google-native logo
Google Cloud Native v0.28.0, Feb 2 23

google-native.compute/v1.getFirewallPolicy

Returns the specified firewall policy.

Using getFirewallPolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getFirewallPolicy(args: GetFirewallPolicyArgs, opts?: InvokeOptions): Promise<GetFirewallPolicyResult>
function getFirewallPolicyOutput(args: GetFirewallPolicyOutputArgs, opts?: InvokeOptions): Output<GetFirewallPolicyResult>
def get_firewall_policy(firewall_policy: Optional[str] = None,
                        opts: Optional[InvokeOptions] = None) -> GetFirewallPolicyResult
def get_firewall_policy_output(firewall_policy: Optional[pulumi.Input[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetFirewallPolicyResult]
func LookupFirewallPolicy(ctx *Context, args *LookupFirewallPolicyArgs, opts ...InvokeOption) (*LookupFirewallPolicyResult, error)
func LookupFirewallPolicyOutput(ctx *Context, args *LookupFirewallPolicyOutputArgs, opts ...InvokeOption) LookupFirewallPolicyResultOutput

> Note: This function is named LookupFirewallPolicy in the Go SDK.

public static class GetFirewallPolicy 
{
    public static Task<GetFirewallPolicyResult> InvokeAsync(GetFirewallPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetFirewallPolicyResult> Invoke(GetFirewallPolicyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetFirewallPolicyResult> getFirewallPolicy(GetFirewallPolicyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: google-native:compute/v1:getFirewallPolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

getFirewallPolicy Result

The following output properties are available:

Associations List<Pulumi.GoogleNative.Compute.V1.Outputs.FirewallPolicyAssociationResponse>

A list of associations that belong to this firewall policy.

CreationTimestamp string

Creation timestamp in RFC3339 text format.

Description string

An optional description of this resource. Provide this property when you create the resource.

DisplayName string

Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Deprecated:

Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Fingerprint string

Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.

Kind string

[Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies

Name string

Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.

Parent string

The parent of the firewall policy. This field is not applicable to network firewall policies.

Region string

URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.

RuleTupleCount int

Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.

Rules List<Pulumi.GoogleNative.Compute.V1.Outputs.FirewallPolicyRuleResponse>

A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a firewall policy, a default rule with action "allow" will be added.

SelfLink string

Server-defined URL for the resource.

SelfLinkWithId string

Server-defined URL for this resource with the resource id.

ShortName string

User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Associations []FirewallPolicyAssociationResponse

A list of associations that belong to this firewall policy.

CreationTimestamp string

Creation timestamp in RFC3339 text format.

Description string

An optional description of this resource. Provide this property when you create the resource.

DisplayName string

Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Deprecated:

Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Fingerprint string

Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.

Kind string

[Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies

Name string

Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.

Parent string

The parent of the firewall policy. This field is not applicable to network firewall policies.

Region string

URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.

RuleTupleCount int

Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.

Rules []FirewallPolicyRuleResponse

A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a firewall policy, a default rule with action "allow" will be added.

SelfLink string

Server-defined URL for the resource.

SelfLinkWithId string

Server-defined URL for this resource with the resource id.

ShortName string

User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

associations List<FirewallPolicyAssociationResponse>

A list of associations that belong to this firewall policy.

creationTimestamp String

Creation timestamp in RFC3339 text format.

description String

An optional description of this resource. Provide this property when you create the resource.

displayName String

Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Deprecated:

Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

fingerprint String

Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.

kind String

[Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies

name String

Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.

parent String

The parent of the firewall policy. This field is not applicable to network firewall policies.

region String

URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.

ruleTupleCount Integer

Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.

rules List<FirewallPolicyRuleResponse>

A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a firewall policy, a default rule with action "allow" will be added.

selfLink String

Server-defined URL for the resource.

selfLinkWithId String

Server-defined URL for this resource with the resource id.

shortName String

User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

associations FirewallPolicyAssociationResponse[]

A list of associations that belong to this firewall policy.

creationTimestamp string

Creation timestamp in RFC3339 text format.

description string

An optional description of this resource. Provide this property when you create the resource.

displayName string

Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Deprecated:

Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

fingerprint string

Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.

kind string

[Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies

name string

Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.

parent string

The parent of the firewall policy. This field is not applicable to network firewall policies.

region string

URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.

ruleTupleCount number

Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.

rules FirewallPolicyRuleResponse[]

A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a firewall policy, a default rule with action "allow" will be added.

selfLink string

Server-defined URL for the resource.

selfLinkWithId string

Server-defined URL for this resource with the resource id.

shortName string

User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

associations Sequence[FirewallPolicyAssociationResponse]

A list of associations that belong to this firewall policy.

creation_timestamp str

Creation timestamp in RFC3339 text format.

description str

An optional description of this resource. Provide this property when you create the resource.

display_name str

Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Deprecated:

Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

fingerprint str

Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.

kind str

[Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies

name str

Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.

parent str

The parent of the firewall policy. This field is not applicable to network firewall policies.

region str

URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.

rule_tuple_count int

Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.

rules Sequence[FirewallPolicyRuleResponse]

A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a firewall policy, a default rule with action "allow" will be added.

self_link str

Server-defined URL for the resource.

self_link_with_id str

Server-defined URL for this resource with the resource id.

short_name str

User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

associations List<Property Map>

A list of associations that belong to this firewall policy.

creationTimestamp String

Creation timestamp in RFC3339 text format.

description String

An optional description of this resource. Provide this property when you create the resource.

displayName String

Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Deprecated:

Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

fingerprint String

Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.

kind String

[Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies

name String

Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.

parent String

The parent of the firewall policy. This field is not applicable to network firewall policies.

region String

URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.

ruleTupleCount Number

Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.

rules List<Property Map>

A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a firewall policy, a default rule with action "allow" will be added.

selfLink String

Server-defined URL for the resource.

selfLinkWithId String

Server-defined URL for this resource with the resource id.

shortName String

User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Supporting Types

FirewallPolicyAssociationResponse

AttachmentTarget string

The target that the firewall policy is attached to.

DisplayName string

Deprecated, please use short name instead. The display name of the firewall policy of the association.

FirewallPolicyId string

The firewall policy ID of the association.

Name string

The name for an association.

ShortName string

The short name of the firewall policy of the association.

AttachmentTarget string

The target that the firewall policy is attached to.

DisplayName string

Deprecated, please use short name instead. The display name of the firewall policy of the association.

FirewallPolicyId string

The firewall policy ID of the association.

Name string

The name for an association.

ShortName string

The short name of the firewall policy of the association.

attachmentTarget String

The target that the firewall policy is attached to.

displayName String

Deprecated, please use short name instead. The display name of the firewall policy of the association.

firewallPolicyId String

The firewall policy ID of the association.

name String

The name for an association.

shortName String

The short name of the firewall policy of the association.

attachmentTarget string

The target that the firewall policy is attached to.

displayName string

Deprecated, please use short name instead. The display name of the firewall policy of the association.

firewallPolicyId string

The firewall policy ID of the association.

name string

The name for an association.

shortName string

The short name of the firewall policy of the association.

attachment_target str

The target that the firewall policy is attached to.

display_name str

Deprecated, please use short name instead. The display name of the firewall policy of the association.

firewall_policy_id str

The firewall policy ID of the association.

name str

The name for an association.

short_name str

The short name of the firewall policy of the association.

attachmentTarget String

The target that the firewall policy is attached to.

displayName String

Deprecated, please use short name instead. The display name of the firewall policy of the association.

firewallPolicyId String

The firewall policy ID of the association.

name String

The name for an association.

shortName String

The short name of the firewall policy of the association.

FirewallPolicyRuleMatcherLayer4ConfigResponse

IpProtocol string

The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.

Ports List<string>

An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

IpProtocol string

The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.

Ports []string

An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol String

The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.

ports List<String>

An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol string

The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.

ports string[]

An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ip_protocol str

The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.

ports Sequence[str]

An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol String

The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.

ports List<String>

An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

FirewallPolicyRuleMatcherResponse

DestIpRanges List<string>

CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.

Layer4Configs List<Pulumi.GoogleNative.Compute.V1.Inputs.FirewallPolicyRuleMatcherLayer4ConfigResponse>

Pairs of IP protocols and ports that the rule should match.

SrcIpRanges List<string>

CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.

SrcSecureTags List<Pulumi.GoogleNative.Compute.V1.Inputs.FirewallPolicyRuleSecureTagResponse>

List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.

DestIpRanges []string

CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.

Layer4Configs []FirewallPolicyRuleMatcherLayer4ConfigResponse

Pairs of IP protocols and ports that the rule should match.

SrcIpRanges []string

CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.

SrcSecureTags []FirewallPolicyRuleSecureTagResponse

List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.

destIpRanges List<String>

CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.

layer4Configs List<FirewallPolicyRuleMatcherLayer4ConfigResponse>

Pairs of IP protocols and ports that the rule should match.

srcIpRanges List<String>

CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.

srcSecureTags List<FirewallPolicyRuleSecureTagResponse>

List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.

destIpRanges string[]

CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.

layer4Configs FirewallPolicyRuleMatcherLayer4ConfigResponse[]

Pairs of IP protocols and ports that the rule should match.

srcIpRanges string[]

CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.

srcSecureTags FirewallPolicyRuleSecureTagResponse[]

List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.

dest_ip_ranges Sequence[str]

CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.

layer4_configs Sequence[FirewallPolicyRuleMatcherLayer4ConfigResponse]

Pairs of IP protocols and ports that the rule should match.

src_ip_ranges Sequence[str]

CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.

src_secure_tags Sequence[FirewallPolicyRuleSecureTagResponse]

List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.

destIpRanges List<String>

CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.

layer4Configs List<Property Map>

Pairs of IP protocols and ports that the rule should match.

srcIpRanges List<String>

CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.

srcSecureTags List<Property Map>

List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.

FirewallPolicyRuleResponse

Action string

The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".

Description string

An optional description for this resource.

Direction string

The direction in which this rule applies.

Disabled bool

Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.

EnableLogging bool

Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.

Kind string

[Output only] Type of the resource. Always compute#firewallPolicyRule for firewall policy rules

Match Pulumi.GoogleNative.Compute.V1.Inputs.FirewallPolicyRuleMatcherResponse

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

Priority int

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.

RuleName string

An optional name for the rule. This field is not a unique identifier and can be updated.

RuleTupleCount int

Calculation of the complexity of a single firewall policy rule.

TargetResources List<string>

A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.

TargetSecureTags List<Pulumi.GoogleNative.Compute.V1.Inputs.FirewallPolicyRuleSecureTagResponse>

A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.

TargetServiceAccounts List<string>

A list of service accounts indicating the sets of instances that are applied with this rule.

Action string

The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".

Description string

An optional description for this resource.

Direction string

The direction in which this rule applies.

Disabled bool

Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.

EnableLogging bool

Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.

Kind string

[Output only] Type of the resource. Always compute#firewallPolicyRule for firewall policy rules

Match FirewallPolicyRuleMatcherResponse

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

Priority int

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.

RuleName string

An optional name for the rule. This field is not a unique identifier and can be updated.

RuleTupleCount int

Calculation of the complexity of a single firewall policy rule.

TargetResources []string

A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.

TargetSecureTags []FirewallPolicyRuleSecureTagResponse

A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.

TargetServiceAccounts []string

A list of service accounts indicating the sets of instances that are applied with this rule.

action String

The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".

description String

An optional description for this resource.

direction String

The direction in which this rule applies.

disabled Boolean

Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.

enableLogging Boolean

Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.

kind String

[Output only] Type of the resource. Always compute#firewallPolicyRule for firewall policy rules

match FirewallPolicyRuleMatcherResponse

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

priority Integer

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.

ruleName String

An optional name for the rule. This field is not a unique identifier and can be updated.

ruleTupleCount Integer

Calculation of the complexity of a single firewall policy rule.

targetResources List<String>

A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.

targetSecureTags List<FirewallPolicyRuleSecureTagResponse>

A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.

targetServiceAccounts List<String>

A list of service accounts indicating the sets of instances that are applied with this rule.

action string

The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".

description string

An optional description for this resource.

direction string

The direction in which this rule applies.

disabled boolean

Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.

enableLogging boolean

Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.

kind string

[Output only] Type of the resource. Always compute#firewallPolicyRule for firewall policy rules

match FirewallPolicyRuleMatcherResponse

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

priority number

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.

ruleName string

An optional name for the rule. This field is not a unique identifier and can be updated.

ruleTupleCount number

Calculation of the complexity of a single firewall policy rule.

targetResources string[]

A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.

targetSecureTags FirewallPolicyRuleSecureTagResponse[]

A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.

targetServiceAccounts string[]

A list of service accounts indicating the sets of instances that are applied with this rule.

action str

The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".

description str

An optional description for this resource.

direction str

The direction in which this rule applies.

disabled bool

Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.

enable_logging bool

Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.

kind str

[Output only] Type of the resource. Always compute#firewallPolicyRule for firewall policy rules

match FirewallPolicyRuleMatcherResponse

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

priority int

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.

rule_name str

An optional name for the rule. This field is not a unique identifier and can be updated.

rule_tuple_count int

Calculation of the complexity of a single firewall policy rule.

target_resources Sequence[str]

A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.

target_secure_tags Sequence[FirewallPolicyRuleSecureTagResponse]

A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.

target_service_accounts Sequence[str]

A list of service accounts indicating the sets of instances that are applied with this rule.

action String

The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".

description String

An optional description for this resource.

direction String

The direction in which this rule applies.

disabled Boolean

Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.

enableLogging Boolean

Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.

kind String

[Output only] Type of the resource. Always compute#firewallPolicyRule for firewall policy rules

match Property Map

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

priority Number

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.

ruleName String

An optional name for the rule. This field is not a unique identifier and can be updated.

ruleTupleCount Number

Calculation of the complexity of a single firewall policy rule.

targetResources List<String>

A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.

targetSecureTags List<Property Map>

A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.

targetServiceAccounts List<String>

A list of service accounts indicating the sets of instances that are applied with this rule.

FirewallPolicyRuleSecureTagResponse

Name string

Name of the secure tag, created with TagManager's TagValue API.

State string

State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted.

Name string

Name of the secure tag, created with TagManager's TagValue API.

State string

State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted.

name String

Name of the secure tag, created with TagManager's TagValue API.

state String

State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted.

name string

Name of the secure tag, created with TagManager's TagValue API.

state string

State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted.

name str

Name of the secure tag, created with TagManager's TagValue API.

state str

State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted.

name String

Name of the secure tag, created with TagManager's TagValue API.

state String

State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted.

Package Details

Repository
Google Cloud Native pulumi/pulumi-google-native
License
Apache-2.0