Security
data class SecurityProfileV2Args(val description: Output<String>? = null, val orgId: Output<String>? = null, val profileAssessmentConfigs: Output<List<SecurityProfileV2ProfileAssessmentConfigArgs>>? = null, val profileId: Output<String>? = null) : ConvertibleToJava<SecurityProfileV2Args>
Security profile for risk assessment version 2 in Apigee. To get more information about SecurityProfileV2, see:
How-to Guides
Example Usage
Apigee Security Profile V2 Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const current = gcp.organizations.getClientConfig({});
const apigeeNetwork = new gcp.compute.Network("apigee_network", {name: "apigee-network"});
const apigeeRange = new gcp.compute.GlobalAddress("apigee_range", {
name: "apigee-range",
purpose: "VPC_PEERING",
addressType: "INTERNAL",
prefixLength: 16,
network: apigeeNetwork.id,
});
const apigeeVpcConnection = new gcp.servicenetworking.Connection("apigee_vpc_connection", {
network: apigeeNetwork.id,
service: "servicenetworking.googleapis.com",
reservedPeeringRanges: [apigeeRange.name],
});
const apigeeOrg = new gcp.apigee.Organization("apigee_org", {
analyticsRegion: "us-central1",
projectId: current.then(current => current.project),
authorizedNetwork: apigeeNetwork.id,
}, {
dependsOn: [apigeeVpcConnection],
});
const apigeeOrgSecurityAddonsConfig = new gcp.apigee.AddonsConfig("apigee_org_security_addons_config", {
org: apigeeOrg.name,
addonsConfig: {
apiSecurityConfig: {
enabled: true,
},
},
});
const securityProfileV2 = new gcp.apigee.SecurityProfileV2("security_profile_v2", {
profileId: "my-profile",
orgId: apigeeOrg.id,
description: "terraform test description",
profileAssessmentConfigs: [
{
assessment: "auth-policies-check",
weight: "MAJOR",
},
{
assessment: "mediation-policies-check",
weight: "MODERATE",
},
{
assessment: "threat-policies-check",
weight: "MINOR",
},
],
}, {
dependsOn: [apigeeOrgSecurityAddonsConfig],
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
current = gcp.organizations.get_client_config()
apigee_network = gcp.compute.Network("apigee_network", name="apigee-network")
apigee_range = gcp.compute.GlobalAddress("apigee_range",
name="apigee-range",
purpose="VPC_PEERING",
address_type="INTERNAL",
prefix_length=16,
network=apigee_network.id)
apigee_vpc_connection = gcp.servicenetworking.Connection("apigee_vpc_connection",
network=apigee_network.id,
service="servicenetworking.googleapis.com",
reserved_peering_ranges=[apigee_range.name])
apigee_org = gcp.apigee.Organization("apigee_org",
analytics_region="us-central1",
project_id=current.project,
authorized_network=apigee_network.id,
opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))
apigee_org_security_addons_config = gcp.apigee.AddonsConfig("apigee_org_security_addons_config",
org=apigee_org.name,
addons_config={
"api_security_config": {
"enabled": True,
},
})
security_profile_v2 = gcp.apigee.SecurityProfileV2("security_profile_v2",
profile_id="my-profile",
org_id=apigee_org.id,
description="terraform test description",
profile_assessment_configs=[
{
"assessment": "auth-policies-check",
"weight": "MAJOR",
},
{
"assessment": "mediation-policies-check",
"weight": "MODERATE",
},
{
"assessment": "threat-policies-check",
"weight": "MINOR",
},
],
opts = pulumi.ResourceOptions(depends_on=[apigee_org_security_addons_config]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var current = Gcp.Organizations.GetClientConfig.Invoke();
var apigeeNetwork = new Gcp.Compute.Network("apigee_network", new()
{
Name = "apigee-network",
});
var apigeeRange = new Gcp.Compute.GlobalAddress("apigee_range", new()
{
Name = "apigee-range",
Purpose = "VPC_PEERING",
AddressType = "INTERNAL",
PrefixLength = 16,
Network = apigeeNetwork.Id,
});
var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection("apigee_vpc_connection", new()
{
Network = apigeeNetwork.Id,
Service = "servicenetworking.googleapis.com",
ReservedPeeringRanges = new[]
{
apigeeRange.Name,
},
});
var apigeeOrg = new Gcp.Apigee.Organization("apigee_org", new()
{
AnalyticsRegion = "us-central1",
ProjectId = current.Apply(getClientConfigResult => getClientConfigResult.Project),
AuthorizedNetwork = apigeeNetwork.Id,
}, new CustomResourceOptions
{
DependsOn =
{
apigeeVpcConnection,
},
});
var apigeeOrgSecurityAddonsConfig = new Gcp.Apigee.AddonsConfig("apigee_org_security_addons_config", new()
{
Org = apigeeOrg.Name,
AddonsConfigDetails = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigArgs
{
ApiSecurityConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigApiSecurityConfigArgs
{
Enabled = true,
},
},
});
var securityProfileV2 = new Gcp.Apigee.SecurityProfileV2("security_profile_v2", new()
{
ProfileId = "my-profile",
OrgId = apigeeOrg.Id,
Description = "terraform test description",
ProfileAssessmentConfigs = new[]
{
new Gcp.Apigee.Inputs.SecurityProfileV2ProfileAssessmentConfigArgs
{
Assessment = "auth-policies-check",
Weight = "MAJOR",
},
new Gcp.Apigee.Inputs.SecurityProfileV2ProfileAssessmentConfigArgs
{
Assessment = "mediation-policies-check",
Weight = "MODERATE",
},
new Gcp.Apigee.Inputs.SecurityProfileV2ProfileAssessmentConfigArgs
{
Assessment = "threat-policies-check",
Weight = "MINOR",
},
},
}, new CustomResourceOptions
{
DependsOn =
{
apigeeOrgSecurityAddonsConfig,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
apigeeNetwork, err := compute.NewNetwork(ctx, "apigee_network", &compute.NetworkArgs{
Name: pulumi.String("apigee-network"),
})
if err != nil {
return err
}
apigeeRange, err := compute.NewGlobalAddress(ctx, "apigee_range", &compute.GlobalAddressArgs{
Name: pulumi.String("apigee-range"),
Purpose: pulumi.String("VPC_PEERING"),
AddressType: pulumi.String("INTERNAL"),
PrefixLength: pulumi.Int(16),
Network: apigeeNetwork.ID(),
})
if err != nil {
return err
}
apigeeVpcConnection, err := servicenetworking.NewConnection(ctx, "apigee_vpc_connection", &servicenetworking.ConnectionArgs{
Network: apigeeNetwork.ID(),
Service: pulumi.String("servicenetworking.googleapis.com"),
ReservedPeeringRanges: pulumi.StringArray{
apigeeRange.Name,
},
})
if err != nil {
return err
}
apigeeOrg, err := apigee.NewOrganization(ctx, "apigee_org", &apigee.OrganizationArgs{
AnalyticsRegion: pulumi.String("us-central1"),
ProjectId: pulumi.String(current.Project),
AuthorizedNetwork: apigeeNetwork.ID(),
}, pulumi.DependsOn([]pulumi.Resource{
apigeeVpcConnection,
}))
if err != nil {
return err
}
apigeeOrgSecurityAddonsConfig, err := apigee.NewAddonsConfig(ctx, "apigee_org_security_addons_config", &apigee.AddonsConfigArgs{
Org: apigeeOrg.Name,
AddonsConfig: &apigee.AddonsConfigAddonsConfigArgs{
ApiSecurityConfig: &apigee.AddonsConfigAddonsConfigApiSecurityConfigArgs{
Enabled: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
_, err = apigee.NewSecurityProfileV2(ctx, "security_profile_v2", &apigee.SecurityProfileV2Args{
ProfileId: pulumi.String("my-profile"),
OrgId: apigeeOrg.ID(),
Description: pulumi.String("terraform test description"),
ProfileAssessmentConfigs: apigee.SecurityProfileV2ProfileAssessmentConfigArray{
&apigee.SecurityProfileV2ProfileAssessmentConfigArgs{
Assessment: pulumi.String("auth-policies-check"),
Weight: pulumi.String("MAJOR"),
},
&apigee.SecurityProfileV2ProfileAssessmentConfigArgs{
Assessment: pulumi.String("mediation-policies-check"),
Weight: pulumi.String("MODERATE"),
},
&apigee.SecurityProfileV2ProfileAssessmentConfigArgs{
Assessment: pulumi.String("threat-policies-check"),
Weight: pulumi.String("MINOR"),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
apigeeOrgSecurityAddonsConfig,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.servicenetworking.Connection;
import com.pulumi.gcp.servicenetworking.ConnectionArgs;
import com.pulumi.gcp.apigee.Organization;
import com.pulumi.gcp.apigee.OrganizationArgs;
import com.pulumi.gcp.apigee.AddonsConfig;
import com.pulumi.gcp.apigee.AddonsConfigArgs;
import com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigArgs;
import com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigApiSecurityConfigArgs;
import com.pulumi.gcp.apigee.SecurityProfileV2;
import com.pulumi.gcp.apigee.SecurityProfileV2Args;
import com.pulumi.gcp.apigee.inputs.SecurityProfileV2ProfileAssessmentConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = OrganizationsFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
var apigeeNetwork = new Network("apigeeNetwork", NetworkArgs.builder()
.name("apigee-network")
.build());
var apigeeRange = new GlobalAddress("apigeeRange", GlobalAddressArgs.builder()
.name("apigee-range")
.purpose("VPC_PEERING")
.addressType("INTERNAL")
.prefixLength(16)
.network(apigeeNetwork.id())
.build());
var apigeeVpcConnection = new Connection("apigeeVpcConnection", ConnectionArgs.builder()
.network(apigeeNetwork.id())
.service("servicenetworking.googleapis.com")
.reservedPeeringRanges(apigeeRange.name())
.build());
var apigeeOrg = new Organization("apigeeOrg", OrganizationArgs.builder()
.analyticsRegion("us-central1")
.projectId(current.project())
.authorizedNetwork(apigeeNetwork.id())
.build(), CustomResourceOptions.builder()
.dependsOn(apigeeVpcConnection)
.build());
var apigeeOrgSecurityAddonsConfig = new AddonsConfig("apigeeOrgSecurityAddonsConfig", AddonsConfigArgs.builder()
.org(apigeeOrg.name())
.addonsConfig(AddonsConfigAddonsConfigArgs.builder()
.apiSecurityConfig(AddonsConfigAddonsConfigApiSecurityConfigArgs.builder()
.enabled(true)
.build())
.build())
.build());
var securityProfileV2 = new SecurityProfileV2("securityProfileV2", SecurityProfileV2Args.builder()
.profileId("my-profile")
.orgId(apigeeOrg.id())
.description("terraform test description")
.profileAssessmentConfigs(
SecurityProfileV2ProfileAssessmentConfigArgs.builder()
.assessment("auth-policies-check")
.weight("MAJOR")
.build(),
SecurityProfileV2ProfileAssessmentConfigArgs.builder()
.assessment("mediation-policies-check")
.weight("MODERATE")
.build(),
SecurityProfileV2ProfileAssessmentConfigArgs.builder()
.assessment("threat-policies-check")
.weight("MINOR")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(apigeeOrgSecurityAddonsConfig)
.build());
}
}Content copied to clipboard
resources:
apigeeNetwork:
type: gcp:compute:Network
name: apigee_network
properties:
name: apigee-network
apigeeRange:
type: gcp:compute:GlobalAddress
name: apigee_range
properties:
name: apigee-range
purpose: VPC_PEERING
addressType: INTERNAL
prefixLength: 16
network: ${apigeeNetwork.id}
apigeeVpcConnection:
type: gcp:servicenetworking:Connection
name: apigee_vpc_connection
properties:
network: ${apigeeNetwork.id}
service: servicenetworking.googleapis.com
reservedPeeringRanges:
- ${apigeeRange.name}
apigeeOrg:
type: gcp:apigee:Organization
name: apigee_org
properties:
analyticsRegion: us-central1
projectId: ${current.project}
authorizedNetwork: ${apigeeNetwork.id}
options:
dependsOn:
- ${apigeeVpcConnection}
apigeeOrgSecurityAddonsConfig:
type: gcp:apigee:AddonsConfig
name: apigee_org_security_addons_config
properties:
org: ${apigeeOrg.name}
addonsConfig:
apiSecurityConfig:
enabled: true
securityProfileV2:
type: gcp:apigee:SecurityProfileV2
name: security_profile_v2
properties:
profileId: my-profile
orgId: ${apigeeOrg.id}
description: terraform test description
profileAssessmentConfigs:
- assessment: auth-policies-check
weight: MAJOR
- assessment: mediation-policies-check
weight: MODERATE
- assessment: threat-policies-check
weight: MINOR
options:
dependsOn:
- ${apigeeOrgSecurityAddonsConfig}
variables:
current:
fn::invoke:
function: gcp:organizations:getClientConfig
arguments: {}Content copied to clipboard
Import
SecurityProfileV2 can be imported using any of these accepted formats:
{{org_id}}/securityProfilesV2/{{profile_id}}{{org_id}}/{{profile_id}}When using thepulumi importcommand, SecurityProfileV2 can be imported using one of the formats above. For example:
$ pulumi import gcp:apigee/securityProfileV2:SecurityProfileV2 default {{org_id}}/securityProfilesV2/{{profile_id}}Content copied to clipboard
$ pulumi import gcp:apigee/securityProfileV2:SecurityProfileV2 default {{org_id}}/{{profile_id}}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(description: Output<String>? = null, orgId: Output<String>? = null, profileAssessmentConfigs: Output<List<SecurityProfileV2ProfileAssessmentConfigArgs>>? = null, profileId: Output<String>? = null)