pulumi-gcp-kotlin/com.pulumi.gcp.networksecurity.kotlin/GatewaySecurityPolicyRuleArgs

GatewaySecurityPolicyRuleArgs

data class GatewaySecurityPolicyRuleArgs(val applicationMatcher: Output<String>? = null, val basicProfile: Output<String>? = null, val description: Output<String>? = null, val enabled: Output<Boolean>? = null, val gatewaySecurityPolicy: Output<String>? = null, val location: Output<String>? = null, val name: Output<String>? = null, val priority: Output<Int>? = null, val project: Output<String>? = null, val sessionMatcher: Output<String>? = null, val tlsInspectionEnabled: Output<Boolean>? = null) : ConvertibleToJava<GatewaySecurityPolicyRuleArgs>

The GatewaySecurityPolicyRule resource is in a nested collection within a GatewaySecurityPolicy and represents a traffic matching condition and associated action to perform. To get more information about GatewaySecurityPolicyRule, see:

Example Usage

Network Security Gateway Security Policy Rules Basic

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy("defaultGatewaySecurityPolicy", GatewaySecurityPolicyArgs.builder()
            .location("us-central1")
            .description("gateway security policy created to be used as reference by the rule.")
            .build());
        var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule("defaultGatewaySecurityPolicyRule", GatewaySecurityPolicyRuleArgs.builder()
            .location("us-central1")
            .gatewaySecurityPolicy(defaultGatewaySecurityPolicy.name())
            .enabled(true)
            .description("my description")
            .priority(0)
            .sessionMatcher("host() == 'example.com'")
            .basicProfile("ALLOW")
            .build());
    }
}
Content copied to clipboard

Network Security Gateway Security Policy Rules Advanced

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy("defaultGatewaySecurityPolicy", GatewaySecurityPolicyArgs.builder()
            .location("us-central1")
            .description("gateway security policy created to be used as reference by the rule.")
            .build());
        var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule("defaultGatewaySecurityPolicyRule", GatewaySecurityPolicyRuleArgs.builder()
            .location("us-central1")
            .gatewaySecurityPolicy(defaultGatewaySecurityPolicy.name())
            .enabled(true)
            .description("my description")
            .priority(0)
            .sessionMatcher("host() == 'example.com'")
            .applicationMatcher("request.method == 'POST'")
            .tlsInspectionEnabled(false)
            .basicProfile("ALLOW")
            .build());
    }
}
Content copied to clipboard

Import

GatewaySecurityPolicyRule can be imported using any of these accepted formats

$ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{gateway_security_policy}}/rules/{{name}}
Content copied to clipboard
$ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default {{project}}/{{location}}/{{gateway_security_policy}}/{{name}}
Content copied to clipboard
$ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default {{location}}/{{gateway_security_policy}}/{{name}}
Content copied to clipboard

Constructors

Link copied to clipboard
fun GatewaySecurityPolicyRuleArgs(applicationMatcher: Output<String>? = null, basicProfile: Output<String>? = null, description: Output<String>? = null, enabled: Output<Boolean>? = null, gatewaySecurityPolicy: Output<String>? = null, location: Output<String>? = null, name: Output<String>? = null, priority: Output<Int>? = null, project: Output<String>? = null, sessionMatcher: Output<String>? = null, tlsInspectionEnabled: Output<Boolean>? = null)

Functions

Link copied to clipboard
open override fun toJava(): GatewaySecurityPolicyRuleArgs

Properties

Link copied to clipboard
val applicationMatcher: Output<String>? = null

CEL expression for matching on L7/application level criteria.

Link copied to clipboard
val basicProfile: Output<String>? = null

Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.

Link copied to clipboard
val description: Output<String>? = null

Free-text description of the resource.

Link copied to clipboard
val enabled: Output<Boolean>? = null

Whether the rule is enforced.

Link copied to clipboard
val gatewaySecurityPolicy: Output<String>? = null

The name of the gatewat security policy this rule belongs to.

Link copied to clipboard
val location: Output<String>? = null

The location of the gateway security policy.

Link copied to clipboard
val name: Output<String>? = null

Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).

Link copied to clipboard
val priority: Output<Int>? = null

Priority of the rule. Lower number corresponds to higher precedence.

Link copied to clipboard
val project: Output<String>? = null

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Link copied to clipboard
val sessionMatcher: Output<String>? = null

CEL expression for matching on session criteria.

Link copied to clipboard
val tlsInspectionEnabled: Output<Boolean>? = null

Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.