All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.compute.kotlin.SecurityPolicyArgs.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.compute.kotlin

import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.compute.SecurityPolicyArgs.builder
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyAdaptiveProtectionConfigArgs
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyAdaptiveProtectionConfigArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyAdvancedOptionsConfigArgs
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyAdvancedOptionsConfigArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRecaptchaOptionsConfigArgs
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRecaptchaOptionsConfigArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleArgs
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName

/**
 * A Security Policy defines an IP blacklist or whitelist that protects load balanced Google Cloud services by denying or permitting traffic from specified IP ranges. For more information
 * see the [official documentation](https://cloud.google.com/armor/docs/configure-security-policies)
 * and the [API](https://cloud.google.com/compute/docs/reference/rest/beta/securityPolicies).
 * Security Policy is used by google_compute_backend_service.
 * ## Example Usage
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const policy = new gcp.compute.SecurityPolicy("policy", {
 *     name: "my-policy",
 *     rules: [
 *         {
 *             action: "deny(403)",
 *             priority: 1000,
 *             match: {
 *                 versionedExpr: "SRC_IPS_V1",
 *                 config: {
 *                     srcIpRanges: ["9.9.9.0/24"],
 *                 },
 *             },
 *             description: "Deny access to IPs in 9.9.9.0/24",
 *         },
 *         {
 *             action: "allow",
 *             priority: 2147483647,
 *             match: {
 *                 versionedExpr: "SRC_IPS_V1",
 *                 config: {
 *                     srcIpRanges: ["*"],
 *                 },
 *             },
 *             description: "default rule",
 *         },
 *     ],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * policy = gcp.compute.SecurityPolicy("policy",
 *     name="my-policy",
 *     rules=[
 *         gcp.compute.SecurityPolicyRuleArgs(
 *             action="deny(403)",
 *             priority=1000,
 *             match=gcp.compute.SecurityPolicyRuleMatchArgs(
 *                 versioned_expr="SRC_IPS_V1",
 *                 config=gcp.compute.SecurityPolicyRuleMatchConfigArgs(
 *                     src_ip_ranges=["9.9.9.0/24"],
 *                 ),
 *             ),
 *             description="Deny access to IPs in 9.9.9.0/24",
 *         ),
 *         gcp.compute.SecurityPolicyRuleArgs(
 *             action="allow",
 *             priority=2147483647,
 *             match=gcp.compute.SecurityPolicyRuleMatchArgs(
 *                 versioned_expr="SRC_IPS_V1",
 *                 config=gcp.compute.SecurityPolicyRuleMatchConfigArgs(
 *                     src_ip_ranges=["*"],
 *                 ),
 *             ),
 *             description="default rule",
 *         ),
 *     ])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var policy = new Gcp.Compute.SecurityPolicy("policy", new()
 *     {
 *         Name = "my-policy",
 *         Rules = new[]
 *         {
 *             new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
 *             {
 *                 Action = "deny(403)",
 *                 Priority = 1000,
 *                 Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *                 {
 *                     VersionedExpr = "SRC_IPS_V1",
 *                     Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
 *                     {
 *                         SrcIpRanges = new[]
 *                         {
 *                             "9.9.9.0/24",
 *                         },
 *                     },
 *                 },
 *                 Description = "Deny access to IPs in 9.9.9.0/24",
 *             },
 *             new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
 *             {
 *                 Action = "allow",
 *                 Priority = 2147483647,
 *                 Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *                 {
 *                     VersionedExpr = "SRC_IPS_V1",
 *                     Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
 *                     {
 *                         SrcIpRanges = new[]
 *                         {
 *                             "*",
 *                         },
 *                     },
 *                 },
 *                 Description = "default rule",
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := compute.NewSecurityPolicy(ctx, "policy", &compute.SecurityPolicyArgs{
 * 			Name: pulumi.String("my-policy"),
 * 			Rules: compute.SecurityPolicyRuleTypeArray{
 * 				&compute.SecurityPolicyRuleTypeArgs{
 * 					Action:   pulumi.String("deny(403)"),
 * 					Priority: pulumi.Int(1000),
 * 					Match: &compute.SecurityPolicyRuleMatchArgs{
 * 						VersionedExpr: pulumi.String("SRC_IPS_V1"),
 * 						Config: &compute.SecurityPolicyRuleMatchConfigArgs{
 * 							SrcIpRanges: pulumi.StringArray{
 * 								pulumi.String("9.9.9.0/24"),
 * 							},
 * 						},
 * 					},
 * 					Description: pulumi.String("Deny access to IPs in 9.9.9.0/24"),
 * 				},
 * 				&compute.SecurityPolicyRuleTypeArgs{
 * 					Action:   pulumi.String("allow"),
 * 					Priority: pulumi.Int(2147483647),
 * 					Match: &compute.SecurityPolicyRuleMatchArgs{
 * 						VersionedExpr: pulumi.String("SRC_IPS_V1"),
 * 						Config: &compute.SecurityPolicyRuleMatchConfigArgs{
 * 							SrcIpRanges: pulumi.StringArray{
 * 								pulumi.String("*"),
 * 							},
 * 						},
 * 					},
 * 					Description: pulumi.String("default rule"),
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.compute.SecurityPolicy;
 * import com.pulumi.gcp.compute.SecurityPolicyArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
 *             .name("my-policy")
 *             .rules(
 *                 SecurityPolicyRuleArgs.builder()
 *                     .action("deny(403)")
 *                     .priority("1000")
 *                     .match(SecurityPolicyRuleMatchArgs.builder()
 *                         .versionedExpr("SRC_IPS_V1")
 *                         .config(SecurityPolicyRuleMatchConfigArgs.builder()
 *                             .srcIpRanges("9.9.9.0/24")
 *                             .build())
 *                         .build())
 *                     .description("Deny access to IPs in 9.9.9.0/24")
 *                     .build(),
 *                 SecurityPolicyRuleArgs.builder()
 *                     .action("allow")
 *                     .priority("2147483647")
 *                     .match(SecurityPolicyRuleMatchArgs.builder()
 *                         .versionedExpr("SRC_IPS_V1")
 *                         .config(SecurityPolicyRuleMatchConfigArgs.builder()
 *                             .srcIpRanges("*")
 *                             .build())
 *                         .build())
 *                     .description("default rule")
 *                     .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   policy:
 *     type: gcp:compute:SecurityPolicy
 *     properties:
 *       name: my-policy
 *       rules:
 *         - action: deny(403)
 *           priority: '1000'
 *           match:
 *             versionedExpr: SRC_IPS_V1
 *             config:
 *               srcIpRanges:
 *                 - 9.9.9.0/24
 *           description: Deny access to IPs in 9.9.9.0/24
 *         - action: allow
 *           priority: '2147483647'
 *           match:
 *             versionedExpr: SRC_IPS_V1
 *             config:
 *               srcIpRanges:
 *                 - '*'
 *           description: default rule
 * ```
 * 
 * ### With ReCAPTCHA Configuration Options
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const primary = new gcp.recaptcha.EnterpriseKey("primary", {
 *     displayName: "display-name",
 *     labels: {
 *         "label-one": "value-one",
 *     },
 *     project: "my-project-name",
 *     webSettings: {
 *         integrationType: "INVISIBLE",
 *         allowAllDomains: true,
 *         allowedDomains: ["localhost"],
 *     },
 * });
 * const policy = new gcp.compute.SecurityPolicy("policy", {
 *     name: "my-policy",
 *     description: "basic security policy",
 *     type: "CLOUD_ARMOR",
 *     recaptchaOptionsConfig: {
 *         redirectSiteKey: primary.name,
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * primary = gcp.recaptcha.EnterpriseKey("primary",
 *     display_name="display-name",
 *     labels={
 *         "label-one": "value-one",
 *     },
 *     project="my-project-name",
 *     web_settings=gcp.recaptcha.EnterpriseKeyWebSettingsArgs(
 *         integration_type="INVISIBLE",
 *         allow_all_domains=True,
 *         allowed_domains=["localhost"],
 *     ))
 * policy = gcp.compute.SecurityPolicy("policy",
 *     name="my-policy",
 *     description="basic security policy",
 *     type="CLOUD_ARMOR",
 *     recaptcha_options_config=gcp.compute.SecurityPolicyRecaptchaOptionsConfigArgs(
 *         redirect_site_key=primary.name,
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var primary = new Gcp.Recaptcha.EnterpriseKey("primary", new()
 *     {
 *         DisplayName = "display-name",
 *         Labels =
 *         {
 *             { "label-one", "value-one" },
 *         },
 *         Project = "my-project-name",
 *         WebSettings = new Gcp.Recaptcha.Inputs.EnterpriseKeyWebSettingsArgs
 *         {
 *             IntegrationType = "INVISIBLE",
 *             AllowAllDomains = true,
 *             AllowedDomains = new[]
 *             {
 *                 "localhost",
 *             },
 *         },
 *     });
 *     var policy = new Gcp.Compute.SecurityPolicy("policy", new()
 *     {
 *         Name = "my-policy",
 *         Description = "basic security policy",
 *         Type = "CLOUD_ARMOR",
 *         RecaptchaOptionsConfig = new Gcp.Compute.Inputs.SecurityPolicyRecaptchaOptionsConfigArgs
 *         {
 *             RedirectSiteKey = primary.Name,
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/recaptcha"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		primary, err := recaptcha.NewEnterpriseKey(ctx, "primary", &recaptcha.EnterpriseKeyArgs{
 * 			DisplayName: pulumi.String("display-name"),
 * 			Labels: pulumi.StringMap{
 * 				"label-one": pulumi.String("value-one"),
 * 			},
 * 			Project: pulumi.String("my-project-name"),
 * 			WebSettings: &recaptcha.EnterpriseKeyWebSettingsArgs{
 * 				IntegrationType: pulumi.String("INVISIBLE"),
 * 				AllowAllDomains: pulumi.Bool(true),
 * 				AllowedDomains: pulumi.StringArray{
 * 					pulumi.String("localhost"),
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = compute.NewSecurityPolicy(ctx, "policy", &compute.SecurityPolicyArgs{
 * 			Name:        pulumi.String("my-policy"),
 * 			Description: pulumi.String("basic security policy"),
 * 			Type:        pulumi.String("CLOUD_ARMOR"),
 * 			RecaptchaOptionsConfig: &compute.SecurityPolicyRecaptchaOptionsConfigArgs{
 * 				RedirectSiteKey: primary.Name,
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.recaptcha.EnterpriseKey;
 * import com.pulumi.gcp.recaptcha.EnterpriseKeyArgs;
 * import com.pulumi.gcp.recaptcha.inputs.EnterpriseKeyWebSettingsArgs;
 * import com.pulumi.gcp.compute.SecurityPolicy;
 * import com.pulumi.gcp.compute.SecurityPolicyArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRecaptchaOptionsConfigArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var primary = new EnterpriseKey("primary", EnterpriseKeyArgs.builder()
 *             .displayName("display-name")
 *             .labels(Map.of("label-one", "value-one"))
 *             .project("my-project-name")
 *             .webSettings(EnterpriseKeyWebSettingsArgs.builder()
 *                 .integrationType("INVISIBLE")
 *                 .allowAllDomains(true)
 *                 .allowedDomains("localhost")
 *                 .build())
 *             .build());
 *         var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
 *             .name("my-policy")
 *             .description("basic security policy")
 *             .type("CLOUD_ARMOR")
 *             .recaptchaOptionsConfig(SecurityPolicyRecaptchaOptionsConfigArgs.builder()
 *                 .redirectSiteKey(primary.name())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   primary:
 *     type: gcp:recaptcha:EnterpriseKey
 *     properties:
 *       displayName: display-name
 *       labels:
 *         label-one: value-one
 *       project: my-project-name
 *       webSettings:
 *         integrationType: INVISIBLE
 *         allowAllDomains: true
 *         allowedDomains:
 *           - localhost
 *   policy:
 *     type: gcp:compute:SecurityPolicy
 *     properties:
 *       name: my-policy
 *       description: basic security policy
 *       type: CLOUD_ARMOR
 *       recaptchaOptionsConfig:
 *         redirectSiteKey: ${primary.name}
 * ```
 * 
 * ### With Header Actions
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const policy = new gcp.compute.SecurityPolicy("policy", {
 *     name: "my-policy",
 *     rules: [
 *         {
 *             action: "allow",
 *             priority: 2147483647,
 *             match: {
 *                 versionedExpr: "SRC_IPS_V1",
 *                 config: {
 *                     srcIpRanges: ["*"],
 *                 },
 *             },
 *             description: "default rule",
 *         },
 *         {
 *             action: "allow",
 *             priority: 1000,
 *             match: {
 *                 expr: {
 *                     expression: "request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2",
 *                 },
 *             },
 *             headerAction: {
 *                 requestHeadersToAdds: [
 *                     {
 *                         headerName: "reCAPTCHA-Warning",
 *                         headerValue: "high",
 *                     },
 *                     {
 *                         headerName: "X-Resource",
 *                         headerValue: "test",
 *                     },
 *                 ],
 *             },
 *         },
 *     ],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * policy = gcp.compute.SecurityPolicy("policy",
 *     name="my-policy",
 *     rules=[
 *         gcp.compute.SecurityPolicyRuleArgs(
 *             action="allow",
 *             priority=2147483647,
 *             match=gcp.compute.SecurityPolicyRuleMatchArgs(
 *                 versioned_expr="SRC_IPS_V1",
 *                 config=gcp.compute.SecurityPolicyRuleMatchConfigArgs(
 *                     src_ip_ranges=["*"],
 *                 ),
 *             ),
 *             description="default rule",
 *         ),
 *         gcp.compute.SecurityPolicyRuleArgs(
 *             action="allow",
 *             priority=1000,
 *             match=gcp.compute.SecurityPolicyRuleMatchArgs(
 *                 expr=gcp.compute.SecurityPolicyRuleMatchExprArgs(
 *                     expression="request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2",
 *                 ),
 *             ),
 *             header_action=gcp.compute.SecurityPolicyRuleHeaderActionArgs(
 *                 request_headers_to_adds=[
 *                     gcp.compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs(
 *                         header_name="reCAPTCHA-Warning",
 *                         header_value="high",
 *                     ),
 *                     gcp.compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs(
 *                         header_name="X-Resource",
 *                         header_value="test",
 *                     ),
 *                 ],
 *             ),
 *         ),
 *     ])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var policy = new Gcp.Compute.SecurityPolicy("policy", new()
 *     {
 *         Name = "my-policy",
 *         Rules = new[]
 *         {
 *             new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
 *             {
 *                 Action = "allow",
 *                 Priority = 2147483647,
 *                 Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *                 {
 *                     VersionedExpr = "SRC_IPS_V1",
 *                     Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
 *                     {
 *                         SrcIpRanges = new[]
 *                         {
 *                             "*",
 *                         },
 *                     },
 *                 },
 *                 Description = "default rule",
 *             },
 *             new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
 *             {
 *                 Action = "allow",
 *                 Priority = 1000,
 *                 Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *                 {
 *                     Expr = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchExprArgs
 *                     {
 *                         Expression = "request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2",
 *                     },
 *                 },
 *                 HeaderAction = new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionArgs
 *                 {
 *                     RequestHeadersToAdds = new[]
 *                     {
 *                         new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs
 *                         {
 *                             HeaderName = "reCAPTCHA-Warning",
 *                             HeaderValue = "high",
 *                         },
 *                         new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs
 *                         {
 *                             HeaderName = "X-Resource",
 *                             HeaderValue = "test",
 *                         },
 *                     },
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := compute.NewSecurityPolicy(ctx, "policy", &compute.SecurityPolicyArgs{
 * 			Name: pulumi.String("my-policy"),
 * 			Rules: compute.SecurityPolicyRuleTypeArray{
 * 				&compute.SecurityPolicyRuleTypeArgs{
 * 					Action:   pulumi.String("allow"),
 * 					Priority: pulumi.Int(2147483647),
 * 					Match: &compute.SecurityPolicyRuleMatchArgs{
 * 						VersionedExpr: pulumi.String("SRC_IPS_V1"),
 * 						Config: &compute.SecurityPolicyRuleMatchConfigArgs{
 * 							SrcIpRanges: pulumi.StringArray{
 * 								pulumi.String("*"),
 * 							},
 * 						},
 * 					},
 * 					Description: pulumi.String("default rule"),
 * 				},
 * 				&compute.SecurityPolicyRuleTypeArgs{
 * 					Action:   pulumi.String("allow"),
 * 					Priority: pulumi.Int(1000),
 * 					Match: &compute.SecurityPolicyRuleMatchArgs{
 * 						Expr: &compute.SecurityPolicyRuleMatchExprArgs{
 * 							Expression: pulumi.String("request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2"),
 * 						},
 * 					},
 * 					HeaderAction: &compute.SecurityPolicyRuleHeaderActionArgs{
 * 						RequestHeadersToAdds: compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArray{
 * 							&compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs{
 * 								HeaderName:  pulumi.String("reCAPTCHA-Warning"),
 * 								HeaderValue: pulumi.String("high"),
 * 							},
 * 							&compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs{
 * 								HeaderName:  pulumi.String("X-Resource"),
 * 								HeaderValue: pulumi.String("test"),
 * 							},
 * 						},
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.compute.SecurityPolicy;
 * import com.pulumi.gcp.compute.SecurityPolicyArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchExprArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleHeaderActionArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
 *             .name("my-policy")
 *             .rules(
 *                 SecurityPolicyRuleArgs.builder()
 *                     .action("allow")
 *                     .priority("2147483647")
 *                     .match(SecurityPolicyRuleMatchArgs.builder()
 *                         .versionedExpr("SRC_IPS_V1")
 *                         .config(SecurityPolicyRuleMatchConfigArgs.builder()
 *                             .srcIpRanges("*")
 *                             .build())
 *                         .build())
 *                     .description("default rule")
 *                     .build(),
 *                 SecurityPolicyRuleArgs.builder()
 *                     .action("allow")
 *                     .priority("1000")
 *                     .match(SecurityPolicyRuleMatchArgs.builder()
 *                         .expr(SecurityPolicyRuleMatchExprArgs.builder()
 *                             .expression("request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2")
 *                             .build())
 *                         .build())
 *                     .headerAction(SecurityPolicyRuleHeaderActionArgs.builder()
 *                         .requestHeadersToAdds(
 *                             SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()
 *                                 .headerName("reCAPTCHA-Warning")
 *                                 .headerValue("high")
 *                                 .build(),
 *                             SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()
 *                                 .headerName("X-Resource")
 *                                 .headerValue("test")
 *                                 .build())
 *                         .build())
 *                     .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   policy:
 *     type: gcp:compute:SecurityPolicy
 *     properties:
 *       name: my-policy
 *       rules:
 *         - action: allow
 *           priority: '2147483647'
 *           match:
 *             versionedExpr: SRC_IPS_V1
 *             config:
 *               srcIpRanges:
 *                 - '*'
 *           description: default rule
 *         - action: allow
 *           priority: '1000'
 *           match:
 *             expr:
 *               expression: request.path.matches("/login.html") && token.recaptcha_session.score < 0.2
 *           headerAction:
 *             requestHeadersToAdds:
 *               - headerName: reCAPTCHA-Warning
 *                 headerValue: high
 *               - headerName: X-Resource
 *                 headerValue: test
 * ```
 * 
 * ### With EnforceOnKey Value As Empty String
 * A scenario example that won't cause any conflict between `enforce_on_key` and `enforce_on_key_configs`, because `enforce_on_key` was specified as an empty string:
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const policy = new gcp.compute.SecurityPolicy("policy", {
 *     name: "%s",
 *     description: "throttle rule with enforce_on_key_configs",
 *     rules: [{
 *         action: "throttle",
 *         priority: 2147483647,
 *         match: {
 *             versionedExpr: "SRC_IPS_V1",
 *             config: {
 *                 srcIpRanges: ["*"],
 *             },
 *         },
 *         description: "default rule",
 *         rateLimitOptions: {
 *             conformAction: "allow",
 *             exceedAction: "redirect",
 *             enforceOnKey: "",
 *             enforceOnKeyConfigs: [{
 *                 enforceOnKeyType: "IP",
 *             }],
 *             exceedRedirectOptions: {
 *                 type: "EXTERNAL_302",
 *                 target: "",
 *             },
 *             rateLimitThreshold: {
 *                 count: 10,
 *                 intervalSec: 60,
 *             },
 *         },
 *     }],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * policy = gcp.compute.SecurityPolicy("policy",
 *     name="%s",
 *     description="throttle rule with enforce_on_key_configs",
 *     rules=[gcp.compute.SecurityPolicyRuleArgs(
 *         action="throttle",
 *         priority=2147483647,
 *         match=gcp.compute.SecurityPolicyRuleMatchArgs(
 *             versioned_expr="SRC_IPS_V1",
 *             config=gcp.compute.SecurityPolicyRuleMatchConfigArgs(
 *                 src_ip_ranges=["*"],
 *             ),
 *         ),
 *         description="default rule",
 *         rate_limit_options=gcp.compute.SecurityPolicyRuleRateLimitOptionsArgs(
 *             conform_action="allow",
 *             exceed_action="redirect",
 *             enforce_on_key="",
 *             enforce_on_key_configs=[gcp.compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs(
 *                 enforce_on_key_type="IP",
 *             )],
 *             exceed_redirect_options=gcp.compute.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs(
 *                 type="EXTERNAL_302",
 *                 target="",
 *             ),
 *             rate_limit_threshold=gcp.compute.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs(
 *                 count=10,
 *                 interval_sec=60,
 *             ),
 *         ),
 *     )])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var policy = new Gcp.Compute.SecurityPolicy("policy", new()
 *     {
 *         Name = "%s",
 *         Description = "throttle rule with enforce_on_key_configs",
 *         Rules = new[]
 *         {
 *             new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
 *             {
 *                 Action = "throttle",
 *                 Priority = 2147483647,
 *                 Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *                 {
 *                     VersionedExpr = "SRC_IPS_V1",
 *                     Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
 *                     {
 *                         SrcIpRanges = new[]
 *                         {
 *                             "*",
 *                         },
 *                     },
 *                 },
 *                 Description = "default rule",
 *                 RateLimitOptions = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsArgs
 *                 {
 *                     ConformAction = "allow",
 *                     ExceedAction = "redirect",
 *                     EnforceOnKey = "",
 *                     EnforceOnKeyConfigs = new[]
 *                     {
 *                         new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs
 *                         {
 *                             EnforceOnKeyType = "IP",
 *                         },
 *                     },
 *                     ExceedRedirectOptions = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs
 *                     {
 *                         Type = "EXTERNAL_302",
 *                         Target = "",
 *                     },
 *                     RateLimitThreshold = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs
 *                     {
 *                         Count = 10,
 *                         IntervalSec = 60,
 *                     },
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := compute.NewSecurityPolicy(ctx, "policy", &compute.SecurityPolicyArgs{
 * 			Name:        pulumi.String("%s"),
 * 			Description: pulumi.String("throttle rule with enforce_on_key_configs"),
 * 			Rules: compute.SecurityPolicyRuleTypeArray{
 * 				&compute.SecurityPolicyRuleTypeArgs{
 * 					Action:   pulumi.String("throttle"),
 * 					Priority: pulumi.Int(2147483647),
 * 					Match: &compute.SecurityPolicyRuleMatchArgs{
 * 						VersionedExpr: pulumi.String("SRC_IPS_V1"),
 * 						Config: &compute.SecurityPolicyRuleMatchConfigArgs{
 * 							SrcIpRanges: pulumi.StringArray{
 * 								pulumi.String("*"),
 * 							},
 * 						},
 * 					},
 * 					Description: pulumi.String("default rule"),
 * 					RateLimitOptions: &compute.SecurityPolicyRuleRateLimitOptionsArgs{
 * 						ConformAction: pulumi.String("allow"),
 * 						ExceedAction:  pulumi.String("redirect"),
 * 						EnforceOnKey:  pulumi.String(""),
 * 						EnforceOnKeyConfigs: compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArray{
 * 							&compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs{
 * 								EnforceOnKeyType: pulumi.String("IP"),
 * 							},
 * 						},
 * 						ExceedRedirectOptions: &compute.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs{
 * 							Type:   pulumi.String("EXTERNAL_302"),
 * 							Target: pulumi.String(""),
 * 						},
 * 						RateLimitThreshold: &compute.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs{
 * 							Count:       pulumi.Int(10),
 * 							IntervalSec: pulumi.Int(60),
 * 						},
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.compute.SecurityPolicy;
 * import com.pulumi.gcp.compute.SecurityPolicyArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
 *             .name("%s")
 *             .description("throttle rule with enforce_on_key_configs")
 *             .rules(SecurityPolicyRuleArgs.builder()
 *                 .action("throttle")
 *                 .priority("2147483647")
 *                 .match(SecurityPolicyRuleMatchArgs.builder()
 *                     .versionedExpr("SRC_IPS_V1")
 *                     .config(SecurityPolicyRuleMatchConfigArgs.builder()
 *                         .srcIpRanges("*")
 *                         .build())
 *                     .build())
 *                 .description("default rule")
 *                 .rateLimitOptions(SecurityPolicyRuleRateLimitOptionsArgs.builder()
 *                     .conformAction("allow")
 *                     .exceedAction("redirect")
 *                     .enforceOnKey("")
 *                     .enforceOnKeyConfigs(SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs.builder()
 *                         .enforceOnKeyType("IP")
 *                         .build())
 *                     .exceedRedirectOptions(SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs.builder()
 *                         .type("EXTERNAL_302")
 *                         .target("")
 *                         .build())
 *                     .rateLimitThreshold(SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs.builder()
 *                         .count(10)
 *                         .intervalSec(60)
 *                         .build())
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   policy:
 *     type: gcp:compute:SecurityPolicy
 *     properties:
 *       name: '%s'
 *       description: throttle rule with enforce_on_key_configs
 *       rules:
 *         - action: throttle
 *           priority: '2147483647'
 *           match:
 *             versionedExpr: SRC_IPS_V1
 *             config:
 *               srcIpRanges:
 *                 - '*'
 *           description: default rule
 *           rateLimitOptions:
 *             conformAction: allow
 *             exceedAction: redirect
 *             enforceOnKey:
 *             enforceOnKeyConfigs:
 *               - enforceOnKeyType: IP
 *             exceedRedirectOptions:
 *               type: EXTERNAL_302
 *               target: 
 *             rateLimitThreshold:
 *               count: 10
 *               intervalSec: 60
 * ```
 * 
 * ## Import
 * Security policies can be imported using any of these accepted formats:
 * * `projects/{{project}}/global/securityPolicies/{{name}}`
 * * `{{project}}/{{name}}`
 * * `{{name}}`
 * When using the `pulumi import` command, security policies can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:compute/securityPolicy:SecurityPolicy default projects/{{project}}/global/securityPolicies/{{name}}
 * ```
 * ```sh
 * $ pulumi import gcp:compute/securityPolicy:SecurityPolicy default {{project}}/{{name}}
 * ```
 * ```sh
 * $ pulumi import gcp:compute/securityPolicy:SecurityPolicy default {{name}}
 * ```
 * @property adaptiveProtectionConfig Configuration for [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview?hl=en). Structure is documented below.
 * @property advancedOptionsConfig [Advanced Configuration Options](https://cloud.google.com/armor/docs/security-policy-overview#json-parsing).
 * Structure is documented below.
 * @property description An optional description of this security policy. Max size is 2048.
 * @property name The name of the security policy.
 * - - -
 * @property project The project in which the resource belongs. If it
 * is not provided, the provider project is used.
 * @property recaptchaOptionsConfig [reCAPTCHA Configuration Options](https://cloud.google.com/armor/docs/configure-security-policies?hl=en#use_a_manual_challenge_to_distinguish_between_human_or_automated_clients). Structure is documented below.
 * @property rules The set of rules that belong to this policy. There must always be a default
 * rule (rule with priority 2147483647 and match "\*"). If no rules are provided when creating a
 * security policy, a default rule with action "allow" will be added. Structure is documented below.
 * @property type The type indicates the intended use of the security policy. This field can be set only at resource creation time.
 * * `CLOUD_ARMOR` - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services.
 * They filter requests before they hit the origin servers.
 * * `CLOUD_ARMOR_EDGE` - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services
 * (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage).
 * They filter requests before the request is served from Google's cache.
 * * `CLOUD_ARMOR_INTERNAL_SERVICE` - Cloud Armor internal service policies can be configured to filter HTTP requests targeting services
 * managed by Traffic Director in a service mesh. They filter requests before the request is served from the application.
 */
public data class SecurityPolicyArgs(
    public val adaptiveProtectionConfig: Output? = null,
    public val advancedOptionsConfig: Output? = null,
    public val description: Output? = null,
    public val name: Output? = null,
    public val project: Output? = null,
    public val recaptchaOptionsConfig: Output? = null,
    public val rules: Output>? = null,
    public val type: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.gcp.compute.SecurityPolicyArgs =
        com.pulumi.gcp.compute.SecurityPolicyArgs.builder()
            .adaptiveProtectionConfig(
                adaptiveProtectionConfig?.applyValue({ args0 ->
                    args0.let({ args0 ->
                        args0.toJava()
                    })
                }),
            )
            .advancedOptionsConfig(
                advancedOptionsConfig?.applyValue({ args0 ->
                    args0.let({ args0 ->
                        args0.toJava()
                    })
                }),
            )
            .description(description?.applyValue({ args0 -> args0 }))
            .name(name?.applyValue({ args0 -> args0 }))
            .project(project?.applyValue({ args0 -> args0 }))
            .recaptchaOptionsConfig(
                recaptchaOptionsConfig?.applyValue({ args0 ->
                    args0.let({ args0 ->
                        args0.toJava()
                    })
                }),
            )
            .rules(rules?.applyValue({ args0 -> args0.map({ args0 -> args0.let({ args0 -> args0.toJava() }) }) }))
            .type(type?.applyValue({ args0 -> args0 })).build()
}

/**
 * Builder for [SecurityPolicyArgs].
 */
@PulumiTagMarker
public class SecurityPolicyArgsBuilder internal constructor() {
    private var adaptiveProtectionConfig: Output? = null

    private var advancedOptionsConfig: Output? = null

    private var description: Output? = null

    private var name: Output? = null

    private var project: Output? = null

    private var recaptchaOptionsConfig: Output? = null

    private var rules: Output>? = null

    private var type: Output? = null

    /**
     * @param value Configuration for [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview?hl=en). Structure is documented below.
     */
    @JvmName("rbpfkkvurlwovhmu")
    public suspend fun adaptiveProtectionConfig(`value`: Output) {
        this.adaptiveProtectionConfig = value
    }

    /**
     * @param value [Advanced Configuration Options](https://cloud.google.com/armor/docs/security-policy-overview#json-parsing).
     * Structure is documented below.
     */
    @JvmName("tmyejqmoetqescxm")
    public suspend fun advancedOptionsConfig(`value`: Output) {
        this.advancedOptionsConfig = value
    }

    /**
     * @param value An optional description of this security policy. Max size is 2048.
     */
    @JvmName("hdmqqwwjbrxcxosw")
    public suspend fun description(`value`: Output) {
        this.description = value
    }

    /**
     * @param value The name of the security policy.
     * - - -
     */
    @JvmName("evewvvxnfdvegerc")
    public suspend fun name(`value`: Output) {
        this.name = value
    }

    /**
     * @param value The project in which the resource belongs. If it
     * is not provided, the provider project is used.
     */
    @JvmName("svspilmatffccmpt")
    public suspend fun project(`value`: Output) {
        this.project = value
    }

    /**
     * @param value [reCAPTCHA Configuration Options](https://cloud.google.com/armor/docs/configure-security-policies?hl=en#use_a_manual_challenge_to_distinguish_between_human_or_automated_clients). Structure is documented below.
     */
    @JvmName("xiwihgipsrsxbywf")
    public suspend fun recaptchaOptionsConfig(`value`: Output) {
        this.recaptchaOptionsConfig = value
    }

    /**
     * @param value The set of rules that belong to this policy. There must always be a default
     * rule (rule with priority 2147483647 and match "\*"). If no rules are provided when creating a
     * security policy, a default rule with action "allow" will be added. Structure is documented below.
     */
    @JvmName("hhngauxuyxeqcjhq")
    public suspend fun rules(`value`: Output>) {
        this.rules = value
    }

    @JvmName("rkwdwpmwkrfhhpnk")
    public suspend fun rules(vararg values: Output) {
        this.rules = Output.all(values.asList())
    }

    /**
     * @param values The set of rules that belong to this policy. There must always be a default
     * rule (rule with priority 2147483647 and match "\*"). If no rules are provided when creating a
     * security policy, a default rule with action "allow" will be added. Structure is documented below.
     */
    @JvmName("yjigqsvdyxwvucig")
    public suspend fun rules(values: List>) {
        this.rules = Output.all(values)
    }

    /**
     * @param value The type indicates the intended use of the security policy. This field can be set only at resource creation time.
     * * `CLOUD_ARMOR` - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services.
     * They filter requests before they hit the origin servers.
     * * `CLOUD_ARMOR_EDGE` - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services
     * (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage).
     * They filter requests before the request is served from Google's cache.
     * * `CLOUD_ARMOR_INTERNAL_SERVICE` - Cloud Armor internal service policies can be configured to filter HTTP requests targeting services
     * managed by Traffic Director in a service mesh. They filter requests before the request is served from the application.
     */
    @JvmName("woujvndodvsvxpbv")
    public suspend fun type(`value`: Output) {
        this.type = value
    }

    /**
     * @param value Configuration for [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview?hl=en). Structure is documented below.
     */
    @JvmName("ketsihxaywbjgpoc")
    public suspend fun adaptiveProtectionConfig(`value`: SecurityPolicyAdaptiveProtectionConfigArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.adaptiveProtectionConfig = mapped
    }

    /**
     * @param argument Configuration for [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview?hl=en). Structure is documented below.
     */
    @JvmName("sapisulkrhogsyct")
    public suspend fun adaptiveProtectionConfig(argument: suspend SecurityPolicyAdaptiveProtectionConfigArgsBuilder.() -> Unit) {
        val toBeMapped = SecurityPolicyAdaptiveProtectionConfigArgsBuilder().applySuspend {
            argument()
        }.build()
        val mapped = of(toBeMapped)
        this.adaptiveProtectionConfig = mapped
    }

    /**
     * @param value [Advanced Configuration Options](https://cloud.google.com/armor/docs/security-policy-overview#json-parsing).
     * Structure is documented below.
     */
    @JvmName("egvmwgjymqejpuro")
    public suspend fun advancedOptionsConfig(`value`: SecurityPolicyAdvancedOptionsConfigArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.advancedOptionsConfig = mapped
    }

    /**
     * @param argument [Advanced Configuration Options](https://cloud.google.com/armor/docs/security-policy-overview#json-parsing).
     * Structure is documented below.
     */
    @JvmName("txaeyppkjvonffcf")
    public suspend fun advancedOptionsConfig(argument: suspend SecurityPolicyAdvancedOptionsConfigArgsBuilder.() -> Unit) {
        val toBeMapped = SecurityPolicyAdvancedOptionsConfigArgsBuilder().applySuspend {
            argument()
        }.build()
        val mapped = of(toBeMapped)
        this.advancedOptionsConfig = mapped
    }

    /**
     * @param value An optional description of this security policy. Max size is 2048.
     */
    @JvmName("rwkbasqunrmkceun")
    public suspend fun description(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.description = mapped
    }

    /**
     * @param value The name of the security policy.
     * - - -
     */
    @JvmName("gicumumxbrxulkuo")
    public suspend fun name(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.name = mapped
    }

    /**
     * @param value The project in which the resource belongs. If it
     * is not provided, the provider project is used.
     */
    @JvmName("mcyybtjvospsoamm")
    public suspend fun project(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.project = mapped
    }

    /**
     * @param value [reCAPTCHA Configuration Options](https://cloud.google.com/armor/docs/configure-security-policies?hl=en#use_a_manual_challenge_to_distinguish_between_human_or_automated_clients). Structure is documented below.
     */
    @JvmName("hxnalbqlydeurlgt")
    public suspend fun recaptchaOptionsConfig(`value`: SecurityPolicyRecaptchaOptionsConfigArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.recaptchaOptionsConfig = mapped
    }

    /**
     * @param argument [reCAPTCHA Configuration Options](https://cloud.google.com/armor/docs/configure-security-policies?hl=en#use_a_manual_challenge_to_distinguish_between_human_or_automated_clients). Structure is documented below.
     */
    @JvmName("uyrrrfwmmyeaacgy")
    public suspend fun recaptchaOptionsConfig(argument: suspend SecurityPolicyRecaptchaOptionsConfigArgsBuilder.() -> Unit) {
        val toBeMapped = SecurityPolicyRecaptchaOptionsConfigArgsBuilder().applySuspend {
            argument()
        }.build()
        val mapped = of(toBeMapped)
        this.recaptchaOptionsConfig = mapped
    }

    /**
     * @param value The set of rules that belong to this policy. There must always be a default
     * rule (rule with priority 2147483647 and match "\*"). If no rules are provided when creating a
     * security policy, a default rule with action "allow" will be added. Structure is documented below.
     */
    @JvmName("pagvotegnynvdafo")
    public suspend fun rules(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.rules = mapped
    }

    /**
     * @param argument The set of rules that belong to this policy. There must always be a default
     * rule (rule with priority 2147483647 and match "\*"). If no rules are provided when creating a
     * security policy, a default rule with action "allow" will be added. Structure is documented below.
     */
    @JvmName("opfqaikqfeycnacv")
    public suspend fun rules(argument: List Unit>) {
        val toBeMapped = argument.toList().map {
            SecurityPolicyRuleArgsBuilder().applySuspend {
                it()
            }.build()
        }
        val mapped = of(toBeMapped)
        this.rules = mapped
    }

    /**
     * @param argument The set of rules that belong to this policy. There must always be a default
     * rule (rule with priority 2147483647 and match "\*"). If no rules are provided when creating a
     * security policy, a default rule with action "allow" will be added. Structure is documented below.
     */
    @JvmName("lenpqtbltfwrpaxt")
    public suspend fun rules(vararg argument: suspend SecurityPolicyRuleArgsBuilder.() -> Unit) {
        val toBeMapped = argument.toList().map {
            SecurityPolicyRuleArgsBuilder().applySuspend {
                it()
            }.build()
        }
        val mapped = of(toBeMapped)
        this.rules = mapped
    }

    /**
     * @param argument The set of rules that belong to this policy. There must always be a default
     * rule (rule with priority 2147483647 and match "\*"). If no rules are provided when creating a
     * security policy, a default rule with action "allow" will be added. Structure is documented below.
     */
    @JvmName("wehaxesfnelcrpmd")
    public suspend fun rules(argument: suspend SecurityPolicyRuleArgsBuilder.() -> Unit) {
        val toBeMapped = listOf(SecurityPolicyRuleArgsBuilder().applySuspend { argument() }.build())
        val mapped = of(toBeMapped)
        this.rules = mapped
    }

    /**
     * @param values The set of rules that belong to this policy. There must always be a default
     * rule (rule with priority 2147483647 and match "\*"). If no rules are provided when creating a
     * security policy, a default rule with action "allow" will be added. Structure is documented below.
     */
    @JvmName("wmojigwqsbumnfnt")
    public suspend fun rules(vararg values: SecurityPolicyRuleArgs) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.rules = mapped
    }

    /**
     * @param value The type indicates the intended use of the security policy. This field can be set only at resource creation time.
     * * `CLOUD_ARMOR` - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services.
     * They filter requests before they hit the origin servers.
     * * `CLOUD_ARMOR_EDGE` - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services
     * (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage).
     * They filter requests before the request is served from Google's cache.
     * * `CLOUD_ARMOR_INTERNAL_SERVICE` - Cloud Armor internal service policies can be configured to filter HTTP requests targeting services
     * managed by Traffic Director in a service mesh. They filter requests before the request is served from the application.
     */
    @JvmName("seeodxslawcdmijn")
    public suspend fun type(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.type = mapped
    }

    internal fun build(): SecurityPolicyArgs = SecurityPolicyArgs(
        adaptiveProtectionConfig = adaptiveProtectionConfig,
        advancedOptionsConfig = advancedOptionsConfig,
        description = description,
        name = name,
        project = project,
        recaptchaOptionsConfig = recaptchaOptionsConfig,
        rules = rules,
        type = type,
    )
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy