pulumi-gcp-kotlin/com.pulumi.gcp.compute.kotlin/OrganizationSecurityPolicyRuleArgs

OrganizationSecurityPolicyRuleArgs

data class OrganizationSecurityPolicyRuleArgs(val action: Output<String>? = null, val description: Output<String>? = null, val direction: Output<String>? = null, val enableLogging: Output<Boolean>? = null, val match: Output<OrganizationSecurityPolicyRuleMatchArgs>? = null, val policyId: Output<String>? = null, val preview: Output<Boolean>? = null, val priority: Output<Int>? = null, val targetResources: Output<List<String>>? = null, val targetServiceAccounts: Output<List<String>>? = null) : ConvertibleToJava<OrganizationSecurityPolicyRuleArgs>

A rule for the OrganizationSecurityPolicy. To get more information about OrganizationSecurityPolicyRule, see:

API documentation
How-to Guides

Creating firewall rules

Example Usage

Organization Security Policy Rule Basic

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var policyOrganizationSecurityPolicy = new OrganizationSecurityPolicy("policyOrganizationSecurityPolicy", OrganizationSecurityPolicyArgs.builder()
            .displayName("tf-test")
            .parent("organizations/123456789")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());
        var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
            .policyId(policyOrganizationSecurityPolicy.id())
            .action("allow")
            .direction("INGRESS")
            .enableLogging(true)
            .match(OrganizationSecurityPolicyRuleMatchArgs.builder()
                .config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
                    .srcIpRanges(
                        "192.168.0.0/16",
                        "10.0.0.0/8")
                    .layer4Configs(
                        OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
                            .ipProtocol("tcp")
                            .ports("22")
                            .build(),
                        OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
                            .ipProtocol("icmp")
                            .build())
                    .build())
                .build())
            .priority(100)
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());
    }
}

Import

OrganizationSecurityPolicyRule can be imported using any of these accepted formats:

$ pulumi import gcp:compute/organizationSecurityPolicyRule:OrganizationSecurityPolicyRule default {{policy_id}}/priority/{{priority}}

Constructors

OrganizationSecurityPolicyRuleArgs

constructor(action: Output<String>? = null, description: Output<String>? = null, direction: Output<String>? = null, enableLogging: Output<Boolean>? = null, match: Output<OrganizationSecurityPolicyRuleMatchArgs>? = null, policyId: Output<String>? = null, preview: Output<Boolean>? = null, priority: Output<Int>? = null, targetResources: Output<List<String>>? = null, targetServiceAccounts: Output<List<String>>? = null)

Properties

action

val action: Output<String>? = null

The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".

description

val description: Output<String>? = null

A description of the rule.

direction

val direction: Output<String>? = null

The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values are: INGRESS, EGRESS.

enableLogging

val enableLogging: Output<Boolean>? = null

Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.

match

val match: Output<OrganizationSecurityPolicyRuleMatchArgs>? = null

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.

policyId

val policyId: Output<String>? = null

The ID of the OrganizationSecurityPolicy this rule applies to.

preview

val preview: Output<Boolean>? = null

If set to true, the specified action is not enforced.

priority

val priority: Output<Int>? = null

An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.

targetResources

val targetResources: Output<List<String>>? = null

A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.

targetServiceAccounts

val targetServiceAccounts: Output<List<String>>? = null

A list of service accounts indicating the sets of instances that are applied with this rule.

Functions

toJava

open override fun toJava(): OrganizationSecurityPolicyRuleArgs