pulumi-gcp-kotlin/com.pulumi.gcp.compute.kotlin/SecurityPolicyArgs

SecurityPolicyArgs

data class SecurityPolicyArgs(val adaptiveProtectionConfig: Output<SecurityPolicyAdaptiveProtectionConfigArgs>? = null, val advancedOptionsConfig: Output<SecurityPolicyAdvancedOptionsConfigArgs>? = null, val description: Output<String>? = null, val name: Output<String>? = null, val project: Output<String>? = null, val recaptchaOptionsConfig: Output<SecurityPolicyRecaptchaOptionsConfigArgs>? = null, val rules: Output<List<SecurityPolicyRuleArgs>>? = null, val type: Output<String>? = null) : ConvertibleToJava<SecurityPolicyArgs>

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.SecurityPolicy;
import com.pulumi.gcp.compute.SecurityPolicyArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
            .rules(
                SecurityPolicyRuleArgs.builder()
                    .action("deny(403)")
                    .description("Deny access to IPs in 9.9.9.0/24")
                    .match(SecurityPolicyRuleMatchArgs.builder()
                        .config(SecurityPolicyRuleMatchConfigArgs.builder()
                            .srcIpRanges("9.9.9.0/24")
                            .build())
                        .versionedExpr("SRC_IPS_V1")
                        .build())
                    .priority("1000")
                    .build(),
                SecurityPolicyRuleArgs.builder()
                    .action("allow")
                    .description("default rule")
                    .match(SecurityPolicyRuleMatchArgs.builder()
                        .config(SecurityPolicyRuleMatchConfigArgs.builder()
                            .srcIpRanges("*")
                            .build())
                        .versionedExpr("SRC_IPS_V1")
                        .build())
                    .priority("2147483647")
                    .build())
            .build());
    }
}
Content copied to clipboard

With ReCAPTCHA Configuration Options

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.recaptcha.EnterpriseKey;
import com.pulumi.gcp.recaptcha.EnterpriseKeyArgs;
import com.pulumi.gcp.recaptcha.inputs.EnterpriseKeyWebSettingsArgs;
import com.pulumi.gcp.compute.SecurityPolicy;
import com.pulumi.gcp.compute.SecurityPolicyArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRecaptchaOptionsConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var primary = new EnterpriseKey("primary", EnterpriseKeyArgs.builder()
            .displayName("display-name")
            .labels(Map.of("label-one", "value-one"))
            .project("my-project-name")
            .webSettings(EnterpriseKeyWebSettingsArgs.builder()
                .integrationType("INVISIBLE")
                .allowAllDomains(true)
                .allowedDomains("localhost")
                .build())
            .build());
        var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
            .description("basic security policy")
            .type("CLOUD_ARMOR")
            .recaptchaOptionsConfig(SecurityPolicyRecaptchaOptionsConfigArgs.builder()
                .redirectSiteKey(primary.name())
                .build())
            .build());
    }
}
Content copied to clipboard

With Header Actions

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.SecurityPolicy;
import com.pulumi.gcp.compute.SecurityPolicyArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleHeaderActionArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchExprArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
            .rules(
                SecurityPolicyRuleArgs.builder()
                    .action("allow")
                    .description("default rule")
                    .match(SecurityPolicyRuleMatchArgs.builder()
                        .config(SecurityPolicyRuleMatchConfigArgs.builder()
                            .srcIpRanges("*")
                            .build())
                        .versionedExpr("SRC_IPS_V1")
                        .build())
                    .priority("2147483647")
                    .build(),
                SecurityPolicyRuleArgs.builder()
                    .action("allow")
                    .headerAction(SecurityPolicyRuleHeaderActionArgs.builder()
                        .requestHeadersToAdds(
                            SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()
                                .headerName("reCAPTCHA-Warning")
                                .headerValue("high")
                                .build(),
                            SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()
                                .headerName("X-Resource")
                                .headerValue("test")
                                .build())
                        .build())
                    .match(SecurityPolicyRuleMatchArgs.builder()
                        .expr(SecurityPolicyRuleMatchExprArgs.builder()
                            .expression("request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2")
                            .build())
                        .build())
                    .priority("1000")
                    .build())
            .build());
    }
}
Content copied to clipboard

Import

Security policies can be imported using any of the following formats

$ pulumi import gcp:compute/securityPolicy:SecurityPolicy policy projects/{{project}}/global/securityPolicies/{{name}}
Content copied to clipboard
$ pulumi import gcp:compute/securityPolicy:SecurityPolicy policy {{project}}/{{name}}
Content copied to clipboard
$ pulumi import gcp:compute/securityPolicy:SecurityPolicy policy {{name}}
Content copied to clipboard

Constructors

Link copied to clipboard
fun SecurityPolicyArgs(adaptiveProtectionConfig: Output<SecurityPolicyAdaptiveProtectionConfigArgs>? = null, advancedOptionsConfig: Output<SecurityPolicyAdvancedOptionsConfigArgs>? = null, description: Output<String>? = null, name: Output<String>? = null, project: Output<String>? = null, recaptchaOptionsConfig: Output<SecurityPolicyRecaptchaOptionsConfigArgs>? = null, rules: Output<List<SecurityPolicyRuleArgs>>? = null, type: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): SecurityPolicyArgs

Properties

Link copied to clipboard
val adaptiveProtectionConfig: Output<SecurityPolicyAdaptiveProtectionConfigArgs>? = null

Configuration for Google Cloud Armor Adaptive Protection. Structure is documented below.

Link copied to clipboard
Link copied to clipboard
val description: Output<String>? = null

An optional description of this security policy. Max size is 2048.

Link copied to clipboard
val name: Output<String>? = null

The name of the security policy.

Link copied to clipboard
val project: Output<String>? = null

The project in which the resource belongs. If it is not provided, the provider project is used.

Link copied to clipboard
Link copied to clipboard
val rules: Output<List<SecurityPolicyRuleArgs>>? = null

The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "\*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added. Structure is documented below.

Link copied to clipboard
val type: Output<String>? = null

The type indicates the intended use of the security policy. This field can be set only at resource creation time.