
 *             layer4Configs: [
 *                 {
 *                     ipProtocol: "tcp",
 *                     ports: ["22"],
 *                 },
 *                 {
 *                     ipProtocol: "icmp",
 *                 },
 *             ],
 *         },
 *     },
 *     priority: 100,
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * policy = gcp.compute.OrganizationSecurityPolicy("policy",
 *     display_name="tf-test",
 *     parent="organizations/123456789")
 * policy_organization_security_policy_rule = gcp.compute.OrganizationSecurityPolicyRule("policy",
 *     policy_id=policy.id,
 *     action="allow",
 *     direction="INGRESS",
 *     enable_logging=True,
 *     match=gcp.compute.OrganizationSecurityPolicyRuleMatchArgs(
 *         config=gcp.compute.OrganizationSecurityPolicyRuleMatchConfigArgs(
 *             src_ip_ranges=[
 *                 "192.168.0.0/16",
 *                 "10.0.0.0/8",
 *             ],
 *             layer4_configs=[
 *                 gcp.compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs(
 *                     ip_protocol="tcp",
 *                     ports=["22"],
 *                 ),
 *                 gcp.compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs(
 *                     ip_protocol="icmp",
 *                 ),
 *             ],
 *         ),
 *     ),
 *     priority=100)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var policy = new Gcp.Compute.OrganizationSecurityPolicy("policy", new()
 *     {
 *         DisplayName = "tf-test",
 *         Parent = "organizations/123456789",
 *     });
 *     var policyOrganizationSecurityPolicyRule = new Gcp.Compute.OrganizationSecurityPolicyRule("policy", new()
 *     {
 *         PolicyId = policy.Id,
 *         Action = "allow",
 *         Direction = "INGRESS",
 *         EnableLogging = true,
 *         Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
 *         {
 *             Config = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigArgs
 *             {
 *                 SrcIpRanges = new[]
 *                 {
 *                     "192.168.0.0/16",
 *                     "10.0.0.0/8",
 *                 },
 *                 Layer4Configs = new[]
 *                 {
 *                     new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
 *                     {
 *                         IpProtocol = "tcp",
 *                         Ports = new[]
 *                         {
 *                             "22",
 *                         },
 *                     },
 *                     new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
 *                     {
 *                         IpProtocol = "icmp",
 *                     },
 *                 },
 *             },
 *         },
 *         Priority = 100,
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		policy, err := compute.NewOrganizationSecurityPolicy(ctx, "policy", &compute.OrganizationSecurityPolicyArgs{
 * 			DisplayName: pulumi.String("tf-test"),
 * 			Parent:      pulumi.String("organizations/123456789"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = compute.NewOrganizationSecurityPolicyRule(ctx, "policy", &compute.OrganizationSecurityPolicyRuleArgs{
 * 			PolicyId:      policy.ID(),
 * 			Action:        pulumi.String("allow"),
 * 			Direction:     pulumi.String("INGRESS"),
 * 			EnableLogging: pulumi.Bool(true),
 * 			Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
 * 				Config: &compute.OrganizationSecurityPolicyRuleMatchConfigArgs{
 * 					SrcIpRanges: pulumi.StringArray{
 * 						pulumi.String("192.168.0.0/16"),
 * 						pulumi.String("10.0.0.0/8"),
 * 					},
 * 					Layer4Configs: compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArray{
 * 						&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
 * 							IpProtocol: pulumi.String("tcp"),
 * 							Ports: pulumi.StringArray{
 * 								pulumi.String("22"),
 * 							},
 * 						},
 * 						&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
 * 							IpProtocol: pulumi.String("icmp"),
 * 						},
 * 					},
 * 				},
 * 			},
 * 			Priority: pulumi.Int(100),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
 * import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
 * import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
 * import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
 * import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
 * import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchConfigArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var policy = new OrganizationSecurityPolicy("policy", OrganizationSecurityPolicyArgs.builder()
 *             .displayName("tf-test")
 *             .parent("organizations/123456789")
 *             .build());
 *         var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
 *             .policyId(policy.id())
 *             .action("allow")
 *             .direction("INGRESS")
 *             .enableLogging(true)
 *             .match(OrganizationSecurityPolicyRuleMatchArgs.builder()
 *                 .config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
 *                     .srcIpRanges(
 *                         "192.168.0.0/16",
 *                         "10.0.0.0/8")
 *                     .layer4Configs(
 *                         OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
 *                             .ipProtocol("tcp")
 *                             .ports("22")
 *                             .build(),
 *                         OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
 *                             .ipProtocol("icmp")
 *                             .build())
 *                     .build())
 *                 .build())
 *             .priority(100)
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   policy:
 *     type: gcp:compute:OrganizationSecurityPolicy
 *     properties:
 *       displayName: tf-test
 *       parent: organizations/123456789
 *   policyOrganizationSecurityPolicyRule:
 *     type: gcp:compute:OrganizationSecurityPolicyRule
 *     name: policy
 *     properties:
 *       policyId: ${policy.id}
 *       action: allow
 *       direction: INGRESS
 *       enableLogging: true
 *       match:
 *         config:
 *           srcIpRanges:
 *             - 192.168.0.0/16
 *             - 10.0.0.0/8
 *           layer4Configs:
 *             - ipProtocol: tcp
 *               ports:
 *                 - '22'
 *             - ipProtocol: icmp
 *       priority: 100
 * ```
 * 
 * ## Import
 * OrganizationSecurityPolicyRule can be imported using any of these accepted formats:
 * * `{{policy_id}}/priority/{{priority}}`
 * When using the `pulumi import` command, OrganizationSecurityPolicyRule can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:compute/organizationSecurityPolicyRule:OrganizationSecurityPolicyRule default {{policy_id}}/priority/{{priority}}
 * ```
 * @property action The Action to perform when the client connection triggers the rule. Can currently be either
 * "allow", "deny" or "goto_next".
 * @property description A description of the rule.
 * @property direction The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS",
 * "EGRESS"]
 * @property enableLogging Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured
 * export destination in Stackdriver.
 * @property match A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
 * Structure is documented below.
 * @property policyId The ID of the OrganizationSecurityPolicy this rule applies to.
 * @property preview If set to true, the specified action is not enforced.
 * @property priority An integer indicating the priority of a rule in the list. The priority must be a value
 * between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
 * highest priority and 2147483647 is the lowest prority.
 * @property targetResources A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get
 * this rule. If this field is left blank, all VMs within the organization will receive the rule.
 * @property targetServiceAccounts A list of service accounts indicating the sets of instances that are applied with this rule.
 */
public data class OrganizationSecurityPolicyRuleArgs(
    public val action: Output? = null,
    public val description: Output? = null,
    public val direction: Output? = null,
    public val enableLogging: Output? = null,
    public val match: Output? = null,
    public val policyId: Output? = null,
    public val preview: Output? = null,
    public val priority: Output? = null,
    public val targetResources: Output>? = null,
    public val targetServiceAccounts: Output>? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs =
        com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs.builder()
            .action(action?.applyValue({ args0 -> args0 }))
            .description(description?.applyValue({ args0 -> args0 }))
            .direction(direction?.applyValue({ args0 -> args0 }))
            .enableLogging(enableLogging?.applyValue({ args0 -> args0 }))
            .match(match?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
            .policyId(policyId?.applyValue({ args0 -> args0 }))
            .preview(preview?.applyValue({ args0 -> args0 }))
            .priority(priority?.applyValue({ args0 -> args0 }))
            .targetResources(targetResources?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
            .targetServiceAccounts(
                targetServiceAccounts?.applyValue({ args0 ->
                    args0.map({ args0 ->
                        args0
                    })
                }),
            ).build()
}

