com.pulumi.gcp.compute.kotlin.SecurityPolicyRuleArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.compute.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.compute.SecurityPolicyRuleArgs.builder
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleHeaderActionArgs
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleHeaderActionArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleMatchArgs
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleMatchArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRulePreconfiguredWafConfigArgs
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRulePreconfiguredWafConfigArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleRateLimitOptionsArgs
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleRateLimitOptionsArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleRedirectOptionsArgs
import com.pulumi.gcp.compute.kotlin.inputs.SecurityPolicyRuleRedirectOptionsArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.jvm.JvmName
/**
* A rule for the SecurityPolicy.
* To get more information about SecurityPolicyRule, see:
* * [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/securityPolicies/addRule)
* * How-to Guides
* * [Creating global security policy rules](https://cloud.google.com/armor/docs/configure-security-policies)
* ## Example Usage
* ### Security Policy Rule Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.compute.SecurityPolicy("default", {
* name: "policyruletest",
* description: "basic global security policy",
* type: "CLOUD_ARMOR",
* });
* const policyRule = new gcp.compute.SecurityPolicyRule("policy_rule", {
* securityPolicy: _default.name,
* description: "new rule",
* priority: 100,
* match: {
* versionedExpr: "SRC_IPS_V1",
* config: {
* srcIpRanges: ["10.10.0.0/16"],
* },
* },
* action: "allow",
* preview: true,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.compute.SecurityPolicy("default",
* name="policyruletest",
* description="basic global security policy",
* type="CLOUD_ARMOR")
* policy_rule = gcp.compute.SecurityPolicyRule("policy_rule",
* security_policy=default.name,
* description="new rule",
* priority=100,
* match={
* "versioned_expr": "SRC_IPS_V1",
* "config": {
* "src_ip_ranges": ["10.10.0.0/16"],
* },
* },
* action="allow",
* preview=True)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.Compute.SecurityPolicy("default", new()
* {
* Name = "policyruletest",
* Description = "basic global security policy",
* Type = "CLOUD_ARMOR",
* });
* var policyRule = new Gcp.Compute.SecurityPolicyRule("policy_rule", new()
* {
* SecurityPolicy = @default.Name,
* Description = "new rule",
* Priority = 100,
* Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
* {
* VersionedExpr = "SRC_IPS_V1",
* Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
* {
* SrcIpRanges = new[]
* {
* "10.10.0.0/16",
* },
* },
* },
* Action = "allow",
* Preview = true,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := compute.NewSecurityPolicy(ctx, "default", &compute.SecurityPolicyArgs{
* Name: pulumi.String("policyruletest"),
* Description: pulumi.String("basic global security policy"),
* Type: pulumi.String("CLOUD_ARMOR"),
* })
* if err != nil {
* return err
* }
* _, err = compute.NewSecurityPolicyRule(ctx, "policy_rule", &compute.SecurityPolicyRuleArgs{
* SecurityPolicy: _default.Name,
* Description: pulumi.String("new rule"),
* Priority: pulumi.Int(100),
* Match: &compute.SecurityPolicyRuleMatchArgs{
* VersionedExpr: pulumi.String("SRC_IPS_V1"),
* Config: &compute.SecurityPolicyRuleMatchConfigArgs{
* SrcIpRanges: pulumi.StringArray{
* pulumi.String("10.10.0.0/16"),
* },
* },
* },
* Action: pulumi.String("allow"),
* Preview: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.SecurityPolicy;
* import com.pulumi.gcp.compute.SecurityPolicyArgs;
* import com.pulumi.gcp.compute.SecurityPolicyRule;
* import com.pulumi.gcp.compute.SecurityPolicyRuleArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new SecurityPolicy("default", SecurityPolicyArgs.builder()
* .name("policyruletest")
* .description("basic global security policy")
* .type("CLOUD_ARMOR")
* .build());
* var policyRule = new SecurityPolicyRule("policyRule", SecurityPolicyRuleArgs.builder()
* .securityPolicy(default_.name())
* .description("new rule")
* .priority(100)
* .match(SecurityPolicyRuleMatchArgs.builder()
* .versionedExpr("SRC_IPS_V1")
* .config(SecurityPolicyRuleMatchConfigArgs.builder()
* .srcIpRanges("10.10.0.0/16")
* .build())
* .build())
* .action("allow")
* .preview(true)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:compute:SecurityPolicy
* properties:
* name: policyruletest
* description: basic global security policy
* type: CLOUD_ARMOR
* policyRule:
* type: gcp:compute:SecurityPolicyRule
* name: policy_rule
* properties:
* securityPolicy: ${default.name}
* description: new rule
* priority: 100
* match:
* versionedExpr: SRC_IPS_V1
* config:
* srcIpRanges:
* - 10.10.0.0/16
* action: allow
* preview: true
* ```
*
* ### Security Policy Rule Default Rule
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.compute.SecurityPolicy("default", {
* name: "policyruletest",
* description: "basic global security policy",
* type: "CLOUD_ARMOR",
* });
* const defaultRule = new gcp.compute.SecurityPolicyRule("default_rule", {
* securityPolicy: _default.name,
* description: "default rule",
* action: "deny",
* priority: 2147483647,
* match: {
* versionedExpr: "SRC_IPS_V1",
* config: {
* srcIpRanges: ["*"],
* },
* },
* });
* const policyRule = new gcp.compute.SecurityPolicyRule("policy_rule", {
* securityPolicy: _default.name,
* description: "new rule",
* priority: 100,
* match: {
* versionedExpr: "SRC_IPS_V1",
* config: {
* srcIpRanges: ["10.10.0.0/16"],
* },
* },
* action: "allow",
* preview: true,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.compute.SecurityPolicy("default",
* name="policyruletest",
* description="basic global security policy",
* type="CLOUD_ARMOR")
* default_rule = gcp.compute.SecurityPolicyRule("default_rule",
* security_policy=default.name,
* description="default rule",
* action="deny",
* priority=2147483647,
* match={
* "versioned_expr": "SRC_IPS_V1",
* "config": {
* "src_ip_ranges": ["*"],
* },
* })
* policy_rule = gcp.compute.SecurityPolicyRule("policy_rule",
* security_policy=default.name,
* description="new rule",
* priority=100,
* match={
* "versioned_expr": "SRC_IPS_V1",
* "config": {
* "src_ip_ranges": ["10.10.0.0/16"],
* },
* },
* action="allow",
* preview=True)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.Compute.SecurityPolicy("default", new()
* {
* Name = "policyruletest",
* Description = "basic global security policy",
* Type = "CLOUD_ARMOR",
* });
* var defaultRule = new Gcp.Compute.SecurityPolicyRule("default_rule", new()
* {
* SecurityPolicy = @default.Name,
* Description = "default rule",
* Action = "deny",
* Priority = 2147483647,
* Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
* {
* VersionedExpr = "SRC_IPS_V1",
* Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
* {
* SrcIpRanges = new[]
* {
* "*",
* },
* },
* },
* });
* var policyRule = new Gcp.Compute.SecurityPolicyRule("policy_rule", new()
* {
* SecurityPolicy = @default.Name,
* Description = "new rule",
* Priority = 100,
* Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
* {
* VersionedExpr = "SRC_IPS_V1",
* Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
* {
* SrcIpRanges = new[]
* {
* "10.10.0.0/16",
* },
* },
* },
* Action = "allow",
* Preview = true,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := compute.NewSecurityPolicy(ctx, "default", &compute.SecurityPolicyArgs{
* Name: pulumi.String("policyruletest"),
* Description: pulumi.String("basic global security policy"),
* Type: pulumi.String("CLOUD_ARMOR"),
* })
* if err != nil {
* return err
* }
* _, err = compute.NewSecurityPolicyRule(ctx, "default_rule", &compute.SecurityPolicyRuleArgs{
* SecurityPolicy: _default.Name,
* Description: pulumi.String("default rule"),
* Action: pulumi.String("deny"),
* Priority: pulumi.Int(2147483647),
* Match: &compute.SecurityPolicyRuleMatchArgs{
* VersionedExpr: pulumi.String("SRC_IPS_V1"),
* Config: &compute.SecurityPolicyRuleMatchConfigArgs{
* SrcIpRanges: pulumi.StringArray{
* pulumi.String("*"),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* _, err = compute.NewSecurityPolicyRule(ctx, "policy_rule", &compute.SecurityPolicyRuleArgs{
