All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.compute.kotlin.SecurityPolicyRuleArgs.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.13.1.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.compute.kotlin

import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.compute.SecurityPolicyRuleArgs.builder
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleHeaderActionArgs
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleHeaderActionArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleMatchArgs
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleMatchArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRulePreconfiguredWafConfigArgs
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRulePreconfiguredWafConfigArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleRateLimitOptionsArgs
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleRateLimitOptionsArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleRedirectOptionsArgs
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleRedirectOptionsArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.jvm.JvmName

/**
 * A rule for the SecurityPolicy.
 * To get more information about SecurityPolicyRule, see:
 * * [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/securityPolicies/addRule)
 * * How-to Guides
 *     * [Creating global security policy rules](https://cloud.google.com/armor/docs/configure-security-policies)
 * ## Example Usage
 * ### Security Policy Rule Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const _default = new gcp.compute.SecurityPolicy("default", {
 *     name: "policyruletest",
 *     description: "basic global security policy",
 *     type: "CLOUD_ARMOR",
 * });
 * const policyRule = new gcp.compute.SecurityPolicyRule("policy_rule", {
 *     securityPolicy: _default.name,
 *     description: "new rule",
 *     priority: 100,
 *     match: {
 *         versionedExpr: "SRC_IPS_V1",
 *         config: {
 *             srcIpRanges: ["10.10.0.0/16"],
 *         },
 *     },
 *     action: "allow",
 *     preview: true,
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * default = gcp.compute.SecurityPolicy("default",
 *     name="policyruletest",
 *     description="basic global security policy",
 *     type="CLOUD_ARMOR")
 * policy_rule = gcp.compute.SecurityPolicyRule("policy_rule",
 *     security_policy=default.name,
 *     description="new rule",
 *     priority=100,
 *     match={
 *         "versioned_expr": "SRC_IPS_V1",
 *         "config": {
 *             "src_ip_ranges": ["10.10.0.0/16"],
 *         },
 *     },
 *     action="allow",
 *     preview=True)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var @default = new Gcp.Compute.SecurityPolicy("default", new()
 *     {
 *         Name = "policyruletest",
 *         Description = "basic global security policy",
 *         Type = "CLOUD_ARMOR",
 *     });
 *     var policyRule = new Gcp.Compute.SecurityPolicyRule("policy_rule", new()
 *     {
 *         SecurityPolicy = @default.Name,
 *         Description = "new rule",
 *         Priority = 100,
 *         Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *         {
 *             VersionedExpr = "SRC_IPS_V1",
 *             Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
 *             {
 *                 SrcIpRanges = new[]
 *                 {
 *                     "10.10.0.0/16",
 *                 },
 *             },
 *         },
 *         Action = "allow",
 *         Preview = true,
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := compute.NewSecurityPolicy(ctx, "default", &compute.SecurityPolicyArgs{
 * 			Name:        pulumi.String("policyruletest"),
 * 			Description: pulumi.String("basic global security policy"),
 * 			Type:        pulumi.String("CLOUD_ARMOR"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = compute.NewSecurityPolicyRule(ctx, "policy_rule", &compute.SecurityPolicyRuleArgs{
 * 			SecurityPolicy: _default.Name,
 * 			Description:    pulumi.String("new rule"),
 * 			Priority:       pulumi.Int(100),
 * 			Match: &compute.SecurityPolicyRuleMatchArgs{
 * 				VersionedExpr: pulumi.String("SRC_IPS_V1"),
 * 				Config: &compute.SecurityPolicyRuleMatchConfigArgs{
 * 					SrcIpRanges: pulumi.StringArray{
 * 						pulumi.String("10.10.0.0/16"),
 * 					},
 * 				},
