pulumi-gcp-kotlin/com.pulumi.gcp.accesscontextmanager.kotlin/ServicePerimeterIngressPolicy

ServicePerimeterIngressPolicy

class ServicePerimeterIngressPolicy : KotlinCustomResource

Manage a single IngressPolicy in the status (enforced) configuration for a service perimeter. IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, the request is allowed through the perimeter boundary from outside the perimeter. For example, access from the internet can be allowed either based on an AccessLevel or, for traffic hosted on Google Cloud, the project of the source network. For access from private networks, using the project of the hosting network is required. Individual ingress policies can be limited by restricting which services and/ or actions they match using the ingressTo field.

Note: By default, updates to this resource will remove the IngressPolicy from the from the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy is added before the old one is removed, add a lifecycle block with create_before_destroy = true to this resource. Note: If this resource is used alongside a gcp.accesscontextmanager.ServicePerimeter resource, the service perimeter resource must have a lifecycle block with ignore_changes = [status[0].ingress_policies] so they don't fight over which ingress rules should be in the policy. To get more information about ServicePerimeterIngressPolicy, see:

Example Usage

Properties

Link copied to clipboard
val accessPolicyId: Output<String>

The name of the Access Policy this resource belongs to.

Link copied to clipboard
val etag: Output<String>

The perimeter etag is internally used to prevent overwriting the list of policies on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of policies. The policy defined in this resource is added or removed from that list, and then this etag is sent with the PATCH call along with the updated policies.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val ingressFrom: Output<ServicePerimeterIngressPolicyIngressFrom>?

Defines the conditions on the source of a request causing this IngressPolicy to apply. Structure is documented below.

Link copied to clipboard
val ingressTo: Output<ServicePerimeterIngressPolicyIngressTo>?

Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply. Structure is documented below.

Link copied to clipboard
val perimeter: Output<String>

The name of the Service Perimeter to add this resource to.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val title: Output<String>?

Human readable title. Must be unique within the perimeter. Does not affect behavior.

Link copied to clipboard
val urn: Output<String>