Docs
PackagesGoogle Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.networksecurity/v1beta1.Rule
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Creates a new GatewaySecurityPolicy in a given project and location. Auto-naming is currently not supported for this resource.
Create Rule Resource
new Rule(name: string, args: RuleArgs, opts?: CustomResourceOptions);@overload
def Rule(resource_name: str,
opts: Optional[ResourceOptions] = None,
application_matcher: Optional[str] = None,
basic_profile: Optional[RuleBasicProfile] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
gateway_security_policy_id: Optional[str] = None,
gateway_security_policy_rule_id: Optional[str] = None,
location: Optional[str] = None,
name: Optional[str] = None,
priority: Optional[int] = None,
project: Optional[str] = None,
session_matcher: Optional[str] = None,
tls_inspection_enabled: Optional[bool] = None)
@overload
def Rule(resource_name: str,
args: RuleInitArgs,
opts: Optional[ResourceOptions] = None)func NewRule(ctx *Context, name string, args RuleArgs, opts ...ResourceOption) (*Rule, error)public Rule(string name, RuleArgs args, CustomResourceOptions? opts = null)type: google-native:networksecurity/v1beta1:Rule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RuleInitArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Rule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Rule resource accepts the following input properties:
- Basic
Profile Pulumi.Google Native. Network Security. V1Beta1. Rule Basic Profile Profile which tells what the primitive action should be.
- Enabled bool
Whether the rule is enforced.
- Gateway
Security stringPolicy Id - Name string
Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- Priority int
Priority of the rule. Lower number corresponds to higher precedence.
- Session
Matcher string CEL expression for matching on session criteria.
- Application
Matcher string Optional. CEL expression for matching on L7/application level criteria.
- Description string
Optional. Free-text description of the resource.
- Gateway
Security stringPolicy Rule Id The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
- Location string
- Project string
- Tls
Inspection boolEnabled Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- Basic
Profile RuleBasic Profile Profile which tells what the primitive action should be.
- Enabled bool
Whether the rule is enforced.
- Gateway
Security stringPolicy Id - Name string
Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- Priority int
Priority of the rule. Lower number corresponds to higher precedence.
- Session
Matcher string CEL expression for matching on session criteria.
- Application
Matcher string Optional. CEL expression for matching on L7/application level criteria.
- Description string
Optional. Free-text description of the resource.
- Gateway
Security stringPolicy Rule Id The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
- Location string
- Project string
- Tls
Inspection boolEnabled Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- basic
Profile RuleBasic Profile Profile which tells what the primitive action should be.
- enabled Boolean
Whether the rule is enforced.
- gateway
Security StringPolicy Id - name String
Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- priority Integer
Priority of the rule. Lower number corresponds to higher precedence.
- session
Matcher String CEL expression for matching on session criteria.
- application
Matcher String Optional. CEL expression for matching on L7/application level criteria.
- description String
Optional. Free-text description of the resource.
- gateway
Security StringPolicy Rule Id The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
- location String
- project String
- tls
Inspection BooleanEnabled Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- basic
Profile RuleBasic Profile Profile which tells what the primitive action should be.
- enabled boolean
Whether the rule is enforced.
- gateway
Security stringPolicy Id - name string
Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- priority number
Priority of the rule. Lower number corresponds to higher precedence.
- session
Matcher string CEL expression for matching on session criteria.
- application
Matcher string Optional. CEL expression for matching on L7/application level criteria.
- description string
Optional. Free-text description of the resource.
- gateway
Security stringPolicy Rule Id The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
- location string
- project string
- tls
Inspection booleanEnabled Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- basic_
profile RuleBasic Profile Profile which tells what the primitive action should be.
- enabled bool
Whether the rule is enforced.
- gateway_
security_ strpolicy_ id - name str
Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- priority int
Priority of the rule. Lower number corresponds to higher precedence.
- session_
matcher str CEL expression for matching on session criteria.
- application_
matcher str Optional. CEL expression for matching on L7/application level criteria.
- description str
Optional. Free-text description of the resource.
- gateway_
security_ strpolicy_ rule_ id The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
- location str
- project str
- tls_
inspection_ boolenabled Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- basic
Profile "BASIC_PROFILE_UNSPECIFIED" | "ALLOW" | "DENY" Profile which tells what the primitive action should be.
- enabled Boolean
Whether the rule is enforced.
- gateway
Security StringPolicy Id - name String
Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- priority Number
Priority of the rule. Lower number corresponds to higher precedence.
- session
Matcher String CEL expression for matching on session criteria.
- application
Matcher String Optional. CEL expression for matching on L7/application level criteria.
- description String
Optional. Free-text description of the resource.
- gateway
Security StringPolicy Rule Id The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
- location String
- project String
- tls
Inspection BooleanEnabled Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
Outputs
All input properties are implicitly available as output properties. Additionally, the Rule resource produces the following output properties:
- Create
Time string Time when the rule was created.
- Id string
The provider-assigned unique ID for this managed resource.
- Update
Time string Time when the rule was updated.
- Create
Time string Time when the rule was created.
- Id string
The provider-assigned unique ID for this managed resource.
- Update
Time string Time when the rule was updated.
- create
Time String Time when the rule was created.
- id String
The provider-assigned unique ID for this managed resource.
- update
Time String Time when the rule was updated.
- create
Time string Time when the rule was created.
- id string
The provider-assigned unique ID for this managed resource.
- update
Time string Time when the rule was updated.
- create_
time str Time when the rule was created.
- id str
The provider-assigned unique ID for this managed resource.
- update_
time str Time when the rule was updated.
- create
Time String Time when the rule was created.
- id String
The provider-assigned unique ID for this managed resource.
- update
Time String Time when the rule was updated.
Supporting Types
RuleBasicProfile, RuleBasicProfileArgs
- Basic
Profile Unspecified - BASIC_PROFILE_UNSPECIFIED
If there is not a mentioned action for the target.
- Allow
- ALLOW
Allow the matched traffic.
- Deny
- DENY
Deny the matched traffic.
- Rule
Basic Profile Basic Profile Unspecified - BASIC_PROFILE_UNSPECIFIED
If there is not a mentioned action for the target.
- Rule
Basic Profile Allow - ALLOW
Allow the matched traffic.
- Rule
Basic Profile Deny - DENY
Deny the matched traffic.
- Basic
Profile Unspecified - BASIC_PROFILE_UNSPECIFIED
If there is not a mentioned action for the target.
- Allow
- ALLOW
Allow the matched traffic.
- Deny
- DENY
Deny the matched traffic.
- Basic
Profile Unspecified - BASIC_PROFILE_UNSPECIFIED
If there is not a mentioned action for the target.
- Allow
- ALLOW
Allow the matched traffic.
- Deny
- DENY
Deny the matched traffic.
- BASIC_PROFILE_UNSPECIFIED
- BASIC_PROFILE_UNSPECIFIED
If there is not a mentioned action for the target.
- ALLOW
- ALLOW
Allow the matched traffic.
- DENY
- DENY
Deny the matched traffic.
- "BASIC_PROFILE_UNSPECIFIED"
- BASIC_PROFILE_UNSPECIFIED
If there is not a mentioned action for the target.
- "ALLOW"
- ALLOW
Allow the matched traffic.
- "DENY"
- DENY
Deny the matched traffic.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.