 * 			},
 * 			Action:  pulumi.String("allow"),
 * 			Preview: pulumi.Bool(true),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.compute.SecurityPolicy;
 * import com.pulumi.gcp.compute.SecurityPolicyArgs;
 * import com.pulumi.gcp.compute.SecurityPolicyRule;
 * import com.pulumi.gcp.compute.SecurityPolicyRuleArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var default_ = new SecurityPolicy("default", SecurityPolicyArgs.builder()
 *             .name("policyruletest")
 *             .description("basic global security policy")
 *             .type("CLOUD_ARMOR")
 *             .build());
 *         var policyRule = new SecurityPolicyRule("policyRule", SecurityPolicyRuleArgs.builder()
 *             .securityPolicy(default_.name())
 *             .description("new rule")
 *             .priority(100)
 *             .match(SecurityPolicyRuleMatchArgs.builder()
 *                 .versionedExpr("SRC_IPS_V1")
 *                 .config(SecurityPolicyRuleMatchConfigArgs.builder()
 *                     .srcIpRanges("10.10.0.0/16")
 *                     .build())
 *                 .build())
 *             .action("allow")
 *             .preview(true)
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   default:
 *     type: gcp:compute:SecurityPolicy
 *     properties:
 *       name: policyruletest
 *       description: basic global security policy
 *       type: CLOUD_ARMOR
 *   policyRule:
 *     type: gcp:compute:SecurityPolicyRule
 *     name: policy_rule
 *     properties:
 *       securityPolicy: ${default.name}
 *       description: new rule
 *       priority: 100
 *       match:
 *         versionedExpr: SRC_IPS_V1
 *         config:
 *           srcIpRanges:
 *             - 10.10.0.0/16
 *       action: allow
 *       preview: true
 * ```
 * 
 * ### Security Policy Rule Default Rule
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const _default = new gcp.compute.SecurityPolicy("default", {
 *     name: "policyruletest",
 *     description: "basic global security policy",
 *     type: "CLOUD_ARMOR",
 * });
 * const defaultRule = new gcp.compute.SecurityPolicyRule("default_rule", {
 *     securityPolicy: _default.name,
 *     description: "default rule",
 *     action: "deny",
 *     priority: 2147483647,
 *     match: {
 *         versionedExpr: "SRC_IPS_V1",
 *         config: {
 *             srcIpRanges: ["*"],
 *         },
 *     },
 * });
 * const policyRule = new gcp.compute.SecurityPolicyRule("policy_rule", {
 *     securityPolicy: _default.name,
 *     description: "new rule",
 *     priority: 100,
 *     match: {
 *         versionedExpr: "SRC_IPS_V1",
 *         config: {
 *             srcIpRanges: ["10.10.0.0/16"],
 *         },
 *     },
 *     action: "allow",
 *     preview: true,
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * default = gcp.compute.SecurityPolicy("default",
 *     name="policyruletest",
 *     description="basic global security policy",
 *     type="CLOUD_ARMOR")
 * default_rule = gcp.compute.SecurityPolicyRule("default_rule",
 *     security_policy=default.name,
 *     description="default rule",
 *     action="deny",
 *     priority=2147483647,
 *     match={
 *         "versioned_expr": "SRC_IPS_V1",
 *         "config": {
 *             "src_ip_ranges": ["*"],
 *         },
 *     })
 * policy_rule = gcp.compute.SecurityPolicyRule("policy_rule",
 *     security_policy=default.name,
 *     description="new rule",
 *     priority=100,
 *     match={
 *         "versioned_expr": "SRC_IPS_V1",
 *         "config": {
 *             "src_ip_ranges": ["10.10.0.0/16"],
 *         },
 *     },
 *     action="allow",
 *     preview=True)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var @default = new Gcp.Compute.SecurityPolicy("default", new()
 *     {
 *         Name = "policyruletest",
 *         Description = "basic global security policy",
 *         Type = "CLOUD_ARMOR",
 *     });
 *     var defaultRule = new Gcp.Compute.SecurityPolicyRule("default_rule", new()
 *     {
 *         SecurityPolicy = @default.Name,
 *         Description = "default rule",
 *         Action = "deny",
 *         Priority = 2147483647,
 *         Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *         {
 *             VersionedExpr = "SRC_IPS_V1",
 *             Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
 *             {
 *                 SrcIpRanges = new[]
 *                 {
 *                     "*",
 *                 },
 *             },
 *         },
 *     });
 *     var policyRule = new Gcp.Compute.SecurityPolicyRule("policy_rule", new()
 *     {
 *         SecurityPolicy = @default.Name,
 *         Description = "new rule",
 *         Priority = 100,
 *         Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *         {
 *             VersionedExpr = "SRC_IPS_V1",
 *             Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
 *             {
 *                 SrcIpRanges = new[]
 *                 {
 *                     "10.10.0.0/16",
 *                 },
 *             },
 *         },
 *         Action = "allow",
 *         Preview = true,
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := compute.NewSecurityPolicy(ctx, "default", &compute.SecurityPolicyArgs{
 * 			Name:        pulumi.String("policyruletest"),
 * 			Description: pulumi.String("basic global security policy"),
 * 			Type:        pulumi.String("CLOUD_ARMOR"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = compute.NewSecurityPolicyRule(ctx, "default_rule", &compute.SecurityPolicyRuleArgs{
 * 			SecurityPolicy: _default.Name,
 * 			Description:    pulumi.String("default rule"),
 * 			Action:         pulumi.String("deny"),
 * 			Priority:       pulumi.Int(2147483647),
 * 			Match: &compute.SecurityPolicyRuleMatchArgs{
 * 				VersionedExpr: pulumi.String("SRC_IPS_V1"),
 * 				Config: &compute.SecurityPolicyRuleMatchConfigArgs{
 * 					SrcIpRanges: pulumi.StringArray{
 * 						pulumi.String("*"),
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = compute.NewSecurityPolicyRule(ctx, "policy_rule", &compute.SecurityPolicyRuleArgs{
 * 			SecurityPolicy: _default.Name,
 * 			Description:    pulumi.String("new rule"),
 * 			Priority:       pulumi.Int(100),
 * 			Match: &compute.SecurityPolicyRuleMatchArgs{
 * 				VersionedExpr: pulumi.String("SRC_IPS_V1"),
 * 				Config: &compute.SecurityPolicyRuleMatchConfigArgs{
 * 					SrcIpRanges: pulumi.StringArray{
 * 						pulumi.String("10.10.0.0/16"),
 * 					},
 * 				},
 * 			},
 * 			Action:  pulumi.String("allow"),
 * 			Preview: pulumi.Bool(true),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.compute.SecurityPolicy;
 * import com.pulumi.gcp.compute.SecurityPolicyArgs;
 * import com.pulumi.gcp.compute.SecurityPolicyRule;
 * import com.pulumi.gcp.compute.SecurityPolicyRuleArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var default_ = new SecurityPolicy("default", SecurityPolicyArgs.builder()
 *             .name("policyruletest")
 *             .description("basic global security policy")
 *             .type("CLOUD_ARMOR")
 *             .build());
 *         var defaultRule = new SecurityPolicyRule("defaultRule", SecurityPolicyRuleArgs.builder()
 *             .securityPolicy(default_.name())
 *             .description("default rule")
 *             .action("deny")
 *             .priority("2147483647")
 *             .match(SecurityPolicyRuleMatchArgs.builder()
 *                 .versionedExpr("SRC_IPS_V1")
 *                 .config(SecurityPolicyRuleMatchConfigArgs.builder()
 *                     .srcIpRanges("*")
 *                     .build())
 *                 .build())
 *             .build());
 *         var policyRule = new SecurityPolicyRule("policyRule", SecurityPolicyRuleArgs.builder()
 *             .securityPolicy(default_.name())
 *             .description("new rule")
 *             .priority(100)
 *             .match(SecurityPolicyRuleMatchArgs.builder()
 *                 .versionedExpr("SRC_IPS_V1")
 *                 .config(SecurityPolicyRuleMatchConfigArgs.builder()
 *                     .srcIpRanges("10.10.0.0/16")
 *                     .build())
 *                 .build())
 *             .action("allow")
 *             .preview(true)
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   default:
 *     type: gcp:compute:SecurityPolicy
 *     properties:
 *       name: policyruletest
 *       description: basic global security policy
 *       type: CLOUD_ARMOR
 *   defaultRule:
 *     type: gcp:compute:SecurityPolicyRule
 *     name: default_rule
 *     properties:
 *       securityPolicy: ${default.name}
 *       description: default rule
 *       action: deny
 *       priority: '2147483647'
 *       match:
 *         versionedExpr: SRC_IPS_V1
 *         config:
 *           srcIpRanges:
 *             - '*'
 *   policyRule:
 *     type: gcp:compute:SecurityPolicyRule
 *     name: policy_rule
 *     properties:
 *       securityPolicy: ${default.name}
 *       description: new rule
 *       priority: 100
 *       match:
 *         versionedExpr: SRC_IPS_V1
 *         config:
 *           srcIpRanges:
 *             - 10.10.0.0/16
 *       action: allow
 *       preview: true
 * ```
 * 
 * ### Security Policy Rule Multiple Rules
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const _default = new gcp.compute.SecurityPolicy("default", {
 *     name: "policywithmultiplerules",
 *     description: "basic global security policy",
 *     type: "CLOUD_ARMOR",
 * });
 * const policyRuleOne = new gcp.compute.SecurityPolicyRule("policy_rule_one", {
 *     securityPolicy: _default.name,
 *     description: "new rule one",
 *     priority: 100,
 *     match: {
 *         versionedExpr: "SRC_IPS_V1",
 *         config: {
 *             srcIpRanges: ["10.10.0.0/16"],
 *         },
 *     },
 *     action: "allow",
 *     preview: true,
 * });
 * const policyRuleTwo = new gcp.compute.SecurityPolicyRule("policy_rule_two", {
 *     securityPolicy: _default.name,
 *     description: "new rule two",
 *     priority: 101,
 *     match: {
 *         versionedExpr: "SRC_IPS_V1",
 *         config: {
 *             srcIpRanges: [
 *                 "192.168.0.0/16",
 *                 "10.0.0.0/8",
 *             ],
 *         },
 *     },
 *     action: "allow",
 *     preview: true,
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * default = gcp.compute.SecurityPolicy("default",
 *     name="policywithmultiplerules",
 *     description="basic global security policy",
 *     type="CLOUD_ARMOR")
 * policy_rule_one = gcp.compute.SecurityPolicyRule("policy_rule_one",
 *     security_policy=default.name,
 *     description="new rule one",
 *     priority=100,
 *     match={
 *         "versioned_expr": "SRC_IPS_V1",
 *         "config": {
 *             "src_ip_ranges": ["10.10.0.0/16"],
 *         },
 *     },
 *     action="allow",
 *     preview=True)
 * policy_rule_two = gcp.compute.SecurityPolicyRule("policy_rule_two",
 *     security_policy=default.name,
 *     description="new rule two",
 *     priority=101,
 *     match={
 *         "versioned_expr": "SRC_IPS_V1",
 *         "config": {
 *             "src_ip_ranges": [
 *                 "192.168.0.0/16",
 *                 "10.0.0.0/8",
 *             ],
 *         },
 *     },
 *     action="allow",
 *     preview=True)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var @default = new Gcp.Compute.SecurityPolicy("default", new()
 *     {
 *         Name = "policywithmultiplerules",
 *         Description = "basic global security policy",
 *         Type = "CLOUD_ARMOR",
 *     });
 *     var policyRuleOne = new Gcp.Compute.SecurityPolicyRule("policy_rule_one", new()
 *     {
 *         SecurityPolicy = @default.Name,
 *         Description = "new rule one",
 *         Priority = 100,
 *         Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *         {
 *             VersionedExpr = "SRC_IPS_V1",
 *             Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
 *             {
 *                 SrcIpRanges = new[]
 *                 {
 *                     "10.10.0.0/16",
 *                 },
 *             },
 *         },
 *         Action = "allow",
 *         Preview = true,
 *     });
 *     var policyRuleTwo = new Gcp.Compute.SecurityPolicyRule("policy_rule_two", new()
 *     {
 *         SecurityPolicy = @default.Name,
 *         Description = "new rule two",
 *         Priority = 101,
 *         Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
 *         {
 *             VersionedExpr = "SRC_IPS_V1",
 *             Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
 *             {
 *                 SrcIpRanges = new[]
 *                 {
 *                     "192.168.0.0/16",
 *                     "10.0.0.0/8",
 *                 },
 *             },
 *         },
 *         Action = "allow",
 *         Preview = true,
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := compute.NewSecurityPolicy(ctx, "default", &compute.SecurityPolicyArgs{
 * 			Name:        pulumi.String("policywithmultiplerules"),
 * 			Description: pulumi.String("basic global security policy"),
 * 			Type:        pulumi.String("CLOUD_ARMOR"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = compute.NewSecurityPolicyRule(ctx, "policy_rule_one", &compute.SecurityPolicyRuleArgs{
 * 			SecurityPolicy: _default.Name,
 * 			Description:    pulumi.String("new rule one"),
 * 			Priority:       pulumi.Int(100),
 * 			Match: &compute.SecurityPolicyRuleMatchArgs{
 * 				VersionedExpr: pulumi.String("SRC_IPS_V1"),
 * 				Config: &compute.SecurityPolicyRuleMatchConfigArgs{
 * 					SrcIpRanges: pulumi.StringArray{
 * 						pulumi.String("10.10.0.0/16"),
 * 					},
 * 				},
 * 			},
 * 			Action:  pulumi.String("allow"),
 * 			Preview: pulumi.Bool(true),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = compute.NewSecurityPolicyRule(ctx, "policy_rule_two", &compute.SecurityPolicyRuleArgs{
 * 			SecurityPolicy: _default.Name,
 * 			Description:    pulumi.String("new rule two"),
 * 			Priority:       pulumi.Int(101),
 * 			Match: &compute.SecurityPolicyRuleMatchArgs{
 * 				VersionedExpr: pulumi.String("SRC_IPS_V1"),
 * 				Config: &compute.SecurityPolicyRuleMatchConfigArgs{
 * 					SrcIpRanges: pulumi.StringArray{
 * 						pulumi.String("192.168.0.0/16"),
 * 						pulumi.String("10.0.0.0/8"),
 * 					},
 * 				},
 * 			},
 * 			Action:  pulumi.String("allow"),
 * 			Preview: pulumi.Bool(true),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.compute.SecurityPolicy;
 * import com.pulumi.gcp.compute.SecurityPolicyArgs;
 * import com.pulumi.gcp.compute.SecurityPolicyRule;
 * import com.pulumi.gcp.compute.SecurityPolicyRuleArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
 * import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var default_ = new SecurityPolicy("default", SecurityPolicyArgs.builder()
 *             .name("policywithmultiplerules")
 *             .description("basic global security policy")
 *             .type("CLOUD_ARMOR")
 *             .build());
 *         var policyRuleOne = new SecurityPolicyRule("policyRuleOne", SecurityPolicyRuleArgs.builder()
 *             .securityPolicy(default_.name())
 *             .description("new rule one")
 *             .priority(100)
 *             .match(SecurityPolicyRuleMatchArgs.builder()
 *                 .versionedExpr("SRC_IPS_V1")
 *                 .config(SecurityPolicyRuleMatchConfigArgs.builder()
 *                     .srcIpRanges("10.10.0.0/16")
 *                     .build())
 *                 .build())
 *             .action("allow")
 *             .preview(true)
 *             .build());
 *         var policyRuleTwo = new SecurityPolicyRule("policyRuleTwo", SecurityPolicyRuleArgs.builder()
 *             .securityPolicy(default_.name())
 *             .description("new rule two")
 *             .priority(101)
 *             .match(SecurityPolicyRuleMatchArgs.builder()
 *                 .versionedExpr("SRC_IPS_V1")
 *                 .config(SecurityPolicyRuleMatchConfigArgs.builder()
 *                     .srcIpRanges(
 *                         "192.168.0.0/16",
 *                         "10.0.0.0/8")
 *                     .build())
 *                 .build())
 *             .action("allow")
 *             .preview(true)
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   default:
 *     type: gcp:compute:SecurityPolicy
 *     properties:
 *       name: policywithmultiplerules
 *       description: basic global security policy
 *       type: CLOUD_ARMOR
 *   policyRuleOne:
 *     type: gcp:compute:SecurityPolicyRule
 *     name: policy_rule_one
 *     properties:
 *       securityPolicy: ${default.name}
 *       description: new rule one
 *       priority: 100
 *       match:
 *         versionedExpr: SRC_IPS_V1
 *         config:
 *           srcIpRanges:
 *             - 10.10.0.0/16
 *       action: allow
 *       preview: true
 *   policyRuleTwo:
 *     type: gcp:compute:SecurityPolicyRule
 *     name: policy_rule_two
 *     properties:
 *       securityPolicy: ${default.name}
 *       description: new rule two
 *       priority: 101
 *       match:
 *         versionedExpr: SRC_IPS_V1
 *         config:
 *           srcIpRanges:
 *             - 192.168.0.0/16
 *             - 10.0.0.0/8
 *       action: allow
 *       preview: true
 * ```
 * 
 * ## Import
 * SecurityPolicyRule can be imported using any of these accepted formats:
 * * `projects/{{project}}/global/securityPolicies/{{security_policy}}/priority/{{priority}}`
 * * `{{project}}/{{security_policy}}/{{priority}}`
 * * `{{security_policy}}/{{priority}}`
 * When using the `pulumi import` command, SecurityPolicyRule can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:compute/securityPolicyRule:SecurityPolicyRule default projects/{{project}}/global/securityPolicies/{{security_policy}}/priority/{{priority}}
 * ```
 * ```sh
 * $ pulumi import gcp:compute/securityPolicyRule:SecurityPolicyRule default {{project}}/{{security_policy}}/{{priority}}
 * ```
 * ```sh
 * $ pulumi import gcp:compute/securityPolicyRule:SecurityPolicyRule default {{security_policy}}/{{priority}}
 * ```
 * @property action The Action to perform when the rule is matched. The following are the valid actions:
 * * allow: allow access to target.
 * * deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502.
 * * rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set.
 * * redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR.
 * * throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this.
 * @property description An optional description of this resource. Provide this property when you create the resource.
 * @property headerAction Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
 * Structure is documented below.
 * @property match A match condition that incoming traffic is evaluated against.
 * If it evaluates to true, the corresponding 'action' is enforced.
 * Structure is documented below.
 * @property preconfiguredWafConfig Preconfigured WAF configuration to be applied for the rule.
 * If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
 * Structure is documented below.
 * @property preview If set to true, the specified action is not enforced.
 * @property priority An integer indicating the priority of a rule in the list.
 * The priority must be a positive value between 0 and 2147483647.
 * Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
 * @property project The ID of the project in which the resource belongs.
 * If it is not provided, the provider project is used.
 * @property rateLimitOptions Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
 * Structure is documented below.
 * @property redirectOptions Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
 * Structure is documented below.
 * @property securityPolicy The name of the security policy this rule belongs to.
 * - - -
 */
public data class SecurityPolicyRuleArgs(
    public val action: Output? = null,
    public val description: Output? = null,
    public val headerAction: Output? = null,
    public val match: Output? = null,
    public val preconfiguredWafConfig: Output? = null,
    public val preview: Output? = null,
    public val priority: Output? = null,
    public val project: Output? = null,
    public val rateLimitOptions: Output? = null,
    public val redirectOptions: Output? = null,
    public val securityPolicy: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.gcp.compute.SecurityPolicyRuleArgs =
        com.pulumi.gcp.compute.SecurityPolicyRuleArgs.builder()
            .action(action?.applyValue({ args0 -> args0 }))
            .description(description?.applyValue({ args0 -> args0 }))
            .headerAction(headerAction?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
            .match(match?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
            .preconfiguredWafConfig(
                preconfiguredWafConfig?.applyValue({ args0 ->
                    args0.let({ args0 ->
                        args0.toJava()
                    })
                }),
            )
            .preview(preview?.applyValue({ args0 -> args0 }))
            .priority(priority?.applyValue({ args0 -> args0 }))
            .project(project?.applyValue({ args0 -> args0 }))
            .rateLimitOptions(rateLimitOptions?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
            .redirectOptions(redirectOptions?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
            .securityPolicy(securityPolicy?.applyValue({ args0 -> args0 })).build()
}

/**
 * Builder for [SecurityPolicyRuleArgs].
 */
@PulumiTagMarker
public class SecurityPolicyRuleArgsBuilder internal constructor() {
    private var action: Output? = null

    private var description: Output? = null

    private var headerAction: Output? = null

    private var match: Output? = null

    private var preconfiguredWafConfig: Output? = null

    private var preview: Output? = null

    private var priority: Output? = null

    private var project: Output? = null

    private var rateLimitOptions: Output? = null

    private var redirectOptions: Output? = null

    private var securityPolicy: Output? = null

    /**
     * @param value The Action to perform when the rule is matched. The following are the valid actions:
     * * allow: allow access to target.
     * * deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502.
     * * rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set.
     * * redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR.
     * * throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this.
     */
    @JvmName("mvuldwhfykwoiwry")
    public suspend fun action(`value`: Output) {
        this.action = value
    }

    /**
     * @param value An optional description of this resource. Provide this property when you create the resource.
     */
    @JvmName("lkgpnnldsvutvsnc")
    public suspend fun description(`value`: Output) {
        this.description = value
    }

    /**
     * @param value Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
     * Structure is documented below.
     */
    @JvmName("iueyqwqovodaouul")
    public suspend fun headerAction(`value`: Output) {
        this.headerAction = value
    }

    /**
     * @param value A match condition that incoming traffic is evaluated against.
     * If it evaluates to true, the corresponding 'action' is enforced.
     * Structure is documented below.
     */
    @JvmName("joptcsfkbmxriqer")
    public suspend fun match(`value`: Output) {
        this.match = value
    }

    /**
     * @param value Preconfigured WAF configuration to be applied for the rule.
     * If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
     * Structure is documented below.
     */
    @JvmName("pyevnceqpqyqetbb")
    public suspend fun preconfiguredWafConfig(`value`: Output) {
        this.preconfiguredWafConfig = value
    }

    /**
     * @param value If set to true, the specified action is not enforced.
     */
    @JvmName("yglptlrxmoetrdkl")
    public suspend fun preview(`value`: Output) {
        this.preview = value
    }

    /**
     * @param value An integer indicating the priority of a rule in the list.
     * The priority must be a positive value between 0 and 2147483647.
     * Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
     */
    @JvmName("pugksfnqunirmgpm")
    public suspend fun priority(`value`: Output) {
        this.priority = value
    }

    /**
     * @param value The ID of the project in which the resource belongs.
     * If it is not provided, the provider project is used.
     */
    @JvmName("sxokjtfylnbmvisd")
    public suspend fun project(`value`: Output) {
        this.project = value
    }

    /**
     * @param value Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
     * Structure is documented below.
     */
    @JvmName("hrqollrpcaajkuve")
    public suspend fun rateLimitOptions(`value`: Output) {
        this.rateLimitOptions = value
    }

    /**
     * @param value Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
     * Structure is documented below.
     */
    @JvmName("vhrcwsmfenpamxui")
    public suspend fun redirectOptions(`value`: Output) {
        this.redirectOptions = value
    }

    /**
     * @param value The name of the security policy this rule belongs to.
     * - - -
     */
    @JvmName("wguspdjsemudmsrj")
    public suspend fun securityPolicy(`value`: Output) {
        this.securityPolicy = value
    }

    /**
     * @param value The Action to perform when the rule is matched. The following are the valid actions:
     * * allow: allow access to target.
     * * deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502.
     * * rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set.
     * * redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR.
     * * throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this.
     */
    @JvmName("qplvyrgppqjdtjkg")
    public suspend fun action(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.action = mapped
    }

    /**
     * @param value An optional description of this resource. Provide this property when you create the resource.
     */
    @JvmName("xllpaofgklpufqeb")
    public suspend fun description(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.description = mapped
    }

    /**
     * @param value Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
     * Structure is documented below.
     */
    @JvmName("lvcxwmbyogyycjvw")
    public suspend fun headerAction(`value`: SecurityPolicyRuleHeaderActionArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.headerAction = mapped
    }

    /**
     * @param argument Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
     * Structure is documented below.
     */
    @JvmName("xvsrmyujluwenpje")
    public suspend fun headerAction(argument: suspend SecurityPolicyRuleHeaderActionArgsBuilder.() -> Unit) {
        val toBeMapped = SecurityPolicyRuleHeaderActionArgsBuilder().applySuspend { argument() }.build()
        val mapped = of(toBeMapped)
        this.headerAction = mapped
    }

    /**
     * @param value A match condition that incoming traffic is evaluated against.
     * If it evaluates to true, the corresponding 'action' is enforced.
     * Structure is documented below.
     */
    @JvmName("xointyabuuawfwmt")
    public suspend fun match(`value`: SecurityPolicyRuleMatchArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.match = mapped
    }

    /**
     * @param argument A match condition that incoming traffic is evaluated against.
     * If it evaluates to true, the corresponding 'action' is enforced.
     * Structure is documented below.
     */
    @JvmName("audicmrujtnbgbls")
    public suspend fun match(argument: suspend SecurityPolicyRuleMatchArgsBuilder.() -> Unit) {
        val toBeMapped = SecurityPolicyRuleMatchArgsBuilder().applySuspend { argument() }.build()
        val mapped = of(toBeMapped)
        this.match = mapped
    }

    /**
     * @param value Preconfigured WAF configuration to be applied for the rule.
     * If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
     * Structure is documented below.
     */
    @JvmName("funirswivxntlvaj")
    public suspend fun preconfiguredWafConfig(`value`: SecurityPolicyRulePreconfiguredWafConfigArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.preconfiguredWafConfig = mapped
    }

    /**
     * @param argument Preconfigured WAF configuration to be applied for the rule.
     * If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
     * Structure is documented below.
     */
    @JvmName("kqxfgnuqtexgyffi")
    public suspend fun preconfiguredWafConfig(argument: suspend SecurityPolicyRulePreconfiguredWafConfigArgsBuilder.() -> Unit) {
        val toBeMapped = SecurityPolicyRulePreconfiguredWafConfigArgsBuilder().applySuspend {
            argument()
        }.build()
        val mapped = of(toBeMapped)
        this.preconfiguredWafConfig = mapped
    }

    /**
     * @param value If set to true, the specified action is not enforced.
     */
    @JvmName("rcpphfrgeumnwrsj")
    public suspend fun preview(`value`: Boolean?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.preview = mapped
    }

    /**
     * @param value An integer indicating the priority of a rule in the list.
     * The priority must be a positive value between 0 and 2147483647.
     * Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
     */
    @JvmName("rnvvpkrrdyejcioe")
    public suspend fun priority(`value`: Int?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.priority = mapped
    }

    /**
     * @param value The ID of the project in which the resource belongs.
     * If it is not provided, the provider project is used.
     */
    @JvmName("iudupufenfyembjd")
    public suspend fun project(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.project = mapped
    }

    /**
     * @param value Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
     * Structure is documented below.
     */
    @JvmName("olokskvmpfpyehei")
    public suspend fun rateLimitOptions(`value`: SecurityPolicyRuleRateLimitOptionsArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.rateLimitOptions = mapped
    }

    /**
     * @param argument Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
     * Structure is documented below.
     */
    @JvmName("bivjrrlqsietjlti")
    public suspend fun rateLimitOptions(argument: suspend SecurityPolicyRuleRateLimitOptionsArgsBuilder.() -> Unit) {
        val toBeMapped = SecurityPolicyRuleRateLimitOptionsArgsBuilder().applySuspend {
            argument()
        }.build()
        val mapped = of(toBeMapped)
        this.rateLimitOptions = mapped
    }

    /**
     * @param value Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
     * Structure is documented below.
     */
    @JvmName("vhbqubukvkjwmsek")
    public suspend fun redirectOptions(`value`: SecurityPolicyRuleRedirectOptionsArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.redirectOptions = mapped
    }

    /**
     * @param argument Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
     * Structure is documented below.
     */
    @JvmName("qcjigeifdhaeafrs")
    public suspend fun redirectOptions(argument: suspend SecurityPolicyRuleRedirectOptionsArgsBuilder.() -> Unit) {
        val toBeMapped = SecurityPolicyRuleRedirectOptionsArgsBuilder().applySuspend {
            argument()
        }.build()
        val mapped = of(toBeMapped)
        this.redirectOptions = mapped
    }

    /**
     * @param value The name of the security policy this rule belongs to.
     * - - -
     */
    @JvmName("ajhxpywkuapbwwur")
    public suspend fun securityPolicy(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.securityPolicy = mapped
    }

    internal fun build(): SecurityPolicyRuleArgs = SecurityPolicyRuleArgs(
        action = action,
        description = description,
        headerAction = headerAction,
        match = match,
        preconfiguredWafConfig = preconfiguredWafConfig,
        preview = preview,
        priority = priority,
        project = project,
        rateLimitOptions = rateLimitOptions,
        redirectOptions = redirectOptions,
        securityPolicy = securityPolicy,
    )
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy