Gateway
data class GatewaySecurityPolicyRuleArgs(val applicationMatcher: Output<String>? = null, val basicProfile: Output<String>? = null, val description: Output<String>? = null, val enabled: Output<Boolean>? = null, val gatewaySecurityPolicy: Output<String>? = null, val location: Output<String>? = null, val name: Output<String>? = null, val priority: Output<Int>? = null, val project: Output<String>? = null, val sessionMatcher: Output<String>? = null, val tlsInspectionEnabled: Output<Boolean>? = null) : ConvertibleToJava<GatewaySecurityPolicyRuleArgs>
The GatewaySecurityPolicyRule resource is in a nested collection within a GatewaySecurityPolicy and represents a traffic matching condition and associated action to perform. To get more information about GatewaySecurityPolicyRule, see:
Example Usage
Network Security Gateway Security Policy Rules Basic
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy("defaultGatewaySecurityPolicy", GatewaySecurityPolicyArgs.builder()
.location("us-central1")
.description("gateway security policy created to be used as reference by the rule.")
.build());
var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule("defaultGatewaySecurityPolicyRule", GatewaySecurityPolicyRuleArgs.builder()
.location("us-central1")
.gatewaySecurityPolicy(defaultGatewaySecurityPolicy.name())
.enabled(true)
.description("my description")
.priority(0)
.sessionMatcher("host() == 'example.com'")
.basicProfile("ALLOW")
.build());
}
}Content copied to clipboard
Network Security Gateway Security Policy Rules Advanced
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy("defaultGatewaySecurityPolicy", GatewaySecurityPolicyArgs.builder()
.location("us-central1")
.description("gateway security policy created to be used as reference by the rule.")
.build());
var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule("defaultGatewaySecurityPolicyRule", GatewaySecurityPolicyRuleArgs.builder()
.location("us-central1")
.gatewaySecurityPolicy(defaultGatewaySecurityPolicy.name())
.enabled(true)
.description("my description")
.priority(0)
.sessionMatcher("host() == 'example.com'")
.applicationMatcher("request.method == 'POST'")
.tlsInspectionEnabled(false)
.basicProfile("ALLOW")
.build());
}
}Content copied to clipboard
Import
GatewaySecurityPolicyRule can be imported using any of these accepted formats
$ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{gateway_security_policy}}/rules/{{name}}Content copied to clipboard
$ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default {{project}}/{{location}}/{{gateway_security_policy}}/{{name}}Content copied to clipboard
$ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default {{location}}/{{gateway_security_policy}}/{{name}}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(applicationMatcher: Output<String>? = null, basicProfile: Output<String>? = null, description: Output<String>? = null, enabled: Output<Boolean>? = null, gatewaySecurityPolicy: Output<String>? = null, location: Output<String>? = null, name: Output<String>? = null, priority: Output<Int>? = null, project: Output<String>? = null, sessionMatcher: Output<String>? = null, tlsInspectionEnabled: Output<Boolean>? = null)
Properties
Link copied to clipboard
CEL expression for matching on L7/application level criteria.
Link copied to clipboard
Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.
Link copied to clipboard
Free-text description of the resource.
Link copied to clipboard
The name of the gatewat security policy this rule belongs to.
Link copied to clipboard
CEL expression for matching on session criteria.
Link copied to clipboard
Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.