/**
 * Builder for [OrganizationSecurityPolicyRuleArgs].
 */
@PulumiTagMarker
public class OrganizationSecurityPolicyRuleArgsBuilder internal constructor() {
    private var action: Output? = null

    private var description: Output? = null

    private var direction: Output? = null

    private var enableLogging: Output? = null

    private var match: Output? = null

    private var policyId: Output? = null

    private var preview: Output? = null

    private var priority: Output? = null

    private var targetResources: Output>? = null

    private var targetServiceAccounts: Output>? = null

    /**
     * @param value The Action to perform when the client connection triggers the rule. Can currently be either
     * "allow", "deny" or "goto_next".
     */
    @JvmName("gxjepykrrfvntmgv")
    public suspend fun action(`value`: Output) {
        this.action = value
    }

    /**
     * @param value A description of the rule.
     */
    @JvmName("vwisxivfdkicrmof")
    public suspend fun description(`value`: Output) {
        this.description = value
    }

    /**
     * @param value The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS",
     * "EGRESS"]
     */
    @JvmName("hhppaifivvagskem")
    public suspend fun direction(`value`: Output) {
        this.direction = value
    }

    /**
     * @param value Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured
     * export destination in Stackdriver.
     */
    @JvmName("krcoonhbnstrwatb")
    public suspend fun enableLogging(`value`: Output) {
        this.enableLogging = value
    }

    /**
     * @param value A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
     * Structure is documented below.
     */
    @JvmName("duvaawfvlwyussjk")
    public suspend fun match(`value`: Output) {
        this.match = value
    }

    /**
     * @param value The ID of the OrganizationSecurityPolicy this rule applies to.
     */
    @JvmName("jvswftfomdrslcty")
    public suspend fun policyId(`value`: Output) {
        this.policyId = value
    }

    /**
     * @param value If set to true, the specified action is not enforced.
     */
    @JvmName("olovjtpewmxytwvp")
    public suspend fun preview(`value`: Output) {
        this.preview = value
    }

    /**
     * @param value An integer indicating the priority of a rule in the list. The priority must be a value
     * between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
     * highest priority and 2147483647 is the lowest prority.
     */
    @JvmName("aujgtmjkuneicjll")
    public suspend fun priority(`value`: Output) {
        this.priority = value
    }

