1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. networksecurity
  5. AuthzPolicy
Google Cloud v8.14.0 published on Wednesday, Jan 15, 2025 by Pulumi

gcp.networksecurity.AuthzPolicy

Explore with Pulumi AI

gcp logo
Google Cloud v8.14.0 published on Wednesday, Jan 15, 2025 by Pulumi

    AuthzPolicy is a resource that allows to forward traffic to a callout backend designed to scan the traffic for security purposes.

    To get more information about AuthzPolicy, see:

    Example Usage

    Network Services Authz Policy Advanced

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const _default = new gcp.compute.Network("default", {
        name: "lb-network",
        project: "my-project-name",
        autoCreateSubnetworks: false,
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "backend-subnet",
        project: "my-project-name",
        region: "us-west1",
        ipCidrRange: "10.1.2.0/24",
        network: _default.id,
    });
    const proxyOnly = new gcp.compute.Subnetwork("proxy_only", {
        name: "proxy-only-subnet",
        project: "my-project-name",
        region: "us-west1",
        ipCidrRange: "10.129.0.0/23",
        purpose: "REGIONAL_MANAGED_PROXY",
        role: "ACTIVE",
        network: _default.id,
    });
    const defaultAddress = new gcp.compute.Address("default", {
        name: "l7-ilb-ip-address",
        project: "my-project-name",
        region: "us-west1",
        subnetwork: defaultSubnetwork.id,
        addressType: "INTERNAL",
        purpose: "GCE_ENDPOINT",
    });
    const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
        name: "l7-ilb-basic-check",
        project: "my-project-name",
        region: "us-west1",
        httpHealthCheck: {
            portSpecification: "USE_SERVING_PORT",
        },
    });
    const urlMap = new gcp.compute.RegionBackendService("url_map", {
        name: "l7-ilb-backend-service",
        project: "my-project-name",
        region: "us-west1",
        loadBalancingScheme: "INTERNAL_MANAGED",
        healthChecks: defaultRegionHealthCheck.id,
    });
    const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", {
        name: "l7-ilb-map",
        project: "my-project-name",
        region: "us-west1",
        defaultService: urlMap.id,
    });
    const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", {
        name: "l7-ilb-proxy",
        project: "my-project-name",
        region: "us-west1",
        urlMap: defaultRegionUrlMap.id,
    });
    const defaultForwardingRule = new gcp.compute.ForwardingRule("default", {
        name: "l7-ilb-forwarding-rule",
        project: "my-project-name",
        region: "us-west1",
        loadBalancingScheme: "INTERNAL_MANAGED",
        network: _default.id,
        subnetwork: defaultSubnetwork.id,
        ipProtocol: "TCP",
        portRange: "80",
        target: defaultRegionTargetHttpProxy.id,
        ipAddress: defaultAddress.id,
    }, {
        dependsOn: [proxyOnly],
    });
    const authzExtension = new gcp.compute.RegionBackendService("authz_extension", {
        name: "authz-service",
        project: "my-project-name",
        region: "us-west1",
        protocol: "HTTP2",
        loadBalancingScheme: "INTERNAL_MANAGED",
        portName: "grpc",
    });
    const defaultAuthzExtension = new gcp.networkservices.AuthzExtension("default", {
        name: "my-authz-ext",
        project: "my-project-name",
        location: "us-west1",
        description: "my description",
        loadBalancingScheme: "INTERNAL_MANAGED",
        authority: "ext11.com",
        service: authzExtension.selfLink,
        timeout: "0.1s",
        failOpen: false,
        forwardHeaders: ["Authorization"],
    });
    const defaultAuthzPolicy = new gcp.networksecurity.AuthzPolicy("default", {
        name: "my-authz-policy",
        project: "my-project-name",
        location: "us-west1",
        description: "my description",
        target: {
            loadBalancingScheme: "INTERNAL_MANAGED",
            resources: [defaultForwardingRule.selfLink],
        },
        action: "CUSTOM",
        customProvider: {
            authzExtension: {
                resources: [defaultAuthzExtension.id],
            },
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    default = gcp.compute.Network("default",
        name="lb-network",
        project="my-project-name",
        auto_create_subnetworks=False)
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="backend-subnet",
        project="my-project-name",
        region="us-west1",
        ip_cidr_range="10.1.2.0/24",
        network=default.id)
    proxy_only = gcp.compute.Subnetwork("proxy_only",
        name="proxy-only-subnet",
        project="my-project-name",
        region="us-west1",
        ip_cidr_range="10.129.0.0/23",
        purpose="REGIONAL_MANAGED_PROXY",
        role="ACTIVE",
        network=default.id)
    default_address = gcp.compute.Address("default",
        name="l7-ilb-ip-address",
        project="my-project-name",
        region="us-west1",
        subnetwork=default_subnetwork.id,
        address_type="INTERNAL",
        purpose="GCE_ENDPOINT")
    default_region_health_check = gcp.compute.RegionHealthCheck("default",
        name="l7-ilb-basic-check",
        project="my-project-name",
        region="us-west1",
        http_health_check={
            "port_specification": "USE_SERVING_PORT",
        })
    url_map = gcp.compute.RegionBackendService("url_map",
        name="l7-ilb-backend-service",
        project="my-project-name",
        region="us-west1",
        load_balancing_scheme="INTERNAL_MANAGED",
        health_checks=default_region_health_check.id)
    default_region_url_map = gcp.compute.RegionUrlMap("default",
        name="l7-ilb-map",
        project="my-project-name",
        region="us-west1",
        default_service=url_map.id)
    default_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy("default",
        name="l7-ilb-proxy",
        project="my-project-name",
        region="us-west1",
        url_map=default_region_url_map.id)
    default_forwarding_rule = gcp.compute.ForwardingRule("default",
        name="l7-ilb-forwarding-rule",
        project="my-project-name",
        region="us-west1",
        load_balancing_scheme="INTERNAL_MANAGED",
        network=default.id,
        subnetwork=default_subnetwork.id,
        ip_protocol="TCP",
        port_range="80",
        target=default_region_target_http_proxy.id,
        ip_address=default_address.id,
        opts = pulumi.ResourceOptions(depends_on=[proxy_only]))
    authz_extension = gcp.compute.RegionBackendService("authz_extension",
        name="authz-service",
        project="my-project-name",
        region="us-west1",
        protocol="HTTP2",
        load_balancing_scheme="INTERNAL_MANAGED",
        port_name="grpc")
    default_authz_extension = gcp.networkservices.AuthzExtension("default",
        name="my-authz-ext",
        project="my-project-name",
        location="us-west1",
        description="my description",
        load_balancing_scheme="INTERNAL_MANAGED",
        authority="ext11.com",
        service=authz_extension.self_link,
        timeout="0.1s",
        fail_open=False,
        forward_headers=["Authorization"])
    default_authz_policy = gcp.networksecurity.AuthzPolicy("default",
        name="my-authz-policy",
        project="my-project-name",
        location="us-west1",
        description="my description",
        target={
            "load_balancing_scheme": "INTERNAL_MANAGED",
            "resources": [default_forwarding_rule.self_link],
        },
        action="CUSTOM",
        custom_provider={
            "authz_extension": {
                "resources": [default_authz_extension.id],
            },
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("lb-network"),
    			Project:               pulumi.String("my-project-name"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:        pulumi.String("backend-subnet"),
    			Project:     pulumi.String("my-project-name"),
    			Region:      pulumi.String("us-west1"),
    			IpCidrRange: pulumi.String("10.1.2.0/24"),
    			Network:     _default.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		proxyOnly, err := compute.NewSubnetwork(ctx, "proxy_only", &compute.SubnetworkArgs{
    			Name:        pulumi.String("proxy-only-subnet"),
    			Project:     pulumi.String("my-project-name"),
    			Region:      pulumi.String("us-west1"),
    			IpCidrRange: pulumi.String("10.129.0.0/23"),
    			Purpose:     pulumi.String("REGIONAL_MANAGED_PROXY"),
    			Role:        pulumi.String("ACTIVE"),
    			Network:     _default.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultAddress, err := compute.NewAddress(ctx, "default", &compute.AddressArgs{
    			Name:        pulumi.String("l7-ilb-ip-address"),
    			Project:     pulumi.String("my-project-name"),
    			Region:      pulumi.String("us-west1"),
    			Subnetwork:  defaultSubnetwork.ID(),
    			AddressType: pulumi.String("INTERNAL"),
    			Purpose:     pulumi.String("GCE_ENDPOINT"),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
    			Name:    pulumi.String("l7-ilb-basic-check"),
    			Project: pulumi.String("my-project-name"),
    			Region:  pulumi.String("us-west1"),
    			HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
    				PortSpecification: pulumi.String("USE_SERVING_PORT"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		urlMap, err := compute.NewRegionBackendService(ctx, "url_map", &compute.RegionBackendServiceArgs{
    			Name:                pulumi.String("l7-ilb-backend-service"),
    			Project:             pulumi.String("my-project-name"),
    			Region:              pulumi.String("us-west1"),
    			LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    			HealthChecks:        defaultRegionHealthCheck.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{
    			Name:           pulumi.String("l7-ilb-map"),
    			Project:        pulumi.String("my-project-name"),
    			Region:         pulumi.String("us-west1"),
    			DefaultService: urlMap.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{
    			Name:    pulumi.String("l7-ilb-proxy"),
    			Project: pulumi.String("my-project-name"),
    			Region:  pulumi.String("us-west1"),
    			UrlMap:  defaultRegionUrlMap.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultForwardingRule, err := compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("l7-ilb-forwarding-rule"),
    			Project:             pulumi.String("my-project-name"),
    			Region:              pulumi.String("us-west1"),
    			LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    			Network:             _default.ID(),
    			Subnetwork:          defaultSubnetwork.ID(),
    			IpProtocol:          pulumi.String("TCP"),
    			PortRange:           pulumi.String("80"),
    			Target:              defaultRegionTargetHttpProxy.ID(),
    			IpAddress:           defaultAddress.ID(),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			proxyOnly,
    		}))
    		if err != nil {
    			return err
    		}
    		authzExtension, err := compute.NewRegionBackendService(ctx, "authz_extension", &compute.RegionBackendServiceArgs{
    			Name:                pulumi.String("authz-service"),
    			Project:             pulumi.String("my-project-name"),
    			Region:              pulumi.String("us-west1"),
    			Protocol:            pulumi.String("HTTP2"),
    			LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    			PortName:            pulumi.String("grpc"),
    		})
    		if err != nil {
    			return err
    		}
    		defaultAuthzExtension, err := networkservices.NewAuthzExtension(ctx, "default", &networkservices.AuthzExtensionArgs{
    			Name:                pulumi.String("my-authz-ext"),
    			Project:             pulumi.String("my-project-name"),
    			Location:            pulumi.String("us-west1"),
    			Description:         pulumi.String("my description"),
    			LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    			Authority:           pulumi.String("ext11.com"),
    			Service:             authzExtension.SelfLink,
    			Timeout:             pulumi.String("0.1s"),
    			FailOpen:            pulumi.Bool(false),
    			ForwardHeaders: pulumi.StringArray{
    				pulumi.String("Authorization"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = networksecurity.NewAuthzPolicy(ctx, "default", &networksecurity.AuthzPolicyArgs{
    			Name:        pulumi.String("my-authz-policy"),
    			Project:     pulumi.String("my-project-name"),
    			Location:    pulumi.String("us-west1"),
    			Description: pulumi.String("my description"),
    			Target: &networksecurity.AuthzPolicyTargetArgs{
    				LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    				Resources: pulumi.StringArray{
    					defaultForwardingRule.SelfLink,
    				},
    			},
    			Action: pulumi.String("CUSTOM"),
    			CustomProvider: &networksecurity.AuthzPolicyCustomProviderArgs{
    				AuthzExtension: &networksecurity.AuthzPolicyCustomProviderAuthzExtensionArgs{
    					Resources: pulumi.StringArray{
    						defaultAuthzExtension.ID(),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.Compute.Network("default", new()
        {
            Name = "lb-network",
            Project = "my-project-name",
            AutoCreateSubnetworks = false,
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "backend-subnet",
            Project = "my-project-name",
            Region = "us-west1",
            IpCidrRange = "10.1.2.0/24",
            Network = @default.Id,
        });
    
        var proxyOnly = new Gcp.Compute.Subnetwork("proxy_only", new()
        {
            Name = "proxy-only-subnet",
            Project = "my-project-name",
            Region = "us-west1",
            IpCidrRange = "10.129.0.0/23",
            Purpose = "REGIONAL_MANAGED_PROXY",
            Role = "ACTIVE",
            Network = @default.Id,
        });
    
        var defaultAddress = new Gcp.Compute.Address("default", new()
        {
            Name = "l7-ilb-ip-address",
            Project = "my-project-name",
            Region = "us-west1",
            Subnetwork = defaultSubnetwork.Id,
            AddressType = "INTERNAL",
            Purpose = "GCE_ENDPOINT",
        });
    
        var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
        {
            Name = "l7-ilb-basic-check",
            Project = "my-project-name",
            Region = "us-west1",
            HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
            {
                PortSpecification = "USE_SERVING_PORT",
            },
        });
    
        var urlMap = new Gcp.Compute.RegionBackendService("url_map", new()
        {
            Name = "l7-ilb-backend-service",
            Project = "my-project-name",
            Region = "us-west1",
            LoadBalancingScheme = "INTERNAL_MANAGED",
            HealthChecks = defaultRegionHealthCheck.Id,
        });
    
        var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new()
        {
            Name = "l7-ilb-map",
            Project = "my-project-name",
            Region = "us-west1",
            DefaultService = urlMap.Id,
        });
    
        var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy("default", new()
        {
            Name = "l7-ilb-proxy",
            Project = "my-project-name",
            Region = "us-west1",
            UrlMap = defaultRegionUrlMap.Id,
        });
    
        var defaultForwardingRule = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "l7-ilb-forwarding-rule",
            Project = "my-project-name",
            Region = "us-west1",
            LoadBalancingScheme = "INTERNAL_MANAGED",
            Network = @default.Id,
            Subnetwork = defaultSubnetwork.Id,
            IpProtocol = "TCP",
            PortRange = "80",
            Target = defaultRegionTargetHttpProxy.Id,
            IpAddress = defaultAddress.Id,
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                proxyOnly,
            },
        });
    
        var authzExtension = new Gcp.Compute.RegionBackendService("authz_extension", new()
        {
            Name = "authz-service",
            Project = "my-project-name",
            Region = "us-west1",
            Protocol = "HTTP2",
            LoadBalancingScheme = "INTERNAL_MANAGED",
            PortName = "grpc",
        });
    
        var defaultAuthzExtension = new Gcp.NetworkServices.AuthzExtension("default", new()
        {
            Name = "my-authz-ext",
            Project = "my-project-name",
            Location = "us-west1",
            Description = "my description",
            LoadBalancingScheme = "INTERNAL_MANAGED",
            Authority = "ext11.com",
            Service = authzExtension.SelfLink,
            Timeout = "0.1s",
            FailOpen = false,
            ForwardHeaders = new[]
            {
                "Authorization",
            },
        });
    
        var defaultAuthzPolicy = new Gcp.NetworkSecurity.AuthzPolicy("default", new()
        {
            Name = "my-authz-policy",
            Project = "my-project-name",
            Location = "us-west1",
            Description = "my description",
            Target = new Gcp.NetworkSecurity.Inputs.AuthzPolicyTargetArgs
            {
                LoadBalancingScheme = "INTERNAL_MANAGED",
                Resources = new[]
                {
                    defaultForwardingRule.SelfLink,
                },
            },
            Action = "CUSTOM",
            CustomProvider = new Gcp.NetworkSecurity.Inputs.AuthzPolicyCustomProviderArgs
            {
                AuthzExtension = new Gcp.NetworkSecurity.Inputs.AuthzPolicyCustomProviderAuthzExtensionArgs
                {
                    Resources = new[]
                    {
                        defaultAuthzExtension.Id,
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.Address;
    import com.pulumi.gcp.compute.AddressArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.RegionUrlMap;
    import com.pulumi.gcp.compute.RegionUrlMapArgs;
    import com.pulumi.gcp.compute.RegionTargetHttpProxy;
    import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.networkservices.AuthzExtension;
    import com.pulumi.gcp.networkservices.AuthzExtensionArgs;
    import com.pulumi.gcp.networksecurity.AuthzPolicy;
    import com.pulumi.gcp.networksecurity.AuthzPolicyArgs;
    import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyTargetArgs;
    import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyCustomProviderArgs;
    import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyCustomProviderAuthzExtensionArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new Network("default", NetworkArgs.builder()
                .name("lb-network")
                .project("my-project-name")
                .autoCreateSubnetworks(false)
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
                .name("backend-subnet")
                .project("my-project-name")
                .region("us-west1")
                .ipCidrRange("10.1.2.0/24")
                .network(default_.id())
                .build());
    
            var proxyOnly = new Subnetwork("proxyOnly", SubnetworkArgs.builder()
                .name("proxy-only-subnet")
                .project("my-project-name")
                .region("us-west1")
                .ipCidrRange("10.129.0.0/23")
                .purpose("REGIONAL_MANAGED_PROXY")
                .role("ACTIVE")
                .network(default_.id())
                .build());
    
            var defaultAddress = new Address("defaultAddress", AddressArgs.builder()
                .name("l7-ilb-ip-address")
                .project("my-project-name")
                .region("us-west1")
                .subnetwork(defaultSubnetwork.id())
                .addressType("INTERNAL")
                .purpose("GCE_ENDPOINT")
                .build());
    
