Docs Home
ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud
ibm.CisRulesetEntrypointVersion
Explore with Pulumi AI
Provides an IBM Cloud Internet Services ruleset entrypoint version resource to create and update the ruleset entrypoint of an instance or domain. This entrypoint version is also used to deploy the managed ruleset and to add custom rules. For more information, about the IBM Cloud Internet Services ruleset entrypoint version, see ruleset entrypoint instance. To manage rules individually, you can also use ruleset rule.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
// create entrypoint ruleset for a domain.
const testCisRulesetEntrypointVersion = new ibm.CisRulesetEntrypointVersion("testCisRulesetEntrypointVersion", {
cisId: ibm_cis.instance.id,
domainId: data.ibm_cis_domain.cis_domain.domain_id,
phase: "http_request_firewall_managed",
rulesets: [{
description: "Entrypoint ruleset for managed ruleset",
}],
});
// Create/Update entrypoint ruleset and deploy managed ruleset.
const testIndex_cisRulesetEntrypointVersionCisRulesetEntrypointVersion = new ibm.CisRulesetEntrypointVersion("testIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion", {
cisId: ibm_cis.instance.id,
domainId: data.ibm_cis_domain.cis_domain.domain_id,
phase: "http_request_firewall_managed",
rulesets: [{
description: "Entrypoint ruleset for managed ruleset",
rules: [{
action: "execute",
description: "Deploy CIS managed ruleset",
enabled: true,
expression: "true",
actionParameters: [{
id: "efb7b8c949ac4650a09736fc376e9aee",
}],
}],
}],
});
// Create/Update entrypoint ruleset and deploy multiple managed ruleset.
const testIbmIndex_cisRulesetEntrypointVersionCisRulesetEntrypointVersion = new ibm.CisRulesetEntrypointVersion("testIbmIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion", {
cisId: ibm_cis.instance.id,
domainId: data.ibm_cis_domain.cis_domain.domain_id,
phase: "http_request_firewall_managed",
rulesets: [{
description: "Entrypoint ruleset for managed ruleset",
rules: [
{
action: "execute",
description: "Deploy CIS managed ruleset",
enabled: true,
expression: "true",
actionParameters: [{
id: "efb7b8c949ac4650a09736fc376e9aee",
}],
},
{
action: "execute",
description: "Deploy CIS OWASP core ruleset",
enabled: true,
expression: "true",
actionParameters: [{
id: "4814384a9e5d4991b9815dcfc25d2f1f",
}],
},
{
action: "execute",
description: "Deploy CIS exposed credentials check ruleset",
enabled: true,
expression: "true",
actionParameters: [{
id: "c2e184081120413c86c3ab7e14069605",
}],
},
],
}],
});
// Override rules and categories in a deployed managed ruleset
const testIbmIndex_cisRulesetEntrypointVersionCisRulesetEntrypointVersion1 = new ibm.CisRulesetEntrypointVersion("testIbmIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion1", {
cisId: ibm_cis.instance.id,
domainId: data.ibm_cis_domain.cis_domain.domain_id,
phase: "http_request_firewall_managed",
rulesets: [{
description: "Entrypoint ruleset for managed ruleset",
rules: [{
action: "execute",
description: "Deploy CIS managed ruleset",
enabled: true,
expression: "true",
actionParameters: [{
id: "efb7b8c949ac4650a09736fc376e9aee",
overrides: [{
action: "block",
enabled: true,
overrideRules: [{
ruleId: "var.overriden_rule.id",
enabled: true,
action: "block",
}],
categories: [{
category: "wordpress",
enabled: true,
action: "block",
}],
}],
}],
}],
}],
});
// Add custom rules. Rules can also be added using the ruleset rule resource.
const config = new ibm.CisRulesetEntrypointVersion("config", {
cisId: "crn:v1:bluemix:public:internet-svcs:global:a/bcf1865e99742d38d2d5fc3fb80a5496:d428087d-3f36-48f4-8626-99c37aee95bc::",
domainId: "de8e5d94f7033a29b026166e5f7c6f96",
phase: "http_request_firewall_custom",
rulesets: [{
description: "var.description",
rules: [
{
action: "var.action",
expression: "var.expression",
description: "var.rule.description",
enabled: true,
},
{
action: "var.action",
expression: "var.expression",
description: "var.rule.description",
enabled: true,
},
],
}],
});
import pulumi
import pulumi_ibm as ibm
# create entrypoint ruleset for a domain.
test_cis_ruleset_entrypoint_version = ibm.CisRulesetEntrypointVersion("testCisRulesetEntrypointVersion",
cis_id=ibm_cis["instance"]["id"],
domain_id=data["ibm_cis_domain"]["cis_domain"]["domain_id"],
phase="http_request_firewall_managed",
rulesets=[{
"description": "Entrypoint ruleset for managed ruleset",
}])
# Create/Update entrypoint ruleset and deploy managed ruleset.
test_index_cis_ruleset_entrypoint_version_cis_ruleset_entrypoint_version = ibm.CisRulesetEntrypointVersion("testIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion",
cis_id=ibm_cis["instance"]["id"],
domain_id=data["ibm_cis_domain"]["cis_domain"]["domain_id"],
phase="http_request_firewall_managed",
rulesets=[{
"description": "Entrypoint ruleset for managed ruleset",
"rules": [{
"action": "execute",
"description": "Deploy CIS managed ruleset",
"enabled": True,
"expression": "true",
"action_parameters": [{
"id": "efb7b8c949ac4650a09736fc376e9aee",
}],
}],
}])
# Create/Update entrypoint ruleset and deploy multiple managed ruleset.
test_ibm_index_cis_ruleset_entrypoint_version_cis_ruleset_entrypoint_version = ibm.CisRulesetEntrypointVersion("testIbmIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion",
cis_id=ibm_cis["instance"]["id"],
domain_id=data["ibm_cis_domain"]["cis_domain"]["domain_id"],
phase="http_request_firewall_managed",
rulesets=[{
"description": "Entrypoint ruleset for managed ruleset",
"rules": [
{
"action": "execute",
"description": "Deploy CIS managed ruleset",
"enabled": True,
"expression": "true",
"action_parameters": [{
"id": "efb7b8c949ac4650a09736fc376e9aee",
}],
},
{
"action": "execute",
"description": "Deploy CIS OWASP core ruleset",
"enabled": True,
"expression": "true",
"action_parameters": [{
"id": "4814384a9e5d4991b9815dcfc25d2f1f",
}],
},
{
"action": "execute",
"description": "Deploy CIS exposed credentials check ruleset",
"enabled": True,
"expression": "true",
"action_parameters": [{
"id": "c2e184081120413c86c3ab7e14069605",
}],
},
],
}])
# Override rules and categories in a deployed managed ruleset
test_ibm_index_cis_ruleset_entrypoint_version_cis_ruleset_entrypoint_version1 = ibm.CisRulesetEntrypointVersion("testIbmIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion1",
cis_id=ibm_cis["instance"]["id"],
domain_id=data["ibm_cis_domain"]["cis_domain"]["domain_id"],
phase="http_request_firewall_managed",
rulesets=[{
"description": "Entrypoint ruleset for managed ruleset",
"rules": [{
"action": "execute",
"description": "Deploy CIS managed ruleset",
"enabled": True,
"expression": "true",
"action_parameters": [{
"id": "efb7b8c949ac4650a09736fc376e9aee",
"overrides": [{
"action": "block",
"enabled": True,
"override_rules": [{
"rule_id": "var.overriden_rule.id",
"enabled": True,
"action": "block",
}],
"categories": [{
"category": "wordpress",
"enabled": True,
"action": "block",
}],
}],
}],
}],
}])
# Add custom rules. Rules can also be added using the ruleset rule resource.
config = ibm.CisRulesetEntrypointVersion("config",
cis_id="crn:v1:bluemix:public:internet-svcs:global:a/bcf1865e99742d38d2d5fc3fb80a5496:d428087d-3f36-48f4-8626-99c37aee95bc::",
domain_id="de8e5d94f7033a29b026166e5f7c6f96",
phase="http_request_firewall_custom",
rulesets=[{
"description": "var.description",
"rules": [
{
"action": "var.action",
"expression": "var.expression",
"description": "var.rule.description",
"enabled": True,
},
{
"action": "var.action",
"expression": "var.expression",
"description": "var.rule.description",
"enabled": True,
},
],
}])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// create entrypoint ruleset for a domain.
_, err := ibm.NewCisRulesetEntrypointVersion(ctx, "testCisRulesetEntrypointVersion", &ibm.CisRulesetEntrypointVersionArgs{
CisId: pulumi.Any(ibm_cis.Instance.Id),
DomainId: pulumi.Any(data.Ibm_cis_domain.Cis_domain.Domain_id),
Phase: pulumi.String("http_request_firewall_managed"),
Rulesets: ibm.CisRulesetEntrypointVersionRulesetArray{
&ibm.CisRulesetEntrypointVersionRulesetArgs{
Description: pulumi.String("Entrypoint ruleset for managed ruleset"),
},
},
})
if err != nil {
return err
}
_, err = ibm.NewCisRulesetEntrypointVersion(ctx, "testIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion", &ibm.CisRulesetEntrypointVersionArgs{
CisId: pulumi.Any(ibm_cis.Instance.Id),
DomainId: pulumi.Any(data.Ibm_cis_domain.Cis_domain.Domain_id),
Phase: pulumi.String("http_request_firewall_managed"),
Rulesets: ibm.CisRulesetEntrypointVersionRulesetArray{
&ibm.CisRulesetEntrypointVersionRulesetArgs{
Description: pulumi.String("Entrypoint ruleset for managed ruleset"),
Rules: ibm.CisRulesetEntrypointVersionRulesetRuleArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleArgs{
Action: pulumi.String("execute"),
Description: pulumi.String("Deploy CIS managed ruleset"),
Enabled: pulumi.Bool(true),
Expression: pulumi.String("true"),
ActionParameters: ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterArgs{
Id: pulumi.String("efb7b8c949ac4650a09736fc376e9aee"),
},
},
},
},
},
},
})
if err != nil {
return err
}
_, err = ibm.NewCisRulesetEntrypointVersion(ctx, "testIbmIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion", &ibm.CisRulesetEntrypointVersionArgs{
CisId: pulumi.Any(ibm_cis.Instance.Id),
DomainId: pulumi.Any(data.Ibm_cis_domain.Cis_domain.Domain_id),
Phase: pulumi.String("http_request_firewall_managed"),
Rulesets: ibm.CisRulesetEntrypointVersionRulesetArray{
&ibm.CisRulesetEntrypointVersionRulesetArgs{
Description: pulumi.String("Entrypoint ruleset for managed ruleset"),
Rules: ibm.CisRulesetEntrypointVersionRulesetRuleArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleArgs{
Action: pulumi.String("execute"),
Description: pulumi.String("Deploy CIS managed ruleset"),
Enabled: pulumi.Bool(true),
Expression: pulumi.String("true"),
ActionParameters: ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterArgs{
Id: pulumi.String("efb7b8c949ac4650a09736fc376e9aee"),
},
},
},
&ibm.CisRulesetEntrypointVersionRulesetRuleArgs{
Action: pulumi.String("execute"),
Description: pulumi.String("Deploy CIS OWASP core ruleset"),
Enabled: pulumi.Bool(true),
Expression: pulumi.String("true"),
ActionParameters: ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterArgs{
Id: pulumi.String("4814384a9e5d4991b9815dcfc25d2f1f"),
},
},
},
&ibm.CisRulesetEntrypointVersionRulesetRuleArgs{
Action: pulumi.String("execute"),
Description: pulumi.String("Deploy CIS exposed credentials check ruleset"),
Enabled: pulumi.Bool(true),
Expression: pulumi.String("true"),
ActionParameters: ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterArgs{
Id: pulumi.String("c2e184081120413c86c3ab7e14069605"),
},
},
},
},
},
},
})
if err != nil {
return err
}
_, err = ibm.NewCisRulesetEntrypointVersion(ctx, "testIbmIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion1", &ibm.CisRulesetEntrypointVersionArgs{
CisId: pulumi.Any(ibm_cis.Instance.Id),
DomainId: pulumi.Any(data.Ibm_cis_domain.Cis_domain.Domain_id),
Phase: pulumi.String("http_request_firewall_managed"),
Rulesets: ibm.CisRulesetEntrypointVersionRulesetArray{
&ibm.CisRulesetEntrypointVersionRulesetArgs{
Description: pulumi.String("Entrypoint ruleset for managed ruleset"),
Rules: ibm.CisRulesetEntrypointVersionRulesetRuleArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleArgs{
Action: pulumi.String("execute"),
Description: pulumi.String("Deploy CIS managed ruleset"),
Enabled: pulumi.Bool(true),
Expression: pulumi.String("true"),
ActionParameters: ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterArgs{
Id: pulumi.String("efb7b8c949ac4650a09736fc376e9aee"),
Overrides: ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideArgs{
Action: pulumi.String("block"),
Enabled: pulumi.Bool(true),
OverrideRules: ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideOverrideRuleArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideOverrideRuleArgs{
RuleId: pulumi.String("var.overriden_rule.id"),
Enabled: pulumi.Bool(true),
Action: pulumi.String("block"),
},
},
Categories: ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideCategoryArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideCategoryArgs{
Category: pulumi.String("wordpress"),
Enabled: pulumi.Bool(true),
Action: pulumi.String("block"),
},
},
},
},
},
},
},
},
},
},
})
if err != nil {
return err
}
_, err = ibm.NewCisRulesetEntrypointVersion(ctx, "config", &ibm.CisRulesetEntrypointVersionArgs{
CisId: pulumi.String("crn:v1:bluemix:public:internet-svcs:global:a/bcf1865e99742d38d2d5fc3fb80a5496:d428087d-3f36-48f4-8626-99c37aee95bc::"),
DomainId: pulumi.String("de8e5d94f7033a29b026166e5f7c6f96"),
Phase: pulumi.String("http_request_firewall_custom"),
Rulesets: ibm.CisRulesetEntrypointVersionRulesetArray{
&ibm.CisRulesetEntrypointVersionRulesetArgs{
Description: pulumi.String("var.description"),
Rules: ibm.CisRulesetEntrypointVersionRulesetRuleArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleArgs{
Action: pulumi.String("var.action"),
Expression: pulumi.String("var.expression"),
Description: pulumi.String("var.rule.description"),
Enabled: pulumi.Bool(true),
},
&ibm.CisRulesetEntrypointVersionRulesetRuleArgs{
Action: pulumi.String("var.action"),
Expression: pulumi.String("var.expression"),
Description: pulumi.String("var.rule.description"),
Enabled: pulumi.Bool(true),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
// create entrypoint ruleset for a domain.
var testCisRulesetEntrypointVersion = new Ibm.CisRulesetEntrypointVersion("testCisRulesetEntrypointVersion", new()
{
CisId = ibm_cis.Instance.Id,
DomainId = data.Ibm_cis_domain.Cis_domain.Domain_id,
Phase = "http_request_firewall_managed",
Rulesets = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetArgs
{
Description = "Entrypoint ruleset for managed ruleset",
},
},
});
// Create/Update entrypoint ruleset and deploy managed ruleset.
var testIndex_cisRulesetEntrypointVersionCisRulesetEntrypointVersion = new Ibm.CisRulesetEntrypointVersion("testIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion", new()
{
CisId = ibm_cis.Instance.Id,
DomainId = data.Ibm_cis_domain.Cis_domain.Domain_id,
Phase = "http_request_firewall_managed",
Rulesets = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetArgs
{
Description = "Entrypoint ruleset for managed ruleset",
Rules = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleArgs
{
Action = "execute",
Description = "Deploy CIS managed ruleset",
Enabled = true,
Expression = "true",
ActionParameters = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleActionParameterArgs
{
Id = "efb7b8c949ac4650a09736fc376e9aee",
},
},
},
},
},
},
});
// Create/Update entrypoint ruleset and deploy multiple managed ruleset.
var testIbmIndex_cisRulesetEntrypointVersionCisRulesetEntrypointVersion = new Ibm.CisRulesetEntrypointVersion("testIbmIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion", new()
{
CisId = ibm_cis.Instance.Id,
DomainId = data.Ibm_cis_domain.Cis_domain.Domain_id,
Phase = "http_request_firewall_managed",
Rulesets = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetArgs
{
Description = "Entrypoint ruleset for managed ruleset",
Rules = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleArgs
{
Action = "execute",
Description = "Deploy CIS managed ruleset",
Enabled = true,
Expression = "true",
ActionParameters = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleActionParameterArgs
{
Id = "efb7b8c949ac4650a09736fc376e9aee",
},
},
},
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleArgs
{
Action = "execute",
Description = "Deploy CIS OWASP core ruleset",
Enabled = true,
Expression = "true",
ActionParameters = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleActionParameterArgs
{
Id = "4814384a9e5d4991b9815dcfc25d2f1f",
},
},
},
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleArgs
{
Action = "execute",
Description = "Deploy CIS exposed credentials check ruleset",
Enabled = true,
Expression = "true",
ActionParameters = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleActionParameterArgs
{
Id = "c2e184081120413c86c3ab7e14069605",
},
},
},
},
},
},
});
// Override rules and categories in a deployed managed ruleset
var testIbmIndex_cisRulesetEntrypointVersionCisRulesetEntrypointVersion1 = new Ibm.CisRulesetEntrypointVersion("testIbmIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion1", new()
{
CisId = ibm_cis.Instance.Id,
DomainId = data.Ibm_cis_domain.Cis_domain.Domain_id,
Phase = "http_request_firewall_managed",
Rulesets = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetArgs
{
Description = "Entrypoint ruleset for managed ruleset",
Rules = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleArgs
{
Action = "execute",
Description = "Deploy CIS managed ruleset",
Enabled = true,
Expression = "true",
ActionParameters = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleActionParameterArgs
{
Id = "efb7b8c949ac4650a09736fc376e9aee",
Overrides = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideArgs
{
Action = "block",
Enabled = true,
OverrideRules = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideOverrideRuleArgs
{
RuleId = "var.overriden_rule.id",
Enabled = true,
Action = "block",
},
},
Categories = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideCategoryArgs
{
Category = "wordpress",
Enabled = true,
Action = "block",
},
},
},
},
},
},
},
},
},
},
});
// Add custom rules. Rules can also be added using the ruleset rule resource.
var config = new Ibm.CisRulesetEntrypointVersion("config", new()
{
CisId = "crn:v1:bluemix:public:internet-svcs:global:a/bcf1865e99742d38d2d5fc3fb80a5496:d428087d-3f36-48f4-8626-99c37aee95bc::",
DomainId = "de8e5d94f7033a29b026166e5f7c6f96",
Phase = "http_request_firewall_custom",
Rulesets = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetArgs
{
Description = "var.description",
Rules = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleArgs
{
Action = "var.action",
Expression = "var.expression",
Description = "var.rule.description",
Enabled = true,
},
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleArgs
{
Action = "var.action",
Expression = "var.expression",
Description = "var.rule.description",
Enabled = true,
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.CisRulesetEntrypointVersion;
import com.pulumi.ibm.CisRulesetEntrypointVersionArgs;
import com.pulumi.ibm.inputs.CisRulesetEntrypointVersionRulesetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// create entrypoint ruleset for a domain.
var testCisRulesetEntrypointVersion = new CisRulesetEntrypointVersion("testCisRulesetEntrypointVersion", CisRulesetEntrypointVersionArgs.builder()
.cisId(ibm_cis.instance().id())
.domainId(data.ibm_cis_domain().cis_domain().domain_id())
.phase("http_request_firewall_managed")
.rulesets(CisRulesetEntrypointVersionRulesetArgs.builder()
.description("Entrypoint ruleset for managed ruleset")
.build())
.build());
// Create/Update entrypoint ruleset and deploy managed ruleset.
var testIndex_cisRulesetEntrypointVersionCisRulesetEntrypointVersion = new CisRulesetEntrypointVersion("testIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion", CisRulesetEntrypointVersionArgs.builder()
.cisId(ibm_cis.instance().id())
.domainId(data.ibm_cis_domain().cis_domain().domain_id())
.phase("http_request_firewall_managed")
.rulesets(CisRulesetEntrypointVersionRulesetArgs.builder()
.description("Entrypoint ruleset for managed ruleset")
.rules(CisRulesetEntrypointVersionRulesetRuleArgs.builder()
.action("execute")
.description("Deploy CIS managed ruleset")
.enabled(true)
.expression("true")
.actionParameters(CisRulesetEntrypointVersionRulesetRuleActionParameterArgs.builder()
.id("efb7b8c949ac4650a09736fc376e9aee")
.build())
.build())
.build())
.build());
// Create/Update entrypoint ruleset and deploy multiple managed ruleset.
var testIbmIndex_cisRulesetEntrypointVersionCisRulesetEntrypointVersion = new CisRulesetEntrypointVersion("testIbmIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion", CisRulesetEntrypointVersionArgs.builder()
.cisId(ibm_cis.instance().id())
.domainId(data.ibm_cis_domain().cis_domain().domain_id())
.phase("http_request_firewall_managed")
.rulesets(CisRulesetEntrypointVersionRulesetArgs.builder()
.description("Entrypoint ruleset for managed ruleset")
.rules(
CisRulesetEntrypointVersionRulesetRuleArgs.builder()
.action("execute")
.description("Deploy CIS managed ruleset")
.enabled(true)
.expression("true")
.actionParameters(CisRulesetEntrypointVersionRulesetRuleActionParameterArgs.builder()
.id("efb7b8c949ac4650a09736fc376e9aee")
.build())
.build(),
CisRulesetEntrypointVersionRulesetRuleArgs.builder()
.action("execute")
.description("Deploy CIS OWASP core ruleset")
.enabled(true)
.expression("true")
.actionParameters(CisRulesetEntrypointVersionRulesetRuleActionParameterArgs.builder()
.id("4814384a9e5d4991b9815dcfc25d2f1f")
.build())
.build(),
CisRulesetEntrypointVersionRulesetRuleArgs.builder()
.action("execute")
.description("Deploy CIS exposed credentials check ruleset")
.enabled(true)
.expression("true")
.actionParameters(CisRulesetEntrypointVersionRulesetRuleActionParameterArgs.builder()
.id("c2e184081120413c86c3ab7e14069605")
.build())
.build())
.build())
.build());
// Override rules and categories in a deployed managed ruleset
var testIbmIndex_cisRulesetEntrypointVersionCisRulesetEntrypointVersion1 = new CisRulesetEntrypointVersion("testIbmIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion1", CisRulesetEntrypointVersionArgs.builder()
.cisId(ibm_cis.instance().id())
.domainId(data.ibm_cis_domain().cis_domain().domain_id())
.phase("http_request_firewall_managed")
.rulesets(CisRulesetEntrypointVersionRulesetArgs.builder()
.description("Entrypoint ruleset for managed ruleset")
.rules(CisRulesetEntrypointVersionRulesetRuleArgs.builder()
.action("execute")
.description("Deploy CIS managed ruleset")
.enabled(true)
.expression("true")
.actionParameters(CisRulesetEntrypointVersionRulesetRuleActionParameterArgs.builder()
.id("efb7b8c949ac4650a09736fc376e9aee")
.overrides(CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideArgs.builder()
.action("block")
.enabled(true)
.overrideRules(CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideOverrideRuleArgs.builder()
.ruleId("var.overriden_rule.id")
.enabled(true)
.action("block")
.build())
.categories(CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideCategoryArgs.builder()
.category("wordpress")
.enabled(true)
.action("block")
.build())
.build())
.build())
.build())
.build())
.build());
// Add custom rules. Rules can also be added using the ruleset rule resource.
var config = new CisRulesetEntrypointVersion("config", CisRulesetEntrypointVersionArgs.builder()
.cisId("crn:v1:bluemix:public:internet-svcs:global:a/bcf1865e99742d38d2d5fc3fb80a5496:d428087d-3f36-48f4-8626-99c37aee95bc::")
.domainId("de8e5d94f7033a29b026166e5f7c6f96")
.phase("http_request_firewall_custom")
.rulesets(CisRulesetEntrypointVersionRulesetArgs.builder()
.description("var.description")
.rules(
CisRulesetEntrypointVersionRulesetRuleArgs.builder()
.action("var.action")
.expression("var.expression")
.description("var.rule.description")
.enabled("true")
.build(),
CisRulesetEntrypointVersionRulesetRuleArgs.builder()
.action("var.action")
.expression("var.expression")
.description("var.rule.description")
.enabled("true")
.build())
.build())
.build());
}
}
resources:
# create entrypoint ruleset for a domain.
testCisRulesetEntrypointVersion: # Create/Update entrypoint ruleset and deploy managed ruleset.
type: ibm:CisRulesetEntrypointVersion
properties:
cisId: ${ibm_cis.instance.id}
domainId: ${data.ibm_cis_domain.cis_domain.domain_id}
phase: http_request_firewall_managed
rulesets:
- description: Entrypoint ruleset for managed ruleset
testIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion: # Create/Update entrypoint ruleset and deploy multiple managed ruleset.
type: ibm:CisRulesetEntrypointVersion
properties:
cisId: ${ibm_cis.instance.id}
domainId: ${data.ibm_cis_domain.cis_domain.domain_id}
phase: http_request_firewall_managed
rulesets:
- description: Entrypoint ruleset for managed ruleset
rules:
- action: execute
description: Deploy CIS managed ruleset
enabled: true
expression: 'true'
actionParameters:
- id: efb7b8c949ac4650a09736fc376e9aee
testIbmIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion: # Override rules and categories in a deployed managed ruleset
type: ibm:CisRulesetEntrypointVersion
properties:
cisId: ${ibm_cis.instance.id}
domainId: ${data.ibm_cis_domain.cis_domain.domain_id}
phase: http_request_firewall_managed
rulesets:
- description: Entrypoint ruleset for managed ruleset
rules:
- action: execute
description: Deploy CIS managed ruleset
enabled: true
expression: 'true'
actionParameters:
- id: efb7b8c949ac4650a09736fc376e9aee
- action: execute
description: Deploy CIS OWASP core ruleset
enabled: true
expression: 'true'
actionParameters:
- id: 4814384a9e5d4991b9815dcfc25d2f1f
- action: execute
description: Deploy CIS exposed credentials check ruleset
enabled: true
expression: 'true'
actionParameters:
- id: c2e184081120413c86c3ab7e14069605
testIbmIndex/cisRulesetEntrypointVersionCisRulesetEntrypointVersion1: # Add custom rules. Rules can also be added using the ruleset rule resource.
type: ibm:CisRulesetEntrypointVersion
properties:
cisId: ${ibm_cis.instance.id}
domainId: ${data.ibm_cis_domain.cis_domain.domain_id}
phase: http_request_firewall_managed
rulesets:
- description: Entrypoint ruleset for managed ruleset
rules:
- action: execute
description: Deploy CIS managed ruleset
enabled: true
expression: 'true'
actionParameters:
- id: efb7b8c949ac4650a09736fc376e9aee
overrides:
- action: block
enabled: true
overrideRules:
- ruleId: var.overriden_rule.id
enabled: true
action: block
categories:
- category: wordpress
enabled: true
action: block
config:
type: ibm:CisRulesetEntrypointVersion
properties:
cisId: 'crn:v1:bluemix:public:internet-svcs:global:a/bcf1865e99742d38d2d5fc3fb80a5496:d428087d-3f36-48f4-8626-99c37aee95bc::'
domainId: de8e5d94f7033a29b026166e5f7c6f96
phase: http_request_firewall_custom
rulesets:
- description: var.description
rules:
- action: var.action
expression: var.expression
description: var.rule.description
enabled: 'true'
- action: var.action
expression: var.expression
description: var.rule.description
enabled: 'true'
Note: If an update is required in a particular rule, you must still provide the data for other rules. Otherwise, the new update overrides the previous configuration. To add or update an individual rule, see the resource ruleset rule.
Create CisRulesetEntrypointVersion Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CisRulesetEntrypointVersion(name: string, args: CisRulesetEntrypointVersionArgs, opts?: CustomResourceOptions);@overload
def CisRulesetEntrypointVersion(resource_name: str,
args: CisRulesetEntrypointVersionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CisRulesetEntrypointVersion(resource_name: str,
opts: Optional[ResourceOptions] = None,
cis_id: Optional[str] = None,
phase: Optional[str] = None,
cis_ruleset_entrypoint_version_id: Optional[str] = None,
domain_id: Optional[str] = None,
rulesets: Optional[Sequence[CisRulesetEntrypointVersionRulesetArgs]] = None)func NewCisRulesetEntrypointVersion(ctx *Context, name string, args CisRulesetEntrypointVersionArgs, opts ...ResourceOption) (*CisRulesetEntrypointVersion, error)public CisRulesetEntrypointVersion(string name, CisRulesetEntrypointVersionArgs args, CustomResourceOptions? opts = null)
public CisRulesetEntrypointVersion(String name, CisRulesetEntrypointVersionArgs args)
public CisRulesetEntrypointVersion(String name, CisRulesetEntrypointVersionArgs args, CustomResourceOptions options)
type: ibm:CisRulesetEntrypointVersion
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CisRulesetEntrypointVersionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CisRulesetEntrypointVersionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CisRulesetEntrypointVersionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CisRulesetEntrypointVersionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CisRulesetEntrypointVersionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var cisRulesetEntrypointVersionResource = new Ibm.CisRulesetEntrypointVersion("cisRulesetEntrypointVersionResource", new()
{
CisId = "string",
Phase = "string",
CisRulesetEntrypointVersionId = "string",
DomainId = "string",
Rulesets = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetArgs
{
Description = "string",
Kind = "string",
LastUpdated = "string",
Name = "string",
Phase = "string",
Rules = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleArgs
{
Action = "string",
ActionParameters = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleActionParameterArgs
{
Id = "string",
Overrides = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideArgs
{
Action = "string",
Categories = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideCategoryArgs
{
Action = "string",
Category = "string",
Enabled = false,
},
},
Enabled = false,
OverrideRules = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideOverrideRuleArgs
{
Action = "string",
Enabled = false,
RuleId = "string",
ScoreThreshold = 0,
SensitivityLevel = "string",
},
},
},
},
Responses = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRuleActionParameterResponseArgs
{
Content = "string",
ContentType = "string",
StatusCode = 0,
},
},
Ruleset = "string",
Rulesets = new[]
{
"string",
},
Version = "string",
},
},
Categories = new[]
{
"string",
},
Description = "string",
Enabled = false,
Expression = "string",
Id = "string",
LastUpdatedAt = "string",
Logging =
{
{ "string", false },
},
Positions = new[]
{
new Ibm.Inputs.CisRulesetEntrypointVersionRulesetRulePositionArgs
{
After = "string",
Before = "string",
Index = 0,
},
},
Ref = "string",
Version = "string",
},
},
RulesetId = "string",
Version = "string",
},
},
});
example, err := ibm.NewCisRulesetEntrypointVersion(ctx, "cisRulesetEntrypointVersionResource", &ibm.CisRulesetEntrypointVersionArgs{
CisId: pulumi.String("string"),
Phase: pulumi.String("string"),
CisRulesetEntrypointVersionId: pulumi.String("string"),
DomainId: pulumi.String("string"),
Rulesets: ibm.CisRulesetEntrypointVersionRulesetArray{
&ibm.CisRulesetEntrypointVersionRulesetArgs{
Description: pulumi.String("string"),
Kind: pulumi.String("string"),
LastUpdated: pulumi.String("string"),
Name: pulumi.String("string"),
Phase: pulumi.String("string"),
Rules: ibm.CisRulesetEntrypointVersionRulesetRuleArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleArgs{
Action: pulumi.String("string"),
ActionParameters: ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterArgs{
Id: pulumi.String("string"),
Overrides: ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideArgs{
Action: pulumi.String("string"),
Categories: ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideCategoryArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideCategoryArgs{
Action: pulumi.String("string"),
Category: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
},
Enabled: pulumi.Bool(false),
OverrideRules: ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideOverrideRuleArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideOverrideRuleArgs{
Action: pulumi.String("string"),
Enabled: pulumi.Bool(false),
RuleId: pulumi.String("string"),
ScoreThreshold: pulumi.Float64(0),
SensitivityLevel: pulumi.String("string"),
},
},
},
},
Responses: ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterResponseArray{
&ibm.CisRulesetEntrypointVersionRulesetRuleActionParameterResponseArgs{
Content: pulumi.String("string"),
ContentType: pulumi.String("string"),
StatusCode: pulumi.Float64(0),
},
},
Ruleset: pulumi.String("string"),
Rulesets: pulumi.StringArray{
pulumi.String("string"),
},
Version: pulumi.String("string"),
},
},
Categories: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Expression: pulumi.String("string"),
Id: pulumi.String("string"),
LastUpdatedAt: pulumi.String("string"),
Logging: pulumi.BoolMap{
"string": pulumi.Bool(false),
},
Positions: ibm.CisRulesetEntrypointVersionRulesetRulePositionArray{
&ibm.CisRulesetEntrypointVersionRulesetRulePositionArgs{
After: pulumi.String("string"),
Before: pulumi.String("string"),
Index: pulumi.Float64(0),
},
},
Ref: pulumi.String("string"),
Version: pulumi.String("string"),
},
},
RulesetId: pulumi.String("string"),
Version: pulumi.String("string"),
},
},
})
var cisRulesetEntrypointVersionResource = new CisRulesetEntrypointVersion("cisRulesetEntrypointVersionResource", CisRulesetEntrypointVersionArgs.builder()
.cisId("string")
.phase("string")
.cisRulesetEntrypointVersionId("string")
.domainId("string")
.rulesets(CisRulesetEntrypointVersionRulesetArgs.builder()
.description("string")
.kind("string")
.lastUpdated("string")
.name("string")
.phase("string")
.rules(CisRulesetEntrypointVersionRulesetRuleArgs.builder()
.action("string")
.actionParameters(CisRulesetEntrypointVersionRulesetRuleActionParameterArgs.builder()
.id("string")
.overrides(CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideArgs.builder()
.action("string")
.categories(CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideCategoryArgs.builder()
.action("string")
.category("string")
.enabled(false)
.build())
.enabled(false)
.overrideRules(CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideOverrideRuleArgs.builder()
.action("string")
.enabled(false)
.ruleId("string")
.scoreThreshold(0)
.sensitivityLevel("string")
.build())
.build())
.responses(CisRulesetEntrypointVersionRulesetRuleActionParameterResponseArgs.builder()
.content("string")
.contentType("string")
.statusCode(0)
.build())
.ruleset("string")
.rulesets("string")
.version("string")
.build())
.categories("string")
.description("string")
.enabled(false)
.expression("string")
.id("string")
.lastUpdatedAt("string")
.logging(Map.of("string", false))
.positions(CisRulesetEntrypointVersionRulesetRulePositionArgs.builder()
.after("string")
.before("string")
.index(0)
.build())
.ref("string")
.version("string")
.build())
.rulesetId("string")
.version("string")
.build())
.build());
cis_ruleset_entrypoint_version_resource = ibm.CisRulesetEntrypointVersion("cisRulesetEntrypointVersionResource",
cis_id="string",
phase="string",
cis_ruleset_entrypoint_version_id="string",
domain_id="string",
rulesets=[{
"description": "string",
"kind": "string",
"last_updated": "string",
"name": "string",
"phase": "string",
"rules": [{
"action": "string",
"action_parameters": [{
"id": "string",
"overrides": [{
"action": "string",
"categories": [{
"action": "string",
"category": "string",
"enabled": False,
}],
"enabled": False,
"override_rules": [{
"action": "string",
"enabled": False,
"rule_id": "string",
"score_threshold": 0,
"sensitivity_level": "string",
}],
}],
"responses": [{
"content": "string",
"content_type": "string",
"status_code": 0,
}],
"ruleset": "string",
"rulesets": ["string"],
"version": "string",
}],
"categories": ["string"],
"description": "string",
"enabled": False,
"expression": "string",
"id": "string",
"last_updated_at": "string",
"logging": {
"string": False,
},
"positions": [{
"after": "string",
"before": "string",
"index": 0,
}],
"ref": "string",
"version": "string",
}],
"ruleset_id": "string",
"version": "string",
}])
const cisRulesetEntrypointVersionResource = new ibm.CisRulesetEntrypointVersion("cisRulesetEntrypointVersionResource", {
cisId: "string",
phase: "string",
cisRulesetEntrypointVersionId: "string",
domainId: "string",
rulesets: [{
description: "string",
kind: "string",
lastUpdated: "string",
name: "string",
phase: "string",
rules: [{
action: "string",
actionParameters: [{
id: "string",
overrides: [{
action: "string",
categories: [{
action: "string",
category: "string",
enabled: false,
}],
enabled: false,
overrideRules: [{
action: "string",
enabled: false,
ruleId: "string",
scoreThreshold: 0,
sensitivityLevel: "string",
}],
}],
responses: [{
content: "string",
contentType: "string",
statusCode: 0,
}],
ruleset: "string",
rulesets: ["string"],
version: "string",
}],
categories: ["string"],
description: "string",
enabled: false,
expression: "string",
id: "string",
lastUpdatedAt: "string",
logging: {
string: false,
},
positions: [{
after: "string",
before: "string",
index: 0,
}],
ref: "string",
version: "string",
}],
rulesetId: "string",
version: "string",
}],
});
type: ibm:CisRulesetEntrypointVersion
properties:
cisId: string
cisRulesetEntrypointVersionId: string
domainId: string
phase: string
rulesets:
- description: string
kind: string
lastUpdated: string
name: string
phase: string
rules:
- action: string
actionParameters:
- id: string
overrides:
- action: string
categories:
- action: string
category: string
enabled: false
enabled: false
overrideRules:
- action: string
enabled: false
ruleId: string
scoreThreshold: 0
sensitivityLevel: string
responses:
- content: string
contentType: string
statusCode: 0
ruleset: string
rulesets:
- string
version: string
categories:
- string
description: string
enabled: false
expression: string
id: string
lastUpdatedAt: string
logging:
string: false
positions:
- after: string
before: string
index: 0
ref: string
version: string
rulesetId: string
version: string
CisRulesetEntrypointVersion Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CisRulesetEntrypointVersion resource accepts the following input properties:
- Cis
Id string - The ID of the CIS service instance.
- Phase string
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - Cis
Ruleset stringEntrypoint Version Id - Domain
Id string - The Domain/Zone ID of the CIS service instance. If
domain_idis provided, the request is made at the zone/domain level; otherwise, the request is made at the instance level. - Rulesets
List<Cis
Ruleset Entrypoint Version Ruleset> Values that will be created or updated.
Nested scheme of
rulesets
- Cis
Id string - The ID of the CIS service instance.
- Phase string
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - Cis
Ruleset stringEntrypoint Version Id - Domain
Id string - The Domain/Zone ID of the CIS service instance. If
domain_idis provided, the request is made at the zone/domain level; otherwise, the request is made at the instance level. - Rulesets
[]Cis
Ruleset Entrypoint Version Ruleset Args Values that will be created or updated.
Nested scheme of
rulesets
- cis
Id String - The ID of the CIS service instance.
- phase String
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - cis
Ruleset StringEntrypoint Version Id - domain
Id String - The Domain/Zone ID of the CIS service instance. If
domain_idis provided, the request is made at the zone/domain level; otherwise, the request is made at the instance level. - rulesets
List<Cis
Ruleset Entrypoint Version Ruleset> Values that will be created or updated.
Nested scheme of
rulesets
- cis
Id string - The ID of the CIS service instance.
- phase string
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - cis
Ruleset stringEntrypoint Version Id - domain
Id string - The Domain/Zone ID of the CIS service instance. If
domain_idis provided, the request is made at the zone/domain level; otherwise, the request is made at the instance level. - rulesets
Cis
Ruleset Entrypoint Version Ruleset[] Values that will be created or updated.
Nested scheme of
rulesets
- cis_
id str - The ID of the CIS service instance.
- phase str
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - cis_
ruleset_ strentrypoint_ version_ id - domain_
id str - The Domain/Zone ID of the CIS service instance. If
domain_idis provided, the request is made at the zone/domain level; otherwise, the request is made at the instance level. - rulesets
Sequence[Cis
Ruleset Entrypoint Version Ruleset Args] Values that will be created or updated.
Nested scheme of
rulesets
- cis
Id String - The ID of the CIS service instance.
- phase String
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - cis
Ruleset StringEntrypoint Version Id - domain
Id String - The Domain/Zone ID of the CIS service instance. If
domain_idis provided, the request is made at the zone/domain level; otherwise, the request is made at the instance level. - rulesets List<Property Map>
Values that will be created or updated.
Nested scheme of
rulesets
Outputs
All input properties are implicitly available as output properties. Additionally, the CisRulesetEntrypointVersion resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing CisRulesetEntrypointVersion Resource
Get an existing CisRulesetEntrypointVersion resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CisRulesetEntrypointVersionState, opts?: CustomResourceOptions): CisRulesetEntrypointVersion@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
cis_id: Optional[str] = None,
cis_ruleset_entrypoint_version_id: Optional[str] = None,
domain_id: Optional[str] = None,
phase: Optional[str] = None,
rulesets: Optional[Sequence[CisRulesetEntrypointVersionRulesetArgs]] = None) -> CisRulesetEntrypointVersionfunc GetCisRulesetEntrypointVersion(ctx *Context, name string, id IDInput, state *CisRulesetEntrypointVersionState, opts ...ResourceOption) (*CisRulesetEntrypointVersion, error)public static CisRulesetEntrypointVersion Get(string name, Input<string> id, CisRulesetEntrypointVersionState? state, CustomResourceOptions? opts = null)public static CisRulesetEntrypointVersion get(String name, Output<String> id, CisRulesetEntrypointVersionState state, CustomResourceOptions options)resources: _: type: ibm:CisRulesetEntrypointVersion get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Cis
Id string - The ID of the CIS service instance.
- Cis
Ruleset stringEntrypoint Version Id - Domain
Id string - The Domain/Zone ID of the CIS service instance. If
domain_idis provided, the request is made at the zone/domain level; otherwise, the request is made at the instance level. - Phase string
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - Rulesets
List<Cis
Ruleset Entrypoint Version Ruleset> Values that will be created or updated.
Nested scheme of
rulesets
- Cis
Id string - The ID of the CIS service instance.
- Cis
Ruleset stringEntrypoint Version Id - Domain
Id string - The Domain/Zone ID of the CIS service instance. If
domain_idis provided, the request is made at the zone/domain level; otherwise, the request is made at the instance level. - Phase string
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - Rulesets
[]Cis
Ruleset Entrypoint Version Ruleset Args Values that will be created or updated.
Nested scheme of
rulesets
- cis
Id String - The ID of the CIS service instance.
- cis
Ruleset StringEntrypoint Version Id - domain
Id String - The Domain/Zone ID of the CIS service instance. If
domain_idis provided, the request is made at the zone/domain level; otherwise, the request is made at the instance level. - phase String
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - rulesets
List<Cis
Ruleset Entrypoint Version Ruleset> Values that will be created or updated.
Nested scheme of
rulesets
- cis
Id string - The ID of the CIS service instance.
- cis
Ruleset stringEntrypoint Version Id - domain
Id string - The Domain/Zone ID of the CIS service instance. If
domain_idis provided, the request is made at the zone/domain level; otherwise, the request is made at the instance level. - phase string
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - rulesets
Cis
Ruleset Entrypoint Version Ruleset[] Values that will be created or updated.
Nested scheme of
rulesets
- cis_
id str - The ID of the CIS service instance.
- cis_
ruleset_ strentrypoint_ version_ id - domain_
id str - The Domain/Zone ID of the CIS service instance. If
domain_idis provided, the request is made at the zone/domain level; otherwise, the request is made at the instance level. - phase str
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - rulesets
Sequence[Cis
Ruleset Entrypoint Version Ruleset Args] Values that will be created or updated.
Nested scheme of
rulesets
- cis
Id String - The ID of the CIS service instance.
- cis
Ruleset StringEntrypoint Version Id - domain
Id String - The Domain/Zone ID of the CIS service instance. If
domain_idis provided, the request is made at the zone/domain level; otherwise, the request is made at the instance level. - phase String
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - rulesets List<Property Map>
Values that will be created or updated.
Nested scheme of
rulesets
Supporting Types
CisRulesetEntrypointVersionRuleset, CisRulesetEntrypointVersionRulesetArgs
- Description string
- Description of the ruleset
- Kind string
- Kind of the rulesets
- Last
Updated string - Rulesets last updated at
- Name string
- Name of the rulesets
- Phase string
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - Rules
List<Cis
Ruleset Entrypoint Version Ruleset Rule> - Rules that are required to be added/modified.
Nested scheme of
rules - Ruleset
Id string - Associated ruleset ID
- Version string
- Version of the rulesets
- Description string
- Description of the ruleset
- Kind string
- Kind of the rulesets
- Last
Updated string - Rulesets last updated at
- Name string
- Name of the rulesets
- Phase string
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - Rules
[]Cis
Ruleset Entrypoint Version Ruleset Rule - Rules that are required to be added/modified.
Nested scheme of
rules - Ruleset
Id string - Associated ruleset ID
- Version string
- Version of the rulesets
- description String
- Description of the ruleset
- kind String
- Kind of the rulesets
- last
Updated String - Rulesets last updated at
- name String
- Name of the rulesets
- phase String
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - rules
List<Cis
Ruleset Entrypoint Version Ruleset Rule> - Rules that are required to be added/modified.
Nested scheme of
rules - ruleset
Id String - Associated ruleset ID
- version String
- Version of the rulesets
- description string
- Description of the ruleset
- kind string
- Kind of the rulesets
- last
Updated string - Rulesets last updated at
- name string
- Name of the rulesets
- phase string
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - rules
Cis
Ruleset Entrypoint Version Ruleset Rule[] - Rules that are required to be added/modified.
Nested scheme of
rules - ruleset
Id string - Associated ruleset ID
- version string
- Version of the rulesets
- description str
- Description of the ruleset
- kind str
- Kind of the rulesets
- last_
updated str - Rulesets last updated at
- name str
- Name of the rulesets
- phase str
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - rules
Sequence[Cis
Ruleset Entrypoint Version Ruleset Rule] - Rules that are required to be added/modified.
Nested scheme of
rules - ruleset_
id str - Associated ruleset ID
- version str
- Version of the rulesets
- description String
- Description of the ruleset
- kind String
- Kind of the rulesets
- last
Updated String - Rulesets last updated at
- name String
- Name of the rulesets
- phase String
- Phase of the ruleset. Currently, only
http_request_firewall_managedphase is supported. - rules List<Property Map>
- Rules that are required to be added/modified.
Nested scheme of
rules - ruleset
Id String - Associated ruleset ID
- version String
- Version of the rulesets
CisRulesetEntrypointVersionRulesetRule, CisRulesetEntrypointVersionRulesetRuleArgs
- Action string
- . If you are deploying a rule, then action is required. The
executeaction is used for deploying the ruleset. If you are updating the rule, the action is optional. - Action
Parameters List<CisRuleset Entrypoint Version Ruleset Rule Action Parameter> Parameters that are used to modify the rules.
Nested scheme of
action parameters- Categories List<string>
- Categories of the rulesets rule
- Description string
- Description of the rule.
- Enabled bool
- Enable/Disable ruleset rule
- Expression string
- Expression used by the rule to match the incoming request.
- Id string
- ID of the rulesets rule
- Last
Updated stringAt - Rulesets rule last updated at
- Logging Dictionary<string, bool>
- Logging of the rulesets rule
- Positions
List<Cis
Ruleset Entrypoint Version Ruleset Rule Position> - Position of rulesets rule
- Ref string
- ID of an existing rule. If not provided, it is populated by the ID of the created rule.
- Version string
- Version of the rulesets rule
- Action string
- . If you are deploying a rule, then action is required. The
executeaction is used for deploying the ruleset. If you are updating the rule, the action is optional. - Action
Parameters []CisRuleset Entrypoint Version Ruleset Rule Action Parameter Parameters that are used to modify the rules.
Nested scheme of
action parameters- Categories []string
- Categories of the rulesets rule
- Description string
- Description of the rule.
- Enabled bool
- Enable/Disable ruleset rule
- Expression string
- Expression used by the rule to match the incoming request.
- Id string
- ID of the rulesets rule
- Last
Updated stringAt - Rulesets rule last updated at
- Logging map[string]bool
- Logging of the rulesets rule
- Positions
[]Cis
Ruleset Entrypoint Version Ruleset Rule Position - Position of rulesets rule
- Ref string
- ID of an existing rule. If not provided, it is populated by the ID of the created rule.
- Version string
- Version of the rulesets rule
- action String
- . If you are deploying a rule, then action is required. The
executeaction is used for deploying the ruleset. If you are updating the rule, the action is optional. - action
Parameters List<CisRuleset Entrypoint Version Ruleset Rule Action Parameter> Parameters that are used to modify the rules.
Nested scheme of
action parameters- categories List<String>
- Categories of the rulesets rule
- description String
- Description of the rule.
- enabled Boolean
- Enable/Disable ruleset rule
- expression String
- Expression used by the rule to match the incoming request.
- id String
- ID of the rulesets rule
- last
Updated StringAt - Rulesets rule last updated at
- logging Map<String,Boolean>
- Logging of the rulesets rule
- positions
List<Cis
Ruleset Entrypoint Version Ruleset Rule Position> - Position of rulesets rule
- ref String
- ID of an existing rule. If not provided, it is populated by the ID of the created rule.
- version String
- Version of the rulesets rule
- action string
- . If you are deploying a rule, then action is required. The
executeaction is used for deploying the ruleset. If you are updating the rule, the action is optional. - action
Parameters CisRuleset Entrypoint Version Ruleset Rule Action Parameter[] Parameters that are used to modify the rules.
Nested scheme of
action parameters- categories string[]
- Categories of the rulesets rule
- description string
- Description of the rule.
- enabled boolean
- Enable/Disable ruleset rule
- expression string
- Expression used by the rule to match the incoming request.
- id string
- ID of the rulesets rule
- last
Updated stringAt - Rulesets rule last updated at
- logging {[key: string]: boolean}
- Logging of the rulesets rule
- positions
Cis
Ruleset Entrypoint Version Ruleset Rule Position[] - Position of rulesets rule
- ref string
- ID of an existing rule. If not provided, it is populated by the ID of the created rule.
- version string
- Version of the rulesets rule
- action str
- . If you are deploying a rule, then action is required. The
executeaction is used for deploying the ruleset. If you are updating the rule, the action is optional. - action_
parameters Sequence[CisRuleset Entrypoint Version Ruleset Rule Action Parameter] Parameters that are used to modify the rules.
Nested scheme of
action parameters- categories Sequence[str]
- Categories of the rulesets rule
- description str
- Description of the rule.
- enabled bool
- Enable/Disable ruleset rule
- expression str
- Expression used by the rule to match the incoming request.
- id str
- ID of the rulesets rule
- last_
updated_ strat - Rulesets rule last updated at
- logging Mapping[str, bool]
- Logging of the rulesets rule
- positions
Sequence[Cis
Ruleset Entrypoint Version Ruleset Rule Position] - Position of rulesets rule
- ref str
- ID of an existing rule. If not provided, it is populated by the ID of the created rule.
- version str
- Version of the rulesets rule
- action String
- . If you are deploying a rule, then action is required. The
executeaction is used for deploying the ruleset. If you are updating the rule, the action is optional. - action
Parameters List<Property Map> Parameters that are used to modify the rules.
Nested scheme of
action parameters- categories List<String>
- Categories of the rulesets rule
- description String
- Description of the rule.
- enabled Boolean
- Enable/Disable ruleset rule
- expression String
- Expression used by the rule to match the incoming request.
- id String
- ID of the rulesets rule
- last
Updated StringAt - Rulesets rule last updated at
- logging Map<Boolean>
- Logging of the rulesets rule
- positions List<Property Map>
- Position of rulesets rule
- ref String
- ID of an existing rule. If not provided, it is populated by the ID of the created rule.
- version String
- Version of the rulesets rule
CisRulesetEntrypointVersionRulesetRuleActionParameter, CisRulesetEntrypointVersionRulesetRuleActionParameterArgs
- Id string
- ID of the managed ruleset to be deployed.
- Overrides
List<Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Override> Provides the parameters that are to be overridden.
Nested scheme of
overrides- Responses
List<Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Response> - Action parameters response of the rulesets rule
- Ruleset string
- Ruleset ID of the ruleset to apply action to
- Rulesets List<string>
Values that will be created or updated.
Nested scheme of
rulesets- Version string
- Version of the ruleset
- Id string
- ID of the managed ruleset to be deployed.
- Overrides
[]Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Override Provides the parameters that are to be overridden.
Nested scheme of
overrides- Responses
[]Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Response - Action parameters response of the rulesets rule
- Ruleset string
- Ruleset ID of the ruleset to apply action to
- Rulesets []string
Values that will be created or updated.
Nested scheme of
rulesets- Version string
- Version of the ruleset
- id String
- ID of the managed ruleset to be deployed.
- overrides
List<Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Override> Provides the parameters that are to be overridden.
Nested scheme of
overrides- responses
List<Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Response> - Action parameters response of the rulesets rule
- ruleset String
- Ruleset ID of the ruleset to apply action to
- rulesets List<String>
Values that will be created or updated.
Nested scheme of
rulesets- version String
- Version of the ruleset
- id string
- ID of the managed ruleset to be deployed.
- overrides
Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Override[] Provides the parameters that are to be overridden.
Nested scheme of
overrides- responses
Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Response[] - Action parameters response of the rulesets rule
- ruleset string
- Ruleset ID of the ruleset to apply action to
- rulesets string[]
Values that will be created or updated.
Nested scheme of
rulesets- version string
- Version of the ruleset
- id str
- ID of the managed ruleset to be deployed.
- overrides
Sequence[Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Override] Provides the parameters that are to be overridden.
Nested scheme of
overrides- responses
Sequence[Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Response] - Action parameters response of the rulesets rule
- ruleset str
- Ruleset ID of the ruleset to apply action to
- rulesets Sequence[str]
Values that will be created or updated.
Nested scheme of
rulesets- version str
- Version of the ruleset
- id String
- ID of the managed ruleset to be deployed.
- overrides List<Property Map>
Provides the parameters that are to be overridden.
Nested scheme of
overrides- responses List<Property Map>
- Action parameters response of the rulesets rule
- ruleset String
- Ruleset ID of the ruleset to apply action to
- rulesets List<String>
Values that will be created or updated.
Nested scheme of
rulesets- version String
- Version of the ruleset
CisRulesetEntrypointVersionRulesetRuleActionParameterOverride, CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideArgs
- Action string
- Action of the rule. Examples: log, block, skip.
- Categories
List<Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Override Category> - Nested scheme of
categories - Enabled bool
- Enables/Disables the rule.
- Override
Rules List<CisRuleset Entrypoint Version Ruleset Rule Action Parameter Override Override Rule> List of details of rules to be overridden. These rules are already present in the managed ruleset.
Nested scheme of
override_rules
- Action string
- Action of the rule. Examples: log, block, skip.
- Categories
[]Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Override Category - Nested scheme of
categories - Enabled bool
- Enables/Disables the rule.
- Override
Rules []CisRuleset Entrypoint Version Ruleset Rule Action Parameter Override Override Rule List of details of rules to be overridden. These rules are already present in the managed ruleset.
Nested scheme of
override_rules
- action String
- Action of the rule. Examples: log, block, skip.
- categories
List<Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Override Category> - Nested scheme of
categories - enabled Boolean
- Enables/Disables the rule.
- override
Rules List<CisRuleset Entrypoint Version Ruleset Rule Action Parameter Override Override Rule> List of details of rules to be overridden. These rules are already present in the managed ruleset.
Nested scheme of
override_rules
- action string
- Action of the rule. Examples: log, block, skip.
- categories
Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Override Category[] - Nested scheme of
categories - enabled boolean
- Enables/Disables the rule.
- override
Rules CisRuleset Entrypoint Version Ruleset Rule Action Parameter Override Override Rule[] List of details of rules to be overridden. These rules are already present in the managed ruleset.
Nested scheme of
override_rules
- action str
- Action of the rule. Examples: log, block, skip.
- categories
Sequence[Cis
Ruleset Entrypoint Version Ruleset Rule Action Parameter Override Category] - Nested scheme of
categories - enabled bool
- Enables/Disables the rule.
- override_
rules Sequence[CisRuleset Entrypoint Version Ruleset Rule Action Parameter Override Override Rule] List of details of rules to be overridden. These rules are already present in the managed ruleset.
Nested scheme of
override_rules
- action String
- Action of the rule. Examples: log, block, skip.
- categories List<Property Map>
- Nested scheme of
categories - enabled Boolean
- Enables/Disables the rule.
- override
Rules List<Property Map> List of details of rules to be overridden. These rules are already present in the managed ruleset.
Nested scheme of
override_rules
CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideCategory, CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideCategoryArgs
CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideOverrideRule, CisRulesetEntrypointVersionRulesetRuleActionParameterOverrideOverrideRuleArgs
- Action string
- Action of the rule.
- Enabled bool
- Enables/Disables the rule.
- Rule
Id string - ID of the rule.
- Score
Threshold double - Score threshold of the rule. Allowed values are 25, 40, 60 for high, medium and low sensitivity respectively.
- Sensitivity
Level string - Sensitivity level
- Action string
- Action of the rule.
- Enabled bool
- Enables/Disables the rule.
- Rule
Id string - ID of the rule.
- Score
Threshold float64 - Score threshold of the rule. Allowed values are 25, 40, 60 for high, medium and low sensitivity respectively.
- Sensitivity
Level string - Sensitivity level
- action String
- Action of the rule.
- enabled Boolean
- Enables/Disables the rule.
- rule
Id String - ID of the rule.
- score
Threshold Double - Score threshold of the rule. Allowed values are 25, 40, 60 for high, medium and low sensitivity respectively.
- sensitivity
Level String - Sensitivity level
- action string
- Action of the rule.
- enabled boolean
- Enables/Disables the rule.
- rule
Id string - ID of the rule.
- score
Threshold number - Score threshold of the rule. Allowed values are 25, 40, 60 for high, medium and low sensitivity respectively.
- sensitivity
Level string - Sensitivity level
- action str
- Action of the rule.
- enabled bool
- Enables/Disables the rule.
- rule_
id str - ID of the rule.
- score_
threshold float - Score threshold of the rule. Allowed values are 25, 40, 60 for high, medium and low sensitivity respectively.
- sensitivity_
level str - Sensitivity level
- action String
- Action of the rule.
- enabled Boolean
- Enables/Disables the rule.
- rule
Id String - ID of the rule.
- score
Threshold Number - Score threshold of the rule. Allowed values are 25, 40, 60 for high, medium and low sensitivity respectively.
- sensitivity
Level String - Sensitivity level
CisRulesetEntrypointVersionRulesetRuleActionParameterResponse, CisRulesetEntrypointVersionRulesetRuleActionParameterResponseArgs
- Content string
- Action parameters response content of the rulesets rule
- Content
Type string - Action parameters response type of the rulesets rule
- Status
Code double - Action parameters response status code of the rulesets rule
- Content string
- Action parameters response content of the rulesets rule
- Content
Type string - Action parameters response type of the rulesets rule
- Status
Code float64 - Action parameters response status code of the rulesets rule
- content String
- Action parameters response content of the rulesets rule
- content
Type String - Action parameters response type of the rulesets rule
- status
Code Double - Action parameters response status code of the rulesets rule
- content string
- Action parameters response content of the rulesets rule
- content
Type string - Action parameters response type of the rulesets rule
- status
Code number - Action parameters response status code of the rulesets rule
- content str
- Action parameters response content of the rulesets rule
- content_
type str - Action parameters response type of the rulesets rule
- status_
code float - Action parameters response status code of the rulesets rule
- content String
- Action parameters response content of the rulesets rule
- content
Type String - Action parameters response type of the rulesets rule
- status
Code Number - Action parameters response status code of the rulesets rule
CisRulesetEntrypointVersionRulesetRulePosition, CisRulesetEntrypointVersionRulesetRulePositionArgs
Import
Example
terraform
$ pulumi import ibm:index/cisRulesetEntrypointVersion:CisRulesetEntrypointVersion config http_request_firewall_managed:9caf68812ae9b3f0377fdf986751a78f:crn:v1:bluemix:public:internet-svcs:global:a/4ea1882a2d3401ed1e459979941966ea:31fa970d-51d0-4b05-893e-251cba75a7b3::
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- ibm ibm-cloud/terraform-provider-ibm
- License
- Notes
- This Pulumi package is based on the
ibmTerraform Provider.