Gateway
data class GatewaySecurityPolicyArgs(val description: Output<String>? = null, val location: Output<String>? = null, val name: Output<String>? = null, val project: Output<String>? = null, val tlsInspectionPolicy: Output<String>? = null) : ConvertibleToJava<GatewaySecurityPolicyArgs>
The GatewaySecurityPolicy resource contains a collection of GatewaySecurityPolicyRules and associated metadata. To get more information about GatewaySecurityPolicy, see:
Example Usage
Network Security Gateway Security Policy Basic
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new GatewaySecurityPolicy("default", GatewaySecurityPolicyArgs.builder()
.description("my description")
.location("us-central1")
.build());
}
}Content copied to clipboard
Network Security Gateway Security Policy Tls Inspection Basic
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificateauthority.CaPool;
import com.pulumi.gcp.certificateauthority.CaPoolArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.Authority;
import com.pulumi.gcp.certificateauthority.AuthorityArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
import com.pulumi.gcp.projects.ServiceIdentity;
import com.pulumi.gcp.projects.ServiceIdentityArgs;
import com.pulumi.gcp.certificateauthority.CaPoolIamMember;
import com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;
import com.pulumi.gcp.networksecurity.TlsInspectionPolicy;
import com.pulumi.gcp.networksecurity.TlsInspectionPolicyArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultCaPool = new CaPool("defaultCaPool", CaPoolArgs.builder()
.location("us-central1")
.tier("DEVOPS")
.publishingOptions(CaPoolPublishingOptionsArgs.builder()
.publishCaCert(false)
.publishCrl(false)
.build())
.issuancePolicy(CaPoolIssuancePolicyArgs.builder()
.maximumLifetime("1209600s")
.baselineValues(CaPoolIssuancePolicyBaselineValuesArgs.builder()
.caOptions(CaPoolIssuancePolicyBaselineValuesCaOptionsArgs.builder()
.isCa(false)
.build())
.keyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageArgs.builder()
.baseKeyUsage()
.extendedKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs.builder()
.serverAuth(true)
.build())
.build())
.build())
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultAuthority = new Authority("defaultAuthority", AuthorityArgs.builder()
.pool(defaultCaPool.name())
.certificateAuthorityId("my-basic-certificate-authority")
.location("us-central1")
.lifetime("86400s")
.type("SELF_SIGNED")
.deletionProtection(false)
.skipGracePeriod(true)
.ignoreActiveCertificatesOnDeletion(true)
.config(AuthorityConfigArgs.builder()
.subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
.subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
.organization("Test LLC")
.commonName("my-ca")
.build())
.build())
.x509Config(AuthorityConfigX509ConfigArgs.builder()
.caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
.isCa(true)
.build())
.keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
.baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
.certSign(true)
.crlSign(true)
.build())
.extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
.serverAuth(false)
.build())
.build())
.build())
.build())
.keySpec(AuthorityKeySpecArgs.builder()
.algorithm("RSA_PKCS1_4096_SHA256")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var nsSa = new ServiceIdentity("nsSa", ServiceIdentityArgs.builder()
.service("networksecurity.googleapis.com")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var tlsInspectionPermission = new CaPoolIamMember("tlsInspectionPermission", CaPoolIamMemberArgs.builder()
.caPool(defaultCaPool.id())
.role("roles/privateca.certificateManager")
.member(nsSa.email().applyValue(email -> String.format("serviceAccount:%s", email)))
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultTlsInspectionPolicy = new TlsInspectionPolicy("defaultTlsInspectionPolicy", TlsInspectionPolicyArgs.builder()
.location("us-central1")
.caPool(defaultCaPool.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.dependsOn(
defaultCaPool,
defaultAuthority,
tlsInspectionPermission)
.build());
var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy("defaultGatewaySecurityPolicy", GatewaySecurityPolicyArgs.builder()
.location("us-central1")
.description("my description")
.tlsInspectionPolicy(defaultTlsInspectionPolicy.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.dependsOn(defaultTlsInspectionPolicy)
.build());
}
}Content copied to clipboard
Import
GatewaySecurityPolicy can be imported using any of these accepted formats
$ pulumi import gcp:networksecurity/gatewaySecurityPolicy:GatewaySecurityPolicy default projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{name}}Content copied to clipboard
$ pulumi import gcp:networksecurity/gatewaySecurityPolicy:GatewaySecurityPolicy default {{project}}/{{location}}/{{name}}Content copied to clipboard
$ pulumi import gcp:networksecurity/gatewaySecurityPolicy:GatewaySecurityPolicy default {{location}}/{{name}}Content copied to clipboard