All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.compute.kotlin.SecurityPolicy.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.compute.kotlin

import com.pulumi.core.Output
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyAdaptiveProtectionConfig
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyAdvancedOptionsConfig
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyRecaptchaOptionsConfig
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyRule
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyAdaptiveProtectionConfig.Companion.toKotlin as securityPolicyAdaptiveProtectionConfigToKotlin
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyAdvancedOptionsConfig.Companion.toKotlin as securityPolicyAdvancedOptionsConfigToKotlin
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyRecaptchaOptionsConfig.Companion.toKotlin as securityPolicyRecaptchaOptionsConfigToKotlin
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyRule.Companion.toKotlin as securityPolicyRuleToKotlin

/**
 * Builder for [SecurityPolicy].
 */
@PulumiTagMarker
public class SecurityPolicyResourceBuilder internal constructor() {
    public var name: String? = null

    public var args: SecurityPolicyArgs = SecurityPolicyArgs()

    public var opts: CustomResourceOptions = CustomResourceOptions()

    /**
     * @param name The _unique_ name of the resulting resource.
     */
    public fun name(`value`: String) {
        this.name = value
    }

    /**
     * @param block The arguments to use to populate this resource's properties.
     */
    public suspend fun args(block: suspend SecurityPolicyArgsBuilder.() -> Unit) {
        val builder = SecurityPolicyArgsBuilder()
        block(builder)
        this.args = builder.build()
    }

    /**
     * @param block A bag of options that control this resource's behavior.
     */
    public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
        this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
    }

    internal fun build(): SecurityPolicy {
        val builtJavaResource = com.pulumi.gcp.compute.SecurityPolicy(
            this.name,
            this.args.toJava(),
            this.opts.toJava(),
        )
        return SecurityPolicy(builtJavaResource)
    }
}

/**
 * A Security Policy defines an IP blacklist or whitelist that protects load balanced Google Cloud services by denying or permitting traffic from specified IP ranges. For more information
 * see the [official documentation](https://cloud.google.com/armor/docs/configure-security-policies)
 * and the [API](https://cloud.google.com/compute/docs/reference/rest/beta/securityPolicies).
 * Security Policy is used by google_compute_backend_service.
 * ## Example Usage
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const policy = new gcp.compute.SecurityPolicy("policy", {
 *     name: "my-policy",
 *     rules: [
 *         {
 *             action: "deny(403)",
 *             priority: 1000,
 *             match: {
 *                 versionedExpr: "SRC_IPS_V1",
 *                 config: {
 *                     srcIpRanges: ["9.9.9.0/24"],
 *                 },
 *             },
 *             description: "Deny access to IPs in 9.9.9.0/24",
 *         },
 *         {
 *             action: "allow",
 *             priority: 2147483647,
 *             match: {
 *                 versionedExpr: "SRC_IPS_V1",
 *                 config: {
 *                     srcIpRanges: ["*"],
 *                 },
 *             },
 *             description: "default rule",
 *         },
 *     ],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * policy = gcp.compute.SecurityPolicy("policy",
 *     name="my-policy",
 *     rules=[
 *         gcp.compute.SecurityPolicyRuleArgs(
 *             action="deny(403)",
 *             priority=1000,
 *             match=gcp.compute.SecurityPolicyRuleMatchArgs(
 *                 versioned_expr="SRC_IPS_V1",
 *                 config=gcp.compute.SecurityPolicyRuleMatchConfigArgs(
 *                     src_ip_ranges=["9.9.9.0/24"],
 *                 ),
 *             ),
 *             description="Deny access to IPs in 9.9.9.0/24",
 *         ),
 *         gcp.compute.SecurityPolicyRuleArgs(
 *             action="allow",
 *             priority=2147483647,
 *             match=gcp.compute.SecurityPolicyRuleMatchArgs(
 *                 versioned_expr="SRC_IPS_V1",
 *                 config=gcp.compute.SecurityPolicyRuleMatchConfigArgs(
 *                     src_ip_ranges=["*"],
 *                 ),
 *             ),
 *             description="default rule",
 *         ),
 *     ])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var policy = new Gcp.Compute.SecurityPolicy("policy", new()
 *     {
 *         Name = "my-policy",
 *         Rules = new[]
 *         {
 *             new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
 *             {
 *                 Action = "deny(403)",
 *                 Priority = 1000,
 *                 Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *                 {
 *                     VersionedExpr = "SRC_IPS_V1",
 *                     Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
 *                     {
 *                         SrcIpRanges = new[]
 *                         {
 *                             "9.9.9.0/24",
 *                         },
 *                     },
 *                 },
 *                 Description = "Deny access to IPs in 9.9.9.0/24",
 *             },
 *             new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
 *             {
 *                 Action = "allow",
 *                 Priority = 2147483647,
 *                 Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *                 {
 *                     VersionedExpr = "SRC_IPS_V1",
 *                     Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
 *                     {
 *                         SrcIpRanges = new[]
 *                         {
 *                             "*",
 *                         },
 *                     },
 *                 },
 *                 Description = "default rule",
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := compute.NewSecurityPolicy(ctx, "policy", &compute.SecurityPolicyArgs{
 * 			Name: pulumi.String("my-policy"),
 * 			Rules: compute.SecurityPolicyRuleTypeArray{
 * 				&compute.SecurityPolicyRuleTypeArgs{
 * 					Action:   pulumi.String("deny(403)"),
 * 					Priority: pulumi.Int(1000),
 * 					Match: &compute.SecurityPolicyRuleMatchArgs{
 * 						VersionedExpr: pulumi.String("SRC_IPS_V1"),
 * 						Config: &compute.SecurityPolicyRuleMatchConfigArgs{
 * 							SrcIpRanges: pulumi.StringArray{
 * 								pulumi.String("9.9.9.0/24"),
 * 							},
 * 						},
 * 					},
 * 					Description: pulumi.String("Deny access to IPs in 9.9.9.0/24"),
 * 				},
 * 				&compute.SecurityPolicyRuleTypeArgs{
 * 					Action:   pulumi.String("allow"),
 * 					Priority: pulumi.Int(2147483647),
 * 					Match: &compute.SecurityPolicyRuleMatchArgs{
 * 						VersionedExpr: pulumi.String("SRC_IPS_V1"),
 * 						Config: &compute.SecurityPolicyRuleMatchConfigArgs{
 * 							SrcIpRanges: pulumi.StringArray{
 * 								pulumi.String("*"),
 * 							},
 * 						},
 * 					},
 * 					Description: pulumi.String("default rule"),
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.compute.SecurityPolicy;
 * import com.pulumi.gcp.compute.SecurityPolicyArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
 *             .name("my-policy")
 *             .rules(
 *                 SecurityPolicyRuleArgs.builder()
 *                     .action("deny(403)")
 *                     .priority("1000")
 *                     .match(SecurityPolicyRuleMatchArgs.builder()
 *                         .versionedExpr("SRC_IPS_V1")
 *                         .config(SecurityPolicyRuleMatchConfigArgs.builder()
 *                             .srcIpRanges("9.9.9.0/24")
 *                             .build())
 *                         .build())
 *                     .description("Deny access to IPs in 9.9.9.0/24")
 *                     .build(),
 *                 SecurityPolicyRuleArgs.builder()
 *                     .action("allow")
 *                     .priority("2147483647")
 *                     .match(SecurityPolicyRuleMatchArgs.builder()
 *                         .versionedExpr("SRC_IPS_V1")
 *                         .config(SecurityPolicyRuleMatchConfigArgs.builder()
 *                             .srcIpRanges("*")
 *                             .build())
 *                         .build())
 *                     .description("default rule")
 *                     .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   policy:
 *     type: gcp:compute:SecurityPolicy
 *     properties:
 *       name: my-policy
 *       rules:
 *         - action: deny(403)
 *           priority: '1000'
 *           match:
 *             versionedExpr: SRC_IPS_V1
 *             config:
 *               srcIpRanges:
 *                 - 9.9.9.0/24
 *           description: Deny access to IPs in 9.9.9.0/24
 *         - action: allow
 *           priority: '2147483647'
 *           match:
 *             versionedExpr: SRC_IPS_V1
 *             config:
 *               srcIpRanges:
 *                 - '*'
 *           description: default rule
 * ```
 * 
 * ### With ReCAPTCHA Configuration Options
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const primary = new gcp.recaptcha.EnterpriseKey("primary", {
 *     displayName: "display-name",
 *     labels: {
 *         "label-one": "value-one",
 *     },
 *     project: "my-project-name",
 *     webSettings: {
 *         integrationType: "INVISIBLE",
 *         allowAllDomains: true,
 *         allowedDomains: ["localhost"],
 *     },
 * });
 * const policy = new gcp.compute.SecurityPolicy("policy", {
 *     name: "my-policy",
 *     description: "basic security policy",
 *     type: "CLOUD_ARMOR",
 *     recaptchaOptionsConfig: {
 *         redirectSiteKey: primary.name,
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * primary = gcp.recaptcha.EnterpriseKey("primary",
 *     display_name="display-name",
 *     labels={
 *         "label-one": "value-one",
 *     },
 *     project="my-project-name",
 *     web_settings=gcp.recaptcha.EnterpriseKeyWebSettingsArgs(
 *         integration_type="INVISIBLE",
 *         allow_all_domains=True,
 *         allowed_domains=["localhost"],
 *     ))
 * policy = gcp.compute.SecurityPolicy("policy",
 *     name="my-policy",
 *     description="basic security policy",
 *     type="CLOUD_ARMOR",
 *     recaptcha_options_config=gcp.compute.SecurityPolicyRecaptchaOptionsConfigArgs(
 *         redirect_site_key=primary.name,
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var primary = new Gcp.Recaptcha.EnterpriseKey("primary", new()
 *     {
 *         DisplayName = "display-name",
 *         Labels =
 *         {
 *             { "label-one", "value-one" },
 *         },
 *         Project = "my-project-name",
 *         WebSettings = new Gcp.Recaptcha.Inputs.EnterpriseKeyWebSettingsArgs
 *         {
 *             IntegrationType = "INVISIBLE",
 *             AllowAllDomains = true,
 *             AllowedDomains = new[]
 *             {
 *                 "localhost",
 *             },
 *         },
 *     });
 *     var policy = new Gcp.Compute.SecurityPolicy("policy", new()
 *     {
 *         Name = "my-policy",
 *         Description = "basic security policy",
 *         Type = "CLOUD_ARMOR",
 *         RecaptchaOptionsConfig = new Gcp.Compute.Inputs.SecurityPolicyRecaptchaOptionsConfigArgs
 *         {
 *             RedirectSiteKey = primary.Name,
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/recaptcha"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		primary, err := recaptcha.NewEnterpriseKey(ctx, "primary", &recaptcha.EnterpriseKeyArgs{
 * 			DisplayName: pulumi.String("display-name"),
 * 			Labels: pulumi.StringMap{
 * 				"label-one": pulumi.String("value-one"),
 * 			},
 * 			Project: pulumi.String("my-project-name"),
 * 			WebSettings: &recaptcha.EnterpriseKeyWebSettingsArgs{
 * 				IntegrationType: pulumi.String("INVISIBLE"),
 * 				AllowAllDomains: pulumi.Bool(true),
 * 				AllowedDomains: pulumi.StringArray{
 * 					pulumi.String("localhost"),
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = compute.NewSecurityPolicy(ctx, "policy", &compute.SecurityPolicyArgs{
 * 			Name:        pulumi.String("my-policy"),
 * 			Description: pulumi.String("basic security policy"),
 * 			Type:        pulumi.String("CLOUD_ARMOR"),
 * 			RecaptchaOptionsConfig: &compute.SecurityPolicyRecaptchaOptionsConfigArgs{
 * 				RedirectSiteKey: primary.Name,
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.recaptcha.EnterpriseKey;
 * import com.pulumi.gcp.recaptcha.EnterpriseKeyArgs;
 * import com.pulumi.gcp.recaptcha.inputs.EnterpriseKeyWebSettingsArgs;
 * import com.pulumi.gcp.compute.SecurityPolicy;
 * import com.pulumi.gcp.compute.SecurityPolicyArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRecaptchaOptionsConfigArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var primary = new EnterpriseKey("primary", EnterpriseKeyArgs.builder()
 *             .displayName("display-name")
 *             .labels(Map.of("label-one", "value-one"))
 *             .project("my-project-name")
 *             .webSettings(EnterpriseKeyWebSettingsArgs.builder()
 *                 .integrationType("INVISIBLE")
 *                 .allowAllDomains(true)
 *                 .allowedDomains("localhost")
 *                 .build())
 *             .build());
 *         var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
 *             .name("my-policy")
 *             .description("basic security policy")
 *             .type("CLOUD_ARMOR")
 *             .recaptchaOptionsConfig(SecurityPolicyRecaptchaOptionsConfigArgs.builder()
 *                 .redirectSiteKey(primary.name())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   primary:
 *     type: gcp:recaptcha:EnterpriseKey
 *     properties:
 *       displayName: display-name
 *       labels:
 *         label-one: value-one
 *       project: my-project-name
 *       webSettings:
 *         integrationType: INVISIBLE
 *         allowAllDomains: true
 *         allowedDomains:
 *           - localhost
 *   policy:
 *     type: gcp:compute:SecurityPolicy
 *     properties:
 *       name: my-policy
 *       description: basic security policy
 *       type: CLOUD_ARMOR
 *       recaptchaOptionsConfig:
 *         redirectSiteKey: ${primary.name}
 * ```
 * 
 * ### With Header Actions
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const policy = new gcp.compute.SecurityPolicy("policy", {
 *     name: "my-policy",
 *     rules: [
 *         {
 *             action: "allow",
 *             priority: 2147483647,
 *             match: {
 *                 versionedExpr: "SRC_IPS_V1",
 *                 config: {
 *                     srcIpRanges: ["*"],
 *                 },
 *             },
 *             description: "default rule",
 *         },
 *         {
 *             action: "allow",
 *             priority: 1000,
 *             match: {
 *                 expr: {
 *                     expression: "request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2",
 *                 },
 *             },
 *             headerAction: {
 *                 requestHeadersToAdds: [
 *                     {
 *                         headerName: "reCAPTCHA-Warning",
 *                         headerValue: "high",
 *                     },
 *                     {
 *                         headerName: "X-Resource",
 *                         headerValue: "test",
 *                     },
 *                 ],
 *             },
 *         },
 *     ],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * policy = gcp.compute.SecurityPolicy("policy",
 *     name="my-policy",
 *     rules=[
 *         gcp.compute.SecurityPolicyRuleArgs(
 *             action="allow",
 *             priority=2147483647,
 *             match=gcp.compute.SecurityPolicyRuleMatchArgs(
 *                 versioned_expr="SRC_IPS_V1",
 *                 config=gcp.compute.SecurityPolicyRuleMatchConfigArgs(
 *                     src_ip_ranges=["*"],
 *                 ),
 *             ),
 *             description="default rule",
 *         ),
 *         gcp.compute.SecurityPolicyRuleArgs(
 *             action="allow",
 *             priority=1000,
 *             match=gcp.compute.SecurityPolicyRuleMatchArgs(
 *                 expr=gcp.compute.SecurityPolicyRuleMatchExprArgs(
 *                     expression="request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2",
 *                 ),
 *             ),
 *             header_action=gcp.compute.SecurityPolicyRuleHeaderActionArgs(
 *                 request_headers_to_adds=[
 *                     gcp.compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs(
 *                         header_name="reCAPTCHA-Warning",
 *                         header_value="high",
 *                     ),
 *                     gcp.compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs(
 *                         header_name="X-Resource",
 *                         header_value="test",
 *                     ),
 *                 ],
 *             ),
 *         ),
 *     ])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var policy = new Gcp.Compute.SecurityPolicy("policy", new()
 *     {
 *         Name = "my-policy",
 *         Rules = new[]
 *         {
 *             new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
 *             {
 *                 Action = "allow",
 *                 Priority = 2147483647,
 *                 Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *                 {
 *                     VersionedExpr = "SRC_IPS_V1",
 *                     Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
 *                     {
 *                         SrcIpRanges = new[]
 *                         {
 *                             "*",
 *                         },
 *                     },
 *                 },
 *                 Description = "default rule",
 *             },
 *             new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
 *             {
 *                 Action = "allow",
 *                 Priority = 1000,
 *                 Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *                 {
 *                     Expr = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchExprArgs
 *                     {
 *                         Expression = "request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2",
 *                     },
 *                 },
 *                 HeaderAction = new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionArgs
 *                 {
 *                     RequestHeadersToAdds = new[]
 *                     {
 *                         new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs
 *                         {
 *                             HeaderName = "reCAPTCHA-Warning",
 *                             HeaderValue = "high",
 *                         },
 *                         new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs
 *                         {
 *                             HeaderName = "X-Resource",
 *                             HeaderValue = "test",
 *                         },
 *                     },
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := compute.NewSecurityPolicy(ctx, "policy", &compute.SecurityPolicyArgs{
 * 			Name: pulumi.String("my-policy"),
 * 			Rules: compute.SecurityPolicyRuleTypeArray{
 * 				&compute.SecurityPolicyRuleTypeArgs{
 * 					Action:   pulumi.String("allow"),
 * 					Priority: pulumi.Int(2147483647),
 * 					Match: &compute.SecurityPolicyRuleMatchArgs{
 * 						VersionedExpr: pulumi.String("SRC_IPS_V1"),
 * 						Config: &compute.SecurityPolicyRuleMatchConfigArgs{
 * 							SrcIpRanges: pulumi.StringArray{
 * 								pulumi.String("*"),
 * 							},
 * 						},
 * 					},
 * 					Description: pulumi.String("default rule"),
 * 				},
 * 				&compute.SecurityPolicyRuleTypeArgs{
 * 					Action:   pulumi.String("allow"),
 * 					Priority: pulumi.Int(1000),
 * 					Match: &compute.SecurityPolicyRuleMatchArgs{
 * 						Expr: &compute.SecurityPolicyRuleMatchExprArgs{
 * 							Expression: pulumi.String("request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2"),
 * 						},
 * 					},
 * 					HeaderAction: &compute.SecurityPolicyRuleHeaderActionArgs{
 * 						RequestHeadersToAdds: compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArray{
 * 							&compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs{
 * 								HeaderName:  pulumi.String("reCAPTCHA-Warning"),
 * 								HeaderValue: pulumi.String("high"),
 * 							},
 * 							&compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs{
 * 								HeaderName:  pulumi.String("X-Resource"),
 * 								HeaderValue: pulumi.String("test"),
 * 							},
 * 						},
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.compute.SecurityPolicy;
 * import com.pulumi.gcp.compute.SecurityPolicyArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchExprArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleHeaderActionArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
 *             .name("my-policy")
 *             .rules(
 *                 SecurityPolicyRuleArgs.builder()
 *                     .action("allow")
 *                     .priority("2147483647")
 *                     .match(SecurityPolicyRuleMatchArgs.builder()
 *                         .versionedExpr("SRC_IPS_V1")
 *                         .config(SecurityPolicyRuleMatchConfigArgs.builder()
 *                             .srcIpRanges("*")
 *                             .build())
 *                         .build())
 *                     .description("default rule")
 *                     .build(),
 *                 SecurityPolicyRuleArgs.builder()
 *                     .action("allow")
 *                     .priority("1000")
 *                     .match(SecurityPolicyRuleMatchArgs.builder()
 *                         .expr(SecurityPolicyRuleMatchExprArgs.builder()
 *                             .expression("request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2")
 *                             .build())
 *                         .build())
 *                     .headerAction(SecurityPolicyRuleHeaderActionArgs.builder()
 *                         .requestHeadersToAdds(
 *                             SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()
 *                                 .headerName("reCAPTCHA-Warning")
 *                                 .headerValue("high")
 *                                 .build(),
 *                             SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()
 *                                 .headerName("X-Resource")
 *                                 .headerValue("test")
 *                                 .build())
 *                         .build())
 *                     .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   policy:
 *     type: gcp:compute:SecurityPolicy
 *     properties:
 *       name: my-policy
 *       rules:
 *         - action: allow
 *           priority: '2147483647'
 *           match:
 *             versionedExpr: SRC_IPS_V1
 *             config:
 *               srcIpRanges:
 *                 - '*'
 *           description: default rule
 *         - action: allow
 *           priority: '1000'
 *           match:
 *             expr:
 *               expression: request.path.matches("/login.html") && token.recaptcha_session.score < 0.2
 *           headerAction:
 *             requestHeadersToAdds:
 *               - headerName: reCAPTCHA-Warning
 *                 headerValue: high
 *               - headerName: X-Resource
 *                 headerValue: test
 * ```
 * 
 * ### With EnforceOnKey Value As Empty String
 * A scenario example that won't cause any conflict between `enforce_on_key` and `enforce_on_key_configs`, because `enforce_on_key` was specified as an empty string:
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const policy = new gcp.compute.SecurityPolicy("policy", {
 *     name: "%s",
 *     description: "throttle rule with enforce_on_key_configs",
 *     rules: [{
 *         action: "throttle",
 *         priority: 2147483647,
 *         match: {
 *             versionedExpr: "SRC_IPS_V1",
 *             config: {
 *                 srcIpRanges: ["*"],
 *             },
 *         },
 *         description: "default rule",
 *         rateLimitOptions: {
 *             conformAction: "allow",
 *             exceedAction: "redirect",
 *             enforceOnKey: "",
 *             enforceOnKeyConfigs: [{
 *                 enforceOnKeyType: "IP",
 *             }],
 *             exceedRedirectOptions: {
 *                 type: "EXTERNAL_302",
 *                 target: "",
 *             },
 *             rateLimitThreshold: {
 *                 count: 10,
 *                 intervalSec: 60,
 *             },
 *         },
 *     }],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * policy = gcp.compute.SecurityPolicy("policy",
 *     name="%s",
 *     description="throttle rule with enforce_on_key_configs",
 *     rules=[gcp.compute.SecurityPolicyRuleArgs(
 *         action="throttle",
 *         priority=2147483647,
 *         match=gcp.compute.SecurityPolicyRuleMatchArgs(
 *             versioned_expr="SRC_IPS_V1",
 *             config=gcp.compute.SecurityPolicyRuleMatchConfigArgs(
 *                 src_ip_ranges=["*"],
 *             ),
 *         ),
 *         description="default rule",
 *         rate_limit_options=gcp.compute.SecurityPolicyRuleRateLimitOptionsArgs(
 *             conform_action="allow",
 *             exceed_action="redirect",
 *             enforce_on_key="",
 *             enforce_on_key_configs=[gcp.compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs(
 *                 enforce_on_key_type="IP",
 *             )],
 *             exceed_redirect_options=gcp.compute.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs(
 *                 type="EXTERNAL_302",
 *                 target="",
 *             ),
 *             rate_limit_threshold=gcp.compute.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs(
 *                 count=10,
 *                 interval_sec=60,
 *             ),
 *         ),
 *     )])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var policy = new Gcp.Compute.SecurityPolicy("policy", new()
 *     {
 *         Name = "%s",
 *         Description = "throttle rule with enforce_on_key_configs",
 *         Rules = new[]
 *         {
 *             new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
 *             {
 *                 Action = "throttle",
 *                 Priority = 2147483647,
 *                 Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *                 {
 *                     VersionedExpr = "SRC_IPS_V1",
 *                     Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
 *                     {
 *                         SrcIpRanges = new[]
 *                         {
 *                             "*",
 *                         },
 *                     },
 *                 },
 *                 Description = "default rule",
 *                 RateLimitOptions = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsArgs
 *                 {
 *                     ConformAction = "allow",
 *                     ExceedAction = "redirect",
 *                     EnforceOnKey = "",
 *                     EnforceOnKeyConfigs = new[]
 *                     {
 *                         new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs
 *                         {
 *                             EnforceOnKeyType = "IP",
 *                         },
 *                     },
 *                     ExceedRedirectOptions = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs
 *                     {
 *                         Type = "EXTERNAL_302",
 *                         Target = "",
 *                     },
 *                     RateLimitThreshold = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs
 *                     {
 *                         Count = 10,
 *                         IntervalSec = 60,
 *                     },
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := compute.NewSecurityPolicy(ctx, "policy", &compute.SecurityPolicyArgs{
 * 			Name:        pulumi.String("%s"),
 * 			Description: pulumi.String("throttle rule with enforce_on_key_configs"),
 * 			Rules: compute.SecurityPolicyRuleTypeArray{
 * 				&compute.SecurityPolicyRuleTypeArgs{
 * 					Action:   pulumi.String("throttle"),
 * 					Priority: pulumi.Int(2147483647),
 * 					Match: &compute.SecurityPolicyRuleMatchArgs{
 * 						VersionedExpr: pulumi.String("SRC_IPS_V1"),
 * 						Config: &compute.SecurityPolicyRuleMatchConfigArgs{
 * 							SrcIpRanges: pulumi.StringArray{
 * 								pulumi.String("*"),
 * 							},
 * 						},
 * 					},
 * 					Description: pulumi.String("default rule"),
 * 					RateLimitOptions: &compute.SecurityPolicyRuleRateLimitOptionsArgs{
 * 						ConformAction: pulumi.String("allow"),
 * 						ExceedAction:  pulumi.String("redirect"),
 * 						EnforceOnKey:  pulumi.String(""),
 * 						EnforceOnKeyConfigs: compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArray{
 * 							&compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs{
 * 								EnforceOnKeyType: pulumi.String("IP"),
 * 							},
 * 						},
 * 						ExceedRedirectOptions: &compute.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs{
 * 							Type:   pulumi.String("EXTERNAL_302"),
 * 							Target: pulumi.String(""),
 * 						},
 * 						RateLimitThreshold: &compute.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs{
 * 							Count:       pulumi.Int(10),
 * 							IntervalSec: pulumi.Int(60),
 * 						},
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.compute.SecurityPolicy;
 * import com.pulumi.gcp.compute.SecurityPolicyArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
 *             .name("%s")
 *             .description("throttle rule with enforce_on_key_configs")
 *             .rules(SecurityPolicyRuleArgs.builder()
 *                 .action("throttle")
 *                 .priority("2147483647")
 *                 .match(SecurityPolicyRuleMatchArgs.builder()
 *                     .versionedExpr("SRC_IPS_V1")
 *                     .config(SecurityPolicyRuleMatchConfigArgs.builder()
 *                         .srcIpRanges("*")
 *                         .build())
 *                     .build())
 *                 .description("default rule")
 *                 .rateLimitOptions(SecurityPolicyRuleRateLimitOptionsArgs.builder()
 *                     .conformAction("allow")
 *                     .exceedAction("redirect")
 *                     .enforceOnKey("")
 *                     .enforceOnKeyConfigs(SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs.builder()
 *                         .enforceOnKeyType("IP")
 *                         .build())
 *                     .exceedRedirectOptions(SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs.builder()
 *                         .type("EXTERNAL_302")
 *                         .target("")
 *                         .build())
 *                     .rateLimitThreshold(SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs.builder()
 *                         .count(10)
 *                         .intervalSec(60)
 *                         .build())
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   policy:
 *     type: gcp:compute:SecurityPolicy
 *     properties:
 *       name: '%s'
 *       description: throttle rule with enforce_on_key_configs
 *       rules:
 *         - action: throttle
 *           priority: '2147483647'
 *           match:
 *             versionedExpr: SRC_IPS_V1
 *             config:
 *               srcIpRanges:
 *                 - '*'
 *           description: default rule
 *           rateLimitOptions:
 *             conformAction: allow
 *             exceedAction: redirect
 *             enforceOnKey:
 *             enforceOnKeyConfigs:
 *               - enforceOnKeyType: IP
 *             exceedRedirectOptions:
 *               type: EXTERNAL_302
 *               target: 
 *             rateLimitThreshold:
 *               count: 10
 *               intervalSec: 60
 * ```
 * 
 * ## Import
 * Security policies can be imported using any of these accepted formats:
 * * `projects/{{project}}/global/securityPolicies/{{name}}`
 * * `{{project}}/{{name}}`
 * * `{{name}}`
 * When using the `pulumi import` command, security policies can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:compute/securityPolicy:SecurityPolicy default projects/{{project}}/global/securityPolicies/{{name}}
 * ```
 * ```sh
 * $ pulumi import gcp:compute/securityPolicy:SecurityPolicy default {{project}}/{{name}}
 * ```
 * ```sh
 * $ pulumi import gcp:compute/securityPolicy:SecurityPolicy default {{name}}
 * ```
 */
public class SecurityPolicy internal constructor(
    override val javaResource: com.pulumi.gcp.compute.SecurityPolicy,
) : KotlinCustomResource(javaResource, SecurityPolicyMapper) {
    /**
     * Configuration for [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview?hl=en). Structure is documented below.
     */
    public val adaptiveProtectionConfig: Output?
        get() = javaResource.adaptiveProtectionConfig().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.let({ args0 -> securityPolicyAdaptiveProtectionConfigToKotlin(args0) })
            }).orElse(null)
        })

    /**
     * [Advanced Configuration Options](https://cloud.google.com/armor/docs/security-policy-overview#json-parsing).
     * Structure is documented below.
     */
    public val advancedOptionsConfig: Output
        get() = javaResource.advancedOptionsConfig().applyValue({ args0 ->
            args0.let({ args0 ->
                securityPolicyAdvancedOptionsConfigToKotlin(args0)
            })
        })

    /**
     * An optional description of this security policy. Max size is 2048.
     */
    public val description: Output?
        get() = javaResource.description().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * Fingerprint of this resource.
     */
    public val fingerprint: Output
        get() = javaResource.fingerprint().applyValue({ args0 -> args0 })

    /**
     * The name of the security policy.
     * - - -
     */
    public val name: Output
        get() = javaResource.name().applyValue({ args0 -> args0 })

    /**
     * The project in which the resource belongs. If it
     * is not provided, the provider project is used.
     */
    public val project: Output
        get() = javaResource.project().applyValue({ args0 -> args0 })

    /**
     * [reCAPTCHA Configuration Options](https://cloud.google.com/armor/docs/configure-security-policies?hl=en#use_a_manual_challenge_to_distinguish_between_human_or_automated_clients). Structure is documented below.
     */
    public val recaptchaOptionsConfig: Output?
        get() = javaResource.recaptchaOptionsConfig().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.let({ args0 -> securityPolicyRecaptchaOptionsConfigToKotlin(args0) })
            }).orElse(null)
        })

    /**
     * The set of rules that belong to this policy. There must always be a default
     * rule (rule with priority 2147483647 and match "\*"). If no rules are provided when creating a
     * security policy, a default rule with action "allow" will be added. Structure is documented below.
     */
    public val rules: Output>
        get() = javaResource.rules().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.let({ args0 ->
                    securityPolicyRuleToKotlin(args0)
                })
            })
        })

    /**
     * The URI of the created resource.
     */
    public val selfLink: Output
        get() = javaResource.selfLink().applyValue({ args0 -> args0 })

    /**
     * The type indicates the intended use of the security policy. This field can be set only at resource creation time.
     * * `CLOUD_ARMOR` - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services.
     * They filter requests before they hit the origin servers.
     * * `CLOUD_ARMOR_EDGE` - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services
     * (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage).
     * They filter requests before the request is served from Google's cache.
     * * `CLOUD_ARMOR_INTERNAL_SERVICE` - Cloud Armor internal service policies can be configured to filter HTTP requests targeting services
     * managed by Traffic Director in a service mesh. They filter requests before the request is served from the application.
     */
    public val type: Output
        get() = javaResource.type().applyValue({ args0 -> args0 })
}

public object SecurityPolicyMapper : ResourceMapper {
    override fun supportsMappingOfType(javaResource: Resource): Boolean =
        com.pulumi.gcp.compute.SecurityPolicy::class == javaResource::class

    override fun map(javaResource: Resource): SecurityPolicy = SecurityPolicy(
        javaResource as
            com.pulumi.gcp.compute.SecurityPolicy,
    )
}

/**
 * @see [SecurityPolicy].
 * @param name The _unique_ name of the resulting resource.
 * @param block Builder for [SecurityPolicy].
 */
public suspend fun securityPolicy(
    name: String,
    block: suspend SecurityPolicyResourceBuilder.() -> Unit,
): SecurityPolicy {
    val builder = SecurityPolicyResourceBuilder()
    builder.name(name)
    block(builder)
    return builder.build()
}

/**
 * @see [SecurityPolicy].
 * @param name The _unique_ name of the resulting resource.
 */
public fun securityPolicy(name: String): SecurityPolicy {
    val builder = SecurityPolicyResourceBuilder()
    builder.name(name)
    return builder.build()
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy