pulumi-gcp-kotlin/com.pulumi.gcp.compute.kotlin/OrganizationSecurityPolicyRule

OrganizationSecurityPolicyRule

class OrganizationSecurityPolicyRule : KotlinCustomResource

A rule for the OrganizationSecurityPolicy. To get more information about OrganizationSecurityPolicyRule, see:

Example Usage

Organization Security Policy Rule Basic

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var policyOrganizationSecurityPolicy = new OrganizationSecurityPolicy("policyOrganizationSecurityPolicy", OrganizationSecurityPolicyArgs.builder()
            .displayName("tf-test")
            .parent("organizations/123456789")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());
        var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
            .policyId(policyOrganizationSecurityPolicy.id())
            .action("allow")
            .direction("INGRESS")
            .enableLogging(true)
            .match(OrganizationSecurityPolicyRuleMatchArgs.builder()
                .config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
                    .srcIpRanges(
                        "192.168.0.0/16",
                        "10.0.0.0/8")
                    .layer4Configs(
                        OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
                            .ipProtocol("tcp")
                            .ports("22")
                            .build(),
                        OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
                            .ipProtocol("icmp")
                            .build())
                    .build())
                .build())
            .priority(100)
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());
    }
}
Content copied to clipboard

Import

OrganizationSecurityPolicyRule can be imported using any of these accepted formats:

$ pulumi import gcp:compute/organizationSecurityPolicyRule:OrganizationSecurityPolicyRule default {{policy_id}}/priority/{{priority}}
Content copied to clipboard

Properties

Link copied to clipboard
val action: Output<String>

The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".

Link copied to clipboard
val description: Output<String>?

A description of the rule.

Link copied to clipboard
val direction: Output<String>?

The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values are: INGRESS, EGRESS.

Link copied to clipboard
val enableLogging: Output<Boolean>?

Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val match: Output<OrganizationSecurityPolicyRuleMatch>

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.

Link copied to clipboard
val policyId: Output<String>

The ID of the OrganizationSecurityPolicy this rule applies to.

Link copied to clipboard
val preview: Output<Boolean>?

If set to true, the specified action is not enforced.

Link copied to clipboard
val priority: Output<Int>

An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val targetResources: Output<List<String>>?

A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.

Link copied to clipboard
val targetServiceAccounts: Output<List<String>>?

A list of service accounts indicating the sets of instances that are applied with this rule.

Link copied to clipboard
val urn: Output<String>