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()
                .name("l7-ilb-basic-check")
                .project("my-project-name")
                .region("us-west1")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .portSpecification("USE_SERVING_PORT")
                    .build())
                .build());
    
            var urlMap = new RegionBackendService("urlMap", RegionBackendServiceArgs.builder()
                .name("l7-ilb-backend-service")
                .project("my-project-name")
                .region("us-west1")
                .loadBalancingScheme("INTERNAL_MANAGED")
                .healthChecks(defaultRegionHealthCheck.id())
                .build());
    
            var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()
                .name("l7-ilb-map")
                .project("my-project-name")
                .region("us-west1")
                .defaultService(urlMap.id())
                .build());
    
            var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()
                .name("l7-ilb-proxy")
                .project("my-project-name")
                .region("us-west1")
                .urlMap(defaultRegionUrlMap.id())
                .build());
    
            var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()
                .name("l7-ilb-forwarding-rule")
                .project("my-project-name")
                .region("us-west1")
                .loadBalancingScheme("INTERNAL_MANAGED")
                .network(default_.id())
                .subnetwork(defaultSubnetwork.id())
                .ipProtocol("TCP")
                .portRange("80")
                .target(defaultRegionTargetHttpProxy.id())
                .ipAddress(defaultAddress.id())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(proxyOnly)
                    .build());
    
            var authzExtension = new RegionBackendService("authzExtension", RegionBackendServiceArgs.builder()
                .name("authz-service")
                .project("my-project-name")
                .region("us-west1")
                .protocol("HTTP2")
                .loadBalancingScheme("INTERNAL_MANAGED")
                .portName("grpc")
                .build());
    
            var defaultAuthzExtension = new AuthzExtension("defaultAuthzExtension", AuthzExtensionArgs.builder()
                .name("my-authz-ext")
                .project("my-project-name")
                .location("us-west1")
                .description("my description")
                .loadBalancingScheme("INTERNAL_MANAGED")
                .authority("ext11.com")
                .service(authzExtension.selfLink())
                .timeout("0.1s")
                .failOpen(false)
                .forwardHeaders("Authorization")
                .build());
    
            var defaultAuthzPolicy = new AuthzPolicy("defaultAuthzPolicy", AuthzPolicyArgs.builder()
                .name("my-authz-policy")
                .project("my-project-name")
                .location("us-west1")
                .description("my description")
                .target(AuthzPolicyTargetArgs.builder()
                    .loadBalancingScheme("INTERNAL_MANAGED")
                    .resources(defaultForwardingRule.selfLink())
                    .build())
                .action("CUSTOM")
                .customProvider(AuthzPolicyCustomProviderArgs.builder()
                    .authzExtension(AuthzPolicyCustomProviderAuthzExtensionArgs.builder()
                        .resources(defaultAuthzExtension.id())
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:compute:Network
        properties:
          name: lb-network
          project: my-project-name
          autoCreateSubnetworks: false
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: backend-subnet
          project: my-project-name
          region: us-west1
          ipCidrRange: 10.1.2.0/24
          network: ${default.id}
      proxyOnly:
        type: gcp:compute:Subnetwork
        name: proxy_only
        properties:
          name: proxy-only-subnet
          project: my-project-name
          region: us-west1
          ipCidrRange: 10.129.0.0/23
          purpose: REGIONAL_MANAGED_PROXY
          role: ACTIVE
          network: ${default.id}
      defaultAddress:
        type: gcp:compute:Address
        name: default
        properties:
          name: l7-ilb-ip-address
          project: my-project-name
          region: us-west1
          subnetwork: ${defaultSubnetwork.id}
          addressType: INTERNAL
          purpose: GCE_ENDPOINT
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        name: default
        properties:
          name: l7-ilb-basic-check
          project: my-project-name
          region: us-west1
          httpHealthCheck:
            portSpecification: USE_SERVING_PORT
      urlMap:
        type: gcp:compute:RegionBackendService
        name: url_map
        properties:
          name: l7-ilb-backend-service
          project: my-project-name
          region: us-west1
          loadBalancingScheme: INTERNAL_MANAGED
          healthChecks: ${defaultRegionHealthCheck.id}
      defaultRegionUrlMap:
        type: gcp:compute:RegionUrlMap
        name: default
        properties:
          name: l7-ilb-map
          project: my-project-name
          region: us-west1
          defaultService: ${urlMap.id}
      defaultRegionTargetHttpProxy:
        type: gcp:compute:RegionTargetHttpProxy
        name: default
        properties:
          name: l7-ilb-proxy
          project: my-project-name
          region: us-west1
          urlMap: ${defaultRegionUrlMap.id}
      defaultForwardingRule:
        type: gcp:compute:ForwardingRule
        name: default
        properties:
          name: l7-ilb-forwarding-rule
          project: my-project-name
          region: us-west1
          loadBalancingScheme: INTERNAL_MANAGED
          network: ${default.id}
          subnetwork: ${defaultSubnetwork.id}
          ipProtocol: TCP
          portRange: '80'
          target: ${defaultRegionTargetHttpProxy.id}
          ipAddress: ${defaultAddress.id}
        options:
          dependsOn:
            - ${proxyOnly}
      authzExtension:
        type: gcp:compute:RegionBackendService
        name: authz_extension
        properties:
          name: authz-service
          project: my-project-name
          region: us-west1
          protocol: HTTP2
          loadBalancingScheme: INTERNAL_MANAGED
          portName: grpc
      defaultAuthzExtension:
        type: gcp:networkservices:AuthzExtension
        name: default
        properties:
          name: my-authz-ext
          project: my-project-name
          location: us-west1
          description: my description
          loadBalancingScheme: INTERNAL_MANAGED
          authority: ext11.com
          service: ${authzExtension.selfLink}
          timeout: 0.1s
          failOpen: false
          forwardHeaders:
            - Authorization
      defaultAuthzPolicy:
        type: gcp:networksecurity:AuthzPolicy
        name: default
        properties:
          name: my-authz-policy
          project: my-project-name
          location: us-west1
          description: my description
          target:
            loadBalancingScheme: INTERNAL_MANAGED
            resources:
              - ${defaultForwardingRule.selfLink}
          action: CUSTOM
          customProvider:
            authzExtension:
              resources:
                - ${defaultAuthzExtension.id}
    

    Create AuthzPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AuthzPolicy(name: string, args: AuthzPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def AuthzPolicy(resource_name: str,
                    args: AuthzPolicyArgs,
                    opts: Optional[ResourceOptions] = None)
    
    @overload
    def AuthzPolicy(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    action: Optional[str] = None,
                    location: Optional[str] = None,
                    target: Optional[AuthzPolicyTargetArgs] = None,
                    custom_provider: Optional[AuthzPolicyCustomProviderArgs] = None,
                    description: Optional[str] = None,
                    http_rules: Optional[Sequence[AuthzPolicyHttpRuleArgs]] = None,
                    labels: Optional[Mapping[str, str]] = None,
                    name: Optional[str] = None,
                    project: Optional[str] = None)
    func NewAuthzPolicy(ctx *Context, name string, args AuthzPolicyArgs, opts ...ResourceOption) (*AuthzPolicy, error)
    public AuthzPolicy(string name, AuthzPolicyArgs args, CustomResourceOptions? opts = null)
    public AuthzPolicy(String name, AuthzPolicyArgs args)
    public AuthzPolicy(String name, AuthzPolicyArgs args, CustomResourceOptions options)
    