    /**
     * @param value A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get
     * this rule. If this field is left blank, all VMs within the organization will receive the rule.
     */
    @JvmName("igkbwqyyjhrugkxp")
    public suspend fun targetResources(`value`: Output>) {
        this.targetResources = value
    }

    @JvmName("fayiiqkdfnhhewmx")
    public suspend fun targetResources(vararg values: Output) {
        this.targetResources = Output.all(values.asList())
    }

    /**
     * @param values A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get
     * this rule. If this field is left blank, all VMs within the organization will receive the rule.
     */
    @JvmName("ganmjbpwslssukwt")
    public suspend fun targetResources(values: List>) {
        this.targetResources = Output.all(values)
    }

    /**
     * @param value A list of service accounts indicating the sets of instances that are applied with this rule.
     */
    @JvmName("peysobqihjevgulk")
    public suspend fun targetServiceAccounts(`value`: Output>) {
        this.targetServiceAccounts = value
    }

    @JvmName("ncrcnkxqrsjdvjmy")
    public suspend fun targetServiceAccounts(vararg values: Output) {
        this.targetServiceAccounts = Output.all(values.asList())
    }

    /**
     * @param values A list of service accounts indicating the sets of instances that are applied with this rule.
     */
    @JvmName("btlfvxmacxwfmulp")
    public suspend fun targetServiceAccounts(values: List>) {
        this.targetServiceAccounts = Output.all(values)
    }

    /**
     * @param value The Action to perform when the client connection triggers the rule. Can currently be either
     * "allow", "deny" or "goto_next".
     */
    @JvmName("ciejekbutwbjnhni")
    public suspend fun action(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.action = mapped
    }

    /**
     * @param value A description of the rule.
     */
    @JvmName("ijbvharsbfertupj")
    public suspend fun description(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.description = mapped
    }

    /**
     * @param value The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS",
     * "EGRESS"]
     */
    @JvmName("sgnvplgynaevaqki")
    public suspend fun direction(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.direction = mapped
    }

    /**
     * @param value Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured
     * export destination in Stackdriver.
     */
    @JvmName("qjvyldtvtoaigija")
    public suspend fun enableLogging(`value`: Boolean?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.enableLogging = mapped
    }

    /**
     * @param value A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
     * Structure is documented below.
     */
    @JvmName("dorceskvsqeksmct")
    public suspend fun match(`value`: OrganizationSecurityPolicyRuleMatchArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.match = mapped
    }

    /**
     * @param argument A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
     * Structure is documented below.
     */
    @JvmName("xosflnvoqyrhobrh")
    public suspend fun match(argument: suspend OrganizationSecurityPolicyRuleMatchArgsBuilder.() -> Unit) {
        val toBeMapped = OrganizationSecurityPolicyRuleMatchArgsBuilder().applySuspend {
            argument()
        }.build()
        val mapped = of(toBeMapped)
        this.match = mapped
    }

    /**
     * @param value The ID of the OrganizationSecurityPolicy this rule applies to.
     */
    @JvmName("dmoxderhagaxgxfy")
    public suspend fun policyId(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.policyId = mapped
    }

    /**
     * @param value If set to true, the specified action is not enforced.
     */
    @JvmName("gwdypayvpdceifvh")
    public suspend fun preview(`value`: Boolean?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.preview = mapped
    }

    /**
     * @param value An integer indicating the priority of a rule in the list. The priority must be a value
     * between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
     * highest priority and 2147483647 is the lowest prority.
     */
    @JvmName("ecchsjjrrldcktds")
    public suspend fun priority(`value`: Int?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.priority = mapped
    }

    /**
     * @param value A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get
     * this rule. If this field is left blank, all VMs within the organization will receive the rule.
     */
    @JvmName("ugydrnobxnqkevqp")
    public suspend fun targetResources(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.targetResources = mapped
    }

    /**
     * @param values A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get
     * this rule. If this field is left blank, all VMs within the organization will receive the rule.
     */
    @JvmName("fbpllgojhujrefdq")
    public suspend fun targetResources(vararg values: String) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.targetResources = mapped
    }

    /**
     * @param value A list of service accounts indicating the sets of instances that are applied with this rule.
     */
    @JvmName("uhnyopybtukeekex")
    public suspend fun targetServiceAccounts(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.targetServiceAccounts = mapped
    }

    /**
     * @param values A list of service accounts indicating the sets of instances that are applied with this rule.
     */
    @JvmName("jxswthogeybnyfcn")
    public suspend fun targetServiceAccounts(vararg values: String) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.targetServiceAccounts = mapped
    }

    internal fun build(): OrganizationSecurityPolicyRuleArgs = OrganizationSecurityPolicyRuleArgs(
        action = action,
        description = description,
        direction = direction,
        enableLogging = enableLogging,
        match = match,
        policyId = policyId,
        preview = preview,
        priority = priority,
        targetResources = targetResources,
        targetServiceAccounts = targetServiceAccounts,
    )
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy