1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. networksecurity
  5. GatewaySecurityPolicyRule
Google Cloud Classic v7.19.0 published on Thursday, Apr 18, 2024 by Pulumi

gcp.networksecurity.GatewaySecurityPolicyRule

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.19.0 published on Thursday, Apr 18, 2024 by Pulumi

    The GatewaySecurityPolicyRule resource is in a nested collection within a GatewaySecurityPolicy and represents a traffic matching condition and associated action to perform.

    To get more information about GatewaySecurityPolicyRule, see:

    Example Usage

    Network Security Gateway Security Policy Rules Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const _default = new gcp.networksecurity.GatewaySecurityPolicy("default", {
        name: "my-gateway-security-policy",
        location: "us-central1",
        description: "gateway security policy created to be used as reference by the rule.",
    });
    const defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule("default", {
        name: "my-gateway-security-policy-rule",
        location: "us-central1",
        gatewaySecurityPolicy: _default.name,
        enabled: true,
        description: "my description",
        priority: 0,
        sessionMatcher: "host() == 'example.com'",
        basicProfile: "ALLOW",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    default = gcp.networksecurity.GatewaySecurityPolicy("default",
        name="my-gateway-security-policy",
        location="us-central1",
        description="gateway security policy created to be used as reference by the rule.")
    default_gateway_security_policy_rule = gcp.networksecurity.GatewaySecurityPolicyRule("default",
        name="my-gateway-security-policy-rule",
        location="us-central1",
        gateway_security_policy=default.name,
        enabled=True,
        description="my description",
        priority=0,
        session_matcher="host() == 'example.com'",
        basic_profile="ALLOW")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := networksecurity.NewGatewaySecurityPolicy(ctx, "default", &networksecurity.GatewaySecurityPolicyArgs{
    			Name:        pulumi.String("my-gateway-security-policy"),
    			Location:    pulumi.String("us-central1"),
    			Description: pulumi.String("gateway security policy created to be used as reference by the rule."),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = networksecurity.NewGatewaySecurityPolicyRule(ctx, "default", &networksecurity.GatewaySecurityPolicyRuleArgs{
    			Name:                  pulumi.String("my-gateway-security-policy-rule"),
    			Location:              pulumi.String("us-central1"),
    			GatewaySecurityPolicy: _default.Name,
    			Enabled:               pulumi.Bool(true),
    			Description:           pulumi.String("my description"),
    			Priority:              pulumi.Int(0),
    			SessionMatcher:        pulumi.String("host() == 'example.com'"),
    			BasicProfile:          pulumi.String("ALLOW"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.NetworkSecurity.GatewaySecurityPolicy("default", new()
        {
            Name = "my-gateway-security-policy",
            Location = "us-central1",
            Description = "gateway security policy created to be used as reference by the rule.",
        });
    
        var defaultGatewaySecurityPolicyRule = new Gcp.NetworkSecurity.GatewaySecurityPolicyRule("default", new()
        {
            Name = "my-gateway-security-policy-rule",
            Location = "us-central1",
            GatewaySecurityPolicy = @default.Name,
            Enabled = true,
            Description = "my description",
            Priority = 0,
            SessionMatcher = "host() == 'example.com'",
            BasicProfile = "ALLOW",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
    import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
    import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;
    import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new GatewaySecurityPolicy("default", GatewaySecurityPolicyArgs.builder()        
                .name("my-gateway-security-policy")
                .location("us-central1")
                .description("gateway security policy created to be used as reference by the rule.")
                .build());
    
            var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule("defaultGatewaySecurityPolicyRule", GatewaySecurityPolicyRuleArgs.builder()        
                .name("my-gateway-security-policy-rule")
                .location("us-central1")
                .gatewaySecurityPolicy(default_.name())
                .enabled(true)
                .description("my description")
                .priority(0)
                .sessionMatcher("host() == 'example.com'")
                .basicProfile("ALLOW")
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:networksecurity:GatewaySecurityPolicy
        properties:
          name: my-gateway-security-policy
          location: us-central1
          description: gateway security policy created to be used as reference by the rule.
      defaultGatewaySecurityPolicyRule:
        type: gcp:networksecurity:GatewaySecurityPolicyRule
        name: default
        properties:
          name: my-gateway-security-policy-rule
          location: us-central1
          gatewaySecurityPolicy: ${default.name}
          enabled: true
          description: my description
          priority: 0
          sessionMatcher: host() == 'example.com'
          basicProfile: ALLOW
    

    Network Security Gateway Security Policy Rules Advanced

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const _default = new gcp.networksecurity.GatewaySecurityPolicy("default", {
        name: "my-gateway-security-policy",
        location: "us-central1",
        description: "gateway security policy created to be used as reference by the rule.",
    });
    const defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule("default", {
        name: "my-gateway-security-policy-rule",
        location: "us-central1",
        gatewaySecurityPolicy: _default.name,
        enabled: true,
        description: "my description",
        priority: 0,
        sessionMatcher: "host() == 'example.com'",
        applicationMatcher: "request.method == 'POST'",
        tlsInspectionEnabled: false,
        basicProfile: "ALLOW",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    default = gcp.networksecurity.GatewaySecurityPolicy("default",
        name="my-gateway-security-policy",
        location="us-central1",
        description="gateway security policy created to be used as reference by the rule.")
    default_gateway_security_policy_rule = gcp.networksecurity.GatewaySecurityPolicyRule("default",
        name="my-gateway-security-policy-rule",
        location="us-central1",
        gateway_security_policy=default.name,
        enabled=True,
        description="my description",
        priority=0,
        session_matcher="host() == 'example.com'",
        application_matcher="request.method == 'POST'",
        tls_inspection_enabled=False,
        basic_profile="ALLOW")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := networksecurity.NewGatewaySecurityPolicy(ctx, "default", &networksecurity.GatewaySecurityPolicyArgs{
    			Name:        pulumi.String("my-gateway-security-policy"),
    			Location:    pulumi.String("us-central1"),
    			Description: pulumi.String("gateway security policy created to be used as reference by the rule."),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = networksecurity.NewGatewaySecurityPolicyRule(ctx, "default", &networksecurity.GatewaySecurityPolicyRuleArgs{
    			Name:                  pulumi.String("my-gateway-security-policy-rule"),
    			Location:              pulumi.String("us-central1"),
    			GatewaySecurityPolicy: _default.Name,
    			Enabled:               pulumi.Bool(true),
    			Description:           pulumi.String("my description"),
    			Priority:              pulumi.Int(0),
    			SessionMatcher:        pulumi.String("host() == 'example.com'"),
    			ApplicationMatcher:    pulumi.String("request.method == 'POST'"),
    			TlsInspectionEnabled:  pulumi.Bool(false),
    			BasicProfile:          pulumi.String("ALLOW"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.NetworkSecurity.GatewaySecurityPolicy("default", new()
        {
            Name = "my-gateway-security-policy",
            Location = "us-central1",
            Description = "gateway security policy created to be used as reference by the rule.",
        });
    
        var defaultGatewaySecurityPolicyRule = new Gcp.NetworkSecurity.GatewaySecurityPolicyRule("default", new()
        {
            Name = "my-gateway-security-policy-rule",
            Location = "us-central1",
            GatewaySecurityPolicy = @default.Name,
            Enabled = true,
            Description = "my description",
            Priority = 0,
            SessionMatcher = "host() == 'example.com'",
            ApplicationMatcher = "request.method == 'POST'",
            TlsInspectionEnabled = false,
            BasicProfile = "ALLOW",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
    import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
    import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;
    import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new GatewaySecurityPolicy("default", GatewaySecurityPolicyArgs.builder()        
                .name("my-gateway-security-policy")
                .location("us-central1")
                .description("gateway security policy created to be used as reference by the rule.")
                .build());
    
            var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule("defaultGatewaySecurityPolicyRule", GatewaySecurityPolicyRuleArgs.builder()        
                .name("my-gateway-security-policy-rule")
                .location("us-central1")
                .gatewaySecurityPolicy(default_.name())
                .enabled(true)
                .description("my description")
                .priority(0)
                .sessionMatcher("host() == 'example.com'")
                .applicationMatcher("request.method == 'POST'")
                .tlsInspectionEnabled(false)
                .basicProfile("ALLOW")
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:networksecurity:GatewaySecurityPolicy
        properties:
          name: my-gateway-security-policy
          location: us-central1
          description: gateway security policy created to be used as reference by the rule.
      defaultGatewaySecurityPolicyRule:
        type: gcp:networksecurity:GatewaySecurityPolicyRule
        name: default
        properties:
          name: my-gateway-security-policy-rule
          location: us-central1
          gatewaySecurityPolicy: ${default.name}
          enabled: true
          description: my description
          priority: 0
          sessionMatcher: host() == 'example.com'
          applicationMatcher: request.method == 'POST'
          tlsInspectionEnabled: false
          basicProfile: ALLOW
    

    Create GatewaySecurityPolicyRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new GatewaySecurityPolicyRule(name: string, args: GatewaySecurityPolicyRuleArgs, opts?: CustomResourceOptions);
    @overload
    def GatewaySecurityPolicyRule(resource_name: str,
                                  args: GatewaySecurityPolicyRuleArgs,
                                  opts: Optional[ResourceOptions] = None)
    
    @overload
    def GatewaySecurityPolicyRule(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  basic_profile: Optional[str] = None,
                                  enabled: Optional[bool] = None,
                                  gateway_security_policy: Optional[str] = None,
                                  location: Optional[str] = None,
                                  priority: Optional[int] = None,
                                  session_matcher: Optional[str] = None,
                                  application_matcher: Optional[str] = None,
                                  description: Optional[str] = None,
                                  name: Optional[str] = None,
                                  project: Optional[str] = None,
                                  tls_inspection_enabled: Optional[bool] = None)
    func NewGatewaySecurityPolicyRule(ctx *Context, name string, args GatewaySecurityPolicyRuleArgs, opts ...ResourceOption) (*GatewaySecurityPolicyRule, error)
    public GatewaySecurityPolicyRule(string name, GatewaySecurityPolicyRuleArgs args, CustomResourceOptions? opts = null)
    public GatewaySecurityPolicyRule(String name, GatewaySecurityPolicyRuleArgs args)
    public GatewaySecurityPolicyRule(String name, GatewaySecurityPolicyRuleArgs args, CustomResourceOptions options)
    
    type: gcp:networksecurity:GatewaySecurityPolicyRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args GatewaySecurityPolicyRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args GatewaySecurityPolicyRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args GatewaySecurityPolicyRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args GatewaySecurityPolicyRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args GatewaySecurityPolicyRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var gatewaySecurityPolicyRuleResource = new Gcp.NetworkSecurity.GatewaySecurityPolicyRule("gatewaySecurityPolicyRuleResource", new()
    {
        BasicProfile = "string",
        Enabled = false,
        GatewaySecurityPolicy = "string",
        Location = "string",
        Priority = 0,
        SessionMatcher = "string",
        ApplicationMatcher = "string",
        Description = "string",
        Name = "string",
        Project = "string",
        TlsInspectionEnabled = false,
    });
    
    example, err := networksecurity.NewGatewaySecurityPolicyRule(ctx, "gatewaySecurityPolicyRuleResource", &networksecurity.GatewaySecurityPolicyRuleArgs{
    	BasicProfile:          pulumi.String("string"),
    	Enabled:               pulumi.Bool(false),
    	GatewaySecurityPolicy: pulumi.String("string"),
    	Location:              pulumi.String("string"),
    	Priority:              pulumi.Int(0),
    	SessionMatcher:        pulumi.String("string"),
    	ApplicationMatcher:    pulumi.String("string"),
    	Description:           pulumi.String("string"),
    	Name:                  pulumi.String("string"),
    	Project:               pulumi.String("string"),
    	TlsInspectionEnabled:  pulumi.Bool(false),
    })
    
    var gatewaySecurityPolicyRuleResource = new GatewaySecurityPolicyRule("gatewaySecurityPolicyRuleResource", GatewaySecurityPolicyRuleArgs.builder()        
        .basicProfile("string")
        .enabled(false)
        .gatewaySecurityPolicy("string")
        .location("string")
        .priority(0)
        .sessionMatcher("string")
        .applicationMatcher("string")
        .description("string")
        .name("string")
        .project("string")
        .tlsInspectionEnabled(false)
        .build());
    
    gateway_security_policy_rule_resource = gcp.networksecurity.GatewaySecurityPolicyRule("gatewaySecurityPolicyRuleResource",
        basic_profile="string",
        enabled=False,
        gateway_security_policy="string",
        location="string",
        priority=0,
        session_matcher="string",
        application_matcher="string",
        description="string",
        name="string",
        project="string",
        tls_inspection_enabled=False)
    
    const gatewaySecurityPolicyRuleResource = new gcp.networksecurity.GatewaySecurityPolicyRule("gatewaySecurityPolicyRuleResource", {
        basicProfile: "string",
        enabled: false,
        gatewaySecurityPolicy: "string",
        location: "string",
        priority: 0,
        sessionMatcher: "string",
        applicationMatcher: "string",
        description: "string",
        name: "string",
        project: "string",
        tlsInspectionEnabled: false,
    });
    
    type: gcp:networksecurity:GatewaySecurityPolicyRule
    properties:
        applicationMatcher: string
        basicProfile: string
        description: string
        enabled: false
        gatewaySecurityPolicy: string
        location: string
        name: string
        priority: 0
        project: string
        sessionMatcher: string
        tlsInspectionEnabled: false
    

    GatewaySecurityPolicyRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The GatewaySecurityPolicyRule resource accepts the following input properties:

    BasicProfile string
    Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.
    Enabled bool
    Whether the rule is enforced.
    GatewaySecurityPolicy string
    The name of the gatewat security policy this rule belongs to.


    Location string
    The location of the gateway security policy.
    Priority int
    Priority of the rule. Lower number corresponds to higher precedence.
    SessionMatcher string
    CEL expression for matching on session criteria.
    ApplicationMatcher string
    CEL expression for matching on L7/application level criteria.
    Description string
    Free-text description of the resource.
    Name string
    Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    TlsInspectionEnabled bool
    Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    BasicProfile string
    Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.
    Enabled bool
    Whether the rule is enforced.
    GatewaySecurityPolicy string
    The name of the gatewat security policy this rule belongs to.


    Location string
    The location of the gateway security policy.
    Priority int
    Priority of the rule. Lower number corresponds to higher precedence.
    SessionMatcher string
    CEL expression for matching on session criteria.
    ApplicationMatcher string
    CEL expression for matching on L7/application level criteria.
    Description string
    Free-text description of the resource.
    Name string
    Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    TlsInspectionEnabled bool
    Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    basicProfile String
    Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.
    enabled Boolean
    Whether the rule is enforced.
    gatewaySecurityPolicy String
    The name of the gatewat security policy this rule belongs to.


    location String
    The location of the gateway security policy.
    priority Integer
    Priority of the rule. Lower number corresponds to higher precedence.
    sessionMatcher String
    CEL expression for matching on session criteria.
    applicationMatcher String
    CEL expression for matching on L7/application level criteria.
    description String
    Free-text description of the resource.
    name String
    Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    tlsInspectionEnabled Boolean
    Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    basicProfile string
    Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.
    enabled boolean
    Whether the rule is enforced.
    gatewaySecurityPolicy string
    The name of the gatewat security policy this rule belongs to.


    location string
    The location of the gateway security policy.
    priority number
    Priority of the rule. Lower number corresponds to higher precedence.
    sessionMatcher string
    CEL expression for matching on session criteria.
    applicationMatcher string
    CEL expression for matching on L7/application level criteria.
    description string
    Free-text description of the resource.
    name string
    Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    tlsInspectionEnabled boolean
    Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    basic_profile str
    Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.
    enabled bool
    Whether the rule is enforced.
    gateway_security_policy str
    The name of the gatewat security policy this rule belongs to.


    location str
    The location of the gateway security policy.
    priority int
    Priority of the rule. Lower number corresponds to higher precedence.
    session_matcher str
    CEL expression for matching on session criteria.
    application_matcher str
    CEL expression for matching on L7/application level criteria.
    description str
    Free-text description of the resource.
    name str
    Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    tls_inspection_enabled bool
    Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    basicProfile String
    Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.
    enabled Boolean
    Whether the rule is enforced.
    gatewaySecurityPolicy String
    The name of the gatewat security policy this rule belongs to.


    location String
    The location of the gateway security policy.
    priority Number
    Priority of the rule. Lower number corresponds to higher precedence.
    sessionMatcher String
    CEL expression for matching on session criteria.
    applicationMatcher String
    CEL expression for matching on L7/application level criteria.
    description String
    Free-text description of the resource.
    name String
    Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    tlsInspectionEnabled Boolean
    Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the GatewaySecurityPolicyRule resource produces the following output properties:

    CreateTime string
    The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
    Id string
    The provider-assigned unique ID for this managed resource.
    SelfLink string
    Server-defined URL of this resource.
    UpdateTime string
    The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    CreateTime string
    The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
    Id string
    The provider-assigned unique ID for this managed resource.
    SelfLink string
    Server-defined URL of this resource.
    UpdateTime string
    The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    createTime String
    The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
    id String
    The provider-assigned unique ID for this managed resource.
    selfLink String
    Server-defined URL of this resource.
    updateTime String
    The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    createTime string
    The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
    id string
    The provider-assigned unique ID for this managed resource.
    selfLink string
    Server-defined URL of this resource.
    updateTime string
    The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    create_time str
    The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
    id str
    The provider-assigned unique ID for this managed resource.
    self_link str
    Server-defined URL of this resource.
    update_time str
    The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    createTime String
    The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
    id String
    The provider-assigned unique ID for this managed resource.
    selfLink String
    Server-defined URL of this resource.
    updateTime String
    The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    Look up Existing GatewaySecurityPolicyRule Resource

    Get an existing GatewaySecurityPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: GatewaySecurityPolicyRuleState, opts?: CustomResourceOptions): GatewaySecurityPolicyRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            application_matcher: Optional[str] = None,
            basic_profile: Optional[str] = None,
            create_time: Optional[str] = None,
            description: Optional[str] = None,
            enabled: Optional[bool] = None,
            gateway_security_policy: Optional[str] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            priority: Optional[int] = None,
            project: Optional[str] = None,
            self_link: Optional[str] = None,
            session_matcher: Optional[str] = None,
            tls_inspection_enabled: Optional[bool] = None,
            update_time: Optional[str] = None) -> GatewaySecurityPolicyRule
    func GetGatewaySecurityPolicyRule(ctx *Context, name string, id IDInput, state *GatewaySecurityPolicyRuleState, opts ...ResourceOption) (*GatewaySecurityPolicyRule, error)
    public static GatewaySecurityPolicyRule Get(string name, Input<string> id, GatewaySecurityPolicyRuleState? state, CustomResourceOptions? opts = null)
    public static GatewaySecurityPolicyRule get(String name, Output<String> id, GatewaySecurityPolicyRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    ApplicationMatcher string
    CEL expression for matching on L7/application level criteria.
    BasicProfile string
    Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.
    CreateTime string
    The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
    Description string
    Free-text description of the resource.
    Enabled bool
    Whether the rule is enforced.
    GatewaySecurityPolicy string
    The name of the gatewat security policy this rule belongs to.


    Location string
    The location of the gateway security policy.
    Name string
    Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    Priority int
    Priority of the rule. Lower number corresponds to higher precedence.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    SelfLink string
    Server-defined URL of this resource.
    SessionMatcher string
    CEL expression for matching on session criteria.
    TlsInspectionEnabled bool
    Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    UpdateTime string
    The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    ApplicationMatcher string
    CEL expression for matching on L7/application level criteria.
    BasicProfile string
    Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.
    CreateTime string
    The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
    Description string
    Free-text description of the resource.
    Enabled bool
    Whether the rule is enforced.
    GatewaySecurityPolicy string
    The name of the gatewat security policy this rule belongs to.


    Location string
    The location of the gateway security policy.
    Name string
    Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    Priority int
    Priority of the rule. Lower number corresponds to higher precedence.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    SelfLink string
    Server-defined URL of this resource.
    SessionMatcher string
    CEL expression for matching on session criteria.
    TlsInspectionEnabled bool
    Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    UpdateTime string
    The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    applicationMatcher String
    CEL expression for matching on L7/application level criteria.
    basicProfile String
    Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.
    createTime String
    The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
    description String
    Free-text description of the resource.
    enabled Boolean
    Whether the rule is enforced.
    gatewaySecurityPolicy String
    The name of the gatewat security policy this rule belongs to.


    location String
    The location of the gateway security policy.
    name String
    Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    priority Integer
    Priority of the rule. Lower number corresponds to higher precedence.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    selfLink String
    Server-defined URL of this resource.
    sessionMatcher String
    CEL expression for matching on session criteria.
    tlsInspectionEnabled Boolean
    Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    updateTime String
    The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    applicationMatcher string
    CEL expression for matching on L7/application level criteria.
    basicProfile string
    Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.
    createTime string
    The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
    description string
    Free-text description of the resource.
    enabled boolean
    Whether the rule is enforced.
    gatewaySecurityPolicy string
    The name of the gatewat security policy this rule belongs to.


    location string
    The location of the gateway security policy.
    name string
    Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    priority number
    Priority of the rule. Lower number corresponds to higher precedence.
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    selfLink string
    Server-defined URL of this resource.
    sessionMatcher string
    CEL expression for matching on session criteria.
    tlsInspectionEnabled boolean
    Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    updateTime string
    The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    application_matcher str
    CEL expression for matching on L7/application level criteria.
    basic_profile str
    Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.
    create_time str
    The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
    description str
    Free-text description of the resource.
    enabled bool
    Whether the rule is enforced.
    gateway_security_policy str
    The name of the gatewat security policy this rule belongs to.


    location str
    The location of the gateway security policy.
    name str
    Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    priority int
    Priority of the rule. Lower number corresponds to higher precedence.
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    self_link str
    Server-defined URL of this resource.
    session_matcher str
    CEL expression for matching on session criteria.
    tls_inspection_enabled bool
    Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    update_time str
    The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
    applicationMatcher String
    CEL expression for matching on L7/application level criteria.
    basicProfile String
    Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values are: BASIC_PROFILE_UNSPECIFIED, ALLOW, DENY.
    createTime String
    The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
    description String
    Free-text description of the resource.
    enabled Boolean
    Whether the rule is enforced.
    gatewaySecurityPolicy String
    The name of the gatewat security policy this rule belongs to.


    location String
    The location of the gateway security policy.
    name String
    Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    priority Number
    Priority of the rule. Lower number corresponds to higher precedence.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    selfLink String
    Server-defined URL of this resource.
    sessionMatcher String
    CEL expression for matching on session criteria.
    tlsInspectionEnabled Boolean
    Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    updateTime String
    The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

    Import

    GatewaySecurityPolicyRule can be imported using any of these accepted formats:

    • projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{gateway_security_policy}}/rules/{{name}}

    • {{project}}/{{location}}/{{gateway_security_policy}}/{{name}}

    • {{location}}/{{gateway_security_policy}}/{{name}}

    When using the pulumi import command, GatewaySecurityPolicyRule can be imported using one of the formats above. For example:

    $ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{gateway_security_policy}}/rules/{{name}}
    
    $ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default {{project}}/{{location}}/{{gateway_security_policy}}/{{name}}
    
    $ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default {{location}}/{{gateway_security_policy}}/{{name}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.19.0 published on Thursday, Apr 18, 2024 by Pulumi