1. Packages
  2. Google Cloud Native
  3. API Docs
  4. networksecurity
  5. networksecurity/v1
  6. Rule

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.networksecurity/v1.Rule

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

    Creates a new GatewaySecurityPolicy in a given project and location. Auto-naming is currently not supported for this resource.

    Create Rule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Rule(name: string, args: RuleArgs, opts?: CustomResourceOptions);
    @overload
    def Rule(resource_name: str,
             args: RuleInitArgs,
             opts: Optional[ResourceOptions] = None)
    
    @overload
    def Rule(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             basic_profile: Optional[RuleBasicProfile] = None,
             enabled: Optional[bool] = None,
             gateway_security_policy_id: Optional[str] = None,
             name: Optional[str] = None,
             priority: Optional[int] = None,
             session_matcher: Optional[str] = None,
             application_matcher: Optional[str] = None,
             description: Optional[str] = None,
             gateway_security_policy_rule_id: Optional[str] = None,
             location: Optional[str] = None,
             project: Optional[str] = None,
             tls_inspection_enabled: Optional[bool] = None)
    func NewRule(ctx *Context, name string, args RuleArgs, opts ...ResourceOption) (*Rule, error)
    public Rule(string name, RuleArgs args, CustomResourceOptions? opts = null)
    public Rule(String name, RuleArgs args)
    public Rule(String name, RuleArgs args, CustomResourceOptions options)
    
    type: google-native:networksecurity/v1:Rule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args RuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RuleInitArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var ruleResource = new GoogleNative.NetworkSecurity.V1.Rule("ruleResource", new()
    {
        BasicProfile = GoogleNative.NetworkSecurity.V1.RuleBasicProfile.BasicProfileUnspecified,
        Enabled = false,
        GatewaySecurityPolicyId = "string",
        Name = "string",
        Priority = 0,
        SessionMatcher = "string",
        ApplicationMatcher = "string",
        Description = "string",
        GatewaySecurityPolicyRuleId = "string",
        Location = "string",
        Project = "string",
        TlsInspectionEnabled = false,
    });
    
    example, err := networksecurity.NewRule(ctx, "ruleResource", &networksecurity.RuleArgs{
    	BasicProfile:                networksecurity.RuleBasicProfileBasicProfileUnspecified,
    	Enabled:                     pulumi.Bool(false),
    	GatewaySecurityPolicyId:     pulumi.String("string"),
    	Name:                        pulumi.String("string"),
    	Priority:                    pulumi.Int(0),
    	SessionMatcher:              pulumi.String("string"),
    	ApplicationMatcher:          pulumi.String("string"),
    	Description:                 pulumi.String("string"),
    	GatewaySecurityPolicyRuleId: pulumi.String("string"),
    	Location:                    pulumi.String("string"),
    	Project:                     pulumi.String("string"),
    	TlsInspectionEnabled:        pulumi.Bool(false),
    })
    
    var ruleResource = new Rule("ruleResource", RuleArgs.builder()
        .basicProfile("BASIC_PROFILE_UNSPECIFIED")
        .enabled(false)
        .gatewaySecurityPolicyId("string")
        .name("string")
        .priority(0)
        .sessionMatcher("string")
        .applicationMatcher("string")
        .description("string")
        .gatewaySecurityPolicyRuleId("string")
        .location("string")
        .project("string")
        .tlsInspectionEnabled(false)
        .build());
    
    rule_resource = google_native.networksecurity.v1.Rule("ruleResource",
        basic_profile=google_native.networksecurity.v1.RuleBasicProfile.BASIC_PROFILE_UNSPECIFIED,
        enabled=False,
        gateway_security_policy_id="string",
        name="string",
        priority=0,
        session_matcher="string",
        application_matcher="string",
        description="string",
        gateway_security_policy_rule_id="string",
        location="string",
        project="string",
        tls_inspection_enabled=False)
    
    const ruleResource = new google_native.networksecurity.v1.Rule("ruleResource", {
        basicProfile: google_native.networksecurity.v1.RuleBasicProfile.BasicProfileUnspecified,
        enabled: false,
        gatewaySecurityPolicyId: "string",
        name: "string",
        priority: 0,
        sessionMatcher: "string",
        applicationMatcher: "string",
        description: "string",
        gatewaySecurityPolicyRuleId: "string",
        location: "string",
        project: "string",
        tlsInspectionEnabled: false,
    });
    
    type: google-native:networksecurity/v1:Rule
    properties:
        applicationMatcher: string
        basicProfile: BASIC_PROFILE_UNSPECIFIED
        description: string
        enabled: false
        gatewaySecurityPolicyId: string
        gatewaySecurityPolicyRuleId: string
        location: string
        name: string
        priority: 0
        project: string
        sessionMatcher: string
        tlsInspectionEnabled: false
    

    Rule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Rule resource accepts the following input properties:

    BasicProfile Pulumi.GoogleNative.NetworkSecurity.V1.RuleBasicProfile
    Profile which tells what the primitive action should be.
    Enabled bool
    Whether the rule is enforced.
    GatewaySecurityPolicyId string
    Name string
    Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    Priority int
    Priority of the rule. Lower number corresponds to higher precedence.
    SessionMatcher string
    CEL expression for matching on session criteria.
    ApplicationMatcher string
    Optional. CEL expression for matching on L7/application level criteria.
    Description string
    Optional. Free-text description of the resource.
    GatewaySecurityPolicyRuleId string
    The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
    Location string
    Project string
    TlsInspectionEnabled bool
    Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    BasicProfile RuleBasicProfile
    Profile which tells what the primitive action should be.
    Enabled bool
    Whether the rule is enforced.
    GatewaySecurityPolicyId string
    Name string
    Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    Priority int
    Priority of the rule. Lower number corresponds to higher precedence.
    SessionMatcher string
    CEL expression for matching on session criteria.
    ApplicationMatcher string
    Optional. CEL expression for matching on L7/application level criteria.
    Description string
    Optional. Free-text description of the resource.
    GatewaySecurityPolicyRuleId string
    The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
    Location string
    Project string
    TlsInspectionEnabled bool
    Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    basicProfile RuleBasicProfile
    Profile which tells what the primitive action should be.
    enabled Boolean
    Whether the rule is enforced.
    gatewaySecurityPolicyId String
    name String
    Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    priority Integer
    Priority of the rule. Lower number corresponds to higher precedence.
    sessionMatcher String
    CEL expression for matching on session criteria.
    applicationMatcher String
    Optional. CEL expression for matching on L7/application level criteria.
    description String
    Optional. Free-text description of the resource.
    gatewaySecurityPolicyRuleId String
    The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
    location String
    project String
    tlsInspectionEnabled Boolean
    Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    basicProfile RuleBasicProfile
    Profile which tells what the primitive action should be.
    enabled boolean
    Whether the rule is enforced.
    gatewaySecurityPolicyId string
    name string
    Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    priority number
    Priority of the rule. Lower number corresponds to higher precedence.
    sessionMatcher string
    CEL expression for matching on session criteria.
    applicationMatcher string
    Optional. CEL expression for matching on L7/application level criteria.
    description string
    Optional. Free-text description of the resource.
    gatewaySecurityPolicyRuleId string
    The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
    location string
    project string
    tlsInspectionEnabled boolean
    Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    basic_profile RuleBasicProfile
    Profile which tells what the primitive action should be.
    enabled bool
    Whether the rule is enforced.
    gateway_security_policy_id str
    name str
    Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    priority int
    Priority of the rule. Lower number corresponds to higher precedence.
    session_matcher str
    CEL expression for matching on session criteria.
    application_matcher str
    Optional. CEL expression for matching on L7/application level criteria.
    description str
    Optional. Free-text description of the resource.
    gateway_security_policy_rule_id str
    The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
    location str
    project str
    tls_inspection_enabled bool
    Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
    basicProfile "BASIC_PROFILE_UNSPECIFIED" | "ALLOW" | "DENY"
    Profile which tells what the primitive action should be.
    enabled Boolean
    Whether the rule is enforced.
    gatewaySecurityPolicyId String
    name String
    Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
    priority Number
    Priority of the rule. Lower number corresponds to higher precedence.
    sessionMatcher String
    CEL expression for matching on session criteria.
    applicationMatcher String
    Optional. CEL expression for matching on L7/application level criteria.
    description String
    Optional. Free-text description of the resource.
    gatewaySecurityPolicyRuleId String
    The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
    location String
    project String
    tlsInspectionEnabled Boolean
    Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Rule resource produces the following output properties:

    CreateTime string
    Time when the rule was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    UpdateTime string
    Time when the rule was updated.
    CreateTime string
    Time when the rule was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    UpdateTime string
    Time when the rule was updated.
    createTime String
    Time when the rule was created.
    id String
    The provider-assigned unique ID for this managed resource.
    updateTime String
    Time when the rule was updated.
    createTime string
    Time when the rule was created.
    id string
    The provider-assigned unique ID for this managed resource.
    updateTime string
    Time when the rule was updated.
    create_time str
    Time when the rule was created.
    id str
    The provider-assigned unique ID for this managed resource.
    update_time str
    Time when the rule was updated.
    createTime String
    Time when the rule was created.
    id String
    The provider-assigned unique ID for this managed resource.
    updateTime String
    Time when the rule was updated.

    Supporting Types

    RuleBasicProfile, RuleBasicProfileArgs

    BasicProfileUnspecified
    BASIC_PROFILE_UNSPECIFIEDIf there is not a mentioned action for the target.
    Allow
    ALLOWAllow the matched traffic.
    Deny
    DENYDeny the matched traffic.
    RuleBasicProfileBasicProfileUnspecified
    BASIC_PROFILE_UNSPECIFIEDIf there is not a mentioned action for the target.
    RuleBasicProfileAllow
    ALLOWAllow the matched traffic.
    RuleBasicProfileDeny
    DENYDeny the matched traffic.
    BasicProfileUnspecified
    BASIC_PROFILE_UNSPECIFIEDIf there is not a mentioned action for the target.
    Allow
    ALLOWAllow the matched traffic.
    Deny
    DENYDeny the matched traffic.
    BasicProfileUnspecified
    BASIC_PROFILE_UNSPECIFIEDIf there is not a mentioned action for the target.
    Allow
    ALLOWAllow the matched traffic.
    Deny
    DENYDeny the matched traffic.
    BASIC_PROFILE_UNSPECIFIED
    BASIC_PROFILE_UNSPECIFIEDIf there is not a mentioned action for the target.
    ALLOW
    ALLOWAllow the matched traffic.
    DENY
    DENYDeny the matched traffic.
    "BASIC_PROFILE_UNSPECIFIED"
    BASIC_PROFILE_UNSPECIFIEDIf there is not a mentioned action for the target.
    "ALLOW"
    ALLOWAllow the matched traffic.
    "DENY"
    DENYDeny the matched traffic.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi