com.pulumi.gcp.compute.kotlin.SecurityPolicy.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.compute.kotlin
import com.pulumi.core.Output
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyAdaptiveProtectionConfig
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyAdvancedOptionsConfig
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyRecaptchaOptionsConfig
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyRule
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyAdaptiveProtectionConfig.Companion.toKotlin as securityPolicyAdaptiveProtectionConfigToKotlin
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyAdvancedOptionsConfig.Companion.toKotlin as securityPolicyAdvancedOptionsConfigToKotlin
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyRecaptchaOptionsConfig.Companion.toKotlin as securityPolicyRecaptchaOptionsConfigToKotlin
import com.pulumi.gcp.compute.kotlin.outputs.SecurityPolicyRule.Companion.toKotlin as securityPolicyRuleToKotlin
/**
* Builder for [SecurityPolicy].
*/
@PulumiTagMarker
public class SecurityPolicyResourceBuilder internal constructor() {
public var name: String? = null
public var args: SecurityPolicyArgs = SecurityPolicyArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend SecurityPolicyArgsBuilder.() -> Unit) {
val builder = SecurityPolicyArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): SecurityPolicy {
val builtJavaResource = com.pulumi.gcp.compute.SecurityPolicy(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return SecurityPolicy(builtJavaResource)
}
}
/**
* A Security Policy defines an IP blacklist or whitelist that protects load balanced Google Cloud services by denying or permitting traffic from specified IP ranges. For more information
* see the [official documentation](https://cloud.google.com/armor/docs/configure-security-policies)
* and the [API](https://cloud.google.com/compute/docs/reference/rest/beta/securityPolicies).
* Security Policy is used by google_compute_backend_service.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const policy = new gcp.compute.SecurityPolicy("policy", {
* name: "my-policy",
* rules: [
* {
* action: "deny(403)",
* priority: 1000,
* match: {
* versionedExpr: "SRC_IPS_V1",
* config: {
* srcIpRanges: ["9.9.9.0/24"],
* },
* },
* description: "Deny access to IPs in 9.9.9.0/24",
* },
* {
* action: "allow",
* priority: 2147483647,
* match: {
* versionedExpr: "SRC_IPS_V1",
* config: {
* srcIpRanges: ["*"],
* },
* },
* description: "default rule",
* },
* ],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* policy = gcp.compute.SecurityPolicy("policy",
* name="my-policy",
* rules=[
* gcp.compute.SecurityPolicyRuleArgs(
* action="deny(403)",
* priority=1000,
* match=gcp.compute.SecurityPolicyRuleMatchArgs(
* versioned_expr="SRC_IPS_V1",
* config=gcp.compute.SecurityPolicyRuleMatchConfigArgs(
* src_ip_ranges=["9.9.9.0/24"],
* ),
* ),
* description="Deny access to IPs in 9.9.9.0/24",
* ),
* gcp.compute.SecurityPolicyRuleArgs(
* action="allow",
* priority=2147483647,
* match=gcp.compute.SecurityPolicyRuleMatchArgs(
* versioned_expr="SRC_IPS_V1",
* config=gcp.compute.SecurityPolicyRuleMatchConfigArgs(
* src_ip_ranges=["*"],
* ),
* ),
* description="default rule",
* ),
* ])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var policy = new Gcp.Compute.SecurityPolicy("policy", new()
* {
* Name = "my-policy",
* Rules = new[]
* {
* new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
* {
* Action = "deny(403)",
* Priority = 1000,
* Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
* {
* VersionedExpr = "SRC_IPS_V1",
* Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
* {
* SrcIpRanges = new[]
* {
* "9.9.9.0/24",
* },
* },
* },
* Description = "Deny access to IPs in 9.9.9.0/24",
* },
* new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
* {
* Action = "allow",
* Priority = 2147483647,
* Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
* {
* VersionedExpr = "SRC_IPS_V1",
* Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
* {
* SrcIpRanges = new[]
* {
* "*",
* },
* },
* },
* Description = "default rule",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := compute.NewSecurityPolicy(ctx, "policy", &compute.SecurityPolicyArgs{
* Name: pulumi.String("my-policy"),
* Rules: compute.SecurityPolicyRuleTypeArray{
* &compute.SecurityPolicyRuleTypeArgs{
* Action: pulumi.String("deny(403)"),
* Priority: pulumi.Int(1000),
* Match: &compute.SecurityPolicyRuleMatchArgs{
* VersionedExpr: pulumi.String("SRC_IPS_V1"),
* Config: &compute.SecurityPolicyRuleMatchConfigArgs{
* SrcIpRanges: pulumi.StringArray{
* pulumi.String("9.9.9.0/24"),
* },
* },
* },
* Description: pulumi.String("Deny access to IPs in 9.9.9.0/24"),
* },
* &compute.SecurityPolicyRuleTypeArgs{
* Action: pulumi.String("allow"),
* Priority: pulumi.Int(2147483647),
* Match: &compute.SecurityPolicyRuleMatchArgs{
* VersionedExpr: pulumi.String("SRC_IPS_V1"),
* Config: &compute.SecurityPolicyRuleMatchConfigArgs{
* SrcIpRanges: pulumi.StringArray{
* pulumi.String("*"),
* },
* },
* },
* Description: pulumi.String("default rule"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.SecurityPolicy;
* import com.pulumi.gcp.compute.SecurityPolicyArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
* .name("my-policy")
* .rules(
* SecurityPolicyRuleArgs.builder()
* .action("deny(403)")
* .priority("1000")
* .match(SecurityPolicyRuleMatchArgs.builder()
* .versionedExpr("SRC_IPS_V1")
* .config(SecurityPolicyRuleMatchConfigArgs.builder()
* .srcIpRanges("9.9.9.0/24")
* .build())
* .build())
* .description("Deny access to IPs in 9.9.9.0/24")
* .build(),
* SecurityPolicyRuleArgs.builder()
* .action("allow")
* .priority("2147483647")
* .match(SecurityPolicyRuleMatchArgs.builder()
* .versionedExpr("SRC_IPS_V1")
* .config(SecurityPolicyRuleMatchConfigArgs.builder()
* .srcIpRanges("*")
* .build())
* .build())
* .description("default rule")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:compute:SecurityPolicy
* properties:
* name: my-policy
* rules:
* - action: deny(403)
* priority: '1000'
* match:
* versionedExpr: SRC_IPS_V1
* config:
* srcIpRanges:
* - 9.9.9.0/24
* description: Deny access to IPs in 9.9.9.0/24
* - action: allow
* priority: '2147483647'
* match:
* versionedExpr: SRC_IPS_V1
* config:
* srcIpRanges:
* - '*'
* description: default rule
* ```
*
* ### With ReCAPTCHA Configuration Options
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const primary = new gcp.recaptcha.EnterpriseKey("primary", {
* displayName: "display-name",
* labels: {
* "label-one": "value-one",
* },
* project: "my-project-name",
* webSettings: {
* integrationType: "INVISIBLE",
* allowAllDomains: true,
* allowedDomains: ["localhost"],
* },
* });
* const policy = new gcp.compute.SecurityPolicy("policy", {
* name: "my-policy",
* description: "basic security policy",
* type: "CLOUD_ARMOR",
* recaptchaOptionsConfig: {
* redirectSiteKey: primary.name,
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* primary = gcp.recaptcha.EnterpriseKey("primary",
* display_name="display-name",
* labels={
* "label-one": "value-one",
* },
* project="my-project-name",
* web_settings=gcp.recaptcha.EnterpriseKeyWebSettingsArgs(
* integration_type="INVISIBLE",
* allow_all_domains=True,
* allowed_domains=["localhost"],
* ))
* policy = gcp.compute.SecurityPolicy("policy",
* name="my-policy",
* description="basic security policy",
* type="CLOUD_ARMOR",
* recaptcha_options_config=gcp.compute.SecurityPolicyRecaptchaOptionsConfigArgs(
* redirect_site_key=primary.name,
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var primary = new Gcp.Recaptcha.EnterpriseKey("primary", new()
* {
* DisplayName = "display-name",
* Labels =
* {
* { "label-one", "value-one" },
* },
* Project = "my-project-name",
* WebSettings = new Gcp.Recaptcha.Inputs.EnterpriseKeyWebSettingsArgs
* {
* IntegrationType = "INVISIBLE",
* AllowAllDomains = true,
* AllowedDomains = new[]
* {
* "localhost",
* },
* },
* });
* var policy = new Gcp.Compute.SecurityPolicy("policy", new()
* {
* Name = "my-policy",
* Description = "basic security policy",
* Type = "CLOUD_ARMOR",
* RecaptchaOptionsConfig = new Gcp.Compute.Inputs.SecurityPolicyRecaptchaOptionsConfigArgs
* {
* RedirectSiteKey = primary.Name,
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/recaptcha"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* primary, err := recaptcha.NewEnterpriseKey(ctx, "primary", &recaptcha.EnterpriseKeyArgs{
* DisplayName: pulumi.String("display-name"),
* Labels: pulumi.StringMap{
* "label-one": pulumi.String("value-one"),
* },
* Project: pulumi.String("my-project-name"),
* WebSettings: &recaptcha.EnterpriseKeyWebSettingsArgs{
* IntegrationType: pulumi.String("INVISIBLE"),
* AllowAllDomains: pulumi.Bool(true),
* AllowedDomains: pulumi.StringArray{
* pulumi.String("localhost"),
* },
* },
* })
* if err != nil {
* return err
* }
* _, err = compute.NewSecurityPolicy(ctx, "policy", &compute.SecurityPolicyArgs{
* Name: pulumi.String("my-policy"),
* Description: pulumi.String("basic security policy"),
* Type: pulumi.String("CLOUD_ARMOR"),
* RecaptchaOptionsConfig: &compute.SecurityPolicyRecaptchaOptionsConfigArgs{
* RedirectSiteKey: primary.Name,
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.recaptcha.EnterpriseKey;
* import com.pulumi.gcp.recaptcha.EnterpriseKeyArgs;
* import com.pulumi.gcp.recaptcha.inputs.EnterpriseKeyWebSettingsArgs;
* import com.pulumi.gcp.compute.SecurityPolicy;
* import com.pulumi.gcp.compute.SecurityPolicyArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRecaptchaOptionsConfigArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var primary = new EnterpriseKey("primary", EnterpriseKeyArgs.builder()
* .displayName("display-name")
* .labels(Map.of("label-one", "value-one"))
* .project("my-project-name")
* .webSettings(EnterpriseKeyWebSettingsArgs.builder()
* .integrationType("INVISIBLE")
* .allowAllDomains(true)
* .allowedDomains("localhost")
* .build())
* .build());
* var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
* .name("my-policy")
* .description("basic security policy")
* .type("CLOUD_ARMOR")
* .recaptchaOptionsConfig(SecurityPolicyRecaptchaOptionsConfigArgs.builder()
* .redirectSiteKey(primary.name())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* primary:
* type: gcp:recaptcha:EnterpriseKey
* properties:
* displayName: display-name
* labels:
* label-one: value-one
* project: my-project-name
* webSettings:
* integrationType: INVISIBLE
* allowAllDomains: true
* allowedDomains:
* - localhost
* policy:
* type: gcp:compute:SecurityPolicy
* properties:
* name: my-policy
* description: basic security policy
* type: CLOUD_ARMOR
* recaptchaOptionsConfig:
* redirectSiteKey: ${primary.name}
* ```
*
* ### With Header Actions
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const policy = new gcp.compute.SecurityPolicy("policy", {
* name: "my-policy",
* rules: [
* {
* action: "allow",
* priority: 2147483647,
* match: {
* versionedExpr: "SRC_IPS_V1",
* config: {
* srcIpRanges: ["*"],
* },
* },
* description: "default rule",
* },
* {
* action: "allow",
* priority: 1000,
* match: {
* expr: {
* expression: "request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2",
* },
* },
* headerAction: {
* requestHeadersToAdds: [
* {
* headerName: "reCAPTCHA-Warning",
* headerValue: "high",
* },
* {
* headerName: "X-Resource",
* headerValue: "test",
* },
* ],
* },
* },
* ],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* policy = gcp.compute.SecurityPolicy("policy",
* name="my-policy",
* rules=[
* gcp.compute.SecurityPolicyRuleArgs(
* action="allow",
* priority=2147483647,
* match=gcp.compute.SecurityPolicyRuleMatchArgs(
* versioned_expr="SRC_IPS_V1",
* config=gcp.compute.SecurityPolicyRuleMatchConfigArgs(
* src_ip_ranges=["*"],
* ),
* ),
* description="default rule",
* ),
* gcp.compute.SecurityPolicyRuleArgs(
* action="allow",
* priority=1000,
* match=gcp.compute.SecurityPolicyRuleMatchArgs(
* expr=gcp.compute.SecurityPolicyRuleMatchExprArgs(
* expression="request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2",
* ),
* ),
* header_action=gcp.compute.SecurityPolicyRuleHeaderActionArgs(
* request_headers_to_adds=[
* gcp.compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs(
* header_name="reCAPTCHA-Warning",
* header_value="high",
* ),
* gcp.compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs(
* header_name="X-Resource",
* header_value="test",
* ),
* ],
* ),
* ),
* ])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var policy = new Gcp.Compute.SecurityPolicy("policy", new()
* {
* Name = "my-policy",
* Rules = new[]
* {
* new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
* {
* Action = "allow",
* Priority = 2147483647,
* Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
* {
* VersionedExpr = "SRC_IPS_V1",
* Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
* {
* SrcIpRanges = new[]
* {
* "*",
* },
* },
* },
* Description = "default rule",
* },
* new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
* {
* Action = "allow",
* Priority = 1000,
* Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
* {
* Expr = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchExprArgs
* {
* Expression = "request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2",
* },
* },
* HeaderAction = new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionArgs
* {
* RequestHeadersToAdds = new[]
* {
* new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs
* {
* HeaderName = "reCAPTCHA-Warning",
* HeaderValue = "high",
* },
* new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs
* {
* HeaderName = "X-Resource",
* HeaderValue = "test",
* },
* },
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := compute.NewSecurityPolicy(ctx, "policy", &compute.SecurityPolicyArgs{
* Name: pulumi.String("my-policy"),
* Rules: compute.SecurityPolicyRuleTypeArray{
* &compute.SecurityPolicyRuleTypeArgs{
* Action: pulumi.String("allow"),
* Priority: pulumi.Int(2147483647),
* Match: &compute.SecurityPolicyRuleMatchArgs{
* VersionedExpr: pulumi.String("SRC_IPS_V1"),
* Config: &compute.SecurityPolicyRuleMatchConfigArgs{
* SrcIpRanges: pulumi.StringArray{
* pulumi.String("*"),
* },
* },
* },
* Description: pulumi.String("default rule"),
* },
* &compute.SecurityPolicyRuleTypeArgs{
* Action: pulumi.String("allow"),
* Priority: pulumi.Int(1000),
* Match: &compute.SecurityPolicyRuleMatchArgs{
* Expr: &compute.SecurityPolicyRuleMatchExprArgs{
* Expression: pulumi.String("request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2"),
* },
* },
* HeaderAction: &compute.SecurityPolicyRuleHeaderActionArgs{
* RequestHeadersToAdds: compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArray{
* &compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs{
* HeaderName: pulumi.String("reCAPTCHA-Warning"),
* HeaderValue: pulumi.String("high"),
* },
* &compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs{
* HeaderName: pulumi.String("X-Resource"),
* HeaderValue: pulumi.String("test"),
* },
* },
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.SecurityPolicy;
* import com.pulumi.gcp.compute.SecurityPolicyArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchExprArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleHeaderActionArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
* .name("my-policy")
* .rules(
* SecurityPolicyRuleArgs.builder()
* .action("allow")
* .priority("2147483647")
* .match(SecurityPolicyRuleMatchArgs.builder()
* .versionedExpr("SRC_IPS_V1")
* .config(SecurityPolicyRuleMatchConfigArgs.builder()
* .srcIpRanges("*")
* .build())
* .build())
* .description("default rule")
* .build(),
* SecurityPolicyRuleArgs.builder()
* .action("allow")
* .priority("1000")
* .match(SecurityPolicyRuleMatchArgs.builder()
* .expr(SecurityPolicyRuleMatchExprArgs.builder()
* .expression("request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2")
* .build())
* .build())
* .headerAction(SecurityPolicyRuleHeaderActionArgs.builder()
* .requestHeadersToAdds(
* SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()
* .headerName("reCAPTCHA-Warning")
* .headerValue("high")
* .build(),
* SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()
* .headerName("X-Resource")
* .headerValue("test")
* .build())
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:compute:SecurityPolicy
* properties:
* name: my-policy
* rules:
* - action: allow
* priority: '2147483647'
* match:
* versionedExpr: SRC_IPS_V1
* config:
* srcIpRanges:
* - '*'
* description: default rule
* - action: allow
* priority: '1000'
* match:
* expr:
* expression: request.path.matches("/login.html") && token.recaptcha_session.score < 0.2
* headerAction:
* requestHeadersToAdds:
* - headerName: reCAPTCHA-Warning
* headerValue: high
* - headerName: X-Resource
* headerValue: test
* ```
*
* ### With EnforceOnKey Value As Empty String
* A scenario example that won't cause any conflict between `enforce_on_key` and `enforce_on_key_configs`, because `enforce_on_key` was specified as an empty string:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const policy = new gcp.compute.SecurityPolicy("policy", {
* name: "%s",
* description: "throttle rule with enforce_on_key_configs",
* rules: [{
* action: "throttle",
* priority: 2147483647,
* match: {
* versionedExpr: "SRC_IPS_V1",
* config: {
* srcIpRanges: ["*"],
* },
* },
* description: "default rule",
* rateLimitOptions: {
* conformAction: "allow",
* exceedAction: "redirect",
* enforceOnKey: "",
* enforceOnKeyConfigs: [{
* enforceOnKeyType: "IP",
* }],
* exceedRedirectOptions: {
* type: "EXTERNAL_302",
* target: "",
* },
* rateLimitThreshold: {
* count: 10,
* intervalSec: 60,
* },
* },
* }],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* policy = gcp.compute.SecurityPolicy("policy",
* name="%s",
* description="throttle rule with enforce_on_key_configs",
* rules=[gcp.compute.SecurityPolicyRuleArgs(
* action="throttle",
* priority=2147483647,
* match=gcp.compute.SecurityPolicyRuleMatchArgs(
* versioned_expr="SRC_IPS_V1",
* config=gcp.compute.SecurityPolicyRuleMatchConfigArgs(
* src_ip_ranges=["*"],
* ),
* ),
* description="default rule",
* rate_limit_options=gcp.compute.SecurityPolicyRuleRateLimitOptionsArgs(
* conform_action="allow",
* exceed_action="redirect",
* enforce_on_key="",
* enforce_on_key_configs=[gcp.compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs(
* enforce_on_key_type="IP",
* )],
* exceed_redirect_options=gcp.compute.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs(
* type="EXTERNAL_302",
* target="",
* ),
* rate_limit_threshold=gcp.compute.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs(
* count=10,
* interval_sec=60,
* ),
* ),
* )])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var policy = new Gcp.Compute.SecurityPolicy("policy", new()
* {
* Name = "%s",
* Description = "throttle rule with enforce_on_key_configs",
* Rules = new[]
* {
* new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
* {
* Action = "throttle",
* Priority = 2147483647,
* Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
* {
* VersionedExpr = "SRC_IPS_V1",
* Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
* {
* SrcIpRanges = new[]
* {
* "*",
* },
* },
* },
* Description = "default rule",
* RateLimitOptions = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsArgs
* {
* ConformAction = "allow",
* ExceedAction = "redirect",
* EnforceOnKey = "",
* EnforceOnKeyConfigs = new[]
* {
* new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs
* {
* EnforceOnKeyType = "IP",
* },
* },
* ExceedRedirectOptions = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs
* {
* Type = "EXTERNAL_302",
* Target = "",
* },
* RateLimitThreshold = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs
* {
* Count = 10,
* IntervalSec = 60,
* },
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := compute.NewSecurityPolicy(ctx, "policy", &compute.SecurityPolicyArgs{
* Name: pulumi.String("%s"),
* Description: pulumi.String("throttle rule with enforce_on_key_configs"),
* Rules: compute.SecurityPolicyRuleTypeArray{
* &compute.SecurityPolicyRuleTypeArgs{
* Action: pulumi.String("throttle"),
* Priority: pulumi.Int(2147483647),
* Match: &compute.SecurityPolicyRuleMatchArgs{
* VersionedExpr: pulumi.String("SRC_IPS_V1"),
* Config: &compute.SecurityPolicyRuleMatchConfigArgs{
* SrcIpRanges: pulumi.StringArray{
* pulumi.String("*"),
* },
* },
* },
* Description: pulumi.String("default rule"),
* RateLimitOptions: &compute.SecurityPolicyRuleRateLimitOptionsArgs{
* ConformAction: pulumi.String("allow"),
* ExceedAction: pulumi.String("redirect"),
* EnforceOnKey: pulumi.String(""),
* EnforceOnKeyConfigs: compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArray{
* &compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs{
* EnforceOnKeyType: pulumi.String("IP"),
* },
* },
* ExceedRedirectOptions: &compute.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs{
* Type: pulumi.String("EXTERNAL_302"),
* Target: pulumi.String(""),
* },
* RateLimitThreshold: &compute.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs{
* Count: pulumi.Int(10),
* IntervalSec: pulumi.Int(60),
* },
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.SecurityPolicy;
* import com.pulumi.gcp.compute.SecurityPolicyArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
* .name("%s")
* .description("throttle rule with enforce_on_key_configs")
* .rules(SecurityPolicyRuleArgs.builder()
* .action("throttle")
* .priority("2147483647")
* .match(SecurityPolicyRuleMatchArgs.builder()
* .versionedExpr("SRC_IPS_V1")
* .config(SecurityPolicyRuleMatchConfigArgs.builder()
* .srcIpRanges("*")
* .build())
* .build())
* .description("default rule")
* .rateLimitOptions(SecurityPolicyRuleRateLimitOptionsArgs.builder()
* .conformAction("allow")
* .exceedAction("redirect")
* .enforceOnKey("")
* .enforceOnKeyConfigs(SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs.builder()
* .enforceOnKeyType("IP")
* .build())
* .exceedRedirectOptions(SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs.builder()
* .type("EXTERNAL_302")
* .target("")
* .build())
* .rateLimitThreshold(SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs.builder()
* .count(10)
* .intervalSec(60)
* .build())
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:compute:SecurityPolicy
* properties:
* name: '%s'
* description: throttle rule with enforce_on_key_configs
* rules:
* - action: throttle
* priority: '2147483647'
* match:
* versionedExpr: SRC_IPS_V1
* config:
* srcIpRanges:
* - '*'
* description: default rule
* rateLimitOptions:
* conformAction: allow
* exceedAction: redirect
* enforceOnKey:
* enforceOnKeyConfigs:
* - enforceOnKeyType: IP
* exceedRedirectOptions:
* type: EXTERNAL_302
* target:
* rateLimitThreshold:
* count: 10
* intervalSec: 60
* ```
*
* ## Import
* Security policies can be imported using any of these accepted formats:
* * `projects/{{project}}/global/securityPolicies/{{name}}`
* * `{{project}}/{{name}}`
* * `{{name}}`
* When using the `pulumi import` command, security policies can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:compute/securityPolicy:SecurityPolicy default projects/{{project}}/global/securityPolicies/{{name}}
* ```
* ```sh
* $ pulumi import gcp:compute/securityPolicy:SecurityPolicy default {{project}}/{{name}}
* ```
* ```sh
* $ pulumi import gcp:compute/securityPolicy:SecurityPolicy default {{name}}
* ```
*/
public class SecurityPolicy internal constructor(
override val javaResource: com.pulumi.gcp.compute.SecurityPolicy,
) : KotlinCustomResource(javaResource, SecurityPolicyMapper) {
/**
* Configuration for [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview?hl=en). Structure is documented below.
*/
public val adaptiveProtectionConfig: Output?
get() = javaResource.adaptiveProtectionConfig().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> securityPolicyAdaptiveProtectionConfigToKotlin(args0) })
}).orElse(null)
})
/**
* [Advanced Configuration Options](https://cloud.google.com/armor/docs/security-policy-overview#json-parsing).
* Structure is documented below.
*/
public val advancedOptionsConfig: Output
get() = javaResource.advancedOptionsConfig().applyValue({ args0 ->
args0.let({ args0 ->
securityPolicyAdvancedOptionsConfigToKotlin(args0)
})
})
/**
* An optional description of this security policy. Max size is 2048.
*/
public val description: Output?
get() = javaResource.description().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Fingerprint of this resource.
*/
public val fingerprint: Output
get() = javaResource.fingerprint().applyValue({ args0 -> args0 })
/**
* The name of the security policy.
* - - -
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* The project in which the resource belongs. If it
* is not provided, the provider project is used.
*/
public val project: Output
get() = javaResource.project().applyValue({ args0 -> args0 })
/**
* [reCAPTCHA Configuration Options](https://cloud.google.com/armor/docs/configure-security-policies?hl=en#use_a_manual_challenge_to_distinguish_between_human_or_automated_clients). Structure is documented below.
*/
public val recaptchaOptionsConfig: Output?
get() = javaResource.recaptchaOptionsConfig().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> securityPolicyRecaptchaOptionsConfigToKotlin(args0) })
}).orElse(null)
})
/**
* The set of rules that belong to this policy. There must always be a default
* rule (rule with priority 2147483647 and match "\*"). If no rules are provided when creating a
* security policy, a default rule with action "allow" will be added. Structure is documented below.
*/
public val rules: Output>
get() = javaResource.rules().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
securityPolicyRuleToKotlin(args0)
})
})
})
/**
* The URI of the created resource.
*/
public val selfLink: Output
get() = javaResource.selfLink().applyValue({ args0 -> args0 })
/**
* The type indicates the intended use of the security policy. This field can be set only at resource creation time.
* * `CLOUD_ARMOR` - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services.
* They filter requests before they hit the origin servers.
* * `CLOUD_ARMOR_EDGE` - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services
* (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage).
* They filter requests before the request is served from Google's cache.
* * `CLOUD_ARMOR_INTERNAL_SERVICE` - Cloud Armor internal service policies can be configured to filter HTTP requests targeting services
* managed by Traffic Director in a service mesh. They filter requests before the request is served from the application.
*/
public val type: Output
get() = javaResource.type().applyValue({ args0 -> args0 })
}
public object SecurityPolicyMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.gcp.compute.SecurityPolicy::class == javaResource::class
override fun map(javaResource: Resource): SecurityPolicy = SecurityPolicy(
javaResource as
com.pulumi.gcp.compute.SecurityPolicy,
)
}
/**
* @see [SecurityPolicy].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [SecurityPolicy].
*/
public suspend fun securityPolicy(
name: String,
block: suspend SecurityPolicyResourceBuilder.() -> Unit,
): SecurityPolicy {
val builder = SecurityPolicyResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [SecurityPolicy].
* @param name The _unique_ name of the resulting resource.
*/
public fun securityPolicy(name: String): SecurityPolicy {
val builder = SecurityPolicyResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy