Gateway
data class GatewaySecurityPolicyRuleArgs(val applicationMatcher: Output<String>? = null, val basicProfile: Output<String>? = null, val description: Output<String>? = null, val enabled: Output<Boolean>? = null, val gatewaySecurityPolicy: Output<String>? = null, val location: Output<String>? = null, val name: Output<String>? = null, val priority: Output<Int>? = null, val project: Output<String>? = null, val sessionMatcher: Output<String>? = null, val tlsInspectionEnabled: Output<Boolean>? = null) : ConvertibleToJava<GatewaySecurityPolicyRuleArgs>
The GatewaySecurityPolicyRule resource is in a nested collection within a GatewaySecurityPolicy and represents a traffic matching condition and associated action to perform. To get more information about GatewaySecurityPolicyRule, see:
Example Usage
Network Security Gateway Security Policy Rules Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.GatewaySecurityPolicy("default", {
name: "my-gateway-security-policy",
location: "us-central1",
description: "gateway security policy created to be used as reference by the rule.",
});
const defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule("default", {
name: "my-gateway-security-policy-rule",
location: "us-central1",
gatewaySecurityPolicy: _default.name,
enabled: true,
description: "my description",
priority: 0,
sessionMatcher: "host() == 'example.com'",
basicProfile: "ALLOW",
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.GatewaySecurityPolicy("default",
name="my-gateway-security-policy",
location="us-central1",
description="gateway security policy created to be used as reference by the rule.")
default_gateway_security_policy_rule = gcp.networksecurity.GatewaySecurityPolicyRule("default",
name="my-gateway-security-policy-rule",
location="us-central1",
gateway_security_policy=default.name,
enabled=True,
description="my description",
priority=0,
session_matcher="host() == 'example.com'",
basic_profile="ALLOW")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkSecurity.GatewaySecurityPolicy("default", new()
{
Name = "my-gateway-security-policy",
Location = "us-central1",
Description = "gateway security policy created to be used as reference by the rule.",
});
var defaultGatewaySecurityPolicyRule = new Gcp.NetworkSecurity.GatewaySecurityPolicyRule("default", new()
{
Name = "my-gateway-security-policy-rule",
Location = "us-central1",
GatewaySecurityPolicy = @default.Name,
Enabled = true,
Description = "my description",
Priority = 0,
SessionMatcher = "host() == 'example.com'",
BasicProfile = "ALLOW",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := networksecurity.NewGatewaySecurityPolicy(ctx, "default", &networksecurity.GatewaySecurityPolicyArgs{
Name: pulumi.String("my-gateway-security-policy"),
Location: pulumi.String("us-central1"),
Description: pulumi.String("gateway security policy created to be used as reference by the rule."),
})
if err != nil {
return err
}
_, err = networksecurity.NewGatewaySecurityPolicyRule(ctx, "default", &networksecurity.GatewaySecurityPolicyRuleArgs{
Name: pulumi.String("my-gateway-security-policy-rule"),
Location: pulumi.String("us-central1"),
GatewaySecurityPolicy: _default.Name,
Enabled: pulumi.Bool(true),
Description: pulumi.String("my description"),
Priority: pulumi.Int(0),
SessionMatcher: pulumi.String("host() == 'example.com'"),
BasicProfile: pulumi.String("ALLOW"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new GatewaySecurityPolicy("default", GatewaySecurityPolicyArgs.builder()
.name("my-gateway-security-policy")
.location("us-central1")
.description("gateway security policy created to be used as reference by the rule.")
.build());
var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule("defaultGatewaySecurityPolicyRule", GatewaySecurityPolicyRuleArgs.builder()
.name("my-gateway-security-policy-rule")
.location("us-central1")
.gatewaySecurityPolicy(default_.name())
.enabled(true)
.description("my description")
.priority(0)
.sessionMatcher("host() == 'example.com'")
.basicProfile("ALLOW")
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:networksecurity:GatewaySecurityPolicy
properties:
name: my-gateway-security-policy
location: us-central1
description: gateway security policy created to be used as reference by the rule.
defaultGatewaySecurityPolicyRule:
type: gcp:networksecurity:GatewaySecurityPolicyRule
name: default
properties:
name: my-gateway-security-policy-rule
location: us-central1
gatewaySecurityPolicy: ${default.name}
enabled: true
description: my description
priority: 0
sessionMatcher: host() == 'example.com'
basicProfile: ALLOWContent copied to clipboard
Network Security Gateway Security Policy Rules Advanced
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.GatewaySecurityPolicy("default", {
name: "my-gateway-security-policy",
location: "us-central1",
description: "gateway security policy created to be used as reference by the rule.",
});
const defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule("default", {
name: "my-gateway-security-policy-rule",
location: "us-central1",
gatewaySecurityPolicy: _default.name,
enabled: true,
description: "my description",
priority: 0,
sessionMatcher: "host() == 'example.com'",
applicationMatcher: "request.method == 'POST'",
tlsInspectionEnabled: false,
basicProfile: "ALLOW",
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.GatewaySecurityPolicy("default",
name="my-gateway-security-policy",
location="us-central1",
description="gateway security policy created to be used as reference by the rule.")
default_gateway_security_policy_rule = gcp.networksecurity.GatewaySecurityPolicyRule("default",
name="my-gateway-security-policy-rule",
location="us-central1",
gateway_security_policy=default.name,
enabled=True,
description="my description",
priority=0,
session_matcher="host() == 'example.com'",
application_matcher="request.method == 'POST'",
tls_inspection_enabled=False,
basic_profile="ALLOW")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkSecurity.GatewaySecurityPolicy("default", new()
{
Name = "my-gateway-security-policy",
Location = "us-central1",
Description = "gateway security policy created to be used as reference by the rule.",
});
var defaultGatewaySecurityPolicyRule = new Gcp.NetworkSecurity.GatewaySecurityPolicyRule("default", new()
{
Name = "my-gateway-security-policy-rule",
Location = "us-central1",
GatewaySecurityPolicy = @default.Name,
Enabled = true,
Description = "my description",
Priority = 0,
SessionMatcher = "host() == 'example.com'",
ApplicationMatcher = "request.method == 'POST'",
TlsInspectionEnabled = false,
BasicProfile = "ALLOW",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := networksecurity.NewGatewaySecurityPolicy(ctx, "default", &networksecurity.GatewaySecurityPolicyArgs{
Name: pulumi.String("my-gateway-security-policy"),
Location: pulumi.String("us-central1"),
Description: pulumi.String("gateway security policy created to be used as reference by the rule."),
})
if err != nil {
return err
}
_, err = networksecurity.NewGatewaySecurityPolicyRule(ctx, "default", &networksecurity.GatewaySecurityPolicyRuleArgs{
Name: pulumi.String("my-gateway-security-policy-rule"),
Location: pulumi.String("us-central1"),
GatewaySecurityPolicy: _default.Name,
Enabled: pulumi.Bool(true),
Description: pulumi.String("my description"),
Priority: pulumi.Int(0),
SessionMatcher: pulumi.String("host() == 'example.com'"),
ApplicationMatcher: pulumi.String("request.method == 'POST'"),
TlsInspectionEnabled: pulumi.Bool(false),
BasicProfile: pulumi.String("ALLOW"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new GatewaySecurityPolicy("default", GatewaySecurityPolicyArgs.builder()
.name("my-gateway-security-policy")
.location("us-central1")
.description("gateway security policy created to be used as reference by the rule.")
.build());
var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule("defaultGatewaySecurityPolicyRule", GatewaySecurityPolicyRuleArgs.builder()
.name("my-gateway-security-policy-rule")
.location("us-central1")
.gatewaySecurityPolicy(default_.name())
.enabled(true)
.description("my description")
.priority(0)
.sessionMatcher("host() == 'example.com'")
.applicationMatcher("request.method == 'POST'")
.tlsInspectionEnabled(false)
.basicProfile("ALLOW")
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:networksecurity:GatewaySecurityPolicy
properties:
name: my-gateway-security-policy
location: us-central1
description: gateway security policy created to be used as reference by the rule.
defaultGatewaySecurityPolicyRule:
type: gcp:networksecurity:GatewaySecurityPolicyRule
name: default
properties:
name: my-gateway-security-policy-rule
location: us-central1
gatewaySecurityPolicy: ${default.name}
enabled: true
description: my description
priority: 0
sessionMatcher: host() == 'example.com'
applicationMatcher: request.method == 'POST'
tlsInspectionEnabled: false
basicProfile: ALLOWContent copied to clipboard
Import
GatewaySecurityPolicyRule can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{gateway_security_policy}}/rules/{{name}}{{project}}/{{location}}/{{gateway_security_policy}}/{{name}}{{location}}/{{gateway_security_policy}}/{{name}}When using thepulumi importcommand, GatewaySecurityPolicyRule can be imported using one of the formats above. For example:
$ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{gateway_security_policy}}/rules/{{name}}Content copied to clipboard
$ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default {{project}}/{{location}}/{{gateway_security_policy}}/{{name}}Content copied to clipboard
$ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default {{location}}/{{gateway_security_policy}}/{{name}}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(applicationMatcher: Output<String>? = null, basicProfile: Output<String>? = null, description: Output<String>? = null, enabled: Output<Boolean>? = null, gatewaySecurityPolicy: Output<String>? = null, location: Output<String>? = null, name: Output<String>? = null, priority: Output<Int>? = null, project: Output<String>? = null, sessionMatcher: Output<String>? = null, tlsInspectionEnabled: Output<Boolean>? = null)
Properties
Link copied to clipboard
CEL expression for matching on L7/application level criteria.
Link copied to clipboard
Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.
Link copied to clipboard
Free-text description of the resource.
Link copied to clipboard
The name of the gatewat security policy this rule belongs to.
Link copied to clipboard
CEL expression for matching on session criteria.
Link copied to clipboard
Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.