RegionSecurityPolicyArgs

data class RegionSecurityPolicyArgs(val adaptiveProtectionConfig: Output<SecurityPolicyAdaptiveProtectionConfigArgs>? = null, val advancedOptionsConfig: Output<SecurityPolicyAdvancedOptionsConfigArgs>? = null, val associations: Output<List<SecurityPolicyAssociationArgs>>? = null, val ddosProtectionConfig: Output<SecurityPolicyDdosProtectionConfigArgs>? = null, val description: Output<String>? = null, val displayName: Output<String>? = null, val labels: Output<Map<String, String>>? = null, val name: Output<String>? = null, val project: Output<String>? = null, val recaptchaOptionsConfig: Output<SecurityPolicyRecaptchaOptionsConfigArgs>? = null, val region: Output<String>? = null, val requestId: Output<String>? = null, val rules: Output<List<SecurityPolicyRuleArgs>>? = null, val type: Output<RegionSecurityPolicyType>? = null, val userDefinedFields: Output<List<SecurityPolicyUserDefinedFieldArgs>>? = null) : ConvertibleToJava<RegionSecurityPolicyArgs>

Creates a new policy in the specified project using the data included in the request.

Constructors

Link copied to clipboard
fun RegionSecurityPolicyArgs(adaptiveProtectionConfig: Output<SecurityPolicyAdaptiveProtectionConfigArgs>? = null, advancedOptionsConfig: Output<SecurityPolicyAdvancedOptionsConfigArgs>? = null, associations: Output<List<SecurityPolicyAssociationArgs>>? = null, ddosProtectionConfig: Output<SecurityPolicyDdosProtectionConfigArgs>? = null, description: Output<String>? = null, displayName: Output<String>? = null, labels: Output<Map<String, String>>? = null, name: Output<String>? = null, project: Output<String>? = null, recaptchaOptionsConfig: Output<SecurityPolicyRecaptchaOptionsConfigArgs>? = null, region: Output<String>? = null, requestId: Output<String>? = null, rules: Output<List<SecurityPolicyRuleArgs>>? = null, type: Output<RegionSecurityPolicyType>? = null, userDefinedFields: Output<List<SecurityPolicyUserDefinedFieldArgs>>? = null)

Functions

Link copied to clipboard
open override fun toJava(): RegionSecurityPolicyArgs

Properties

Link copied to clipboard

A list of associations that belong to this policy.

Link copied to clipboard
val description: Output<String>? = null

An optional description of this resource. Provide this property when you create the resource.

Link copied to clipboard
val displayName: Output<String>? = null

User-provided name of the Organization security plicy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL. The name must be 1-63 characters long, and comply with https://www.ietf.org/rfc/rfc1035.txt. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Link copied to clipboard
val labels: Output<Map<String, String>>? = null

Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.

Link copied to clipboard
val name: Output<String>? = null

Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Link copied to clipboard
val project: Output<String>? = null
Link copied to clipboard
val region: Output<String>? = null
Link copied to clipboard
val requestId: Output<String>? = null

An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).

Link copied to clipboard
val rules: Output<List<SecurityPolicyRuleArgs>>? = null

A list of rules that belong to this policy. There must always be a default rule which is a rule with priority 2147483647 and match all condition (for the match condition this means match "" for srcIpRanges and for the networkMatch condition every field must be either match "" or not set). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.

Link copied to clipboard
val type: Output<RegionSecurityPolicyType>? = null

The type indicates the intended use of the security policy. - CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. - CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache. - CLOUD_ARMOR_INTERNAL_SERVICE: Cloud Armor internal service policies can be configured to filter HTTP requests targeting services managed by Traffic Director in a service mesh. They filter requests before the request is served from the application. - CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time.

Link copied to clipboard

Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Example: userDefinedFields: - name: "ipv4_fragment_offset" base: IPV4 offset: 6 size: 2 mask: "0x1fff"