pulumi-gcp-kotlin/com.pulumi.gcp.compute.kotlin/SecurityPolicy

SecurityPolicy

class SecurityPolicy : KotlinCustomResource

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.SecurityPolicy;
import com.pulumi.gcp.compute.SecurityPolicyArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
            .rules(
                SecurityPolicyRuleArgs.builder()
                    .action("deny(403)")
                    .description("Deny access to IPs in 9.9.9.0/24")
                    .match(SecurityPolicyRuleMatchArgs.builder()
                        .config(SecurityPolicyRuleMatchConfigArgs.builder()
                            .srcIpRanges("9.9.9.0/24")
                            .build())
                        .versionedExpr("SRC_IPS_V1")
                        .build())
                    .priority("1000")
                    .build(),
                SecurityPolicyRuleArgs.builder()
                    .action("allow")
                    .description("default rule")
                    .match(SecurityPolicyRuleMatchArgs.builder()
                        .config(SecurityPolicyRuleMatchConfigArgs.builder()
                            .srcIpRanges("*")
                            .build())
                        .versionedExpr("SRC_IPS_V1")
                        .build())
                    .priority("2147483647")
                    .build())
            .build());
    }
}

With ReCAPTCHA Configuration Options

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.recaptcha.EnterpriseKey;
import com.pulumi.gcp.recaptcha.EnterpriseKeyArgs;
import com.pulumi.gcp.recaptcha.inputs.EnterpriseKeyWebSettingsArgs;
import com.pulumi.gcp.compute.SecurityPolicy;
import com.pulumi.gcp.compute.SecurityPolicyArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRecaptchaOptionsConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var primary = new EnterpriseKey("primary", EnterpriseKeyArgs.builder()
            .displayName("display-name")
            .labels(Map.of("label-one", "value-one"))
            .project("my-project-name")
            .webSettings(EnterpriseKeyWebSettingsArgs.builder()
                .integrationType("INVISIBLE")
                .allowAllDomains(true)
                .allowedDomains("localhost")
                .build())
            .build());
        var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
            .description("basic security policy")
            .type("CLOUD_ARMOR")
            .recaptchaOptionsConfig(SecurityPolicyRecaptchaOptionsConfigArgs.builder()
                .redirectSiteKey(primary.name())
                .build())
            .build());
    }
}

With Header Actions

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.SecurityPolicy;
import com.pulumi.gcp.compute.SecurityPolicyArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleHeaderActionArgs;
import com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchExprArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var policy = new SecurityPolicy("policy", SecurityPolicyArgs.builder()
            .rules(
                SecurityPolicyRuleArgs.builder()
                    .action("allow")
                    .description("default rule")
                    .match(SecurityPolicyRuleMatchArgs.builder()
                        .config(SecurityPolicyRuleMatchConfigArgs.builder()
                            .srcIpRanges("*")
                            .build())
                        .versionedExpr("SRC_IPS_V1")
                        .build())
                    .priority("2147483647")
                    .build(),
                SecurityPolicyRuleArgs.builder()
                    .action("allow")
                    .headerAction(SecurityPolicyRuleHeaderActionArgs.builder()
                        .requestHeadersToAdds(
                            SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()
                                .headerName("reCAPTCHA-Warning")
                                .headerValue("high")
                                .build(),
                            SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()
                                .headerName("X-Resource")
                                .headerValue("test")
                                .build())
                        .build())
                    .match(SecurityPolicyRuleMatchArgs.builder()
                        .expr(SecurityPolicyRuleMatchExprArgs.builder()
                            .expression("request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2")
                            .build())
                        .build())
                    .priority("1000")
                    .build())
            .build());
    }
}

Import

Security policies can be imported using any of the following formats

$ pulumi import gcp:compute/securityPolicy:SecurityPolicy policy projects/{{project}}/global/securityPolicies/{{name}}

$ pulumi import gcp:compute/securityPolicy:SecurityPolicy policy {{project}}/{{name}}

$ pulumi import gcp:compute/securityPolicy:SecurityPolicy policy {{name}}

Properties

adaptiveProtectionConfig

val adaptiveProtectionConfig: Output<SecurityPolicyAdaptiveProtectionConfig>?

Configuration for Google Cloud Armor Adaptive Protection. Structure is documented below.

advancedOptionsConfig

val advancedOptionsConfig: Output<SecurityPolicyAdvancedOptionsConfig>

Advanced Configuration Options. Structure is documented below.

description

val description: Output<String>?

An optional description of this security policy. Max size is 2048.

fingerprint

val fingerprint: Output<String>

Fingerprint of this resource.

val id: Output<String>

name

val name: Output<String>

The name of the security policy.

project

val project: Output<String>

The project in which the resource belongs. If it is not provided, the provider project is used.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

recaptchaOptionsConfig

val recaptchaOptionsConfig: Output<SecurityPolicyRecaptchaOptionsConfig>?

reCAPTCHA Configuration Options. Structure is documented below.

rules

val rules: Output<List<SecurityPolicyRule>>

The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "\*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added. Structure is documented below.

selfLink

val selfLink: Output<String>

The URI of the created resource.

type

val type: Output<String>

The type indicates the intended use of the security policy. This field can be set only at resource creation time.

urn

val urn: Output<String>