* SecurityPolicy: _default.Name,
* Description: pulumi.String("new rule"),
* Priority: pulumi.Int(100),
* Match: &compute.SecurityPolicyRuleMatchArgs{
* VersionedExpr: pulumi.String("SRC_IPS_V1"),
* Config: &compute.SecurityPolicyRuleMatchConfigArgs{
* SrcIpRanges: pulumi.StringArray{
* pulumi.String("10.10.0.0/16"),
* },
* },
* },
* Action: pulumi.String("allow"),
* Preview: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.SecurityPolicy;
* import com.pulumi.gcp.compute.SecurityPolicyArgs;
* import com.pulumi.gcp.compute.SecurityPolicyRule;
* import com.pulumi.gcp.compute.SecurityPolicyRuleArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new SecurityPolicy("default", SecurityPolicyArgs.builder()
* .name("policyruletest")
* .description("basic global security policy")
* .type("CLOUD_ARMOR")
* .build());
* var defaultRule = new SecurityPolicyRule("defaultRule", SecurityPolicyRuleArgs.builder()
* .securityPolicy(default_.name())
* .description("default rule")
* .action("deny")
* .priority("2147483647")
* .match(SecurityPolicyRuleMatchArgs.builder()
* .versionedExpr("SRC_IPS_V1")
* .config(SecurityPolicyRuleMatchConfigArgs.builder()
* .srcIpRanges("*")
* .build())
* .build())
* .build());
* var policyRule = new SecurityPolicyRule("policyRule", SecurityPolicyRuleArgs.builder()
* .securityPolicy(default_.name())
* .description("new rule")
* .priority(100)
* .match(SecurityPolicyRuleMatchArgs.builder()
* .versionedExpr("SRC_IPS_V1")
* .config(SecurityPolicyRuleMatchConfigArgs.builder()
* .srcIpRanges("10.10.0.0/16")
* .build())
* .build())
* .action("allow")
* .preview(true)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:compute:SecurityPolicy
* properties:
* name: policyruletest
* description: basic global security policy
* type: CLOUD_ARMOR
* defaultRule:
* type: gcp:compute:SecurityPolicyRule
* name: default_rule
* properties:
* securityPolicy: ${default.name}
* description: default rule
* action: deny
* priority: '2147483647'
* match:
* versionedExpr: SRC_IPS_V1
* config:
* srcIpRanges:
* - '*'
* policyRule:
* type: gcp:compute:SecurityPolicyRule
* name: policy_rule
* properties:
* securityPolicy: ${default.name}
* description: new rule
* priority: 100
* match:
* versionedExpr: SRC_IPS_V1
* config:
* srcIpRanges:
* - 10.10.0.0/16
* action: allow
* preview: true
* ```
*
* ### Security Policy Rule Multiple Rules
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.compute.SecurityPolicy("default", {
* name: "policywithmultiplerules",
* description: "basic global security policy",
* type: "CLOUD_ARMOR",
* });
* const policyRuleOne = new gcp.compute.SecurityPolicyRule("policy_rule_one", {
* securityPolicy: _default.name,
* description: "new rule one",
* priority: 100,
* match: {
* versionedExpr: "SRC_IPS_V1",
* config: {
* srcIpRanges: ["10.10.0.0/16"],
* },
* },
* action: "allow",
* preview: true,
* });
* const policyRuleTwo = new gcp.compute.SecurityPolicyRule("policy_rule_two", {
* securityPolicy: _default.name,
* description: "new rule two",
* priority: 101,
* match: {
* versionedExpr: "SRC_IPS_V1",
* config: {
* srcIpRanges: [
* "192.168.0.0/16",
* "10.0.0.0/8",
* ],
* },
* },
* action: "allow",
* preview: true,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.compute.SecurityPolicy("default",
* name="policywithmultiplerules",
* description="basic global security policy",
* type="CLOUD_ARMOR")
* policy_rule_one = gcp.compute.SecurityPolicyRule("policy_rule_one",
* security_policy=default.name,
* description="new rule one",
* priority=100,
* match={
* "versioned_expr": "SRC_IPS_V1",
* "config": {
* "src_ip_ranges": ["10.10.0.0/16"],
* },
* },
* action="allow",
* preview=True)
* policy_rule_two = gcp.compute.SecurityPolicyRule("policy_rule_two",
* security_policy=default.name,
* description="new rule two",
* priority=101,
* match={
* "versioned_expr": "SRC_IPS_V1",
* "config": {
* "src_ip_ranges": [
* "192.168.0.0/16",
* "10.0.0.0/8",
* ],
* },
* },
* action="allow",
* preview=True)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.Compute.SecurityPolicy("default", new()
* {
* Name = "policywithmultiplerules",
* Description = "basic global security policy",
* Type = "CLOUD_ARMOR",
* });
* var policyRuleOne = new Gcp.Compute.SecurityPolicyRule("policy_rule_one", new()
* {
* SecurityPolicy = @default.Name,
* Description = "new rule one",
* Priority = 100,
* Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
* {
* VersionedExpr = "SRC_IPS_V1",
* Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
* {
* SrcIpRanges = new[]
* {
* "10.10.0.0/16",
* },
* },
* },
* Action = "allow",
* Preview = true,
* });
* var policyRuleTwo = new Gcp.Compute.SecurityPolicyRule("policy_rule_two", new()
* {
* SecurityPolicy = @default.Name,
* Description = "new rule two",
* Priority = 101,
* Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
* {
* VersionedExpr = "SRC_IPS_V1",
* Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
* {
* SrcIpRanges = new[]
* {
* "192.168.0.0/16",
* "10.0.0.0/8",
* },
* },
* },
* Action = "allow",
* Preview = true,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := compute.NewSecurityPolicy(ctx, "default", &compute.SecurityPolicyArgs{
* Name: pulumi.String("policywithmultiplerules"),
* Description: pulumi.String("basic global security policy"),
* Type: pulumi.String("CLOUD_ARMOR"),
* })
* if err != nil {
* return err
* }
* _, err = compute.NewSecurityPolicyRule(ctx, "policy_rule_one", &compute.SecurityPolicyRuleArgs{
* SecurityPolicy: _default.Name,
* Description: pulumi.String("new rule one"),
* Priority: pulumi.Int(100),
* Match: &compute.SecurityPolicyRuleMatchArgs{
* VersionedExpr: pulumi.String("SRC_IPS_V1"),
* Config: &compute.SecurityPolicyRuleMatchConfigArgs{
* SrcIpRanges: pulumi.StringArray{
* pulumi.String("10.10.0.0/16"),
* },
* },
* },
* Action: pulumi.String("allow"),
* Preview: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* _, err = compute.NewSecurityPolicyRule(ctx, "policy_rule_two", &compute.SecurityPolicyRuleArgs{
* SecurityPolicy: _default.Name,
* Description: pulumi.String("new rule two"),
* Priority: pulumi.Int(101),
* Match: &compute.SecurityPolicyRuleMatchArgs{
* VersionedExpr: pulumi.String("SRC_IPS_V1"),
* Config: &compute.SecurityPolicyRuleMatchConfigArgs{
* SrcIpRanges: pulumi.StringArray{
* pulumi.String("192.168.0.0/16"),
* pulumi.String("10.0.0.0/8"),
* },
* },
* },
* Action: pulumi.String("allow"),
* Preview: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.SecurityPolicy;
* import com.pulumi.gcp.compute.SecurityPolicyArgs;
* import com.pulumi.gcp.compute.SecurityPolicyRule;
* import com.pulumi.gcp.compute.SecurityPolicyRuleArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
* import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new SecurityPolicy("default", SecurityPolicyArgs.builder()
* .name("policywithmultiplerules")
* .description("basic global security policy")
* .type("CLOUD_ARMOR")
* .build());
* var policyRuleOne = new SecurityPolicyRule("policyRuleOne", SecurityPolicyRuleArgs.builder()
* .securityPolicy(default_.name())
* .description("new rule one")
* .priority(100)
* .match(SecurityPolicyRuleMatchArgs.builder()
* .versionedExpr("SRC_IPS_V1")
* .config(SecurityPolicyRuleMatchConfigArgs.builder()
* .srcIpRanges("10.10.0.0/16")
* .build())
* .build())
* .action("allow")
* .preview(true)
* .build());
* var policyRuleTwo = new SecurityPolicyRule("policyRuleTwo", SecurityPolicyRuleArgs.builder()
* .securityPolicy(default_.name())
* .description("new rule two")
* .priority(101)
* .match(SecurityPolicyRuleMatchArgs.builder()
* .versionedExpr("SRC_IPS_V1")
* .config(SecurityPolicyRuleMatchConfigArgs.builder()
* .srcIpRanges(
* "192.168.0.0/16",
* "10.0.0.0/8")
* .build())
* .build())
* .action("allow")
* .preview(true)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:compute:SecurityPolicy
* properties:
* name: policywithmultiplerules
* description: basic global security policy
* type: CLOUD_ARMOR
* policyRuleOne:
* type: gcp:compute:SecurityPolicyRule
* name: policy_rule_one
* properties:
* securityPolicy: ${default.name}
* description: new rule one
* priority: 100
* match:
* versionedExpr: SRC_IPS_V1
* config:
* srcIpRanges:
* - 10.10.0.0/16
* action: allow
* preview: true
* policyRuleTwo:
* type: gcp:compute:SecurityPolicyRule
* name: policy_rule_two
* properties:
* securityPolicy: ${default.name}
* description: new rule two
* priority: 101
* match:
* versionedExpr: SRC_IPS_V1
* config:
* srcIpRanges:
* - 192.168.0.0/16
* - 10.0.0.0/8
* action: allow
* preview: true
* ```
*
* ## Import
* SecurityPolicyRule can be imported using any of these accepted formats:
* * `projects/{{project}}/global/securityPolicies/{{security_policy}}/priority/{{priority}}`
* * `{{project}}/{{security_policy}}/{{priority}}`
* * `{{security_policy}}/{{priority}}`
* When using the `pulumi import` command, SecurityPolicyRule can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:compute/securityPolicyRule:SecurityPolicyRule default projects/{{project}}/global/securityPolicies/{{security_policy}}/priority/{{priority}}
* ```
* ```sh
* $ pulumi import gcp:compute/securityPolicyRule:SecurityPolicyRule default {{project}}/{{security_policy}}/{{priority}}
* ```
* ```sh
* $ pulumi import gcp:compute/securityPolicyRule:SecurityPolicyRule default {{security_policy}}/{{priority}}
* ```
* @property action The Action to perform when the rule is matched. The following are the valid actions:
* * allow: allow access to target.
* * deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502.
* * rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set.
* * redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR.
* * throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this.
* @property description An optional description of this resource. Provide this property when you create the resource.
* @property headerAction Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
* Structure is documented below.
* @property match A match condition that incoming traffic is evaluated against.
* If it evaluates to true, the corresponding 'action' is enforced.
* Structure is documented below.
* @property preconfiguredWafConfig Preconfigured WAF configuration to be applied for the rule.
* If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
* Structure is documented below.
* @property preview If set to true, the specified action is not enforced.
* @property priority An integer indicating the priority of a rule in the list.
* The priority must be a positive value between 0 and 2147483647.
* Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
* @property project The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
* @property rateLimitOptions Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
* Structure is documented below.
* @property redirectOptions Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
* Structure is documented below.
* @property securityPolicy The name of the security policy this rule belongs to.
* - - -
*/
public data class SecurityPolicyRuleArgs(
public val action: Output? = null,
public val description: Output? = null,
public val headerAction: Output? = null,
public val match: Output? = null,
public val preconfiguredWafConfig: Output? = null,
public val preview: Output? = null,
public val priority: Output? = null,
public val project: Output? = null,
public val rateLimitOptions: Output? = null,
public val redirectOptions: Output? = null,
public val securityPolicy: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.compute.SecurityPolicyRuleArgs =
com.pulumi.gcp.compute.SecurityPolicyRuleArgs.builder()
.action(action?.applyValue({ args0 -> args0 }))
.description(description?.applyValue({ args0 -> args0 }))
.headerAction(headerAction?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.match(match?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.preconfiguredWafConfig(
preconfiguredWafConfig?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
)
.preview(preview?.applyValue({ args0 -> args0 }))
.priority(priority?.applyValue({ args0 -> args0 }))
.project(project?.applyValue({ args0 -> args0 }))
.rateLimitOptions(rateLimitOptions?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.redirectOptions(redirectOptions?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.securityPolicy(securityPolicy?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [SecurityPolicyRuleArgs].
*/
@PulumiTagMarker
public class SecurityPolicyRuleArgsBuilder internal constructor() {
private var action: Output? = null
private var description: Output? = null
private var headerAction: Output? = null
private var match: Output? = null
private var preconfiguredWafConfig: Output? = null
private var preview: Output? = null
private var priority: Output? = null
private var project: Output? = null
private var rateLimitOptions: Output? = null
private var redirectOptions: Output? = null
private var securityPolicy: Output? = null
/**
* @param value The Action to perform when the rule is matched. The following are the valid actions:
* * allow: allow access to target.
* * deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502.
* * rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set.
* * redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR.
* * throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this.
*/
@JvmName("mvuldwhfykwoiwry")
public suspend fun action(`value`: Output) {
this.action = value
}
/**
* @param value An optional description of this resource. Provide this property when you create the resource.
*/
@JvmName("lkgpnnldsvutvsnc")
public suspend fun description(`value`: Output) {
this.description = value
}
/**
* @param value Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
* Structure is documented below.
*/
@JvmName("iueyqwqovodaouul")
public suspend fun headerAction(`value`: Output) {
this.headerAction = value
}
/**
* @param value A match condition that incoming traffic is evaluated against.
* If it evaluates to true, the corresponding 'action' is enforced.
* Structure is documented below.
*/
@JvmName("joptcsfkbmxriqer")
public suspend fun match(`value`: Output) {
this.match = value
}
/**
* @param value Preconfigured WAF configuration to be applied for the rule.
* If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
* Structure is documented below.
*/
@JvmName("pyevnceqpqyqetbb")
public suspend fun preconfiguredWafConfig(`value`: Output) {
this.preconfiguredWafConfig = value
}
/**
* @param value If set to true, the specified action is not enforced.
*/
@JvmName("yglptlrxmoetrdkl")
public suspend fun preview(`value`: Output) {
this.preview = value
}
/**
* @param value An integer indicating the priority of a rule in the list.
* The priority must be a positive value between 0 and 2147483647.
* Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
*/
@JvmName("pugksfnqunirmgpm")
public suspend fun priority(`value`: Output) {
this.priority = value
}
/**
* @param value The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
@JvmName("sxokjtfylnbmvisd")
public suspend fun project(`value`: Output) {
this.project = value
}
/**
* @param value Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
* Structure is documented below.
*/
@JvmName("hrqollrpcaajkuve")
public suspend fun rateLimitOptions(`value`: Output) {
this.rateLimitOptions = value
}
/**
* @param value Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
* Structure is documented below.
*/
@JvmName("vhrcwsmfenpamxui")
public suspend fun redirectOptions(`value`: Output) {
this.redirectOptions = value
}
/**
* @param value The name of the security policy this rule belongs to.
* - - -
*/
@JvmName("wguspdjsemudmsrj")
public suspend fun securityPolicy(`value`: Output) {
this.securityPolicy = value
}
/**
* @param value The Action to perform when the rule is matched. The following are the valid actions:
* * allow: allow access to target.
* * deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502.
* * rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set.
* * redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR.
* * throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this.
*/
@JvmName("qplvyrgppqjdtjkg")
public suspend fun action(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.action = mapped
}
/**
* @param value An optional description of this resource. Provide this property when you create the resource.
*/
@JvmName("xllpaofgklpufqeb")
public suspend fun description(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.description = mapped
}
/**
* @param value Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
* Structure is documented below.
*/
@JvmName("lvcxwmbyogyycjvw")
public suspend fun headerAction(`value`: SecurityPolicyRuleHeaderActionArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.headerAction = mapped
}
/**
* @param argument Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
* Structure is documented below.
*/
@JvmName("xvsrmyujluwenpje")
public suspend fun headerAction(argument: suspend SecurityPolicyRuleHeaderActionArgsBuilder.() -> Unit) {
val toBeMapped = SecurityPolicyRuleHeaderActionArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.headerAction = mapped
}
/**
* @param value A match condition that incoming traffic is evaluated against.
* If it evaluates to true, the corresponding 'action' is enforced.
* Structure is documented below.
*/
@JvmName("xointyabuuawfwmt")
public suspend fun match(`value`: SecurityPolicyRuleMatchArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.match = mapped
}
/**
* @param argument A match condition that incoming traffic is evaluated against.
* If it evaluates to true, the corresponding 'action' is enforced.
* Structure is documented below.
*/
@JvmName("audicmrujtnbgbls")
public suspend fun match(argument: suspend SecurityPolicyRuleMatchArgsBuilder.() -> Unit) {
val toBeMapped = SecurityPolicyRuleMatchArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.match = mapped
}
/**
* @param value Preconfigured WAF configuration to be applied for the rule.
* If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
* Structure is documented below.
*/
@JvmName("funirswivxntlvaj")
public suspend fun preconfiguredWafConfig(`value`: SecurityPolicyRulePreconfiguredWafConfigArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.preconfiguredWafConfig = mapped
}
/**
* @param argument Preconfigured WAF configuration to be applied for the rule.
* If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
* Structure is documented below.
*/
@JvmName("kqxfgnuqtexgyffi")
public suspend fun preconfiguredWafConfig(argument: suspend SecurityPolicyRulePreconfiguredWafConfigArgsBuilder.() -> Unit) {
val toBeMapped = SecurityPolicyRulePreconfiguredWafConfigArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.preconfiguredWafConfig = mapped
}
/**
* @param value If set to true, the specified action is not enforced.
*/
@JvmName("rcpphfrgeumnwrsj")
public suspend fun preview(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.preview = mapped
}
/**
* @param value An integer indicating the priority of a rule in the list.
* The priority must be a positive value between 0 and 2147483647.
* Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
*/
@JvmName("rnvvpkrrdyejcioe")
public suspend fun priority(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.priority = mapped
}
/**
* @param value The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
@JvmName("iudupufenfyembjd")
public suspend fun project(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.project = mapped
}
/**
* @param value Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
* Structure is documented below.
*/
@JvmName("olokskvmpfpyehei")
public suspend fun rateLimitOptions(`value`: SecurityPolicyRuleRateLimitOptionsArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.rateLimitOptions = mapped
}
/**
* @param argument Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
* Structure is documented below.
*/
@JvmName("bivjrrlqsietjlti")
public suspend fun rateLimitOptions(argument: suspend SecurityPolicyRuleRateLimitOptionsArgsBuilder.() -> Unit) {
val toBeMapped = SecurityPolicyRuleRateLimitOptionsArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.rateLimitOptions = mapped
}
/**
* @param value Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
* Structure is documented below.
*/
@JvmName("vhbqubukvkjwmsek")
public suspend fun redirectOptions(`value`: SecurityPolicyRuleRedirectOptionsArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.redirectOptions = mapped
}
/**
* @param argument Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
* Structure is documented below.
*/
@JvmName("qcjigeifdhaeafrs")
public suspend fun redirectOptions(argument: suspend SecurityPolicyRuleRedirectOptionsArgsBuilder.() -> Unit) {
val toBeMapped = SecurityPolicyRuleRedirectOptionsArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.redirectOptions = mapped
}
/**
* @param value The name of the security policy this rule belongs to.
* - - -
*/
@JvmName("ajhxpywkuapbwwur")
public suspend fun securityPolicy(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.securityPolicy = mapped
}
internal fun build(): SecurityPolicyRuleArgs = SecurityPolicyRuleArgs(
action = action,
description = description,
headerAction = headerAction,
match = match,
preconfiguredWafConfig = preconfiguredWafConfig,
preview = preview,
priority = priority,
project = project,
rateLimitOptions = rateLimitOptions,
redirectOptions = redirectOptions,
securityPolicy = securityPolicy,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy