com.pulumi.gcp.compute.kotlin.OrganizationSecurityPolicyRuleArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.compute.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs.builder
import com.pulumi.gcp.compute.kotlin.inputs.OrganizationSecurityPolicyRuleMatchArgs
import com.pulumi.gcp.compute.kotlin.inputs.OrganizationSecurityPolicyRuleMatchArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* A rule for the OrganizationSecurityPolicy.
* To get more information about OrganizationSecurityPolicyRule, see:
* * [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/organizationSecurityPolicies/addRule)
* * How-to Guides
* * [Creating firewall rules](https://cloud.google.com/vpc/docs/using-firewall-policies#create-rules)
* ## Example Usage
* ### Organization Security Policy Rule Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
* displayName: "tf-test",
* parent: "organizations/123456789",
* });
* const policyOrganizationSecurityPolicyRule = new gcp.compute.OrganizationSecurityPolicyRule("policy", {
* policyId: policy.id,
* action: "allow",
* direction: "INGRESS",
* enableLogging: true,
* match: {
* config: {
* srcIpRanges: [
* "192.168.0.0/16",
* "10.0.0.0/8",
* ],
* layer4Configs: [
* {
* ipProtocol: "tcp",
* ports: ["22"],
* },
* {
* ipProtocol: "icmp",
* },
* ],
* },
* },
* priority: 100,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* policy = gcp.compute.OrganizationSecurityPolicy("policy",
* display_name="tf-test",
* parent="organizations/123456789")
* policy_organization_security_policy_rule = gcp.compute.OrganizationSecurityPolicyRule("policy",
* policy_id=policy.id,
* action="allow",
* direction="INGRESS",
* enable_logging=True,
* match=gcp.compute.OrganizationSecurityPolicyRuleMatchArgs(
* config=gcp.compute.OrganizationSecurityPolicyRuleMatchConfigArgs(
* src_ip_ranges=[
* "192.168.0.0/16",
* "10.0.0.0/8",
* ],
* layer4_configs=[
* gcp.compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs(
* ip_protocol="tcp",
* ports=["22"],
* ),
* gcp.compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs(
* ip_protocol="icmp",
* ),
* ],
* ),
* ),
* priority=100)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var policy = new Gcp.Compute.OrganizationSecurityPolicy("policy", new()
* {
* DisplayName = "tf-test",
* Parent = "organizations/123456789",
* });
* var policyOrganizationSecurityPolicyRule = new Gcp.Compute.OrganizationSecurityPolicyRule("policy", new()
* {
* PolicyId = policy.Id,
* Action = "allow",
* Direction = "INGRESS",
* EnableLogging = true,
* Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
* {
* Config = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigArgs
* {
* SrcIpRanges = new[]
* {
* "192.168.0.0/16",
* "10.0.0.0/8",
* },
* Layer4Configs = new[]
* {
* new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
* {
* IpProtocol = "tcp",
* Ports = new[]
* {
* "22",
* },
* },
* new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
* {
* IpProtocol = "icmp",
* },
* },
* },
* },
* Priority = 100,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* policy, err := compute.NewOrganizationSecurityPolicy(ctx, "policy", &compute.OrganizationSecurityPolicyArgs{
* DisplayName: pulumi.String("tf-test"),
* Parent: pulumi.String("organizations/123456789"),
* })
* if err != nil {
* return err
* }
* _, err = compute.NewOrganizationSecurityPolicyRule(ctx, "policy", &compute.OrganizationSecurityPolicyRuleArgs{
* PolicyId: policy.ID(),
* Action: pulumi.String("allow"),
* Direction: pulumi.String("INGRESS"),
* EnableLogging: pulumi.Bool(true),
* Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
* Config: &compute.OrganizationSecurityPolicyRuleMatchConfigArgs{
* SrcIpRanges: pulumi.StringArray{
* pulumi.String("192.168.0.0/16"),
* pulumi.String("10.0.0.0/8"),
* },
* Layer4Configs: compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArray{
* &compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
* IpProtocol: pulumi.String("tcp"),
* Ports: pulumi.StringArray{
* pulumi.String("22"),
* },
* },
* &compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
* IpProtocol: pulumi.String("icmp"),
* },
* },
* },
* },
* Priority: pulumi.Int(100),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
* import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
* import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
* import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
* import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
* import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchConfigArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var policy = new OrganizationSecurityPolicy("policy", OrganizationSecurityPolicyArgs.builder()
* .displayName("tf-test")
* .parent("organizations/123456789")
* .build());
* var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
* .policyId(policy.id())
* .action("allow")
* .direction("INGRESS")
* .enableLogging(true)
* .match(OrganizationSecurityPolicyRuleMatchArgs.builder()
* .config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
* .srcIpRanges(
* "192.168.0.0/16",
* "10.0.0.0/8")
* .layer4Configs(
* OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
* .ipProtocol("tcp")
* .ports("22")
* .build(),
* OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
* .ipProtocol("icmp")
* .build())
* .build())
* .build())
* .priority(100)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:compute:OrganizationSecurityPolicy
* properties:
* displayName: tf-test
* parent: organizations/123456789
* policyOrganizationSecurityPolicyRule:
* type: gcp:compute:OrganizationSecurityPolicyRule
* name: policy
* properties:
* policyId: ${policy.id}
* action: allow
* direction: INGRESS
* enableLogging: true
* match:
* config:
* srcIpRanges:
* - 192.168.0.0/16
* - 10.0.0.0/8
* layer4Configs:
* - ipProtocol: tcp
* ports:
* - '22'
* - ipProtocol: icmp
* priority: 100
* ```
*
* ## Import
* OrganizationSecurityPolicyRule can be imported using any of these accepted formats:
* * `{{policy_id}}/priority/{{priority}}`
* When using the `pulumi import` command, OrganizationSecurityPolicyRule can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:compute/organizationSecurityPolicyRule:OrganizationSecurityPolicyRule default {{policy_id}}/priority/{{priority}}
* ```
* @property action The Action to perform when the client connection triggers the rule. Can currently be either
* "allow", "deny" or "goto_next".
* @property description A description of the rule.
* @property direction The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS",
* "EGRESS"]
* @property enableLogging Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured
* export destination in Stackdriver.
* @property match A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
* Structure is documented below.
* @property policyId The ID of the OrganizationSecurityPolicy this rule applies to.
* @property preview If set to true, the specified action is not enforced.
* @property priority An integer indicating the priority of a rule in the list. The priority must be a value
* between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
* highest priority and 2147483647 is the lowest prority.
* @property targetResources A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get
* this rule. If this field is left blank, all VMs within the organization will receive the rule.
* @property targetServiceAccounts A list of service accounts indicating the sets of instances that are applied with this rule.
*/
public data class OrganizationSecurityPolicyRuleArgs(
public val action: Output? = null,
public val description: Output? = null,
public val direction: Output? = null,
public val enableLogging: Output? = null,
public val match: Output? = null,
public val policyId: Output? = null,
public val preview: Output? = null,
public val priority: Output? = null,
public val targetResources: Output>? = null,
public val targetServiceAccounts: Output>? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs =
com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs.builder()
.action(action?.applyValue({ args0 -> args0 }))
.description(description?.applyValue({ args0 -> args0 }))
.direction(direction?.applyValue({ args0 -> args0 }))
.enableLogging(enableLogging?.applyValue({ args0 -> args0 }))
.match(match?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.policyId(policyId?.applyValue({ args0 -> args0 }))
.preview(preview?.applyValue({ args0 -> args0 }))
.priority(priority?.applyValue({ args0 -> args0 }))
.targetResources(targetResources?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.targetServiceAccounts(
targetServiceAccounts?.applyValue({ args0 ->
args0.map({ args0 ->
args0
})
}),
).build()
}
/**
* Builder for [OrganizationSecurityPolicyRuleArgs].
*/
@PulumiTagMarker
public class OrganizationSecurityPolicyRuleArgsBuilder internal constructor() {
private var action: Output? = null
private var description: Output? = null
private var direction: Output? = null
private var enableLogging: Output? = null
private var match: Output? = null
private var policyId: Output? = null
private var preview: Output? = null
private var priority: Output? = null
private var targetResources: Output>? = null
private var targetServiceAccounts: Output>? = null
/**
* @param value The Action to perform when the client connection triggers the rule. Can currently be either
* "allow", "deny" or "goto_next".
*/
@JvmName("gxjepykrrfvntmgv")
public suspend fun action(`value`: Output) {
this.action = value
}
/**
* @param value A description of the rule.
*/
@JvmName("vwisxivfdkicrmof")
public suspend fun description(`value`: Output) {
this.description = value
}
/**
* @param value The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS",
* "EGRESS"]
*/
@JvmName("hhppaifivvagskem")
public suspend fun direction(`value`: Output) {
this.direction = value
}
/**
* @param value Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured
* export destination in Stackdriver.
*/
@JvmName("krcoonhbnstrwatb")
public suspend fun enableLogging(`value`: Output) {
this.enableLogging = value
}
/**
* @param value A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
* Structure is documented below.
*/
@JvmName("duvaawfvlwyussjk")
public suspend fun match(`value`: Output) {
this.match = value
}
/**
* @param value The ID of the OrganizationSecurityPolicy this rule applies to.
*/
@JvmName("jvswftfomdrslcty")
public suspend fun policyId(`value`: Output) {
this.policyId = value
}
/**
* @param value If set to true, the specified action is not enforced.
*/
@JvmName("olovjtpewmxytwvp")
public suspend fun preview(`value`: Output) {
this.preview = value
}
/**
* @param value An integer indicating the priority of a rule in the list. The priority must be a value
* between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
* highest priority and 2147483647 is the lowest prority.
*/
@JvmName("aujgtmjkuneicjll")
public suspend fun priority(`value`: Output) {
this.priority = value
}
/**
* @param value A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get
* this rule. If this field is left blank, all VMs within the organization will receive the rule.
*/
@JvmName("igkbwqyyjhrugkxp")
public suspend fun targetResources(`value`: Output>) {
this.targetResources = value
}
@JvmName("fayiiqkdfnhhewmx")
public suspend fun targetResources(vararg values: Output) {
this.targetResources = Output.all(values.asList())
}
/**
* @param values A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get
* this rule. If this field is left blank, all VMs within the organization will receive the rule.
*/
@JvmName("ganmjbpwslssukwt")
public suspend fun targetResources(values: List
© 2015 - 2024 Weber Informatics LLC | Privacy Policy