    type: gcp:networksecurity:AuthzPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AuthzPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AuthzPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AuthzPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AuthzPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AuthzPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var authzPolicyResource = new Gcp.NetworkSecurity.AuthzPolicy("authzPolicyResource", new()
    {
        Action = "string",
        Location = "string",
        Target = new Gcp.NetworkSecurity.Inputs.AuthzPolicyTargetArgs
        {
            LoadBalancingScheme = "string",
            Resources = new[]
            {
                "string",
            },
        },
        CustomProvider = new Gcp.NetworkSecurity.Inputs.AuthzPolicyCustomProviderArgs
        {
            AuthzExtension = new Gcp.NetworkSecurity.Inputs.AuthzPolicyCustomProviderAuthzExtensionArgs
            {
                Resources = new[]
                {
                    "string",
                },
            },
            CloudIap = new Gcp.NetworkSecurity.Inputs.AuthzPolicyCustomProviderCloudIapArgs
            {
                Enabled = false,
            },
        },
        Description = "string",
        HttpRules = new[]
        {
            new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleArgs
            {
                From = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromArgs
                {
                    NotSources = new[]
                    {
                        new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromNotSourceArgs
                        {
                            Principals = new[]
                            {
                                new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromNotSourcePrincipalArgs
                                {
                                    Contains = "string",
                                    Exact = "string",
                                    IgnoreCase = false,
                                    Prefix = "string",
                                    Suffix = "string",
                                },
                            },
                            Resources = new[]
                            {
                                new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromNotSourceResourceArgs
                                {
                                    IamServiceAccount = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs
                                    {
                                        Contains = "string",
                                        Exact = "string",
                                        IgnoreCase = false,
                                        Prefix = "string",
                                        Suffix = "string",
                                    },
                                    TagValueIdSet = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs
                                    {
                                        Ids = new[]
                                        {
                                            "string",
                                        },
                                    },
                                },
                            },
                        },
                    },
                    Sources = new[]
                    {
                        new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromSourceArgs
                        {
                            Principals = new[]
                            {
                                new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromSourcePrincipalArgs
                                {
                                    Contains = "string",
                                    Exact = "string",
                                    IgnoreCase = false,
                                    Prefix = "string",
                                    Suffix = "string",
                                },
                            },
                            Resources = new[]
                            {
                                new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromSourceResourceArgs
                                {
                                    IamServiceAccount = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs
                                    {
                                        Contains = "string",
                                        Exact = "string",
                                        IgnoreCase = false,
                                        Prefix = "string",
                                        Suffix = "string",
                                    },
                                    TagValueIdSet = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs
                                    {
                                        Ids = new[]
                                        {
                                            "string",
                                        },
                                    },
                                },
                            },
                        },
                    },
                },
                To = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleToArgs
                {
                    Operations = new[]
                    {
                        new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleToOperationArgs
                        {
                            HeaderSet = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleToOperationHeaderSetArgs
                            {
                                Headers = new[]
                                {
                                    new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs
                                    {
                                        Name = "string",
                                        Value = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs
                                        {
                                            Contains = "string",
                                            Exact = "string",
                                            IgnoreCase = false,
                                            Prefix = "string",
                                            Suffix = "string",
                                        },
                                    },
                                },
                            },
                            Hosts = new[]
                            {
                                new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleToOperationHostArgs
                                {
                                    Contains = "string",
                                    Exact = "string",
                                    IgnoreCase = false,
                                    Prefix = "string",
                                    Suffix = "string",
                                },
                            },
                            Methods = new[]
                            {
                                "string",
                            },
                            Paths = new[]
                            {
                                new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleToOperationPathArgs
                                {
                                    Contains = "string",
                                    Exact = "string",
                                    IgnoreCase = false,
                                    Prefix = "string",
                                    Suffix = "string",
                                },
                            },
                        },
                    },
                },
                When = "string",
            },
        },
        Labels = 
        {
            { "string", "string" },
        },
        Name = "string",
        Project = "string",
    });
    
    example, err := networksecurity.NewAuthzPolicy(ctx, "authzPolicyResource", &networksecurity.AuthzPolicyArgs{
    	Action:   pulumi.String("string"),
    	Location: pulumi.String("string"),
    	Target: &networksecurity.AuthzPolicyTargetArgs{
    		LoadBalancingScheme: pulumi.String("string"),
    		Resources: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	CustomProvider: &networksecurity.AuthzPolicyCustomProviderArgs{
    		AuthzExtension: &networksecurity.AuthzPolicyCustomProviderAuthzExtensionArgs{
    			Resources: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    		CloudIap: &networksecurity.AuthzPolicyCustomProviderCloudIapArgs{
    			Enabled: pulumi.Bool(false),
    		},
    	},
    	Description: pulumi.String("string"),
    	HttpRules: networksecurity.AuthzPolicyHttpRuleArray{
    		&networksecurity.AuthzPolicyHttpRuleArgs{
    			From: &networksecurity.AuthzPolicyHttpRuleFromArgs{
    				NotSources: networksecurity.AuthzPolicyHttpRuleFromNotSourceArray{
    					&networksecurity.AuthzPolicyHttpRuleFromNotSourceArgs{
    						Principals: networksecurity.AuthzPolicyHttpRuleFromNotSourcePrincipalArray{
    							&networksecurity.AuthzPolicyHttpRuleFromNotSourcePrincipalArgs{
    								Contains:   pulumi.String("string"),
    								Exact:      pulumi.String("string"),
    								IgnoreCase: pulumi.Bool(false),
    								Prefix:     pulumi.String("string"),
    								Suffix:     pulumi.String("string"),
    							},
    						},
    						Resources: networksecurity.AuthzPolicyHttpRuleFromNotSourceResourceArray{
    							&networksecurity.AuthzPolicyHttpRuleFromNotSourceResourceArgs{
    								IamServiceAccount: &networksecurity.AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs{
    									Contains:   pulumi.String("string"),
    									Exact:      pulumi.String("string"),
    									IgnoreCase: pulumi.Bool(false),
    									Prefix:     pulumi.String("string"),
    									Suffix:     pulumi.String("string"),
    								},
    								TagValueIdSet: &networksecurity.AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs{
    									Ids: pulumi.StringArray{
    										pulumi.String("string"),
    									},
    								},
    							},
    						},
    					},
    				},
    				Sources: networksecurity.AuthzPolicyHttpRuleFromSourceArray{
    					&networksecurity.AuthzPolicyHttpRuleFromSourceArgs{
    						Principals: networksecurity.AuthzPolicyHttpRuleFromSourcePrincipalArray{
    							&networksecurity.AuthzPolicyHttpRuleFromSourcePrincipalArgs{
    								Contains:   pulumi.String("string"),
    								Exact:      pulumi.String("string"),
    								IgnoreCase: pulumi.Bool(false),
    								Prefix:     pulumi.String("string"),
    								Suffix:     pulumi.String("string"),
    							},
    						},
    						Resources: networksecurity.AuthzPolicyHttpRuleFromSourceResourceArray{
    							&networksecurity.AuthzPolicyHttpRuleFromSourceResourceArgs{
    								IamServiceAccount: &networksecurity.AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs{
    									Contains:   pulumi.String("string"),
    									Exact:      pulumi.String("string"),
    									IgnoreCase: pulumi.Bool(false),
    									Prefix:     pulumi.String("string"),
    									Suffix:     pulumi.String("string"),
    								},
    								TagValueIdSet: &networksecurity.AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs{
    									Ids: pulumi.StringArray{
    										pulumi.String("string"),
    									},
    								},
    							},
    						},
    					},
    				},
    			},
    			To: &networksecurity.AuthzPolicyHttpRuleToArgs{
    				Operations: networksecurity.AuthzPolicyHttpRuleToOperationArray{
    					&networksecurity.AuthzPolicyHttpRuleToOperationArgs{
    						HeaderSet: &networksecurity.AuthzPolicyHttpRuleToOperationHeaderSetArgs{
    							Headers: networksecurity.AuthzPolicyHttpRuleToOperationHeaderSetHeaderArray{
    								&networksecurity.AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs{
    									Name: pulumi.String("string"),
    									Value: &networksecurity.AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs{
    										Contains:   pulumi.String("string"),
    										Exact:      pulumi.String("string"),
    										IgnoreCase: pulumi.Bool(false),
    										Prefix:     pulumi.String("string"),
    										Suffix:     pulumi.String("string"),
    									},
    								},
    							},
    						},
    						Hosts: networksecurity.AuthzPolicyHttpRuleToOperationHostArray{
    							&networksecurity.AuthzPolicyHttpRuleToOperationHostArgs{
    								Contains:   pulumi.String("string"),
    								Exact:      pulumi.String("string"),
    								IgnoreCase: pulumi.Bool(false),
    								Prefix:     pulumi.String("string"),
    								Suffix:     pulumi.String("string"),
    							},
    						},
    						Methods: pulumi.StringArray{
    							pulumi.String("string"),
    						},
    						Paths: networksecurity.AuthzPolicyHttpRuleToOperationPathArray{
    							&networksecurity.AuthzPolicyHttpRuleToOperationPathArgs{
    								Contains:   pulumi.String("string"),
    								Exact:      pulumi.String("string"),
    								IgnoreCase: pulumi.Bool(false),
    								Prefix:     pulumi.String("string"),
    								Suffix:     pulumi.String("string"),
    							},
    						},
    					},
    				},
    			},
    			When: pulumi.String("string"),
    		},
    	},
    	Labels: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	Name:    pulumi.String("string"),
    	Project: pulumi.String("string"),
    })
    
    var authzPolicyResource = new AuthzPolicy("authzPolicyResource", AuthzPolicyArgs.builder()
        .action("string")
        .location("string")
        .target(AuthzPolicyTargetArgs.builder()
            .loadBalancingScheme("string")
            .resources("string")
            .build())
        .customProvider(AuthzPolicyCustomProviderArgs.builder()
            .authzExtension(AuthzPolicyCustomProviderAuthzExtensionArgs.builder()
                .resources("string")
                .build())
            .cloudIap(AuthzPolicyCustomProviderCloudIapArgs.builder()
                .enabled(false)
                .build())
            .build())
        .description("string")
        .httpRules(AuthzPolicyHttpRuleArgs.builder()
            .from(AuthzPolicyHttpRuleFromArgs.builder()
                .notSources(AuthzPolicyHttpRuleFromNotSourceArgs.builder()
                    .principals(AuthzPolicyHttpRuleFromNotSourcePrincipalArgs.builder()
                        .contains("string")
                        .exact("string")
                        .ignoreCase(false)
                        .prefix("string")
                        .suffix("string")
                        .build())
                    .resources(AuthzPolicyHttpRuleFromNotSourceResourceArgs.builder()
                        .iamServiceAccount(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs.builder()
                            .contains("string")
                            .exact("string")
                            .ignoreCase(false)
                            .prefix("string")
                            .suffix("string")
                            .build())
                        .tagValueIdSet(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs.builder()
                            .ids("string")
                            .build())
                        .build())
                    .build())
                .sources(AuthzPolicyHttpRuleFromSourceArgs.builder()
                    .principals(AuthzPolicyHttpRuleFromSourcePrincipalArgs.builder()
                        .contains("string")
                        .exact("string")
                        .ignoreCase(false)
                        .prefix("string")
                        .suffix("string")
                        .build())
                    .resources(AuthzPolicyHttpRuleFromSourceResourceArgs.builder()
                        .iamServiceAccount(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs.builder()
                            .contains("string")
                            .exact("string")
                            .ignoreCase(false)
                            .prefix("string")
                            .suffix("string")
                            .build())
                        .tagValueIdSet(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs.builder()
                            .ids("string")
                            .build())
                        .build())
                    .build())
                .build())
            .to(AuthzPolicyHttpRuleToArgs.builder()
                .operations(AuthzPolicyHttpRuleToOperationArgs.builder()
                    .headerSet(AuthzPolicyHttpRuleToOperationHeaderSetArgs.builder()
                        .headers(AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs.builder()
                            .name("string")
                            .value(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs.builder()
                                .contains("string")
                                .exact("string")
                                .ignoreCase(false)
                                .prefix("string")
                                .suffix("string")
                                .build())
                            .build())
                        .build())
                    .hosts(AuthzPolicyHttpRuleToOperationHostArgs.builder()
                        .contains("string")
                        .exact("string")
                        .ignoreCase(false)
                        .prefix("string")
                        .suffix("string")
                        .build())
                    .methods("string")
                    .paths(AuthzPolicyHttpRuleToOperationPathArgs.builder()
                        .contains("string")
                        .exact("string")
                        .ignoreCase(false)
                        .prefix("string")
                        .suffix("string")
                        .build())
                    .build())
                .build())
            .when("string")
            .build())
        .labels(Map.of("string", "string"))
        .name("string")
        .project("string")
        .build());
    
    authz_policy_resource = gcp.networksecurity.AuthzPolicy("authzPolicyResource",
        action="string",
        location="string",
        target={
            "load_balancing_scheme": "string",
            "resources": ["string"],
        },
        custom_provider={
            "authz_extension": {
                "resources": ["string"],
            },
            "cloud_iap": {
                "enabled": False,
            },
        },
        description="string",
        http_rules=[{
            "from_": {
                "not_sources": [{
                    "principals": [{
                        "contains": "string",
                        "exact": "string",
                        "ignore_case": False,
                        "prefix": "string",
                        "suffix": "string",
                    }],
                    "resources": [{
                        "iam_service_account": {
                            "contains": "string",
                            "exact": "string",
                            "ignore_case": False,
                            "prefix": "string",
                            "suffix": "string",
                        },
                        "tag_value_id_set": {
                            "ids": ["string"],
                        },
                    }],
                }],
                "sources": [{
                    "principals": [{
                        "contains": "string",
                        "exact": "string",
                        "ignore_case": False,
                        "prefix": "string",
                        "suffix": "string",
                    }],
                    "resources": [{
                        "iam_service_account": {
                            "contains": "string",
                            "exact": "string",
                            "ignore_case": False,
                            "prefix": "string",
                            "suffix": "string",
                        },
                        "tag_value_id_set": {
                            "ids": ["string"],
                        },
                    }],
                }],
            },
            "to": {
                "operations": [{
                    "header_set": {
                        "headers": [{
                            "name": "string",
                            "value": {
                                "contains": "string",
                                "exact": "string",
                                "ignore_case": False,
                                "prefix": "string",
                                "suffix": "string",
                            },
                        }],
                    },
                    "hosts": [{
                        "contains": "string",
                        "exact": "string",
                        "ignore_case": False,
                        "prefix": "string",
                        "suffix": "string",
                    }],
                    "methods": ["string"],
                    "paths": [{
                        "contains": "string",
                        "exact": "string",
                        "ignore_case": False,
                        "prefix": "string",
                        "suffix": "string",
                    }],
                }],
            },
            "when": "string",
        }],
        labels={
            "string": "string",
        },
        name="string",
        project="string")
    
    const authzPolicyResource = new gcp.networksecurity.AuthzPolicy("authzPolicyResource", {
        action: "string",
        location: "string",
        target: {
            loadBalancingScheme: "string",
            resources: ["string"],
        },
        customProvider: {
            authzExtension: {
                resources: ["string"],
            },
            cloudIap: {
                enabled: false,
            },
        },
        description: "string",
        httpRules: [{
            from: {
                notSources: [{
                    principals: [{
                        contains: "string",
                        exact: "string",
                        ignoreCase: false,
                        prefix: "string",
                        suffix: "string",
                    }],
                    resources: [{
                        iamServiceAccount: {
                            contains: "string",
                            exact: "string",
                            ignoreCase: false,
                            prefix: "string",
                            suffix: "string",
                        },
                        tagValueIdSet: {
                            ids: ["string"],
                        },
                    }],
                }],
                sources: [{
                    principals: [{
                        contains: "string",
                        exact: "string",
                        ignoreCase: false,
                        prefix: "string",
                        suffix: "string",
                    }],
                    resources: [{
                        iamServiceAccount: {
                            contains: "string",
                            exact: "string",
                            ignoreCase: false,
                            prefix: "string",
                            suffix: "string",
                        },
                        tagValueIdSet: {
                            ids: ["string"],
                        },
                    }],
                }],
            },
            to: {
                operations: [{
                    headerSet: {
                        headers: [{
                            name: "string",
                            value: {
                                contains: "string",
                                exact: "string",
                                ignoreCase: false,
                                prefix: "string",
                                suffix: "string",
                            },
                        }],
                    },
                    hosts: [{
                        contains: "string",
                        exact: "string",
                        ignoreCase: false,
                        prefix: "string",
                        suffix: "string",
                    }],
                    methods: ["string"],
                    paths: [{
                        contains: "string",
                        exact: "string",
                        ignoreCase: false,
                        prefix: "string",
                        suffix: "string",
                    }],
                }],
            },
            when: "string",
        }],
        labels: {
            string: "string",
        },
        name: "string",
        project: "string",
    });
    
    type: gcp:networksecurity:AuthzPolicy
    properties:
        action: string
        customProvider:
            authzExtension:
                resources:
                    - string
            cloudIap:
                enabled: false
        description: string
        httpRules:
            - from:
                notSources:
                    - principals:
                        - contains: string
                          exact: string
                          ignoreCase: false
                          prefix: string
                          suffix: string
                      resources:
                        - iamServiceAccount:
                            contains: string
                            exact: string
                            ignoreCase: false
                            prefix: string
                            suffix: string
                          tagValueIdSet:
                            ids:
                                - string
                sources:
                    - principals:
                        - contains: string
                          exact: string
                          ignoreCase: false
                          prefix: string
                          suffix: string
                      resources:
                        - iamServiceAccount:
                            contains: string
                            exact: string
                            ignoreCase: false
                            prefix: string
                            suffix: string
                          tagValueIdSet:
                            ids:
                                - string
              to:
                operations:
                    - headerSet:
                        headers:
                            - name: string
                              value:
                                contains: string
                                exact: string
                                ignoreCase: false
                                prefix: string
                                suffix: string
                      hosts:
                        - contains: string
                          exact: string
                          ignoreCase: false
                          prefix: string
                          suffix: string
                      methods:
                        - string
                      paths:
                        - contains: string
                          exact: string
                          ignoreCase: false
                          prefix: string
                          suffix: string
              when: string
        labels:
            string: string
        location: string
        name: string
        project: string
        target:
            loadBalancingScheme: string
            resources:
                - string
    

    AuthzPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AuthzPolicy resource accepts the following input properties:

    Action string
    When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
    2. If there are any DENY policies that match the request, the request is denied.
    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.
    Location string
    The location of the resource.
    Target AuthzPolicyTarget
    Specifies the set of resources to which this policy should be applied to. Structure is documented below.
    CustomProvider AuthzPolicyCustomProvider
    Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
    Description string
    A human-readable description of the resource.
    HttpRules List<AuthzPolicyHttpRule>
    A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
    Labels Dictionary<string, string>
    Set of labels associated with the AuthzExtension resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
    Name string
    Identifier. Name of the AuthzPolicy resource.
    Project string
    Action string
    When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
    2. If there are any DENY policies that match the request, the request is denied.
    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.
    Location string
    The location of the resource.
    Target AuthzPolicyTargetArgs
    Specifies the set of resources to which this policy should be applied to. Structure is documented below.
    CustomProvider AuthzPolicyCustomProviderArgs
    Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
    Description string
    A human-readable description of the resource.
    HttpRules []AuthzPolicyHttpRuleArgs
    A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
    Labels map[string]string
    Set of labels associated with the AuthzExtension resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
    Name string
    Identifier. Name of the AuthzPolicy resource.
    Project string
    action String
    When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
    2. If there are any DENY policies that match the request, the request is denied.
    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.
    location String
    The location of the resource.
    target AuthzPolicyTarget
    Specifies the set of resources to which this policy should be applied to. Structure is documented below.
    customProvider AuthzPolicyCustomProvider
    Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
    description String
    A human-readable description of the resource.
    httpRules List<AuthzPolicyHttpRule>
    A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
    labels Map<String,String>
    Set of labels associated with the AuthzExtension resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
    name String
    Identifier. Name of the AuthzPolicy resource.
    project String
    action string
    When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
    2. If there are any DENY policies that match the request, the request is denied.
    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.
    location string
    The location of the resource.
    target AuthzPolicyTarget
    Specifies the set of resources to which this policy should be applied to. Structure is documented below.
    customProvider AuthzPolicyCustomProvider
    Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
    description string
    A human-readable description of the resource.
    httpRules AuthzPolicyHttpRule[]
    A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
    labels {[key: string]: string}
    Set of labels associated with the AuthzExtension resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
    name string
    Identifier. Name of the AuthzPolicy resource.
    project string
    action str
    When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
    2. If there are any DENY policies that match the request, the request is denied.
    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.
    location str
    The location of the resource.
    target AuthzPolicyTargetArgs
    Specifies the set of resources to which this policy should be applied to. Structure is documented below.
    custom_provider AuthzPolicyCustomProviderArgs
    Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
    description str
    A human-readable description of the resource.
    http_rules Sequence[AuthzPolicyHttpRuleArgs]
    A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
    labels Mapping[str, str]
    Set of labels associated with the AuthzExtension resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
    name str
    Identifier. Name of the AuthzPolicy resource.
    project str
    action String
    When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
    2. If there are any DENY policies that match the request, the request is denied.
    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.
    location String
    The location of the resource.
    target Property Map
    Specifies the set of resources to which this policy should be applied to. Structure is documented below.
    customProvider Property Map
    Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
    description String
    A human-readable description of the resource.
    httpRules List<Property Map>
    A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
    labels Map<String>
    Set of labels associated with the AuthzExtension resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
    name String
    Identifier. Name of the AuthzPolicy resource.
    project String

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AuthzPolicy resource produces the following output properties:

    CreateTime string
    The timestamp when the resource was created.
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Id string
    The provider-assigned unique ID for this managed resource.
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    UpdateTime string
    The timestamp when the resource was updated.
    CreateTime string
    The timestamp when the resource was created.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Id string
    The provider-assigned unique ID for this managed resource.
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    UpdateTime string
    The timestamp when the resource was updated.
    createTime String
    The timestamp when the resource was created.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id String
    The provider-assigned unique ID for this managed resource.
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime String
    The timestamp when the resource was updated.
    createTime string
    The timestamp when the resource was created.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id string
    The provider-assigned unique ID for this managed resource.
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime string
    The timestamp when the resource was updated.
    create_time str
    The timestamp when the resource was created.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id str
    The provider-assigned unique ID for this managed resource.
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    update_time str
    The timestamp when the resource was updated.
    createTime String
    The timestamp when the resource was created.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id String
    The provider-assigned unique ID for this managed resource.
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    updateTime String
    The timestamp when the resource was updated.

    Look up Existing AuthzPolicy Resource

    Get an existing AuthzPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AuthzPolicyState, opts?: CustomResourceOptions): AuthzPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            action: Optional[str] = None,
            create_time: Optional[str] = None,
            custom_provider: Optional[AuthzPolicyCustomProviderArgs] = None,
            description: Optional[str] = None,
            effective_labels: Optional[Mapping[str, str]] = None,
            http_rules: Optional[Sequence[AuthzPolicyHttpRuleArgs]] = None,
            labels: Optional[Mapping[str, str]] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            project: Optional[str] = None,
            pulumi_labels: Optional[Mapping[str, str]] = None,
            target: Optional[AuthzPolicyTargetArgs] = None,
            update_time: Optional[str] = None) -> AuthzPolicy
    func GetAuthzPolicy(ctx *Context, name string, id IDInput, state *AuthzPolicyState, opts ...ResourceOption) (*AuthzPolicy, error)
    public static AuthzPolicy Get(string name, Input<string> id, AuthzPolicyState? state, CustomResourceOptions? opts = null)
    public static AuthzPolicy get(String name, Output<String> id, AuthzPolicyState state, CustomResourceOptions options)
    resources:  _:    type: gcp:networksecurity:AuthzPolicy    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Action string
    When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
    2. If there are any DENY policies that match the request, the request is denied.
    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.
    CreateTime string
    The timestamp when the resource was created.
    CustomProvider AuthzPolicyCustomProvider
    Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
    Description string
    A human-readable description of the resource.
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    HttpRules List<AuthzPolicyHttpRule>
    A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
    Labels Dictionary<string, string>
    Set of labels associated with the AuthzExtension resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
    Location string
    The location of the resource.
    Name string
    Identifier. Name of the AuthzPolicy resource.
    Project string
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    Target AuthzPolicyTarget
    Specifies the set of resources to which this policy should be applied to. Structure is documented below.
    UpdateTime string
    The timestamp when the resource was updated.
    Action string
    When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
    2. If there are any DENY policies that match the request, the request is denied.
    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.
    CreateTime string
    The timestamp when the resource was created.
    CustomProvider AuthzPolicyCustomProviderArgs
    Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
    Description string
    A human-readable description of the resource.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    HttpRules []AuthzPolicyHttpRuleArgs
    A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
    Labels map[string]string
    Set of labels associated with the AuthzExtension resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
    Location string
    The location of the resource.
    Name string
    Identifier. Name of the AuthzPolicy resource.
    Project string
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    Target AuthzPolicyTargetArgs
    Specifies the set of resources to which this policy should be applied to. Structure is documented below.
    UpdateTime string
    The timestamp when the resource was updated.
    action String
    When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
    2. If there are any DENY policies that match the request, the request is denied.
    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.
    createTime String
    The timestamp when the resource was created.
    customProvider AuthzPolicyCustomProvider
    Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
    description String
    A human-readable description of the resource.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    httpRules List<AuthzPolicyHttpRule>
    A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
    labels Map<String,String>
    Set of labels associated with the AuthzExtension resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
    location String
    The location of the resource.
    name String
    Identifier. Name of the AuthzPolicy resource.
    project String
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    target AuthzPolicyTarget
    Specifies the set of resources to which this policy should be applied to. Structure is documented below.
    updateTime String
    The timestamp when the resource was updated.
    action string
    When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
    2. If there are any DENY policies that match the request, the request is denied.
    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.
    createTime string
    The timestamp when the resource was created.
    customProvider AuthzPolicyCustomProvider
    Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
    description string
    A human-readable description of the resource.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    httpRules AuthzPolicyHttpRule[]
    A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
    labels {[key: string]: string}
    Set of labels associated with the AuthzExtension resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
    location string
    The location of the resource.
    name string
    Identifier. Name of the AuthzPolicy resource.
    project string
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    target AuthzPolicyTarget
    Specifies the set of resources to which this policy should be applied to. Structure is documented below.
    updateTime string
    The timestamp when the resource was updated.
    action str
    When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
    2. If there are any DENY policies that match the request, the request is denied.
    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.
    create_time str
    The timestamp when the resource was created.
    custom_provider AuthzPolicyCustomProviderArgs
    Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
    description str
    A human-readable description of the resource.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    http_rules Sequence[AuthzPolicyHttpRuleArgs]
    A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
    labels Mapping[str, str]
    Set of labels associated with the AuthzExtension resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
    location str
    The location of the resource.
    name str
    Identifier. Name of the AuthzPolicy resource.
    project str
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    target AuthzPolicyTargetArgs
    Specifies the set of resources to which this policy should be applied to. Structure is documented below.
    update_time str
    The timestamp when the resource was updated.
    action String
    When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
    2. If there are any DENY policies that match the request, the request is denied.
    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.
    createTime String
    The timestamp when the resource was created.
    customProvider Property Map
    Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
    description String
    A human-readable description of the resource.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    httpRules List<Property Map>
    A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
    labels Map<String>
    Set of labels associated with the AuthzExtension resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
    location String
    The location of the resource.
    name String
    Identifier. Name of the AuthzPolicy resource.
    project String
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    target Property Map
    Specifies the set of resources to which this policy should be applied to. Structure is documented below.
    updateTime String
    The timestamp when the resource was updated.

    Supporting Types

    AuthzPolicyCustomProvider, AuthzPolicyCustomProviderArgs

    AuthzExtension AuthzPolicyCustomProviderAuthzExtension
    Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. Structure is documented below.
    CloudIap AuthzPolicyCustomProviderCloudIap
    Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. Structure is documented below.
    AuthzExtension AuthzPolicyCustomProviderAuthzExtension
    Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. Structure is documented below.
    CloudIap AuthzPolicyCustomProviderCloudIap
    Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. Structure is documented below.
    authzExtension AuthzPolicyCustomProviderAuthzExtension
    Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. Structure is documented below.
    cloudIap AuthzPolicyCustomProviderCloudIap
    Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. Structure is documented below.
    authzExtension AuthzPolicyCustomProviderAuthzExtension
    Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. Structure is documented below.
    cloudIap AuthzPolicyCustomProviderCloudIap
    Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. Structure is documented below.
    authz_extension AuthzPolicyCustomProviderAuthzExtension
    Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. Structure is documented below.
    cloud_iap AuthzPolicyCustomProviderCloudIap
    Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. Structure is documented below.
    authzExtension Property Map
    Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. Structure is documented below.
    cloudIap Property Map
    Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. Structure is documented below.

    AuthzPolicyCustomProviderAuthzExtension, AuthzPolicyCustomProviderAuthzExtensionArgs

    Resources List<string>
    A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.
    Resources []string
    A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.
    resources List<String>
    A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.
    resources string[]
    A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.
    resources Sequence[str]
    A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.
    resources List<String>
    A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.

    AuthzPolicyCustomProviderCloudIap, AuthzPolicyCustomProviderCloudIapArgs

    Enabled bool
    Enable Cloud IAP at the AuthzPolicy level.
    Enabled bool
    Enable Cloud IAP at the AuthzPolicy level.
    enabled Boolean
    Enable Cloud IAP at the AuthzPolicy level.
    enabled boolean
    Enable Cloud IAP at the AuthzPolicy level.
    enabled bool
    Enable Cloud IAP at the AuthzPolicy level.
    enabled Boolean
    Enable Cloud IAP at the AuthzPolicy level.

    AuthzPolicyHttpRule, AuthzPolicyHttpRuleArgs

    From AuthzPolicyHttpRuleFrom
    Describes properties of one or more sources of a request. Structure is documented below.
    To AuthzPolicyHttpRuleTo
    Describes properties of one or more targets of a request Structure is documented below.
    When string
    CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.
    From AuthzPolicyHttpRuleFrom
    Describes properties of one or more sources of a request. Structure is documented below.
    To AuthzPolicyHttpRuleTo
    Describes properties of one or more targets of a request Structure is documented below.
    When string
    CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.
    from AuthzPolicyHttpRuleFrom
    Describes properties of one or more sources of a request. Structure is documented below.
    to AuthzPolicyHttpRuleTo
    Describes properties of one or more targets of a request Structure is documented below.
    when String
    CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.
    from AuthzPolicyHttpRuleFrom
    Describes properties of one or more sources of a request. Structure is documented below.
    to AuthzPolicyHttpRuleTo
    Describes properties of one or more targets of a request Structure is documented below.
    when string
    CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.
    from_ AuthzPolicyHttpRuleFrom
    Describes properties of one or more sources of a request. Structure is documented below.
    to AuthzPolicyHttpRuleTo
    Describes properties of one or more targets of a request Structure is documented below.
    when str
    CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.
    from Property Map
    Describes properties of one or more sources of a request. Structure is documented below.
    to Property Map
    Describes properties of one or more targets of a request Structure is documented below.
    when String
    CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.

    AuthzPolicyHttpRuleFrom, AuthzPolicyHttpRuleFromArgs

    NotSources List<AuthzPolicyHttpRuleFromNotSource>
    Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
    Sources List<AuthzPolicyHttpRuleFromSource>
    Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
    NotSources []AuthzPolicyHttpRuleFromNotSource
    Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
    Sources []AuthzPolicyHttpRuleFromSource
    Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
    notSources List<AuthzPolicyHttpRuleFromNotSource>
    Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
    sources List<AuthzPolicyHttpRuleFromSource>
    Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
    notSources AuthzPolicyHttpRuleFromNotSource[]
    Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
    sources AuthzPolicyHttpRuleFromSource[]
    Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
    not_sources Sequence[AuthzPolicyHttpRuleFromNotSource]
    Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
    sources Sequence[AuthzPolicyHttpRuleFromSource]
    Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
    notSources List<Property Map>
    Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
    sources List<Property Map>
    Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.

    AuthzPolicyHttpRuleFromNotSource, AuthzPolicyHttpRuleFromNotSourceArgs

    Principals List<AuthzPolicyHttpRuleFromNotSourcePrincipal>
    A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
    Resources List<AuthzPolicyHttpRuleFromNotSourceResource>
    A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.
    Principals []AuthzPolicyHttpRuleFromNotSourcePrincipal
    A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
    Resources []AuthzPolicyHttpRuleFromNotSourceResource
    A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.
    principals List<AuthzPolicyHttpRuleFromNotSourcePrincipal>
    A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
    resources List<AuthzPolicyHttpRuleFromNotSourceResource>
    A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.
    principals AuthzPolicyHttpRuleFromNotSourcePrincipal[]
    A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
    resources AuthzPolicyHttpRuleFromNotSourceResource[]
    A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.
    principals Sequence[AuthzPolicyHttpRuleFromNotSourcePrincipal]
    A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
    resources Sequence[AuthzPolicyHttpRuleFromNotSourceResource]
    A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.
    principals List<Property Map>
    A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
    resources List<Property Map>
    A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.

    AuthzPolicyHttpRuleFromNotSourcePrincipal, AuthzPolicyHttpRuleFromNotSourcePrincipalArgs

    Contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    Exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    IgnoreCase bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    Prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    Suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    Contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    Exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    IgnoreCase bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    Prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    Suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains String
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact String
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase Boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix String
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix String
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains str
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact str
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignore_case bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix str
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix str
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains String
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact String
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase Boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix String
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix String
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc

    AuthzPolicyHttpRuleFromNotSourceResource, AuthzPolicyHttpRuleFromNotSourceResourceArgs

    IamServiceAccount AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount
    An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
    TagValueIdSet AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.
    IamServiceAccount AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount
    An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
    TagValueIdSet AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.
    iamServiceAccount AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount
    An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
    tagValueIdSet AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.
    iamServiceAccount AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount
    An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
    tagValueIdSet AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.
    iam_service_account AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount
    An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
    tag_value_id_set AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.
    iamServiceAccount Property Map
    An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
    tagValueIdSet Property Map
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.

    AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount, AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs

    Contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    Exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    IgnoreCase bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    Prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    Suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    Contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    Exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    IgnoreCase bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    Prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    Suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains String
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact String
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase Boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix String
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix String
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains str
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact str
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignore_case bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix str
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix str
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains String
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact String
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase Boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix String
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix String
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc

    AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet, AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs

    Ids List<string>
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.
    Ids []string
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.
    ids List<String>
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.
    ids string[]
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.
    ids Sequence[str]
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.
    ids List<String>
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.

    AuthzPolicyHttpRuleFromSource, AuthzPolicyHttpRuleFromSourceArgs

    Principals List<AuthzPolicyHttpRuleFromSourcePrincipal>
    A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
    Resources List<AuthzPolicyHttpRuleFromSourceResource>
    A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.
    Principals []AuthzPolicyHttpRuleFromSourcePrincipal
    A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
    Resources []AuthzPolicyHttpRuleFromSourceResource
    A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.
    principals List<AuthzPolicyHttpRuleFromSourcePrincipal>
    A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
    resources List<AuthzPolicyHttpRuleFromSourceResource>
    A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.
    principals AuthzPolicyHttpRuleFromSourcePrincipal[]
    A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
    resources AuthzPolicyHttpRuleFromSourceResource[]
    A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.
    principals Sequence[AuthzPolicyHttpRuleFromSourcePrincipal]
    A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
    resources Sequence[AuthzPolicyHttpRuleFromSourceResource]
    A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.
    principals List<Property Map>
    A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
    resources List<Property Map>
    A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.

    AuthzPolicyHttpRuleFromSourcePrincipal, AuthzPolicyHttpRuleFromSourcePrincipalArgs

    Contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    Exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    IgnoreCase bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    Prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    Suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    Contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    Exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    IgnoreCase bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    Prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    Suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains String
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact String
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase Boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix String
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix String
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains str
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact str
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignore_case bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix str
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix str
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains String
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact String
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase Boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix String
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix String
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc

    AuthzPolicyHttpRuleFromSourceResource, AuthzPolicyHttpRuleFromSourceResourceArgs

    IamServiceAccount AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount
    An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
    TagValueIdSet AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.
    IamServiceAccount AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount
    An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
    TagValueIdSet AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.
    iamServiceAccount AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount
    An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
    tagValueIdSet AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.
    iamServiceAccount AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount
    An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
    tagValueIdSet AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.
    iam_service_account AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount
    An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
    tag_value_id_set AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.
    iamServiceAccount Property Map
    An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
    tagValueIdSet Property Map
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.

    AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount, AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs

    Contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    Exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    IgnoreCase bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    Prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    Suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    Contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    Exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    IgnoreCase bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    Prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    Suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains String
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact String
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase Boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix String
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix String
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains str
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact str
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignore_case bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix str
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix str
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains String
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact String
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase Boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix String
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix String
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc

    AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet, AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs

    Ids List<string>
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.
    Ids []string
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.
    ids List<String>
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.
    ids string[]
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.
    ids Sequence[str]
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.
    ids List<String>
    A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.

    AuthzPolicyHttpRuleTo, AuthzPolicyHttpRuleToArgs

    Operations List<AuthzPolicyHttpRuleToOperation>
    Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. Structure is documented below.
    Operations []AuthzPolicyHttpRuleToOperation
    Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. Structure is documented below.
    operations List<AuthzPolicyHttpRuleToOperation>
    Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. Structure is documented below.
    operations AuthzPolicyHttpRuleToOperation[]
    Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. Structure is documented below.
    operations Sequence[AuthzPolicyHttpRuleToOperation]
    Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. Structure is documented below.
    operations List<Property Map>
    Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. Structure is documented below.

    AuthzPolicyHttpRuleToOperation, AuthzPolicyHttpRuleToOperationArgs

    HeaderSet AuthzPolicyHttpRuleToOperationHeaderSet
    A list of headers to match against in http header. Structure is documented below.
    Hosts List<AuthzPolicyHttpRuleToOperationHost>
    A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
    Methods List<string>
    A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
    Paths List<AuthzPolicyHttpRuleToOperationPath>
    A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. Structure is documented below.
    HeaderSet AuthzPolicyHttpRuleToOperationHeaderSet
    A list of headers to match against in http header. Structure is documented below.
    Hosts []AuthzPolicyHttpRuleToOperationHost
    A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
    Methods []string
    A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
    Paths []AuthzPolicyHttpRuleToOperationPath
    A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. Structure is documented below.
    headerSet AuthzPolicyHttpRuleToOperationHeaderSet
    A list of headers to match against in http header. Structure is documented below.
    hosts List<AuthzPolicyHttpRuleToOperationHost>
    A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
    methods List<String>
    A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
    paths List<AuthzPolicyHttpRuleToOperationPath>
    A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. Structure is documented below.
    headerSet AuthzPolicyHttpRuleToOperationHeaderSet
    A list of headers to match against in http header. Structure is documented below.
    hosts AuthzPolicyHttpRuleToOperationHost[]
    A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
    methods string[]
    A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
    paths AuthzPolicyHttpRuleToOperationPath[]
    A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. Structure is documented below.
    header_set AuthzPolicyHttpRuleToOperationHeaderSet
    A list of headers to match against in http header. Structure is documented below.
    hosts Sequence[AuthzPolicyHttpRuleToOperationHost]
    A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
    methods Sequence[str]
    A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
    paths Sequence[AuthzPolicyHttpRuleToOperationPath]
    A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. Structure is documented below.
    headerSet Property Map
    A list of headers to match against in http header. Structure is documented below.
    hosts List<Property Map>
    A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
    methods List<String>
    A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
    paths List<Property Map>
    A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. Structure is documented below.

    AuthzPolicyHttpRuleToOperationHeaderSet, AuthzPolicyHttpRuleToOperationHeaderSetArgs

    Headers List<AuthzPolicyHttpRuleToOperationHeaderSetHeader>
    A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
    Headers []AuthzPolicyHttpRuleToOperationHeaderSetHeader
    A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
    headers List<AuthzPolicyHttpRuleToOperationHeaderSetHeader>
    A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
    headers AuthzPolicyHttpRuleToOperationHeaderSetHeader[]
    A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
    headers Sequence[AuthzPolicyHttpRuleToOperationHeaderSetHeader]
    A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
    headers List<Property Map>
    A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.

    AuthzPolicyHttpRuleToOperationHeaderSetHeader, AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs

    Name string
    Specifies the name of the header in the request.
    Value AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue
    Specifies how the header match will be performed. Structure is documented below.
    Name string
    Specifies the name of the header in the request.
    Value AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue
    Specifies how the header match will be performed. Structure is documented below.
    name String
    Specifies the name of the header in the request.
    value AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue
    Specifies how the header match will be performed. Structure is documented below.
    name string
    Specifies the name of the header in the request.
    value AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue
    Specifies how the header match will be performed. Structure is documented below.
    name str
    Specifies the name of the header in the request.
    value AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue
    Specifies how the header match will be performed. Structure is documented below.
    name String
    Specifies the name of the header in the request.
    value Property Map
    Specifies how the header match will be performed. Structure is documented below.

    AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue, AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs

    Contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    Exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    IgnoreCase bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    Prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    Suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    Contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    Exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    IgnoreCase bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    Prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    Suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains String
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact String
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase Boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix String
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix String
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains str
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact str
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignore_case bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix str
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix str
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains String
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact String
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase Boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix String
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix String
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc

    AuthzPolicyHttpRuleToOperationHost, AuthzPolicyHttpRuleToOperationHostArgs

    Contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    Exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    IgnoreCase bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    Prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    Suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    Contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    Exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    IgnoreCase bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    Prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    Suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains String
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact String
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase Boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix String
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix String
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains str
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact str
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignore_case bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix str
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix str
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains String
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact String
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase Boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix String
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix String
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc

    AuthzPolicyHttpRuleToOperationPath, AuthzPolicyHttpRuleToOperationPathArgs

    Contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    Exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    IgnoreCase bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    Prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    Suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    Contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    Exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    IgnoreCase bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    Prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    Suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains String
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact String
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase Boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix String
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix String
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains string
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact string
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix string
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix string
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains str
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact str
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignore_case bool
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix str
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix str
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc
    contains String
    The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc.def
    exact String
    The input string must match exactly the string specified here. Examples:

    • abc only matches the value abc.
    ignoreCase Boolean
    If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
    prefix String
    The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value abc.xyz
    suffix String
    The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

    • abc matches the value xyz.abc

    AuthzPolicyTarget, AuthzPolicyTargetArgs

    LoadBalancingScheme string
    All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. For more information, refer to Backend services overview. Possible values are: INTERNAL_MANAGED, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED.
    Resources List<string>
    A list of references to the Forwarding Rules on which this policy will be applied.


    LoadBalancingScheme string
    All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. For more information, refer to Backend services overview. Possible values are: INTERNAL_MANAGED, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED.
    Resources []string
    A list of references to the Forwarding Rules on which this policy will be applied.


    loadBalancingScheme String
    All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. For more information, refer to Backend services overview. Possible values are: INTERNAL_MANAGED, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED.
    resources List<String>
    A list of references to the Forwarding Rules on which this policy will be applied.


    loadBalancingScheme string
    All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. For more information, refer to Backend services overview. Possible values are: INTERNAL_MANAGED, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED.
    resources string[]
    A list of references to the Forwarding Rules on which this policy will be applied.


    load_balancing_scheme str
    All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. For more information, refer to Backend services overview. Possible values are: INTERNAL_MANAGED, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED.
    resources Sequence[str]
    A list of references to the Forwarding Rules on which this policy will be applied.


    loadBalancingScheme String
    All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. For more information, refer to Backend services overview. Possible values are: INTERNAL_MANAGED, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED.
    resources List<String>
    A list of references to the Forwarding Rules on which this policy will be applied.


    Import

    AuthzPolicy can be imported using any of these accepted formats:

    • projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}

    • {{project}}/{{location}}/{{name}}

    • {{location}}/{{name}}

    • {{name}}

    When using the pulumi import command, AuthzPolicy can be imported using one of the formats above. For example:

    $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}
    
    $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{project}}/{{location}}/{{name}}
    
    $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{location}}/{{name}}
    
    $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{name}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud v8.14.0 published on Wednesday, Jan 15, 2025 by Pulumi