com.pulumi.gcp.compute.kotlin.RegionNetworkFirewallPolicyRuleArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.compute.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.compute.RegionNetworkFirewallPolicyRuleArgs.builder
import com.pulumi.gcp.compute.kotlin.inputs.RegionNetworkFirewallPolicyRuleMatchArgs
import com.pulumi.gcp.compute.kotlin.inputs.RegionNetworkFirewallPolicyRuleMatchArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.RegionNetworkFirewallPolicyRuleTargetSecureTagArgs
import com.pulumi.gcp.compute.kotlin.inputs.RegionNetworkFirewallPolicyRuleTargetSecureTagArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* The Compute NetworkFirewallPolicyRule resource
* ## Example Usage
* ### Regional
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const basicRegionalNetworksecurityAddressGroup = new gcp.networksecurity.AddressGroup("basic_regional_networksecurity_address_group", {
* name: "policy",
* parent: "projects/my-project-name",
* description: "Sample regional networksecurity_address_group",
* location: "us-west1",
* items: ["208.80.154.224/32"],
* type: "IPV4",
* capacity: 100,
* });
* const basicRegionalNetworkFirewallPolicy = new gcp.compute.RegionNetworkFirewallPolicy("basic_regional_network_firewall_policy", {
* name: "policy",
* description: "Sample regional network firewall policy",
* project: "my-project-name",
* region: "us-west1",
* });
* const basicNetwork = new gcp.compute.Network("basic_network", {name: "network"});
* const basicKey = new gcp.tags.TagKey("basic_key", {
* description: "For keyname resources.",
* parent: "organizations/123456789",
* purpose: "GCE_FIREWALL",
* shortName: "tagkey",
* purposeData: {
* network: pulumi.interpolate`my-project-name/${basicNetwork.name}`,
* },
* });
* const basicValue = new gcp.tags.TagValue("basic_value", {
* description: "For valuename resources.",
* parent: pulumi.interpolate`tagKeys/${basicKey.name}`,
* shortName: "tagvalue",
* });
* const primary = new gcp.compute.RegionNetworkFirewallPolicyRule("primary", {
* action: "allow",
* description: "This is a simple rule description",
* direction: "INGRESS",
* disabled: false,
* enableLogging: true,
* firewallPolicy: basicRegionalNetworkFirewallPolicy.name,
* priority: 1000,
* region: "us-west1",
* ruleName: "test-rule",
* targetServiceAccounts: ["my@service-account.com"],
* match: {
* srcIpRanges: ["10.100.0.1/32"],
* srcFqdns: ["example.com"],
* srcRegionCodes: ["US"],
* srcThreatIntelligences: ["iplist-known-malicious-ips"],
* layer4Configs: [{
* ipProtocol: "all",
* }],
* srcSecureTags: [{
* name: pulumi.interpolate`tagValues/${basicValue.name}`,
* }],
* srcAddressGroups: [basicRegionalNetworksecurityAddressGroup.id],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* basic_regional_networksecurity_address_group = gcp.networksecurity.AddressGroup("basic_regional_networksecurity_address_group",
* name="policy",
* parent="projects/my-project-name",
* description="Sample regional networksecurity_address_group",
* location="us-west1",
* items=["208.80.154.224/32"],
* type="IPV4",
* capacity=100)
* basic_regional_network_firewall_policy = gcp.compute.RegionNetworkFirewallPolicy("basic_regional_network_firewall_policy",
* name="policy",
* description="Sample regional network firewall policy",
* project="my-project-name",
* region="us-west1")
* basic_network = gcp.compute.Network("basic_network", name="network")
* basic_key = gcp.tags.TagKey("basic_key",
* description="For keyname resources.",
* parent="organizations/123456789",
* purpose="GCE_FIREWALL",
* short_name="tagkey",
* purpose_data={
* "network": basic_network.name.apply(lambda name: f"my-project-name/{name}"),
* })
* basic_value = gcp.tags.TagValue("basic_value",
* description="For valuename resources.",
* parent=basic_key.name.apply(lambda name: f"tagKeys/{name}"),
* short_name="tagvalue")
* primary = gcp.compute.RegionNetworkFirewallPolicyRule("primary",
* action="allow",
* description="This is a simple rule description",
* direction="INGRESS",
* disabled=False,
* enable_logging=True,
* firewall_policy=basic_regional_network_firewall_policy.name,
* priority=1000,
* region="us-west1",
* rule_name="test-rule",
* target_service_accounts=["my@service-account.com"],
* match=gcp.compute.RegionNetworkFirewallPolicyRuleMatchArgs(
* src_ip_ranges=["10.100.0.1/32"],
* src_fqdns=["example.com"],
* src_region_codes=["US"],
* src_threat_intelligences=["iplist-known-malicious-ips"],
* layer4_configs=[gcp.compute.RegionNetworkFirewallPolicyRuleMatchLayer4ConfigArgs(
* ip_protocol="all",
* )],
* src_secure_tags=[gcp.compute.RegionNetworkFirewallPolicyRuleMatchSrcSecureTagArgs(
* name=basic_value.name.apply(lambda name: f"tagValues/{name}"),
* )],
* src_address_groups=[basic_regional_networksecurity_address_group.id],
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var basicRegionalNetworksecurityAddressGroup = new Gcp.NetworkSecurity.AddressGroup("basic_regional_networksecurity_address_group", new()
* {
* Name = "policy",
* Parent = "projects/my-project-name",
* Description = "Sample regional networksecurity_address_group",
* Location = "us-west1",
* Items = new[]
* {
* "208.80.154.224/32",
* },
* Type = "IPV4",
* Capacity = 100,
* });
* var basicRegionalNetworkFirewallPolicy = new Gcp.Compute.RegionNetworkFirewallPolicy("basic_regional_network_firewall_policy", new()
* {
* Name = "policy",
* Description = "Sample regional network firewall policy",
* Project = "my-project-name",
* Region = "us-west1",
* });
* var basicNetwork = new Gcp.Compute.Network("basic_network", new()
* {
* Name = "network",
* });
* var basicKey = new Gcp.Tags.TagKey("basic_key", new()
* {
* Description = "For keyname resources.",
* Parent = "organizations/123456789",
* Purpose = "GCE_FIREWALL",
* ShortName = "tagkey",
* PurposeData =
* {
* { "network", basicNetwork.Name.Apply(name => $"my-project-name/{name}") },
* },
* });
* var basicValue = new Gcp.Tags.TagValue("basic_value", new()
* {
* Description = "For valuename resources.",
* Parent = basicKey.Name.Apply(name => $"tagKeys/{name}"),
* ShortName = "tagvalue",
* });
* var primary = new Gcp.Compute.RegionNetworkFirewallPolicyRule("primary", new()
* {
* Action = "allow",
* Description = "This is a simple rule description",
* Direction = "INGRESS",
* Disabled = false,
* EnableLogging = true,
* FirewallPolicy = basicRegionalNetworkFirewallPolicy.Name,
* Priority = 1000,
* Region = "us-west1",
* RuleName = "test-rule",
* TargetServiceAccounts = new[]
* {
* "[email protected]",
* },
* Match = new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyRuleMatchArgs
* {
* SrcIpRanges = new[]
* {
* "10.100.0.1/32",
* },
* SrcFqdns = new[]
* {
* "example.com",
* },
* SrcRegionCodes = new[]
* {
* "US",
* },
* SrcThreatIntelligences = new[]
* {
* "iplist-known-malicious-ips",
* },
* Layer4Configs = new[]
* {
* new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyRuleMatchLayer4ConfigArgs
* {
* IpProtocol = "all",
* },
* },
* SrcSecureTags = new[]
* {
* new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyRuleMatchSrcSecureTagArgs
* {
* Name = basicValue.Name.Apply(name => $"tagValues/{name}"),
* },
* },
* SrcAddressGroups = new[]
* {
* basicRegionalNetworksecurityAddressGroup.Id,
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* basicRegionalNetworksecurityAddressGroup, err := networksecurity.NewAddressGroup(ctx, "basic_regional_networksecurity_address_group", &networksecurity.AddressGroupArgs{
* Name: pulumi.String("policy"),
* Parent: pulumi.String("projects/my-project-name"),
* Description: pulumi.String("Sample regional networksecurity_address_group"),
* Location: pulumi.String("us-west1"),
* Items: pulumi.StringArray{
* pulumi.String("208.80.154.224/32"),
* },
* Type: pulumi.String("IPV4"),
* Capacity: pulumi.Int(100),
* })
* if err != nil {
* return err
* }
* basicRegionalNetworkFirewallPolicy, err := compute.NewRegionNetworkFirewallPolicy(ctx, "basic_regional_network_firewall_policy", &compute.RegionNetworkFirewallPolicyArgs{
* Name: pulumi.String("policy"),
* Description: pulumi.String("Sample regional network firewall policy"),
* Project: pulumi.String("my-project-name"),
* Region: pulumi.String("us-west1"),
* })
* if err != nil {
* return err
* }
* basicNetwork, err := compute.NewNetwork(ctx, "basic_network", &compute.NetworkArgs{
* Name: pulumi.String("network"),
* })
* if err != nil {
* return err
* }
* basicKey, err := tags.NewTagKey(ctx, "basic_key", &tags.TagKeyArgs{
* Description: pulumi.String("For keyname resources."),
* Parent: pulumi.String("organizations/123456789"),
* Purpose: pulumi.String("GCE_FIREWALL"),
* ShortName: pulumi.String("tagkey"),
* PurposeData: pulumi.StringMap{
* "network": basicNetwork.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("my-project-name/%v", name), nil
* }).(pulumi.StringOutput),
* },
* })
* if err != nil {
* return err
* }
* basicValue, err := tags.NewTagValue(ctx, "basic_value", &tags.TagValueArgs{
* Description: pulumi.String("For valuename resources."),
* Parent: basicKey.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("tagKeys/%v", name), nil
* }).(pulumi.StringOutput),
* ShortName: pulumi.String("tagvalue"),
* })
* if err != nil {
* return err
* }
* _, err = compute.NewRegionNetworkFirewallPolicyRule(ctx, "primary", &compute.RegionNetworkFirewallPolicyRuleArgs{
* Action: pulumi.String("allow"),
* Description: pulumi.String("This is a simple rule description"),
* Direction: pulumi.String("INGRESS"),
* Disabled: pulumi.Bool(false),
* EnableLogging: pulumi.Bool(true),
* FirewallPolicy: basicRegionalNetworkFirewallPolicy.Name,
* Priority: pulumi.Int(1000),
* Region: pulumi.String("us-west1"),
* RuleName: pulumi.String("test-rule"),
* TargetServiceAccounts: pulumi.StringArray{
* pulumi.String("[email protected]"),
* },
* Match: &compute.RegionNetworkFirewallPolicyRuleMatchArgs{
* SrcIpRanges: pulumi.StringArray{
* pulumi.String("10.100.0.1/32"),
* },
* SrcFqdns: pulumi.StringArray{
* pulumi.String("example.com"),
* },
* SrcRegionCodes: pulumi.StringArray{
* pulumi.String("US"),
* },
* SrcThreatIntelligences: pulumi.StringArray{
* pulumi.String("iplist-known-malicious-ips"),
* },
* Layer4Configs: compute.RegionNetworkFirewallPolicyRuleMatchLayer4ConfigArray{
* &compute.RegionNetworkFirewallPolicyRuleMatchLayer4ConfigArgs{
* IpProtocol: pulumi.String("all"),
* },
* },
* SrcSecureTags: compute.RegionNetworkFirewallPolicyRuleMatchSrcSecureTagArray{
* &compute.RegionNetworkFirewallPolicyRuleMatchSrcSecureTagArgs{
* Name: basicValue.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("tagValues/%v", name), nil
* }).(pulumi.StringOutput),
* },
* },
* SrcAddressGroups: pulumi.StringArray{
* basicRegionalNetworksecurityAddressGroup.ID(),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.networksecurity.AddressGroup;
* import com.pulumi.gcp.networksecurity.AddressGroupArgs;
* import com.pulumi.gcp.compute.RegionNetworkFirewallPolicy;
* import com.pulumi.gcp.compute.RegionNetworkFirewallPolicyArgs;
* import com.pulumi.gcp.compute.Network;
* import com.pulumi.gcp.compute.NetworkArgs;
* import com.pulumi.gcp.tags.TagKey;
* import com.pulumi.gcp.tags.TagKeyArgs;
* import com.pulumi.gcp.tags.TagValue;
* import com.pulumi.gcp.tags.TagValueArgs;
* import com.pulumi.gcp.compute.RegionNetworkFirewallPolicyRule;
* import com.pulumi.gcp.compute.RegionNetworkFirewallPolicyRuleArgs;
* import com.pulumi.gcp.compute.inputs.RegionNetworkFirewallPolicyRuleMatchArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var basicRegionalNetworksecurityAddressGroup = new AddressGroup("basicRegionalNetworksecurityAddressGroup", AddressGroupArgs.builder()
* .name("policy")
* .parent("projects/my-project-name")
* .description("Sample regional networksecurity_address_group")
* .location("us-west1")
* .items("208.80.154.224/32")
* .type("IPV4")
* .capacity(100)
* .build());
* var basicRegionalNetworkFirewallPolicy = new RegionNetworkFirewallPolicy("basicRegionalNetworkFirewallPolicy", RegionNetworkFirewallPolicyArgs.builder()
* .name("policy")
* .description("Sample regional network firewall policy")
* .project("my-project-name")
* .region("us-west1")
* .build());
* var basicNetwork = new Network("basicNetwork", NetworkArgs.builder()
* .name("network")
* .build());
* var basicKey = new TagKey("basicKey", TagKeyArgs.builder()
* .description("For keyname resources.")
* .parent("organizations/123456789")
* .purpose("GCE_FIREWALL")
* .shortName("tagkey")
* .purposeData(Map.of("network", basicNetwork.name().applyValue(name -> String.format("my-project-name/%s", name))))
* .build());
* var basicValue = new TagValue("basicValue", TagValueArgs.builder()
* .description("For valuename resources.")
* .parent(basicKey.name().applyValue(name -> String.format("tagKeys/%s", name)))
* .shortName("tagvalue")
* .build());
* var primary = new RegionNetworkFirewallPolicyRule("primary", RegionNetworkFirewallPolicyRuleArgs.builder()
* .action("allow")
* .description("This is a simple rule description")
* .direction("INGRESS")
* .disabled(false)
* .enableLogging(true)
* .firewallPolicy(basicRegionalNetworkFirewallPolicy.name())
* .priority(1000)
* .region("us-west1")
* .ruleName("test-rule")
* .targetServiceAccounts("[email protected]")
* .match(RegionNetworkFirewallPolicyRuleMatchArgs.builder()
* .srcIpRanges("10.100.0.1/32")
* .srcFqdns("example.com")
* .srcRegionCodes("US")
* .srcThreatIntelligences("iplist-known-malicious-ips")
* .layer4Configs(RegionNetworkFirewallPolicyRuleMatchLayer4ConfigArgs.builder()
* .ipProtocol("all")
* .build())
* .srcSecureTags(RegionNetworkFirewallPolicyRuleMatchSrcSecureTagArgs.builder()
* .name(basicValue.name().applyValue(name -> String.format("tagValues/%s", name)))
* .build())
* .srcAddressGroups(basicRegionalNetworksecurityAddressGroup.id())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* basicRegionalNetworksecurityAddressGroup:
* type: gcp:networksecurity:AddressGroup
* name: basic_regional_networksecurity_address_group
* properties:
* name: policy
* parent: projects/my-project-name
* description: Sample regional networksecurity_address_group
* location: us-west1
* items:
* - 208.80.154.224/32
* type: IPV4
* capacity: 100
* basicRegionalNetworkFirewallPolicy:
* type: gcp:compute:RegionNetworkFirewallPolicy
* name: basic_regional_network_firewall_policy
* properties:
* name: policy
* description: Sample regional network firewall policy
* project: my-project-name
* region: us-west1
* primary:
* type: gcp:compute:RegionNetworkFirewallPolicyRule
* properties:
* action: allow
* description: This is a simple rule description
* direction: INGRESS
* disabled: false
* enableLogging: true
* firewallPolicy: ${basicRegionalNetworkFirewallPolicy.name}
* priority: 1000
* region: us-west1
* ruleName: test-rule
* targetServiceAccounts:
* - [email protected]
* match:
* srcIpRanges:
* - 10.100.0.1/32
* srcFqdns:
* - example.com
* srcRegionCodes:
* - US
* srcThreatIntelligences:
* - iplist-known-malicious-ips
* layer4Configs:
* - ipProtocol: all
* srcSecureTags:
* - name: tagValues/${basicValue.name}
* srcAddressGroups:
* - ${basicRegionalNetworksecurityAddressGroup.id}
* basicNetwork:
* type: gcp:compute:Network
* name: basic_network
* properties:
* name: network
* basicKey:
* type: gcp:tags:TagKey
* name: basic_key
* properties:
* description: For keyname resources.
* parent: organizations/123456789
* purpose: GCE_FIREWALL
* shortName: tagkey
* purposeData:
* network: my-project-name/${basicNetwork.name}
* basicValue:
* type: gcp:tags:TagValue
* name: basic_value
* properties:
* description: For valuename resources.
* parent: tagKeys/${basicKey.name}
* shortName: tagvalue
* ```
*
* ## Import
* NetworkFirewallPolicyRule can be imported using any of these accepted formats:
* * `projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/{{priority}}`
* * `{{project}}/{{region}}/{{firewall_policy}}/{{priority}}`
* * `{{region}}/{{firewall_policy}}/{{priority}}`
* * `{{firewall_policy}}/{{priority}}`
* When using the `pulumi import` command, NetworkFirewallPolicyRule can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:compute/regionNetworkFirewallPolicyRule:RegionNetworkFirewallPolicyRule default projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/{{priority}}
* ```
* ```sh
* $ pulumi import gcp:compute/regionNetworkFirewallPolicyRule:RegionNetworkFirewallPolicyRule default {{project}}/{{region}}/{{firewall_policy}}/{{priority}}
* ```
* ```sh
* $ pulumi import gcp:compute/regionNetworkFirewallPolicyRule:RegionNetworkFirewallPolicyRule default {{region}}/{{firewall_policy}}/{{priority}}
* ```
* ```sh
* $ pulumi import gcp:compute/regionNetworkFirewallPolicyRule:RegionNetworkFirewallPolicyRule default {{firewall_policy}}/{{priority}}
* ```
* @property action The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
* @property description An optional description for this resource.
* @property direction The direction in which this rule applies. Possible values: INGRESS, EGRESS
* @property disabled Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and
* traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
* @property enableLogging Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured
* export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on
* "goto_next" rules.
* @property firewallPolicy The firewall policy of the resource.
* @property match A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
* @property priority An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
* @property project The project for the resource
* @property region The location of this resource.
* @property ruleName An optional name for the rule. This field is not a unique identifier and can be updated.
* @property securityProfileGroup A fully-qualified URL of a SecurityProfileGroup resource. Example:
* https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
* It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
* @property targetSecureTags A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag
are
* specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure
* tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored.
* targetSecureTag
may not be set at the same time as targetServiceAccounts
. If neither
* targetServiceAccounts
nor targetSecureTag
are specified, the firewall rule applies to all
* instances on the specified network. Maximum number of target label tags allowed is 256.
* @property targetServiceAccounts A list of service accounts indicating the sets of instances that are applied with this rule.
* @property tlsInspect Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
* 'apply_security_profile_group' and cannot be set for other actions.
*/
public data class RegionNetworkFirewallPolicyRuleArgs(
public val action: Output? = null,
public val description: Output? = null,
public val direction: Output? = null,
public val disabled: Output? = null,
public val enableLogging: Output? = null,
public val firewallPolicy: Output? = null,
public val match: Output? = null,
public val priority: Output? = null,
public val project: Output? = null,
public val region: Output? = null,
public val ruleName: Output? = null,
public val securityProfileGroup: Output? = null,
public val targetSecureTags: Output>? =
null,
public val targetServiceAccounts: Output>? = null,
public val tlsInspect: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.compute.RegionNetworkFirewallPolicyRuleArgs =
com.pulumi.gcp.compute.RegionNetworkFirewallPolicyRuleArgs.builder()
.action(action?.applyValue({ args0 -> args0 }))
.description(description?.applyValue({ args0 -> args0 }))
.direction(direction?.applyValue({ args0 -> args0 }))
.disabled(disabled?.applyValue({ args0 -> args0 }))
.enableLogging(enableLogging?.applyValue({ args0 -> args0 }))
.firewallPolicy(firewallPolicy?.applyValue({ args0 -> args0 }))
.match(match?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.priority(priority?.applyValue({ args0 -> args0 }))
.project(project?.applyValue({ args0 -> args0 }))
.region(region?.applyValue({ args0 -> args0 }))
.ruleName(ruleName?.applyValue({ args0 -> args0 }))
.securityProfileGroup(securityProfileGroup?.applyValue({ args0 -> args0 }))
.targetSecureTags(
targetSecureTags?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
)
.targetServiceAccounts(targetServiceAccounts?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.tlsInspect(tlsInspect?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [RegionNetworkFirewallPolicyRuleArgs].
*/
@PulumiTagMarker
public class RegionNetworkFirewallPolicyRuleArgsBuilder internal constructor() {
private var action: Output? = null
private var description: Output? = null
private var direction: Output? = null
private var disabled: Output? = null
private var enableLogging: Output? = null
private var firewallPolicy: Output? = null
private var match: Output? = null
private var priority: Output? = null
private var project: Output? = null
private var region: Output? = null
private var ruleName: Output? = null
private var securityProfileGroup: Output? = null
private var targetSecureTags: Output>? =
null
private var targetServiceAccounts: Output>? = null
private var tlsInspect: Output? = null
/**
* @param value The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
*/
@JvmName("mjxgvheihgkbolxw")
public suspend fun action(`value`: Output) {
this.action = value
}
/**
* @param value An optional description for this resource.
*/
@JvmName("inwndtvnetftkude")
public suspend fun description(`value`: Output) {
this.description = value
}
/**
* @param value The direction in which this rule applies. Possible values: INGRESS, EGRESS
*/
@JvmName("hedluggnnqtblsds")
public suspend fun direction(`value`: Output) {
this.direction = value
}
/**
* @param value Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and
* traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
*/
@JvmName("lspbdvbxgelcsvgu")
public suspend fun disabled(`value`: Output) {
this.disabled = value
}
/**
* @param value Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured
* export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on
* "goto_next" rules.
*/
@JvmName("jdfiisnychkkwiiv")
public suspend fun enableLogging(`value`: Output) {
this.enableLogging = value
}
/**
* @param value The firewall policy of the resource.
*/
@JvmName("raaaesxqnrpsakrs")
public suspend fun firewallPolicy(`value`: Output) {
this.firewallPolicy = value
}
/**
* @param value A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
*/
@JvmName("pnrpmkqmwwmhkigx")
public suspend fun match(`value`: Output) {
this.match = value
}
/**
* @param value An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
*/
@JvmName("srgxbhamvtheappd")
public suspend fun priority(`value`: Output) {
this.priority = value
}
/**
* @param value The project for the resource
*/
@JvmName("nvdnmgkodpkmuxhl")
public suspend fun project(`value`: Output) {
this.project = value
}
/**
* @param value The location of this resource.
*/
@JvmName("clsrvaefohusmhhk")
public suspend fun region(`value`: Output) {
this.region = value
}
/**
* @param value An optional name for the rule. This field is not a unique identifier and can be updated.
*/
@JvmName("iqamfpmgpsdcnfva")
public suspend fun ruleName(`value`: Output) {
this.ruleName = value
}
/**
* @param value A fully-qualified URL of a SecurityProfileGroup resource. Example:
* https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
* It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
*/
@JvmName("ltqcffkchvkjxeer")
public suspend fun securityProfileGroup(`value`: Output) {
this.securityProfileGroup = value
}
/**
* @param value A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag
are
* specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure
* tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored.
* targetSecureTag
may not be set at the same time as targetServiceAccounts
. If neither
* targetServiceAccounts
nor targetSecureTag
are specified, the firewall rule applies to all
* instances on the specified network. Maximum number of target label tags allowed is 256.
*/
@JvmName("vejbaemilpsekfwm")
public suspend fun targetSecureTags(`value`: Output>) {
this.targetSecureTags = value
}
@JvmName("tinmcluujbdvrtdf")
public suspend fun targetSecureTags(vararg values: Output) {
this.targetSecureTags = Output.all(values.asList())
}
/**
* @param values A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag
are
* specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure
* tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored.
* targetSecureTag
may not be set at the same time as targetServiceAccounts
. If neither
* targetServiceAccounts
nor targetSecureTag
are specified, the firewall rule applies to all
* instances on the specified network. Maximum number of target label tags allowed is 256.
*/
@JvmName("qryxrdovfingmqxj")
public suspend fun targetSecureTags(values: List
© 2015 - 2024 Weber Informatics LLC | Privacy Policy