Authorization
data class AuthorizationPolicyArgs(val action: Output<String>? = null, val description: Output<String>? = null, val labels: Output<Map<String, String>>? = null, val location: Output<String>? = null, val name: Output<String>? = null, val project: Output<String>? = null, val rules: Output<List<AuthorizationPolicyRuleArgs>>? = null) : ConvertibleToJava<AuthorizationPolicyArgs>
Example Usage
Network Security Authorization Policy Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.AuthorizationPolicy("default", {
name: "my-authorization-policy",
labels: {
foo: "bar",
},
description: "my description",
action: "ALLOW",
rules: [{
sources: [{
principals: ["namespace/*"],
ipBlocks: ["1.2.3.0/24"],
}],
}],
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.AuthorizationPolicy("default",
name="my-authorization-policy",
labels={
"foo": "bar",
},
description="my description",
action="ALLOW",
rules=[{
"sources": [{
"principals": ["namespace/*"],
"ip_blocks": ["1.2.3.0/24"],
}],
}])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkSecurity.AuthorizationPolicy("default", new()
{
Name = "my-authorization-policy",
Labels =
{
{ "foo", "bar" },
},
Description = "my description",
Action = "ALLOW",
Rules = new[]
{
new Gcp.NetworkSecurity.Inputs.AuthorizationPolicyRuleArgs
{
Sources = new[]
{
new Gcp.NetworkSecurity.Inputs.AuthorizationPolicyRuleSourceArgs
{
Principals = new[]
{
"namespace/*",
},
IpBlocks = new[]
{
"1.2.3.0/24",
},
},
},
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networksecurity.NewAuthorizationPolicy(ctx, "default", &networksecurity.AuthorizationPolicyArgs{
Name: pulumi.String("my-authorization-policy"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Description: pulumi.String("my description"),
Action: pulumi.String("ALLOW"),
Rules: networksecurity.AuthorizationPolicyRuleArray{
&networksecurity.AuthorizationPolicyRuleArgs{
Sources: networksecurity.AuthorizationPolicyRuleSourceArray{
&networksecurity.AuthorizationPolicyRuleSourceArgs{
Principals: pulumi.StringArray{
pulumi.String("namespace/*"),
},
IpBlocks: pulumi.StringArray{
pulumi.String("1.2.3.0/24"),
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.AuthorizationPolicy;
import com.pulumi.gcp.networksecurity.AuthorizationPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.AuthorizationPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new AuthorizationPolicy("default", AuthorizationPolicyArgs.builder()
.name("my-authorization-policy")
.labels(Map.of("foo", "bar"))
.description("my description")
.action("ALLOW")
.rules(AuthorizationPolicyRuleArgs.builder()
.sources(AuthorizationPolicyRuleSourceArgs.builder()
.principals("namespace/*")
.ipBlocks("1.2.3.0/24")
.build())
.build())
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:networksecurity:AuthorizationPolicy
properties:
name: my-authorization-policy
labels:
foo: bar
description: my description
action: ALLOW
rules:
- sources:
- principals:
- namespace/*
ipBlocks:
- 1.2.3.0/24Content copied to clipboard
Network Security Authorization Policy Destinations
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.AuthorizationPolicy("default", {
name: "my-authorization-policy",
labels: {
foo: "bar",
},
description: "my description",
action: "ALLOW",
rules: [{
sources: [{
principals: ["namespace/*"],
ipBlocks: ["1.2.3.0/24"],
}],
destinations: [{
hosts: ["mydomain.*"],
ports: [8080],
methods: ["GET"],
httpHeaderMatch: {
headerName: ":method",
regexMatch: "GET",
},
}],
}],
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.AuthorizationPolicy("default",
name="my-authorization-policy",
labels={
"foo": "bar",
},
description="my description",
action="ALLOW",
rules=[{
"sources": [{
"principals": ["namespace/*"],
"ip_blocks": ["1.2.3.0/24"],
}],
"destinations": [{
"hosts": ["mydomain.*"],
"ports": [8080],
"methods": ["GET"],
"http_header_match": {
"header_name": ":method",
"regex_match": "GET",
},
}],
}])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkSecurity.AuthorizationPolicy("default", new()
{
Name = "my-authorization-policy",
Labels =
{
{ "foo", "bar" },
},
Description = "my description",
Action = "ALLOW",
Rules = new[]
{
new Gcp.NetworkSecurity.Inputs.AuthorizationPolicyRuleArgs
{
Sources = new[]
{
new Gcp.NetworkSecurity.Inputs.AuthorizationPolicyRuleSourceArgs
{
Principals = new[]
{
"namespace/*",
},
IpBlocks = new[]
{
"1.2.3.0/24",
},
},
},
Destinations = new[]
{
new Gcp.NetworkSecurity.Inputs.AuthorizationPolicyRuleDestinationArgs
{
Hosts = new[]
{
"mydomain.*",
},
Ports = new[]
{
8080,
},
Methods = new[]
{
"GET",
},
HttpHeaderMatch = new Gcp.NetworkSecurity.Inputs.AuthorizationPolicyRuleDestinationHttpHeaderMatchArgs
{
HeaderName = ":method",
RegexMatch = "GET",
},
},
},
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networksecurity.NewAuthorizationPolicy(ctx, "default", &networksecurity.AuthorizationPolicyArgs{
Name: pulumi.String("my-authorization-policy"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Description: pulumi.String("my description"),
Action: pulumi.String("ALLOW"),
Rules: networksecurity.AuthorizationPolicyRuleArray{
&networksecurity.AuthorizationPolicyRuleArgs{
Sources: networksecurity.AuthorizationPolicyRuleSourceArray{
&networksecurity.AuthorizationPolicyRuleSourceArgs{
Principals: pulumi.StringArray{
pulumi.String("namespace/*"),
},
IpBlocks: pulumi.StringArray{
pulumi.String("1.2.3.0/24"),
},
},
},
Destinations: networksecurity.AuthorizationPolicyRuleDestinationArray{
&networksecurity.AuthorizationPolicyRuleDestinationArgs{
Hosts: pulumi.StringArray{
pulumi.String("mydomain.*"),
},
Ports: pulumi.IntArray{
pulumi.Int(8080),
},
Methods: pulumi.StringArray{
pulumi.String("GET"),
},
HttpHeaderMatch: &networksecurity.AuthorizationPolicyRuleDestinationHttpHeaderMatchArgs{
HeaderName: pulumi.String(":method"),
RegexMatch: pulumi.String("GET"),
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.AuthorizationPolicy;
import com.pulumi.gcp.networksecurity.AuthorizationPolicyArgs;
import com.pulumi.gcp.networksecurity.inputs.AuthorizationPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new AuthorizationPolicy("default", AuthorizationPolicyArgs.builder()
.name("my-authorization-policy")
.labels(Map.of("foo", "bar"))
.description("my description")
.action("ALLOW")
.rules(AuthorizationPolicyRuleArgs.builder()
.sources(AuthorizationPolicyRuleSourceArgs.builder()
.principals("namespace/*")
.ipBlocks("1.2.3.0/24")
.build())
.destinations(AuthorizationPolicyRuleDestinationArgs.builder()
.hosts("mydomain.*")
.ports(8080)
.methods("GET")
.httpHeaderMatch(AuthorizationPolicyRuleDestinationHttpHeaderMatchArgs.builder()
.headerName(":method")
.regexMatch("GET")
.build())
.build())
.build())
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:networksecurity:AuthorizationPolicy
properties:
name: my-authorization-policy
labels:
foo: bar
description: my description
action: ALLOW
rules:
- sources:
- principals:
- namespace/*
ipBlocks:
- 1.2.3.0/24
destinations:
- hosts:
- mydomain.*
ports:
- 8080
methods:
- GET
httpHeaderMatch:
headerName: :method
regexMatch: GETContent copied to clipboard
Import
AuthorizationPolicy can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}}{{project}}/{{location}}/{{name}}{{location}}/{{name}}When using thepulumi importcommand, AuthorizationPolicy can be imported using one of the formats above. For example:
$ pulumi import gcp:networksecurity/authorizationPolicy:AuthorizationPolicy default projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}}Content copied to clipboard
$ pulumi import gcp:networksecurity/authorizationPolicy:AuthorizationPolicy default {{project}}/{{location}}/{{name}}Content copied to clipboard
$ pulumi import gcp:networksecurity/authorizationPolicy:AuthorizationPolicy default {{location}}/{{name}}Content copied to clipboard
Properties
Link copied to clipboard
A free-text description of the resource. Max length 1024 characters.
Link copied to clipboard
Set of label tags associated with the AuthorizationPolicy resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
Link copied to clipboard
List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. A rule is a match if there is a matching source and destination. If left blank, the action specified in the action field will be applied on every request. Structure is documented below. ////////////