Organization
data class OrganizationSecurityPolicyRuleArgs(val action: Output<String>? = null, val description: Output<String>? = null, val direction: Output<String>? = null, val enableLogging: Output<Boolean>? = null, val match: Output<OrganizationSecurityPolicyRuleMatchArgs>? = null, val policyId: Output<String>? = null, val preview: Output<Boolean>? = null, val priority: Output<Int>? = null, val targetResources: Output<List<String>>? = null, val targetServiceAccounts: Output<List<String>>? = null) : ConvertibleToJava<OrganizationSecurityPolicyRuleArgs>
A rule for the OrganizationSecurityPolicy. To get more information about OrganizationSecurityPolicyRule, see:
How-to Guides
Example Usage
Organization Security Policy Rule Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
displayName: "tf-test",
parent: "organizations/123456789",
});
const policyOrganizationSecurityPolicyRule = new gcp.compute.OrganizationSecurityPolicyRule("policy", {
policyId: policy.id,
action: "allow",
direction: "INGRESS",
enableLogging: true,
match: {
config: {
srcIpRanges: [
"192.168.0.0/16",
"10.0.0.0/8",
],
layer4Configs: [
{
ipProtocol: "tcp",
ports: ["22"],
},
{
ipProtocol: "icmp",
},
],
},
},
priority: 100,
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
policy = gcp.compute.OrganizationSecurityPolicy("policy",
display_name="tf-test",
parent="organizations/123456789")
policy_organization_security_policy_rule = gcp.compute.OrganizationSecurityPolicyRule("policy",
policy_id=policy.id,
action="allow",
direction="INGRESS",
enable_logging=True,
match={
"config": {
"src_ip_ranges": [
"192.168.0.0/16",
"10.0.0.0/8",
],
"layer4_configs": [
{
"ip_protocol": "tcp",
"ports": ["22"],
},
{
"ip_protocol": "icmp",
},
],
},
},
priority=100)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var policy = new Gcp.Compute.OrganizationSecurityPolicy("policy", new()
{
DisplayName = "tf-test",
Parent = "organizations/123456789",
});
var policyOrganizationSecurityPolicyRule = new Gcp.Compute.OrganizationSecurityPolicyRule("policy", new()
{
PolicyId = policy.Id,
Action = "allow",
Direction = "INGRESS",
EnableLogging = true,
Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
{
Config = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigArgs
{
SrcIpRanges = new[]
{
"192.168.0.0/16",
"10.0.0.0/8",
},
Layer4Configs = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
{
IpProtocol = "tcp",
Ports = new[]
{
"22",
},
},
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
{
IpProtocol = "icmp",
},
},
},
},
Priority = 100,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
policy, err := compute.NewOrganizationSecurityPolicy(ctx, "policy", &compute.OrganizationSecurityPolicyArgs{
DisplayName: pulumi.String("tf-test"),
Parent: pulumi.String("organizations/123456789"),
})
if err != nil {
return err
}
_, err = compute.NewOrganizationSecurityPolicyRule(ctx, "policy", &compute.OrganizationSecurityPolicyRuleArgs{
PolicyId: policy.ID(),
Action: pulumi.String("allow"),
Direction: pulumi.String("INGRESS"),
EnableLogging: pulumi.Bool(true),
Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
Config: &compute.OrganizationSecurityPolicyRuleMatchConfigArgs{
SrcIpRanges: pulumi.StringArray{
pulumi.String("192.168.0.0/16"),
pulumi.String("10.0.0.0/8"),
},
Layer4Configs: compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArray{
&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
IpProtocol: pulumi.String("tcp"),
Ports: pulumi.StringArray{
pulumi.String("22"),
},
},
&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
IpProtocol: pulumi.String("icmp"),
},
},
},
},
Priority: pulumi.Int(100),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new OrganizationSecurityPolicy("policy", OrganizationSecurityPolicyArgs.builder()
.displayName("tf-test")
.parent("organizations/123456789")
.build());
var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
.policyId(policy.id())
.action("allow")
.direction("INGRESS")
.enableLogging(true)
.match(OrganizationSecurityPolicyRuleMatchArgs.builder()
.config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
.srcIpRanges(
"192.168.0.0/16",
"10.0.0.0/8")
.layer4Configs(
OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
.ipProtocol("tcp")
.ports("22")
.build(),
OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
.ipProtocol("icmp")
.build())
.build())
.build())
.priority(100)
.build());
}
}Content copied to clipboard
resources:
policy:
type: gcp:compute:OrganizationSecurityPolicy
properties:
displayName: tf-test
parent: organizations/123456789
policyOrganizationSecurityPolicyRule:
type: gcp:compute:OrganizationSecurityPolicyRule
name: policy
properties:
policyId: ${policy.id}
action: allow
direction: INGRESS
enableLogging: true
match:
config:
srcIpRanges:
- 192.168.0.0/16
- 10.0.0.0/8
layer4Configs:
- ipProtocol: tcp
ports:
- '22'
- ipProtocol: icmp
priority: 100Content copied to clipboard
Import
OrganizationSecurityPolicyRule can be imported using any of these accepted formats:
{{policy_id}}/priority/{{priority}}When using thepulumi importcommand, OrganizationSecurityPolicyRule can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/organizationSecurityPolicyRule:OrganizationSecurityPolicyRule default {{policy_id}}/priority/{{priority}}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(action: Output<String>? = null, description: Output<String>? = null, direction: Output<String>? = null, enableLogging: Output<Boolean>? = null, match: Output<OrganizationSecurityPolicyRuleMatchArgs>? = null, policyId: Output<String>? = null, preview: Output<Boolean>? = null, priority: Output<Int>? = null, targetResources: Output<List<String>>? = null, targetServiceAccounts: Output<List<String>>? = null)
Properties
Link copied to clipboard
A description of the rule.
Link copied to clipboard
Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
Link copied to clipboard
A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
Link copied to clipboard
Link copied to clipboard
A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
Link copied to clipboard
A list of service accounts indicating the sets of instances that are applied with this rule.