com.pulumi.gcp.compute.kotlin.FirewallPolicyWithRules.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.compute.kotlin
import com.pulumi.core.Output
import com.pulumi.gcp.compute.kotlin.outputs.FirewallPolicyWithRulesPredefinedRule
import com.pulumi.gcp.compute.kotlin.outputs.FirewallPolicyWithRulesRule
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import com.pulumi.gcp.compute.kotlin.outputs.FirewallPolicyWithRulesPredefinedRule.Companion.toKotlin as firewallPolicyWithRulesPredefinedRuleToKotlin
import com.pulumi.gcp.compute.kotlin.outputs.FirewallPolicyWithRulesRule.Companion.toKotlin as firewallPolicyWithRulesRuleToKotlin
/**
* Builder for [FirewallPolicyWithRules].
*/
@PulumiTagMarker
public class FirewallPolicyWithRulesResourceBuilder internal constructor() {
public var name: String? = null
public var args: FirewallPolicyWithRulesArgs = FirewallPolicyWithRulesArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend FirewallPolicyWithRulesArgsBuilder.() -> Unit) {
val builder = FirewallPolicyWithRulesArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): FirewallPolicyWithRules {
val builtJavaResource = com.pulumi.gcp.compute.FirewallPolicyWithRules(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return FirewallPolicyWithRules(builtJavaResource)
}
}
/**
* ## Example Usage
* ### Compute Firewall Policy With Rules Full
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const project = gcp.organizations.getProject({});
* const addressGroup1 = new gcp.networksecurity.AddressGroup("address_group_1", {
* name: "tf-address-group",
* parent: "organizations/123456789",
* description: "Global address group",
* location: "global",
* items: ["208.80.154.224/32"],
* type: "IPV4",
* capacity: 100,
* });
* const securityProfile1 = new gcp.networksecurity.SecurityProfile("security_profile_1", {
* name: "tf-security-profile",
* type: "THREAT_PREVENTION",
* parent: "organizations/123456789",
* location: "global",
* });
* const securityProfileGroup1 = new gcp.networksecurity.SecurityProfileGroup("security_profile_group_1", {
* name: "tf-security-profile-group",
* parent: "organizations/123456789",
* description: "my description",
* threatPreventionProfile: securityProfile1.id,
* });
* const firewall_policy_with_rules = new gcp.compute.FirewallPolicyWithRules("firewall-policy-with-rules", {
* shortName: "tf-fw-org-policy-with-rules",
* description: "Terraform test",
* parent: "organizations/123456789",
* rules: [
* {
* description: "tcp rule",
* priority: 1000,
* enableLogging: true,
* action: "allow",
* direction: "EGRESS",
* match: {
* layer4Configs: [{
* ipProtocol: "tcp",
* ports: [
* "8080",
* "7070",
* ],
* }],
* destIpRanges: ["11.100.0.1/32"],
* destFqdns: [
* "www.yyy.com",
* "www.zzz.com",
* ],
* destRegionCodes: [
* "HK",
* "IN",
* ],
* destThreatIntelligences: [
* "iplist-search-engines-crawlers",
* "iplist-tor-exit-nodes",
* ],
* destAddressGroups: [addressGroup1.id],
* },
* targetResources: [project.then(project => `https://www.googleapis.com/compute/beta/projects/${project.name}/global/networks/default`)],
* },
* {
* description: "udp rule",
* priority: 2000,
* enableLogging: false,
* action: "deny",
* direction: "INGRESS",
* match: {
* layer4Configs: [{
* ipProtocol: "udp",
* }],
* srcIpRanges: ["0.0.0.0/0"],
* srcFqdns: [
* "www.abc.com",
* "www.def.com",
* ],
* srcRegionCodes: [
* "US",
* "CA",
* ],
* srcThreatIntelligences: [
* "iplist-known-malicious-ips",
* "iplist-public-clouds",
* ],
* srcAddressGroups: [addressGroup1.id],
* },
* disabled: true,
* },
* {
* description: "security profile group rule",
* ruleName: "tcp rule",
* priority: 3000,
* enableLogging: false,
* action: "apply_security_profile_group",
* direction: "INGRESS",
* match: {
* layer4Configs: [{
* ipProtocol: "tcp",
* }],
* srcIpRanges: ["0.0.0.0/0"],
* },
* targetServiceAccounts: ["test@google.com"],
* securityProfileGroup: pulumi.interpolate`//networksecurity.googleapis.com/${securityProfileGroup1.id}`,
* tlsInspect: true,
* },
* ],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* project = gcp.organizations.get_project()
* address_group1 = gcp.networksecurity.AddressGroup("address_group_1",
* name="tf-address-group",
* parent="organizations/123456789",
* description="Global address group",
* location="global",
* items=["208.80.154.224/32"],
* type="IPV4",
* capacity=100)
* security_profile1 = gcp.networksecurity.SecurityProfile("security_profile_1",
* name="tf-security-profile",
* type="THREAT_PREVENTION",
* parent="organizations/123456789",
* location="global")
* security_profile_group1 = gcp.networksecurity.SecurityProfileGroup("security_profile_group_1",
* name="tf-security-profile-group",
* parent="organizations/123456789",
* description="my description",
* threat_prevention_profile=security_profile1.id)
* firewall_policy_with_rules = gcp.compute.FirewallPolicyWithRules("firewall-policy-with-rules",
* short_name="tf-fw-org-policy-with-rules",
* description="Terraform test",
* parent="organizations/123456789",
* rules=[
* {
* "description": "tcp rule",
* "priority": 1000,
* "enable_logging": True,
* "action": "allow",
* "direction": "EGRESS",
* "match": {
* "layer4_configs": [{
* "ip_protocol": "tcp",
* "ports": [
* "8080",
* "7070",
* ],
* }],
* "dest_ip_ranges": ["11.100.0.1/32"],
* "dest_fqdns": [
* "www.yyy.com",
* "www.zzz.com",
* ],
* "dest_region_codes": [
* "HK",
* "IN",
* ],
* "dest_threat_intelligences": [
* "iplist-search-engines-crawlers",
* "iplist-tor-exit-nodes",
* ],
* "dest_address_groups": [address_group1.id],
* },
* "target_resources": [f"https://www.googleapis.com/compute/beta/projects/{project.name}/global/networks/default"],
* },
* {
* "description": "udp rule",
* "priority": 2000,
* "enable_logging": False,
* "action": "deny",
* "direction": "INGRESS",
* "match": {
* "layer4_configs": [{
* "ip_protocol": "udp",
* }],
* "src_ip_ranges": ["0.0.0.0/0"],
* "src_fqdns": [
* "www.abc.com",
* "www.def.com",
* ],
* "src_region_codes": [
* "US",
* "CA",
* ],
* "src_threat_intelligences": [
* "iplist-known-malicious-ips",
* "iplist-public-clouds",
* ],
* "src_address_groups": [address_group1.id],
* },
* "disabled": True,
* },
* {
* "description": "security profile group rule",
* "rule_name": "tcp rule",
* "priority": 3000,
* "enable_logging": False,
* "action": "apply_security_profile_group",
* "direction": "INGRESS",
* "match": {
* "layer4_configs": [{
* "ip_protocol": "tcp",
* }],
* "src_ip_ranges": ["0.0.0.0/0"],
* },
* "target_service_accounts": ["test@google.com"],
* "security_profile_group": security_profile_group1.id.apply(lambda id: f"//networksecurity.googleapis.com/{id}"),
* "tls_inspect": True,
* },
* ])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var project = Gcp.Organizations.GetProject.Invoke();
* var addressGroup1 = new Gcp.NetworkSecurity.AddressGroup("address_group_1", new()
* {
* Name = "tf-address-group",
* Parent = "organizations/123456789",
* Description = "Global address group",
* Location = "global",
* Items = new[]
* {
* "208.80.154.224/32",
* },
* Type = "IPV4",
* Capacity = 100,
* });
* var securityProfile1 = new Gcp.NetworkSecurity.SecurityProfile("security_profile_1", new()
* {
* Name = "tf-security-profile",
* Type = "THREAT_PREVENTION",
* Parent = "organizations/123456789",
* Location = "global",
* });
* var securityProfileGroup1 = new Gcp.NetworkSecurity.SecurityProfileGroup("security_profile_group_1", new()
* {
* Name = "tf-security-profile-group",
* Parent = "organizations/123456789",
* Description = "my description",
* ThreatPreventionProfile = securityProfile1.Id,
* });
* var firewall_policy_with_rules = new Gcp.Compute.FirewallPolicyWithRules("firewall-policy-with-rules", new()
* {
* ShortName = "tf-fw-org-policy-with-rules",
* Description = "Terraform test",
* Parent = "organizations/123456789",
* Rules = new[]
* {
* new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleArgs
* {
* Description = "tcp rule",
* Priority = 1000,
* EnableLogging = true,
* Action = "allow",
* Direction = "EGRESS",
* Match = new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchArgs
* {
* Layer4Configs = new[]
* {
* new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs
* {
* IpProtocol = "tcp",
* Ports = new[]
* {
* "8080",
* "7070",
* },
* },
* },
* DestIpRanges = new[]
* {
* "11.100.0.1/32",
* },
* DestFqdns = new[]
* {
* "www.yyy.com",
* "www.zzz.com",
* },
* DestRegionCodes = new[]
* {
* "HK",
* "IN",
* },
* DestThreatIntelligences = new[]
* {
* "iplist-search-engines-crawlers",
* "iplist-tor-exit-nodes",
* },
* DestAddressGroups = new[]
* {
* addressGroup1.Id,
* },
* },
* TargetResources = new[]
* {
* $"https://www.googleapis.com/compute/beta/projects/{project.Apply(getProjectResult => getProjectResult.Name)}/global/networks/default",
* },
* },
* new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleArgs
* {
* Description = "udp rule",
* Priority = 2000,
* EnableLogging = false,
* Action = "deny",
* Direction = "INGRESS",
* Match = new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchArgs
* {
* Layer4Configs = new[]
* {
* new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs
* {
* IpProtocol = "udp",
* },
* },
* SrcIpRanges = new[]
* {
* "0.0.0.0/0",
* },
* SrcFqdns = new[]
* {
* "www.abc.com",
* "www.def.com",
* },
* SrcRegionCodes = new[]
* {
* "US",
* "CA",
* },
* SrcThreatIntelligences = new[]
* {
* "iplist-known-malicious-ips",
* "iplist-public-clouds",
* },
* SrcAddressGroups = new[]
* {
* addressGroup1.Id,
* },
* },
* Disabled = true,
* },
* new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleArgs
* {
* Description = "security profile group rule",
* RuleName = "tcp rule",
* Priority = 3000,
* EnableLogging = false,
* Action = "apply_security_profile_group",
* Direction = "INGRESS",
* Match = new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchArgs
* {
* Layer4Configs = new[]
* {
* new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs
* {
* IpProtocol = "tcp",
* },
* },
* SrcIpRanges = new[]
* {
* "0.0.0.0/0",
* },
* },
* TargetServiceAccounts = new[]
* {
* "[email protected]",
* },
* SecurityProfileGroup = securityProfileGroup1.Id.Apply(id => $"//networksecurity.googleapis.com/{id}"),
* TlsInspect = true,
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
* if err != nil {
* return err
* }
* addressGroup1, err := networksecurity.NewAddressGroup(ctx, "address_group_1", &networksecurity.AddressGroupArgs{
* Name: pulumi.String("tf-address-group"),
* Parent: pulumi.String("organizations/123456789"),
* Description: pulumi.String("Global address group"),
* Location: pulumi.String("global"),
* Items: pulumi.StringArray{
* pulumi.String("208.80.154.224/32"),
* },
* Type: pulumi.String("IPV4"),
* Capacity: pulumi.Int(100),
* })
* if err != nil {
* return err
* }
* securityProfile1, err := networksecurity.NewSecurityProfile(ctx, "security_profile_1", &networksecurity.SecurityProfileArgs{
* Name: pulumi.String("tf-security-profile"),
* Type: pulumi.String("THREAT_PREVENTION"),
* Parent: pulumi.String("organizations/123456789"),
* Location: pulumi.String("global"),
* })
* if err != nil {
* return err
* }
* securityProfileGroup1, err := networksecurity.NewSecurityProfileGroup(ctx, "security_profile_group_1", &networksecurity.SecurityProfileGroupArgs{
* Name: pulumi.String("tf-security-profile-group"),
* Parent: pulumi.String("organizations/123456789"),
* Description: pulumi.String("my description"),
* ThreatPreventionProfile: securityProfile1.ID(),
* })
* if err != nil {
* return err
* }
* _, err = compute.NewFirewallPolicyWithRules(ctx, "firewall-policy-with-rules", &compute.FirewallPolicyWithRulesArgs{
* ShortName: pulumi.String("tf-fw-org-policy-with-rules"),
* Description: pulumi.String("Terraform test"),
* Parent: pulumi.String("organizations/123456789"),
* Rules: compute.FirewallPolicyWithRulesRuleArray{
* &compute.FirewallPolicyWithRulesRuleArgs{
* Description: pulumi.String("tcp rule"),
* Priority: pulumi.Int(1000),
* EnableLogging: pulumi.Bool(true),
* Action: pulumi.String("allow"),
* Direction: pulumi.String("EGRESS"),
* Match: &compute.FirewallPolicyWithRulesRuleMatchArgs{
* Layer4Configs: compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArray{
* &compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{
* IpProtocol: pulumi.String("tcp"),
* Ports: pulumi.StringArray{
* pulumi.String("8080"),
* pulumi.String("7070"),
* },
* },
* },
* DestIpRanges: pulumi.StringArray{
* pulumi.String("11.100.0.1/32"),
* },
* DestFqdns: pulumi.StringArray{
* pulumi.String("www.yyy.com"),
* pulumi.String("www.zzz.com"),
* },
* DestRegionCodes: pulumi.StringArray{
* pulumi.String("HK"),
* pulumi.String("IN"),
* },
* DestThreatIntelligences: pulumi.StringArray{
* pulumi.String("iplist-search-engines-crawlers"),
* pulumi.String("iplist-tor-exit-nodes"),
* },
* DestAddressGroups: pulumi.StringArray{
* addressGroup1.ID(),
* },
* },
* TargetResources: pulumi.StringArray{
* pulumi.Sprintf("https://www.googleapis.com/compute/beta/projects/%v/global/networks/default", project.Name),
* },
* },
* &compute.FirewallPolicyWithRulesRuleArgs{
* Description: pulumi.String("udp rule"),
* Priority: pulumi.Int(2000),
* EnableLogging: pulumi.Bool(false),
* Action: pulumi.String("deny"),
* Direction: pulumi.String("INGRESS"),
* Match: &compute.FirewallPolicyWithRulesRuleMatchArgs{
* Layer4Configs: compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArray{
* &compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{
* IpProtocol: pulumi.String("udp"),
* },
* },
* SrcIpRanges: pulumi.StringArray{
* pulumi.String("0.0.0.0/0"),
* },
* SrcFqdns: pulumi.StringArray{
* pulumi.String("www.abc.com"),
* pulumi.String("www.def.com"),
* },
* SrcRegionCodes: pulumi.StringArray{
* pulumi.String("US"),
* pulumi.String("CA"),
* },
* SrcThreatIntelligences: pulumi.StringArray{
* pulumi.String("iplist-known-malicious-ips"),
* pulumi.String("iplist-public-clouds"),
* },
* SrcAddressGroups: pulumi.StringArray{
* addressGroup1.ID(),
* },
* },
* Disabled: pulumi.Bool(true),
* },
* &compute.FirewallPolicyWithRulesRuleArgs{
* Description: pulumi.String("security profile group rule"),
* RuleName: pulumi.String("tcp rule"),
* Priority: pulumi.Int(3000),
* EnableLogging: pulumi.Bool(false),
* Action: pulumi.String("apply_security_profile_group"),
* Direction: pulumi.String("INGRESS"),
* Match: &compute.FirewallPolicyWithRulesRuleMatchArgs{
* Layer4Configs: compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArray{
* &compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{
* IpProtocol: pulumi.String("tcp"),
* },
* },
* SrcIpRanges: pulumi.StringArray{
* pulumi.String("0.0.0.0/0"),
* },
* },
* TargetServiceAccounts: pulumi.StringArray{
* pulumi.String("[email protected]"),
* },
* SecurityProfileGroup: securityProfileGroup1.ID().ApplyT(func(id string) (string, error) {
* return fmt.Sprintf("//networksecurity.googleapis.com/%v", id), nil
* }).(pulumi.StringOutput),
* TlsInspect: pulumi.Bool(true),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
* import com.pulumi.gcp.networksecurity.AddressGroup;
* import com.pulumi.gcp.networksecurity.AddressGroupArgs;
* import com.pulumi.gcp.networksecurity.SecurityProfile;
* import com.pulumi.gcp.networksecurity.SecurityProfileArgs;
* import com.pulumi.gcp.networksecurity.SecurityProfileGroup;
* import com.pulumi.gcp.networksecurity.SecurityProfileGroupArgs;
* import com.pulumi.gcp.compute.FirewallPolicyWithRules;
* import com.pulumi.gcp.compute.FirewallPolicyWithRulesArgs;
* import com.pulumi.gcp.compute.inputs.FirewallPolicyWithRulesRuleArgs;
* import com.pulumi.gcp.compute.inputs.FirewallPolicyWithRulesRuleMatchArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var project = OrganizationsFunctions.getProject();
* var addressGroup1 = new AddressGroup("addressGroup1", AddressGroupArgs.builder()
* .name("tf-address-group")
* .parent("organizations/123456789")
* .description("Global address group")
* .location("global")
* .items("208.80.154.224/32")
* .type("IPV4")
* .capacity(100)
* .build());
* var securityProfile1 = new SecurityProfile("securityProfile1", SecurityProfileArgs.builder()
* .name("tf-security-profile")
* .type("THREAT_PREVENTION")
* .parent("organizations/123456789")
* .location("global")
* .build());
* var securityProfileGroup1 = new SecurityProfileGroup("securityProfileGroup1", SecurityProfileGroupArgs.builder()
* .name("tf-security-profile-group")
* .parent("organizations/123456789")
* .description("my description")
* .threatPreventionProfile(securityProfile1.id())
* .build());
* var firewall_policy_with_rules = new FirewallPolicyWithRules("firewall-policy-with-rules", FirewallPolicyWithRulesArgs.builder()
* .shortName("tf-fw-org-policy-with-rules")
* .description("Terraform test")
* .parent("organizations/123456789")
* .rules(
* FirewallPolicyWithRulesRuleArgs.builder()
* .description("tcp rule")
* .priority(1000)
* .enableLogging(true)
* .action("allow")
* .direction("EGRESS")
* .match(FirewallPolicyWithRulesRuleMatchArgs.builder()
* .layer4Configs(FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()
* .ipProtocol("tcp")
* .ports(
* 8080,
* 7070)
* .build())
* .destIpRanges("11.100.0.1/32")
* .destFqdns(
* "www.yyy.com",
* "www.zzz.com")
* .destRegionCodes(
* "HK",
* "IN")
* .destThreatIntelligences(
* "iplist-search-engines-crawlers",
* "iplist-tor-exit-nodes")
* .destAddressGroups(addressGroup1.id())
* .build())
* .targetResources(String.format("https://www.googleapis.com/compute/beta/projects/%s/global/networks/default", project.applyValue(getProjectResult -> getProjectResult.name())))
* .build(),
* FirewallPolicyWithRulesRuleArgs.builder()
* .description("udp rule")
* .priority(2000)
* .enableLogging(false)
* .action("deny")
* .direction("INGRESS")
* .match(FirewallPolicyWithRulesRuleMatchArgs.builder()
* .layer4Configs(FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()
* .ipProtocol("udp")
* .build())
* .srcIpRanges("0.0.0.0/0")
* .srcFqdns(
* "www.abc.com",
* "www.def.com")
* .srcRegionCodes(
* "US",
* "CA")
* .srcThreatIntelligences(
* "iplist-known-malicious-ips",
* "iplist-public-clouds")
* .srcAddressGroups(addressGroup1.id())
* .build())
* .disabled(true)
* .build(),
* FirewallPolicyWithRulesRuleArgs.builder()
* .description("security profile group rule")
* .ruleName("tcp rule")
* .priority(3000)
* .enableLogging(false)
* .action("apply_security_profile_group")
* .direction("INGRESS")
* .match(FirewallPolicyWithRulesRuleMatchArgs.builder()
* .layer4Configs(FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()
* .ipProtocol("tcp")
* .build())
* .srcIpRanges("0.0.0.0/0")
* .build())
* .targetServiceAccounts("[email protected]")
* .securityProfileGroup(securityProfileGroup1.id().applyValue(id -> String.format("//networksecurity.googleapis.com/%s", id)))
* .tlsInspect(true)
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* firewall-policy-with-rules:
* type: gcp:compute:FirewallPolicyWithRules
* properties:
* shortName: tf-fw-org-policy-with-rules
* description: Terraform test
* parent: organizations/123456789
* rules:
* - description: tcp rule
* priority: 1000
* enableLogging: true
* action: allow
* direction: EGRESS
* match:
* layer4Configs:
* - ipProtocol: tcp
* ports:
* - 8080
* - 7070
* destIpRanges:
* - 11.100.0.1/32
* destFqdns:
* - www.yyy.com
* - www.zzz.com
* destRegionCodes:
* - HK
* - IN
* destThreatIntelligences:
* - iplist-search-engines-crawlers
* - iplist-tor-exit-nodes
* destAddressGroups:
* - ${addressGroup1.id}
* targetResources:
* - https://www.googleapis.com/compute/beta/projects/${project.name}/global/networks/default
* - description: udp rule
* priority: 2000
* enableLogging: false
* action: deny
* direction: INGRESS
* match:
* layer4Configs:
* - ipProtocol: udp
* srcIpRanges:
* - 0.0.0.0/0
* srcFqdns:
* - www.abc.com
* - www.def.com
* srcRegionCodes:
* - US
* - CA
* srcThreatIntelligences:
* - iplist-known-malicious-ips
* - iplist-public-clouds
* srcAddressGroups:
* - ${addressGroup1.id}
* disabled: true
* - description: security profile group rule
* ruleName: tcp rule
* priority: 3000
* enableLogging: false
* action: apply_security_profile_group
* direction: INGRESS
* match:
* layer4Configs:
* - ipProtocol: tcp
* srcIpRanges:
* - 0.0.0.0/0
* targetServiceAccounts:
* - [email protected]
* securityProfileGroup: //networksecurity.googleapis.com/${securityProfileGroup1.id}
* tlsInspect: true
* addressGroup1:
* type: gcp:networksecurity:AddressGroup
* name: address_group_1
* properties:
* name: tf-address-group
* parent: organizations/123456789
* description: Global address group
* location: global
* items:
* - 208.80.154.224/32
* type: IPV4
* capacity: 100
* securityProfileGroup1:
* type: gcp:networksecurity:SecurityProfileGroup
* name: security_profile_group_1
* properties:
* name: tf-security-profile-group
* parent: organizations/123456789
* description: my description
* threatPreventionProfile: ${securityProfile1.id}
* securityProfile1:
* type: gcp:networksecurity:SecurityProfile
* name: security_profile_1
* properties:
* name: tf-security-profile
* type: THREAT_PREVENTION
* parent: organizations/123456789
* location: global
* variables:
* project:
* fn::invoke:
* function: gcp:organizations:getProject
* arguments: {}
* ```
*
* ## Import
* FirewallPolicyWithRules can be imported using any of these accepted formats:
* * `locations/global/firewallPolicies/{{policy_id}}`
* * `{{policy_id}}`
* When using the `pulumi import` command, FirewallPolicyWithRules can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default locations/global/firewallPolicies/{{policy_id}}
* ```
* ```sh
* $ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default {{policy_id}}
* ```
*/
public class FirewallPolicyWithRules internal constructor(
override val javaResource: com.pulumi.gcp.compute.FirewallPolicyWithRules,
) : KotlinCustomResource(javaResource, FirewallPolicyWithRulesMapper) {
/**
* Creation timestamp in RFC3339 text format.
*/
public val creationTimestamp: Output
get() = javaResource.creationTimestamp().applyValue({ args0 -> args0 })
/**
* (Output)
* A description of the rule.
*/
public val description: Output?
get() = javaResource.description().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Fingerprint of the resource. This field is used internally during updates of this resource.
*/
public val fingerprint: Output
get() = javaResource.fingerprint().applyValue({ args0 -> args0 })
/**
* The parent of this FirewallPolicy in the Cloud Resource Hierarchy.
* Format: organizations/{organization_id} or folders/{folder_id}
*/
public val parent: Output
get() = javaResource.parent().applyValue({ args0 -> args0 })
/**
* The unique identifier for the resource. This identifier is defined by the server.
*/
public val policyId: Output
get() = javaResource.policyId().applyValue({ args0 -> args0 })
/**
* A list of pre-define firewall policy rules.
* Structure is documented below.
*/
public val predefinedRules: Output>
get() = javaResource.predefinedRules().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> firewallPolicyWithRulesPredefinedRuleToKotlin(args0) })
})
})
/**
* Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
*/
public val ruleTupleCount: Output
get() = javaResource.ruleTupleCount().applyValue({ args0 -> args0 })
/**
* A list of firewall policy rules.
* Structure is documented below.
*/
public val rules: Output>
get() = javaResource.rules().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
firewallPolicyWithRulesRuleToKotlin(args0)
})
})
})
/**
* Server-defined URL for the resource.
*/
public val selfLink: Output
get() = javaResource.selfLink().applyValue({ args0 -> args0 })
/**
* Server-defined URL for this resource with the resource id.
*/
public val selfLinkWithId: Output
get() = javaResource.selfLinkWithId().applyValue({ args0 -> args0 })
/**
* A textual name of the security policy.
*/
public val shortName: Output
get() = javaResource.shortName().applyValue({ args0 -> args0 })
}
public object FirewallPolicyWithRulesMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.gcp.compute.FirewallPolicyWithRules::class == javaResource::class
override fun map(javaResource: Resource): FirewallPolicyWithRules =
FirewallPolicyWithRules(javaResource as com.pulumi.gcp.compute.FirewallPolicyWithRules)
}
/**
* @see [FirewallPolicyWithRules].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [FirewallPolicyWithRules].
*/
public suspend fun firewallPolicyWithRules(
name: String,
block: suspend FirewallPolicyWithRulesResourceBuilder.() -> Unit,
): FirewallPolicyWithRules {
val builder = FirewallPolicyWithRulesResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [FirewallPolicyWithRules].
* @param name The _unique_ name of the resulting resource.
*/
public fun firewallPolicyWithRules(name: String): FirewallPolicyWithRules {
val builder = FirewallPolicyWithRulesResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy