com.pulumi.gcp.compute.kotlin.RegionSecurityPolicyArgs.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.compute.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.compute.RegionSecurityPolicyArgs.builder
import com.pulumi.gcp.compute.kotlin.inputs.RegionSecurityPolicyDdosProtectionConfigArgs
import com.pulumi.gcp.compute.kotlin.inputs.RegionSecurityPolicyDdosProtectionConfigArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.RegionSecurityPolicyRuleArgs
import com.pulumi.gcp.compute.kotlin.inputs.RegionSecurityPolicyRuleArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.RegionSecurityPolicyUserDefinedFieldArgs
import com.pulumi.gcp.compute.kotlin.inputs.RegionSecurityPolicyUserDefinedFieldArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* ## Example Usage
* ### Region Security Policy Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const region_sec_policy_basic = new gcp.compute.RegionSecurityPolicy("region-sec-policy-basic", {
* name: "my-sec-policy-basic",
* description: "basic region security policy",
* type: "CLOUD_ARMOR",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* region_sec_policy_basic = gcp.compute.RegionSecurityPolicy("region-sec-policy-basic",
* name="my-sec-policy-basic",
* description="basic region security policy",
* type="CLOUD_ARMOR")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var region_sec_policy_basic = new Gcp.Compute.RegionSecurityPolicy("region-sec-policy-basic", new()
* {
* Name = "my-sec-policy-basic",
* Description = "basic region security policy",
* Type = "CLOUD_ARMOR",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := compute.NewRegionSecurityPolicy(ctx, "region-sec-policy-basic", &compute.RegionSecurityPolicyArgs{
* Name: pulumi.String("my-sec-policy-basic"),
* Description: pulumi.String("basic region security policy"),
* Type: pulumi.String("CLOUD_ARMOR"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.RegionSecurityPolicy;
* import com.pulumi.gcp.compute.RegionSecurityPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var region_sec_policy_basic = new RegionSecurityPolicy("region-sec-policy-basic", RegionSecurityPolicyArgs.builder()
* .name("my-sec-policy-basic")
* .description("basic region security policy")
* .type("CLOUD_ARMOR")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* region-sec-policy-basic:
* type: gcp:compute:RegionSecurityPolicy
* properties:
* name: my-sec-policy-basic
* description: basic region security policy
* type: CLOUD_ARMOR
* ```
*
* ### Region Security Policy With Ddos Protection Config
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const region_sec_policy_ddos_protection = new gcp.compute.RegionSecurityPolicy("region-sec-policy-ddos-protection", {
* name: "my-sec-policy-ddos-protection",
* description: "with ddos protection config",
* type: "CLOUD_ARMOR_NETWORK",
* ddosProtectionConfig: {
* ddosProtection: "ADVANCED_PREVIEW",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* region_sec_policy_ddos_protection = gcp.compute.RegionSecurityPolicy("region-sec-policy-ddos-protection",
* name="my-sec-policy-ddos-protection",
* description="with ddos protection config",
* type="CLOUD_ARMOR_NETWORK",
* ddos_protection_config={
* "ddos_protection": "ADVANCED_PREVIEW",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var region_sec_policy_ddos_protection = new Gcp.Compute.RegionSecurityPolicy("region-sec-policy-ddos-protection", new()
* {
* Name = "my-sec-policy-ddos-protection",
* Description = "with ddos protection config",
* Type = "CLOUD_ARMOR_NETWORK",
* DdosProtectionConfig = new Gcp.Compute.Inputs.RegionSecurityPolicyDdosProtectionConfigArgs
* {
* DdosProtection = "ADVANCED_PREVIEW",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := compute.NewRegionSecurityPolicy(ctx, "region-sec-policy-ddos-protection", &compute.RegionSecurityPolicyArgs{
* Name: pulumi.String("my-sec-policy-ddos-protection"),
* Description: pulumi.String("with ddos protection config"),
* Type: pulumi.String("CLOUD_ARMOR_NETWORK"),
* DdosProtectionConfig: &compute.RegionSecurityPolicyDdosProtectionConfigArgs{
* DdosProtection: pulumi.String("ADVANCED_PREVIEW"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.RegionSecurityPolicy;
* import com.pulumi.gcp.compute.RegionSecurityPolicyArgs;
* import com.pulumi.gcp.compute.inputs.RegionSecurityPolicyDdosProtectionConfigArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var region_sec_policy_ddos_protection = new RegionSecurityPolicy("region-sec-policy-ddos-protection", RegionSecurityPolicyArgs.builder()
* .name("my-sec-policy-ddos-protection")
* .description("with ddos protection config")
* .type("CLOUD_ARMOR_NETWORK")
* .ddosProtectionConfig(RegionSecurityPolicyDdosProtectionConfigArgs.builder()
* .ddosProtection("ADVANCED_PREVIEW")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* region-sec-policy-ddos-protection:
* type: gcp:compute:RegionSecurityPolicy
* properties:
* name: my-sec-policy-ddos-protection
* description: with ddos protection config
* type: CLOUD_ARMOR_NETWORK
* ddosProtectionConfig:
* ddosProtection: ADVANCED_PREVIEW
* ```
*
* ### Region Security Policy With User Defined Fields
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const region_sec_policy_user_defined_fields = new gcp.compute.RegionSecurityPolicy("region-sec-policy-user-defined-fields", {
* name: "my-sec-policy-user-defined-fields",
* description: "with user defined fields",
* type: "CLOUD_ARMOR_NETWORK",
* userDefinedFields: [
* {
* name: "SIG1_AT_0",
* base: "UDP",
* offset: 8,
* size: 2,
* mask: "0x8F00",
* },
* {
* name: "SIG2_AT_8",
* base: "UDP",
* offset: 16,
* size: 4,
* mask: "0xFFFFFFFF",
* },
* ],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* region_sec_policy_user_defined_fields = gcp.compute.RegionSecurityPolicy("region-sec-policy-user-defined-fields",
* name="my-sec-policy-user-defined-fields",
* description="with user defined fields",
* type="CLOUD_ARMOR_NETWORK",
* user_defined_fields=[
* {
* "name": "SIG1_AT_0",
* "base": "UDP",
* "offset": 8,
* "size": 2,
* "mask": "0x8F00",
* },
* {
* "name": "SIG2_AT_8",
* "base": "UDP",
* "offset": 16,
* "size": 4,
* "mask": "0xFFFFFFFF",
* },
* ])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var region_sec_policy_user_defined_fields = new Gcp.Compute.RegionSecurityPolicy("region-sec-policy-user-defined-fields", new()
* {
* Name = "my-sec-policy-user-defined-fields",
* Description = "with user defined fields",
* Type = "CLOUD_ARMOR_NETWORK",
* UserDefinedFields = new[]
* {
* new Gcp.Compute.Inputs.RegionSecurityPolicyUserDefinedFieldArgs
* {
* Name = "SIG1_AT_0",
* Base = "UDP",
* Offset = 8,
* Size = 2,
* Mask = "0x8F00",
* },
* new Gcp.Compute.Inputs.RegionSecurityPolicyUserDefinedFieldArgs
* {
* Name = "SIG2_AT_8",
* Base = "UDP",
* Offset = 16,
* Size = 4,
* Mask = "0xFFFFFFFF",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := compute.NewRegionSecurityPolicy(ctx, "region-sec-policy-user-defined-fields", &compute.RegionSecurityPolicyArgs{
* Name: pulumi.String("my-sec-policy-user-defined-fields"),
* Description: pulumi.String("with user defined fields"),
* Type: pulumi.String("CLOUD_ARMOR_NETWORK"),
* UserDefinedFields: compute.RegionSecurityPolicyUserDefinedFieldArray{
* &compute.RegionSecurityPolicyUserDefinedFieldArgs{
* Name: pulumi.String("SIG1_AT_0"),
* Base: pulumi.String("UDP"),
* Offset: pulumi.Int(8),
* Size: pulumi.Int(2),
* Mask: pulumi.String("0x8F00"),
* },
* &compute.RegionSecurityPolicyUserDefinedFieldArgs{
* Name: pulumi.String("SIG2_AT_8"),
* Base: pulumi.String("UDP"),
* Offset: pulumi.Int(16),
* Size: pulumi.Int(4),
* Mask: pulumi.String("0xFFFFFFFF"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.RegionSecurityPolicy;
* import com.pulumi.gcp.compute.RegionSecurityPolicyArgs;
* import com.pulumi.gcp.compute.inputs.RegionSecurityPolicyUserDefinedFieldArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var region_sec_policy_user_defined_fields = new RegionSecurityPolicy("region-sec-policy-user-defined-fields", RegionSecurityPolicyArgs.builder()
* .name("my-sec-policy-user-defined-fields")
* .description("with user defined fields")
* .type("CLOUD_ARMOR_NETWORK")
* .userDefinedFields(
* RegionSecurityPolicyUserDefinedFieldArgs.builder()
* .name("SIG1_AT_0")
* .base("UDP")
* .offset(8)
* .size(2)
* .mask("0x8F00")
* .build(),
* RegionSecurityPolicyUserDefinedFieldArgs.builder()
* .name("SIG2_AT_8")
* .base("UDP")
* .offset(16)
* .size(4)
* .mask("0xFFFFFFFF")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* region-sec-policy-user-defined-fields:
* type: gcp:compute:RegionSecurityPolicy
* properties:
* name: my-sec-policy-user-defined-fields
* description: with user defined fields
* type: CLOUD_ARMOR_NETWORK
* userDefinedFields:
* - name: SIG1_AT_0
* base: UDP
* offset: 8
* size: 2
* mask: 0x8F00
* - name: SIG2_AT_8
* base: UDP
* offset: 16
* size: 4
* mask: 0xFFFFFFFF
* ```
*
* ### Region Security Policy With Rules
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const region_sec_policy_with_rules = new gcp.compute.RegionSecurityPolicy("region-sec-policy-with-rules", {
* name: "my-sec-policy-with-rules",
* description: "basic region security policy with multiple rules",
* type: "CLOUD_ARMOR",
* rules: [
* {
* action: "deny",
* priority: 1000,
* match: {
* expr: {
* expression: "request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2",
* },
* },
* },
* {
* action: "deny",
* priority: 2147483647,
* match: {
* versionedExpr: "SRC_IPS_V1",
* config: {
* srcIpRanges: ["*"],
* },
* },
* description: "default rule",
* },
* ],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* region_sec_policy_with_rules = gcp.compute.RegionSecurityPolicy("region-sec-policy-with-rules",
* name="my-sec-policy-with-rules",
* description="basic region security policy with multiple rules",
* type="CLOUD_ARMOR",
* rules=[
* {
* "action": "deny",
* "priority": 1000,
* "match": {
* "expr": {
* "expression": "request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2",
* },
* },
* },
* {
* "action": "deny",
* "priority": 2147483647,
* "match": {
* "versioned_expr": "SRC_IPS_V1",
* "config": {
* "src_ip_ranges": ["*"],
* },
* },
* "description": "default rule",
* },
* ])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var region_sec_policy_with_rules = new Gcp.Compute.RegionSecurityPolicy("region-sec-policy-with-rules", new()
* {
* Name = "my-sec-policy-with-rules",
* Description = "basic region security policy with multiple rules",
* Type = "CLOUD_ARMOR",
* Rules = new[]
* {
* new Gcp.Compute.Inputs.RegionSecurityPolicyRuleArgs
* {
* Action = "deny",
* Priority = 1000,
* Match = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchArgs
* {
* Expr = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchExprArgs
* {
* Expression = "request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2",
* },
* },
* },
* new Gcp.Compute.Inputs.RegionSecurityPolicyRuleArgs
* {
* Action = "deny",
* Priority = 2147483647,
* Match = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchArgs
* {
* VersionedExpr = "SRC_IPS_V1",
* Config = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchConfigArgs
* {
* SrcIpRanges = new[]
* {
* "*",
* },
* },
* },
* Description = "default rule",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := compute.NewRegionSecurityPolicy(ctx, "region-sec-policy-with-rules", &compute.RegionSecurityPolicyArgs{
* Name: pulumi.String("my-sec-policy-with-rules"),
* Description: pulumi.String("basic region security policy with multiple rules"),
* Type: pulumi.String("CLOUD_ARMOR"),
* Rules: compute.RegionSecurityPolicyRuleTypeArray{
* &compute.RegionSecurityPolicyRuleTypeArgs{
* Action: pulumi.String("deny"),
* Priority: pulumi.Int(1000),
* Match: &compute.RegionSecurityPolicyRuleMatchArgs{
* Expr: &compute.RegionSecurityPolicyRuleMatchExprArgs{
* Expression: pulumi.String("request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2"),
* },
* },
* },
* &compute.RegionSecurityPolicyRuleTypeArgs{
* Action: pulumi.String("deny"),
* Priority: pulumi.Int(2147483647),
* Match: &compute.RegionSecurityPolicyRuleMatchArgs{
* VersionedExpr: pulumi.String("SRC_IPS_V1"),
* Config: &compute.RegionSecurityPolicyRuleMatchConfigArgs{
* SrcIpRanges: pulumi.StringArray{
* pulumi.String("*"),
* },
* },
* },
* Description: pulumi.String("default rule"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.RegionSecurityPolicy;
* import com.pulumi.gcp.compute.RegionSecurityPolicyArgs;
* import com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleArgs;
* import com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchArgs;
* import com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchExprArgs;
* import com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchConfigArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var region_sec_policy_with_rules = new RegionSecurityPolicy("region-sec-policy-with-rules", RegionSecurityPolicyArgs.builder()
* .name("my-sec-policy-with-rules")
* .description("basic region security policy with multiple rules")
* .type("CLOUD_ARMOR")
* .rules(
* RegionSecurityPolicyRuleArgs.builder()
* .action("deny")
* .priority("1000")
* .match(RegionSecurityPolicyRuleMatchArgs.builder()
* .expr(RegionSecurityPolicyRuleMatchExprArgs.builder()
* .expression("request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2")
* .build())
* .build())
* .build(),
* RegionSecurityPolicyRuleArgs.builder()
* .action("deny")
* .priority("2147483647")
* .match(RegionSecurityPolicyRuleMatchArgs.builder()
* .versionedExpr("SRC_IPS_V1")
* .config(RegionSecurityPolicyRuleMatchConfigArgs.builder()
* .srcIpRanges("*")
* .build())
* .build())
* .description("default rule")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* region-sec-policy-with-rules:
* type: gcp:compute:RegionSecurityPolicy
* properties:
* name: my-sec-policy-with-rules
* description: basic region security policy with multiple rules
* type: CLOUD_ARMOR
* rules:
* - action: deny
* priority: '1000'
* match:
* expr:
* expression: request.path.matches("/login.html") && token.recaptcha_session.score < 0.2
* - action: deny
* priority: '2147483647'
* match:
* versionedExpr: SRC_IPS_V1
* config:
* srcIpRanges:
* - '*'
* description: default rule
* ```
*
* ## Import
* RegionSecurityPolicy can be imported using any of these accepted formats:
* * `projects/{{project}}/regions/{{region}}/securityPolicies/{{name}}`
* * `{{project}}/{{region}}/{{name}}`
* * `{{region}}/{{name}}`
* * `{{name}}`
* When using the `pulumi import` command, RegionSecurityPolicy can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:compute/regionSecurityPolicy:RegionSecurityPolicy default projects/{{project}}/regions/{{region}}/securityPolicies/{{name}}
* ```
* ```sh
* $ pulumi import gcp:compute/regionSecurityPolicy:RegionSecurityPolicy default {{project}}/{{region}}/{{name}}
* ```
* ```sh
* $ pulumi import gcp:compute/regionSecurityPolicy:RegionSecurityPolicy default {{region}}/{{name}}
* ```
* ```sh
* $ pulumi import gcp:compute/regionSecurityPolicy:RegionSecurityPolicy default {{name}}
* ```
* @property ddosProtectionConfig Configuration for Google Cloud Armor DDOS Proctection Config.
* Structure is documented below.
* @property description An optional description of this resource. Provide this property when you create the resource.
* @property name Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035.
* Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
* - - -
* @property project The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
* @property region The Region in which the created Region Security Policy should reside.
* If it is not provided, the provider region is used.
* @property rules The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.
* Structure is documented below.
* @property type The type indicates the intended use of the security policy.
* - CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
* - CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
* - CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application.
* This field can be set only at resource creation time.
* Possible values are: `CLOUD_ARMOR`, `CLOUD_ARMOR_EDGE`, `CLOUD_ARMOR_NETWORK`.
* @property userDefinedFields Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies.
* A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits.
* Rules may then specify matching values for these fields.
* Structure is documented below.
*/
public data class RegionSecurityPolicyArgs(
public val ddosProtectionConfig: Output? = null,
public val description: Output? = null,
public val name: Output? = null,
public val project: Output? = null,
public val region: Output? = null,
public val rules: Output>? = null,
public val type: Output? = null,
public val userDefinedFields: Output>? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.compute.RegionSecurityPolicyArgs =
com.pulumi.gcp.compute.RegionSecurityPolicyArgs.builder()
.ddosProtectionConfig(
ddosProtectionConfig?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
)
.description(description?.applyValue({ args0 -> args0 }))
.name(name?.applyValue({ args0 -> args0 }))
.project(project?.applyValue({ args0 -> args0 }))
.region(region?.applyValue({ args0 -> args0 }))
.rules(rules?.applyValue({ args0 -> args0.map({ args0 -> args0.let({ args0 -> args0.toJava() }) }) }))
.type(type?.applyValue({ args0 -> args0 }))
.userDefinedFields(
userDefinedFields?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
).build()
}
/**
* Builder for [RegionSecurityPolicyArgs].
*/
@PulumiTagMarker
public class RegionSecurityPolicyArgsBuilder internal constructor() {
private var ddosProtectionConfig: Output? = null
private var description: Output? = null
private var name: Output? = null
private var project: Output? = null
private var region: Output? = null
private var rules: Output>? = null
private var type: Output? = null
private var userDefinedFields: Output>? = null
/**
* @param value Configuration for Google Cloud Armor DDOS Proctection Config.
* Structure is documented below.
*/
@JvmName("fuiwnnjalpsrrlii")
public suspend fun ddosProtectionConfig(`value`: Output) {
this.ddosProtectionConfig = value
}
/**
* @param value An optional description of this resource. Provide this property when you create the resource.
*/
@JvmName("bpsmcvkascexmlle")
public suspend fun description(`value`: Output) {
this.description = value
}
/**
* @param value Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035.
* Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
* - - -
*/
@JvmName("ifdamnhxhctvgkfu")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
@JvmName("xbjoqndfirgljwtc")
public suspend fun project(`value`: Output) {
this.project = value
}
/**
* @param value The Region in which the created Region Security Policy should reside.
* If it is not provided, the provider region is used.
*/
@JvmName("vaqxdjevtrmsirrx")
public suspend fun region(`value`: Output) {
this.region = value
}
/**
* @param value The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.
* Structure is documented below.
*/
@JvmName("rliwgjiiychijipn")
public suspend fun rules(`value`: Output>) {
this.rules = value
}
@JvmName("lngfvvndbtfpnsip")
public suspend fun rules(vararg values: Output) {
this.rules = Output.all(values.asList())
}
/**
* @param values The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.
* Structure is documented below.
*/
@JvmName("oedcnswinktuhbku")
public suspend fun rules(values: List>) {
this.rules = Output.all(values)
}
/**
* @param value The type indicates the intended use of the security policy.
* - CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
* - CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
* - CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application.
* This field can be set only at resource creation time.
* Possible values are: `CLOUD_ARMOR`, `CLOUD_ARMOR_EDGE`, `CLOUD_ARMOR_NETWORK`.
*/
@JvmName("buqyoxljggqxsrgs")
public suspend fun type(`value`: Output) {
this.type = value
}
/**
* @param value Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies.
* A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits.
* Rules may then specify matching values for these fields.
* Structure is documented below.
*/
@JvmName("bwhbwkcrvaalnqkn")
public suspend fun userDefinedFields(`value`: Output>) {
this.userDefinedFields = value
}
@JvmName("qqiddbfxfedefacg")
public suspend fun userDefinedFields(vararg values: Output) {
this.userDefinedFields = Output.all(values.asList())
}
/**
* @param values Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies.
* A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits.
* Rules may then specify matching values for these fields.
* Structure is documented below.
*/
@JvmName("cklqcrotvlksnwkw")
public suspend fun userDefinedFields(values: List>) {
this.userDefinedFields = Output.all(values)
}
/**
* @param value Configuration for Google Cloud Armor DDOS Proctection Config.
* Structure is documented below.
*/
@JvmName("xycsjurcxgqskkcb")
public suspend fun ddosProtectionConfig(`value`: RegionSecurityPolicyDdosProtectionConfigArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.ddosProtectionConfig = mapped
}
/**
* @param argument Configuration for Google Cloud Armor DDOS Proctection Config.
* Structure is documented below.
*/
@JvmName("cjpppvppveppdjyg")
public suspend fun ddosProtectionConfig(argument: suspend RegionSecurityPolicyDdosProtectionConfigArgsBuilder.() -> Unit) {
val toBeMapped = RegionSecurityPolicyDdosProtectionConfigArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.ddosProtectionConfig = mapped
}
/**
* @param value An optional description of this resource. Provide this property when you create the resource.
*/
@JvmName("sradnxirfbnvsydt")
public suspend fun description(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.description = mapped
}
/**
* @param value Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035.
* Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
* - - -
*/
@JvmName("rgwvbhyaxtpmluir")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
@JvmName("twxhqppcyvloocsg")
public suspend fun project(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.project = mapped
}
/**
* @param value The Region in which the created Region Security Policy should reside.
* If it is not provided, the provider region is used.
*/
@JvmName("qsburuekfanpwnaw")
public suspend fun region(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.region = mapped
}
/**
* @param value The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.
* Structure is documented below.
*/
@JvmName("nsnwvtpyurraupcc")
public suspend fun rules(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.rules = mapped
}
/**
* @param argument The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.
* Structure is documented below.
*/
@JvmName("qywkdjyxnfvmqcpi")
public suspend fun rules(argument: List Unit>) {
val toBeMapped = argument.toList().map {
RegionSecurityPolicyRuleArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.rules = mapped
}
/**
* @param argument The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.
* Structure is documented below.
*/
@JvmName("wwyspgcaadelekqr")
public suspend fun rules(vararg argument: suspend RegionSecurityPolicyRuleArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
RegionSecurityPolicyRuleArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.rules = mapped
}
/**
* @param argument The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.
* Structure is documented below.
*/
@JvmName("tpxatjspccmjvhlo")
public suspend fun rules(argument: suspend RegionSecurityPolicyRuleArgsBuilder.() -> Unit) {
val toBeMapped = listOf(
RegionSecurityPolicyRuleArgsBuilder().applySuspend {
argument()
}.build(),
)
val mapped = of(toBeMapped)
this.rules = mapped
}
/**
* @param values The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.
* Structure is documented below.
*/
@JvmName("sswrsomjchxhddmk")
public suspend fun rules(vararg values: RegionSecurityPolicyRuleArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.rules = mapped
}
/**
* @param value The type indicates the intended use of the security policy.
* - CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
* - CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
* - CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application.
* This field can be set only at resource creation time.
* Possible values are: `CLOUD_ARMOR`, `CLOUD_ARMOR_EDGE`, `CLOUD_ARMOR_NETWORK`.
*/
@JvmName("adfauqwyctfneckb")
public suspend fun type(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.type = mapped
}
/**
* @param value Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies.
* A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits.
* Rules may then specify matching values for these fields.
* Structure is documented below.
*/
@JvmName("fkcjjcesktkbdnbs")
public suspend fun userDefinedFields(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.userDefinedFields = mapped
}
/**
* @param argument Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies.
* A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits.
* Rules may then specify matching values for these fields.
* Structure is documented below.
*/
@JvmName("xkiqsquqfsdbotwc")
public suspend fun userDefinedFields(argument: List Unit>) {
val toBeMapped = argument.toList().map {
RegionSecurityPolicyUserDefinedFieldArgsBuilder().applySuspend { it() }.build()
}
val mapped = of(toBeMapped)
this.userDefinedFields = mapped
}
/**
* @param argument Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies.
* A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits.
* Rules may then specify matching values for these fields.
* Structure is documented below.
*/
@JvmName("sdbcewndxoqhpyha")
public suspend fun userDefinedFields(vararg argument: suspend RegionSecurityPolicyUserDefinedFieldArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
RegionSecurityPolicyUserDefinedFieldArgsBuilder().applySuspend { it() }.build()
}
val mapped = of(toBeMapped)
this.userDefinedFields = mapped
}
/**
* @param argument Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies.
* A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits.
* Rules may then specify matching values for these fields.
* Structure is documented below.
*/
@JvmName("pdlekjppalysvfox")
public suspend fun userDefinedFields(argument: suspend RegionSecurityPolicyUserDefinedFieldArgsBuilder.() -> Unit) {
val toBeMapped = listOf(
RegionSecurityPolicyUserDefinedFieldArgsBuilder().applySuspend {
argument()
}.build(),
)
val mapped = of(toBeMapped)
this.userDefinedFields = mapped
}
/**
* @param values Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies.
* A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits.
* Rules may then specify matching values for these fields.
* Structure is documented below.
*/
@JvmName("uqkefhnrqkbpwndg")
public suspend fun userDefinedFields(vararg values: RegionSecurityPolicyUserDefinedFieldArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.userDefinedFields = mapped
}
internal fun build(): RegionSecurityPolicyArgs = RegionSecurityPolicyArgs(
ddosProtectionConfig = ddosProtectionConfig,
description = description,
name = name,
project = project,
region = region,
rules = rules,
type = type,
userDefinedFields = userDefinedFields,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy