com.pulumi.gcp.networksecurity.kotlin.AuthzPolicy.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.networksecurity.kotlin
import com.pulumi.core.Output
import com.pulumi.gcp.networksecurity.kotlin.outputs.AuthzPolicyCustomProvider
import com.pulumi.gcp.networksecurity.kotlin.outputs.AuthzPolicyHttpRule
import com.pulumi.gcp.networksecurity.kotlin.outputs.AuthzPolicyTarget
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
import com.pulumi.gcp.networksecurity.kotlin.outputs.AuthzPolicyCustomProvider.Companion.toKotlin as authzPolicyCustomProviderToKotlin
import com.pulumi.gcp.networksecurity.kotlin.outputs.AuthzPolicyHttpRule.Companion.toKotlin as authzPolicyHttpRuleToKotlin
import com.pulumi.gcp.networksecurity.kotlin.outputs.AuthzPolicyTarget.Companion.toKotlin as authzPolicyTargetToKotlin
/**
* Builder for [AuthzPolicy].
*/
@PulumiTagMarker
public class AuthzPolicyResourceBuilder internal constructor() {
public var name: String? = null
public var args: AuthzPolicyArgs = AuthzPolicyArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend AuthzPolicyArgsBuilder.() -> Unit) {
val builder = AuthzPolicyArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): AuthzPolicy {
val builtJavaResource = com.pulumi.gcp.networksecurity.AuthzPolicy(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return AuthzPolicy(builtJavaResource)
}
}
/**
* AuthzPolicy is a resource that allows to forward traffic to a callout backend designed to scan the traffic for security purposes.
* To get more information about AuthzPolicy, see:
* * [API documentation](https://cloud.google.com/load-balancing/docs/reference/network-security/rest/v1beta1/projects.locations.authzPolicies)
* ## Example Usage
* ### Network Services Authz Policy Advanced
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.compute.Network("default", {
* name: "lb-network",
* project: "my-project-name",
* autoCreateSubnetworks: false,
* });
* const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
* name: "backend-subnet",
* project: "my-project-name",
* region: "us-west1",
* ipCidrRange: "10.1.2.0/24",
* network: _default.id,
* });
* const proxyOnly = new gcp.compute.Subnetwork("proxy_only", {
* name: "proxy-only-subnet",
* project: "my-project-name",
* region: "us-west1",
* ipCidrRange: "10.129.0.0/23",
* purpose: "REGIONAL_MANAGED_PROXY",
* role: "ACTIVE",
* network: _default.id,
* });
* const defaultAddress = new gcp.compute.Address("default", {
* name: "l7-ilb-ip-address",
* project: "my-project-name",
* region: "us-west1",
* subnetwork: defaultSubnetwork.id,
* addressType: "INTERNAL",
* purpose: "GCE_ENDPOINT",
* });
* const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
* name: "l7-ilb-basic-check",
* project: "my-project-name",
* region: "us-west1",
* httpHealthCheck: {
* portSpecification: "USE_SERVING_PORT",
* },
* });
* const urlMap = new gcp.compute.RegionBackendService("url_map", {
* name: "l7-ilb-backend-service",
* project: "my-project-name",
* region: "us-west1",
* loadBalancingScheme: "INTERNAL_MANAGED",
* healthChecks: defaultRegionHealthCheck.id,
* });
* const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", {
* name: "l7-ilb-map",
* project: "my-project-name",
* region: "us-west1",
* defaultService: urlMap.id,
* });
* const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", {
* name: "l7-ilb-proxy",
* project: "my-project-name",
* region: "us-west1",
* urlMap: defaultRegionUrlMap.id,
* });
* const defaultForwardingRule = new gcp.compute.ForwardingRule("default", {
* name: "l7-ilb-forwarding-rule",
* project: "my-project-name",
* region: "us-west1",
* loadBalancingScheme: "INTERNAL_MANAGED",
* network: _default.id,
* subnetwork: defaultSubnetwork.id,
* ipProtocol: "TCP",
* portRange: "80",
* target: defaultRegionTargetHttpProxy.id,
* ipAddress: defaultAddress.id,
* }, {
* dependsOn: [proxyOnly],
* });
* const authzExtension = new gcp.compute.RegionBackendService("authz_extension", {
* name: "authz-service",
* project: "my-project-name",
* region: "us-west1",
* protocol: "HTTP2",
* loadBalancingScheme: "INTERNAL_MANAGED",
* portName: "grpc",
* });
* const defaultAuthzExtension = new gcp.networkservices.AuthzExtension("default", {
* name: "my-authz-ext",
* project: "my-project-name",
* location: "us-west1",
* description: "my description",
* loadBalancingScheme: "INTERNAL_MANAGED",
* authority: "ext11.com",
* service: authzExtension.selfLink,
* timeout: "0.1s",
* failOpen: false,
* forwardHeaders: ["Authorization"],
* });
* const defaultAuthzPolicy = new gcp.networksecurity.AuthzPolicy("default", {
* name: "my-authz-policy",
* project: "my-project-name",
* location: "us-west1",
* description: "my description",
* target: {
* loadBalancingScheme: "INTERNAL_MANAGED",
* resources: [defaultForwardingRule.selfLink],
* },
* action: "CUSTOM",
* customProvider: {
* authzExtension: {
* resources: [defaultAuthzExtension.id],
* },
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.compute.Network("default",
* name="lb-network",
* project="my-project-name",
* auto_create_subnetworks=False)
* default_subnetwork = gcp.compute.Subnetwork("default",
* name="backend-subnet",
* project="my-project-name",
* region="us-west1",
* ip_cidr_range="10.1.2.0/24",
* network=default.id)
* proxy_only = gcp.compute.Subnetwork("proxy_only",
* name="proxy-only-subnet",
* project="my-project-name",
* region="us-west1",
* ip_cidr_range="10.129.0.0/23",
* purpose="REGIONAL_MANAGED_PROXY",
* role="ACTIVE",
* network=default.id)
* default_address = gcp.compute.Address("default",
* name="l7-ilb-ip-address",
* project="my-project-name",
* region="us-west1",
* subnetwork=default_subnetwork.id,
* address_type="INTERNAL",
* purpose="GCE_ENDPOINT")
* default_region_health_check = gcp.compute.RegionHealthCheck("default",
* name="l7-ilb-basic-check",
* project="my-project-name",
* region="us-west1",
* http_health_check={
* "port_specification": "USE_SERVING_PORT",
* })
* url_map = gcp.compute.RegionBackendService("url_map",
* name="l7-ilb-backend-service",
* project="my-project-name",
* region="us-west1",
* load_balancing_scheme="INTERNAL_MANAGED",
* health_checks=default_region_health_check.id)
* default_region_url_map = gcp.compute.RegionUrlMap("default",
* name="l7-ilb-map",
* project="my-project-name",
* region="us-west1",
* default_service=url_map.id)
* default_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy("default",
* name="l7-ilb-proxy",
* project="my-project-name",
* region="us-west1",
* url_map=default_region_url_map.id)
* default_forwarding_rule = gcp.compute.ForwardingRule("default",
* name="l7-ilb-forwarding-rule",
* project="my-project-name",
* region="us-west1",
* load_balancing_scheme="INTERNAL_MANAGED",
* network=default.id,
* subnetwork=default_subnetwork.id,
* ip_protocol="TCP",
* port_range="80",
* target=default_region_target_http_proxy.id,
* ip_address=default_address.id,
* opts = pulumi.ResourceOptions(depends_on=[proxy_only]))
* authz_extension = gcp.compute.RegionBackendService("authz_extension",
* name="authz-service",
* project="my-project-name",
* region="us-west1",
* protocol="HTTP2",
* load_balancing_scheme="INTERNAL_MANAGED",
* port_name="grpc")
* default_authz_extension = gcp.networkservices.AuthzExtension("default",
* name="my-authz-ext",
* project="my-project-name",
* location="us-west1",
* description="my description",
* load_balancing_scheme="INTERNAL_MANAGED",
* authority="ext11.com",
* service=authz_extension.self_link,
* timeout="0.1s",
* fail_open=False,
* forward_headers=["Authorization"])
* default_authz_policy = gcp.networksecurity.AuthzPolicy("default",
* name="my-authz-policy",
* project="my-project-name",
* location="us-west1",
* description="my description",
* target={
* "load_balancing_scheme": "INTERNAL_MANAGED",
* "resources": [default_forwarding_rule.self_link],
* },
* action="CUSTOM",
* custom_provider={
* "authz_extension": {
* "resources": [default_authz_extension.id],
* },
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.Compute.Network("default", new()
* {
* Name = "lb-network",
* Project = "my-project-name",
* AutoCreateSubnetworks = false,
* });
* var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
* {
* Name = "backend-subnet",
* Project = "my-project-name",
* Region = "us-west1",
* IpCidrRange = "10.1.2.0/24",
* Network = @default.Id,
* });
* var proxyOnly = new Gcp.Compute.Subnetwork("proxy_only", new()
* {
* Name = "proxy-only-subnet",
* Project = "my-project-name",
* Region = "us-west1",
* IpCidrRange = "10.129.0.0/23",
* Purpose = "REGIONAL_MANAGED_PROXY",
* Role = "ACTIVE",
* Network = @default.Id,
* });
* var defaultAddress = new Gcp.Compute.Address("default", new()
* {
* Name = "l7-ilb-ip-address",
* Project = "my-project-name",
* Region = "us-west1",
* Subnetwork = defaultSubnetwork.Id,
* AddressType = "INTERNAL",
* Purpose = "GCE_ENDPOINT",
* });
* var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
* {
* Name = "l7-ilb-basic-check",
* Project = "my-project-name",
* Region = "us-west1",
* HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
* {
* PortSpecification = "USE_SERVING_PORT",
* },
* });
* var urlMap = new Gcp.Compute.RegionBackendService("url_map", new()
* {
* Name = "l7-ilb-backend-service",
* Project = "my-project-name",
* Region = "us-west1",
* LoadBalancingScheme = "INTERNAL_MANAGED",
* HealthChecks = defaultRegionHealthCheck.Id,
* });
* var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new()
* {
* Name = "l7-ilb-map",
* Project = "my-project-name",
* Region = "us-west1",
* DefaultService = urlMap.Id,
* });
* var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy("default", new()
* {
* Name = "l7-ilb-proxy",
* Project = "my-project-name",
* Region = "us-west1",
* UrlMap = defaultRegionUrlMap.Id,
* });
* var defaultForwardingRule = new Gcp.Compute.ForwardingRule("default", new()
* {
* Name = "l7-ilb-forwarding-rule",
* Project = "my-project-name",
* Region = "us-west1",
* LoadBalancingScheme = "INTERNAL_MANAGED",
* Network = @default.Id,
* Subnetwork = defaultSubnetwork.Id,
* IpProtocol = "TCP",
* PortRange = "80",
* Target = defaultRegionTargetHttpProxy.Id,
* IpAddress = defaultAddress.Id,
* }, new CustomResourceOptions
* {
* DependsOn =
* {
* proxyOnly,
* },
* });
* var authzExtension = new Gcp.Compute.RegionBackendService("authz_extension", new()
* {
* Name = "authz-service",
* Project = "my-project-name",
* Region = "us-west1",
* Protocol = "HTTP2",
* LoadBalancingScheme = "INTERNAL_MANAGED",
* PortName = "grpc",
* });
* var defaultAuthzExtension = new Gcp.NetworkServices.AuthzExtension("default", new()
* {
* Name = "my-authz-ext",
* Project = "my-project-name",
* Location = "us-west1",
* Description = "my description",
* LoadBalancingScheme = "INTERNAL_MANAGED",
* Authority = "ext11.com",
* Service = authzExtension.SelfLink,
* Timeout = "0.1s",
* FailOpen = false,
* ForwardHeaders = new[]
* {
* "Authorization",
* },
* });
* var defaultAuthzPolicy = new Gcp.NetworkSecurity.AuthzPolicy("default", new()
* {
* Name = "my-authz-policy",
* Project = "my-project-name",
* Location = "us-west1",
* Description = "my description",
* Target = new Gcp.NetworkSecurity.Inputs.AuthzPolicyTargetArgs
* {
* LoadBalancingScheme = "INTERNAL_MANAGED",
* Resources = new[]
* {
* defaultForwardingRule.SelfLink,
* },
* },
* Action = "CUSTOM",
* CustomProvider = new Gcp.NetworkSecurity.Inputs.AuthzPolicyCustomProviderArgs
* {
* AuthzExtension = new Gcp.NetworkSecurity.Inputs.AuthzPolicyCustomProviderAuthzExtensionArgs
* {
* Resources = new[]
* {
* defaultAuthzExtension.Id,
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
* Name: pulumi.String("lb-network"),
* Project: pulumi.String("my-project-name"),
* AutoCreateSubnetworks: pulumi.Bool(false),
* })
* if err != nil {
* return err
* }
* defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
* Name: pulumi.String("backend-subnet"),
* Project: pulumi.String("my-project-name"),
* Region: pulumi.String("us-west1"),
* IpCidrRange: pulumi.String("10.1.2.0/24"),
* Network: _default.ID(),
* })
* if err != nil {
* return err
* }
* proxyOnly, err := compute.NewSubnetwork(ctx, "proxy_only", &compute.SubnetworkArgs{
* Name: pulumi.String("proxy-only-subnet"),
* Project: pulumi.String("my-project-name"),
* Region: pulumi.String("us-west1"),
* IpCidrRange: pulumi.String("10.129.0.0/23"),
* Purpose: pulumi.String("REGIONAL_MANAGED_PROXY"),
* Role: pulumi.String("ACTIVE"),
* Network: _default.ID(),
* })
* if err != nil {
* return err
* }
* defaultAddress, err := compute.NewAddress(ctx, "default", &compute.AddressArgs{
* Name: pulumi.String("l7-ilb-ip-address"),
* Project: pulumi.String("my-project-name"),
* Region: pulumi.String("us-west1"),
* Subnetwork: defaultSubnetwork.ID(),
* AddressType: pulumi.String("INTERNAL"),
* Purpose: pulumi.String("GCE_ENDPOINT"),
* })
* if err != nil {
* return err
* }
* defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
* Name: pulumi.String("l7-ilb-basic-check"),
* Project: pulumi.String("my-project-name"),
* Region: pulumi.String("us-west1"),
* HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
* PortSpecification: pulumi.String("USE_SERVING_PORT"),
* },
* })
* if err != nil {
* return err
* }
* urlMap, err := compute.NewRegionBackendService(ctx, "url_map", &compute.RegionBackendServiceArgs{
* Name: pulumi.String("l7-ilb-backend-service"),
* Project: pulumi.String("my-project-name"),
* Region: pulumi.String("us-west1"),
* LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
* HealthChecks: defaultRegionHealthCheck.ID(),
* })
* if err != nil {
* return err
* }
* defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{
* Name: pulumi.String("l7-ilb-map"),
* Project: pulumi.String("my-project-name"),
* Region: pulumi.String("us-west1"),
* DefaultService: urlMap.ID(),
* })
* if err != nil {
* return err
* }
* defaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{
* Name: pulumi.String("l7-ilb-proxy"),
* Project: pulumi.String("my-project-name"),
* Region: pulumi.String("us-west1"),
* UrlMap: defaultRegionUrlMap.ID(),
* })
* if err != nil {
* return err
* }
* defaultForwardingRule, err := compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
* Name: pulumi.String("l7-ilb-forwarding-rule"),
* Project: pulumi.String("my-project-name"),
* Region: pulumi.String("us-west1"),
* LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
* Network: _default.ID(),
* Subnetwork: defaultSubnetwork.ID(),
* IpProtocol: pulumi.String("TCP"),
* PortRange: pulumi.String("80"),
* Target: defaultRegionTargetHttpProxy.ID(),
* IpAddress: defaultAddress.ID(),
* }, pulumi.DependsOn([]pulumi.Resource{
* proxyOnly,
* }))
* if err != nil {
* return err
* }
* authzExtension, err := compute.NewRegionBackendService(ctx, "authz_extension", &compute.RegionBackendServiceArgs{
* Name: pulumi.String("authz-service"),
* Project: pulumi.String("my-project-name"),
* Region: pulumi.String("us-west1"),
* Protocol: pulumi.String("HTTP2"),
* LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
* PortName: pulumi.String("grpc"),
* })
* if err != nil {
* return err
* }
* defaultAuthzExtension, err := networkservices.NewAuthzExtension(ctx, "default", &networkservices.AuthzExtensionArgs{
* Name: pulumi.String("my-authz-ext"),
* Project: pulumi.String("my-project-name"),
* Location: pulumi.String("us-west1"),
* Description: pulumi.String("my description"),
* LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
* Authority: pulumi.String("ext11.com"),
* Service: authzExtension.SelfLink,
* Timeout: pulumi.String("0.1s"),
* FailOpen: pulumi.Bool(false),
* ForwardHeaders: pulumi.StringArray{
* pulumi.String("Authorization"),
* },
* })
* if err != nil {
* return err
* }
* _, err = networksecurity.NewAuthzPolicy(ctx, "default", &networksecurity.AuthzPolicyArgs{
* Name: pulumi.String("my-authz-policy"),
* Project: pulumi.String("my-project-name"),
* Location: pulumi.String("us-west1"),
* Description: pulumi.String("my description"),
* Target: &networksecurity.AuthzPolicyTargetArgs{
* LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
* Resources: pulumi.StringArray{
* defaultForwardingRule.SelfLink,
* },
* },
* Action: pulumi.String("CUSTOM"),
* CustomProvider: &networksecurity.AuthzPolicyCustomProviderArgs{
* AuthzExtension: &networksecurity.AuthzPolicyCustomProviderAuthzExtensionArgs{
* Resources: pulumi.StringArray{
* defaultAuthzExtension.ID(),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.Network;
* import com.pulumi.gcp.compute.NetworkArgs;
* import com.pulumi.gcp.compute.Subnetwork;
* import com.pulumi.gcp.compute.SubnetworkArgs;
* import com.pulumi.gcp.compute.Address;
* import com.pulumi.gcp.compute.AddressArgs;
* import com.pulumi.gcp.compute.RegionHealthCheck;
* import com.pulumi.gcp.compute.RegionHealthCheckArgs;
* import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
* import com.pulumi.gcp.compute.RegionBackendService;
* import com.pulumi.gcp.compute.RegionBackendServiceArgs;
* import com.pulumi.gcp.compute.RegionUrlMap;
* import com.pulumi.gcp.compute.RegionUrlMapArgs;
* import com.pulumi.gcp.compute.RegionTargetHttpProxy;
* import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
* import com.pulumi.gcp.compute.ForwardingRule;
* import com.pulumi.gcp.compute.ForwardingRuleArgs;
* import com.pulumi.gcp.networkservices.AuthzExtension;
* import com.pulumi.gcp.networkservices.AuthzExtensionArgs;
* import com.pulumi.gcp.networksecurity.AuthzPolicy;
* import com.pulumi.gcp.networksecurity.AuthzPolicyArgs;
* import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyTargetArgs;
* import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyCustomProviderArgs;
* import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyCustomProviderAuthzExtensionArgs;
* import com.pulumi.resources.CustomResourceOptions;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new Network("default", NetworkArgs.builder()
* .name("lb-network")
* .project("my-project-name")
* .autoCreateSubnetworks(false)
* .build());
* var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
* .name("backend-subnet")
* .project("my-project-name")
* .region("us-west1")
* .ipCidrRange("10.1.2.0/24")
* .network(default_.id())
* .build());
* var proxyOnly = new Subnetwork("proxyOnly", SubnetworkArgs.builder()
* .name("proxy-only-subnet")
* .project("my-project-name")
* .region("us-west1")
* .ipCidrRange("10.129.0.0/23")
* .purpose("REGIONAL_MANAGED_PROXY")
* .role("ACTIVE")
* .network(default_.id())
* .build());
* var defaultAddress = new Address("defaultAddress", AddressArgs.builder()
* .name("l7-ilb-ip-address")
* .project("my-project-name")
* .region("us-west1")
* .subnetwork(defaultSubnetwork.id())
* .addressType("INTERNAL")
* .purpose("GCE_ENDPOINT")
* .build());
* var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()
* .name("l7-ilb-basic-check")
* .project("my-project-name")
* .region("us-west1")
* .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
* .portSpecification("USE_SERVING_PORT")
* .build())
* .build());
* var urlMap = new RegionBackendService("urlMap", RegionBackendServiceArgs.builder()
* .name("l7-ilb-backend-service")
* .project("my-project-name")
* .region("us-west1")
* .loadBalancingScheme("INTERNAL_MANAGED")
* .healthChecks(defaultRegionHealthCheck.id())
* .build());
* var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()
* .name("l7-ilb-map")
* .project("my-project-name")
* .region("us-west1")
* .defaultService(urlMap.id())
* .build());
* var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()
* .name("l7-ilb-proxy")
* .project("my-project-name")
* .region("us-west1")
* .urlMap(defaultRegionUrlMap.id())
* .build());
* var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()
* .name("l7-ilb-forwarding-rule")
* .project("my-project-name")
* .region("us-west1")
* .loadBalancingScheme("INTERNAL_MANAGED")
* .network(default_.id())
* .subnetwork(defaultSubnetwork.id())
* .ipProtocol("TCP")
* .portRange("80")
* .target(defaultRegionTargetHttpProxy.id())
* .ipAddress(defaultAddress.id())
* .build(), CustomResourceOptions.builder()
* .dependsOn(proxyOnly)
* .build());
* var authzExtension = new RegionBackendService("authzExtension", RegionBackendServiceArgs.builder()
* .name("authz-service")
* .project("my-project-name")
* .region("us-west1")
* .protocol("HTTP2")
* .loadBalancingScheme("INTERNAL_MANAGED")
* .portName("grpc")
* .build());
* var defaultAuthzExtension = new AuthzExtension("defaultAuthzExtension", AuthzExtensionArgs.builder()
* .name("my-authz-ext")
* .project("my-project-name")
* .location("us-west1")
* .description("my description")
* .loadBalancingScheme("INTERNAL_MANAGED")
* .authority("ext11.com")
* .service(authzExtension.selfLink())
* .timeout("0.1s")
* .failOpen(false)
* .forwardHeaders("Authorization")
* .build());
* var defaultAuthzPolicy = new AuthzPolicy("defaultAuthzPolicy", AuthzPolicyArgs.builder()
* .name("my-authz-policy")
* .project("my-project-name")
* .location("us-west1")
* .description("my description")
* .target(AuthzPolicyTargetArgs.builder()
* .loadBalancingScheme("INTERNAL_MANAGED")
* .resources(defaultForwardingRule.selfLink())
* .build())
* .action("CUSTOM")
* .customProvider(AuthzPolicyCustomProviderArgs.builder()
* .authzExtension(AuthzPolicyCustomProviderAuthzExtensionArgs.builder()
* .resources(defaultAuthzExtension.id())
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:compute:Network
* properties:
* name: lb-network
* project: my-project-name
* autoCreateSubnetworks: false
* defaultSubnetwork:
* type: gcp:compute:Subnetwork
* name: default
* properties:
* name: backend-subnet
* project: my-project-name
* region: us-west1
* ipCidrRange: 10.1.2.0/24
* network: ${default.id}
* proxyOnly:
* type: gcp:compute:Subnetwork
* name: proxy_only
* properties:
* name: proxy-only-subnet
* project: my-project-name
* region: us-west1
* ipCidrRange: 10.129.0.0/23
* purpose: REGIONAL_MANAGED_PROXY
* role: ACTIVE
* network: ${default.id}
* defaultAddress:
* type: gcp:compute:Address
* name: default
* properties:
* name: l7-ilb-ip-address
* project: my-project-name
* region: us-west1
* subnetwork: ${defaultSubnetwork.id}
* addressType: INTERNAL
* purpose: GCE_ENDPOINT
* defaultRegionHealthCheck:
* type: gcp:compute:RegionHealthCheck
* name: default
* properties:
* name: l7-ilb-basic-check
* project: my-project-name
* region: us-west1
* httpHealthCheck:
* portSpecification: USE_SERVING_PORT
* urlMap:
* type: gcp:compute:RegionBackendService
* name: url_map
* properties:
* name: l7-ilb-backend-service
* project: my-project-name
* region: us-west1
* loadBalancingScheme: INTERNAL_MANAGED
* healthChecks: ${defaultRegionHealthCheck.id}
* defaultRegionUrlMap:
* type: gcp:compute:RegionUrlMap
* name: default
* properties:
* name: l7-ilb-map
* project: my-project-name
* region: us-west1
* defaultService: ${urlMap.id}
* defaultRegionTargetHttpProxy:
* type: gcp:compute:RegionTargetHttpProxy
* name: default
* properties:
* name: l7-ilb-proxy
* project: my-project-name
* region: us-west1
* urlMap: ${defaultRegionUrlMap.id}
* defaultForwardingRule:
* type: gcp:compute:ForwardingRule
* name: default
* properties:
* name: l7-ilb-forwarding-rule
* project: my-project-name
* region: us-west1
* loadBalancingScheme: INTERNAL_MANAGED
* network: ${default.id}
* subnetwork: ${defaultSubnetwork.id}
* ipProtocol: TCP
* portRange: '80'
* target: ${defaultRegionTargetHttpProxy.id}
* ipAddress: ${defaultAddress.id}
* options:
* dependsOn:
* - ${proxyOnly}
* authzExtension:
* type: gcp:compute:RegionBackendService
* name: authz_extension
* properties:
* name: authz-service
* project: my-project-name
* region: us-west1
* protocol: HTTP2
* loadBalancingScheme: INTERNAL_MANAGED
* portName: grpc
* defaultAuthzExtension:
* type: gcp:networkservices:AuthzExtension
* name: default
* properties:
* name: my-authz-ext
* project: my-project-name
* location: us-west1
* description: my description
* loadBalancingScheme: INTERNAL_MANAGED
* authority: ext11.com
* service: ${authzExtension.selfLink}
* timeout: 0.1s
* failOpen: false
* forwardHeaders:
* - Authorization
* defaultAuthzPolicy:
* type: gcp:networksecurity:AuthzPolicy
* name: default
* properties:
* name: my-authz-policy
* project: my-project-name
* location: us-west1
* description: my description
* target:
* loadBalancingScheme: INTERNAL_MANAGED
* resources:
* - ${defaultForwardingRule.selfLink}
* action: CUSTOM
* customProvider:
* authzExtension:
* resources:
* - ${defaultAuthzExtension.id}
* ```
*
* ## Import
* AuthzPolicy can be imported using any of these accepted formats:
* * `projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}`
* * `{{project}}/{{location}}/{{name}}`
* * `{{location}}/{{name}}`
* * `{{name}}`
* When using the `pulumi import` command, AuthzPolicy can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}
* ```
* ```sh
* $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{project}}/{{location}}/{{name}}
* ```
* ```sh
* $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{location}}/{{name}}
* ```
* ```sh
* $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{name}}
* ```
*/
public class AuthzPolicy internal constructor(
override val javaResource: com.pulumi.gcp.networksecurity.AuthzPolicy,
) : KotlinCustomResource(javaResource, AuthzPolicyMapper) {
/**
* When the action is CUSTOM, customProvider must be specified.
* When the action is ALLOW, only requests matching the policy will be allowed.
* When the action is DENY, only requests matching the policy will be denied.
* When a request arrives, the policies are evaluated in the following order:
* 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
* 2. If there are any DENY policies that match the request, the request is denied.
* 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
* 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request.
* Possible values are: `ALLOW`, `DENY`, `CUSTOM`.
*/
public val action: Output
get() = javaResource.action().applyValue({ args0 -> args0 })
/**
* The timestamp when the resource was created.
*/
public val createTime: Output
get() = javaResource.createTime().applyValue({ args0 -> args0 })
/**
* Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One
* of cloudIap or authzExtension must be specified.
*/
public val customProvider: Output?
get() = javaResource.customProvider().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> authzPolicyCustomProviderToKotlin(args0) })
}).orElse(null)
})
/**
* A human-readable description of the resource.
*/
public val description: Output?
get() = javaResource.description().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
public val effectiveLabels: Output>
get() = javaResource.effectiveLabels().applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
})
/**
* A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP
* rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow
* or Deny Action. Limited to 5 rules.
*/
public val httpRules: Output>?
get() = javaResource.httpRules().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> authzPolicyHttpRuleToKotlin(args0) })
})
}).orElse(null)
})
/**
* Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only
* manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels
* present on the resource.
*/
public val labels: Output>?
get() = javaResource.labels().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
}).orElse(null)
})
/**
* The location of the resource.
*/
public val location: Output
get() = javaResource.location().applyValue({ args0 -> args0 })
/**
* Identifier. Name of the AuthzPolicy resource.
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
public val project: Output
get() = javaResource.project().applyValue({ args0 -> args0 })
/**
* The combination of labels configured directly on the resource
* and default labels configured on the provider.
*/
public val pulumiLabels: Output>
get() = javaResource.pulumiLabels().applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
})
/**
* Specifies the set of resources to which this policy should be applied to.
* Structure is documented below.
*/
public val target: Output
get() = javaResource.target().applyValue({ args0 ->
args0.let({ args0 ->
authzPolicyTargetToKotlin(args0)
})
})
/**
* The timestamp when the resource was updated.
*/
public val updateTime: Output
get() = javaResource.updateTime().applyValue({ args0 -> args0 })
}
public object AuthzPolicyMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.gcp.networksecurity.AuthzPolicy::class == javaResource::class
override fun map(javaResource: Resource): AuthzPolicy = AuthzPolicy(
javaResource as
com.pulumi.gcp.networksecurity.AuthzPolicy,
)
}
/**
* @see [AuthzPolicy].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [AuthzPolicy].
*/
public suspend fun authzPolicy(name: String, block: suspend AuthzPolicyResourceBuilder.() -> Unit): AuthzPolicy {
val builder = AuthzPolicyResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [AuthzPolicy].
* @param name The _unique_ name of the resulting resource.
*/
public fun authzPolicy(name: String): AuthzPolicy {
val builder = AuthzPolicyResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy