1. Packages
  2. Cisco ISE Provider
  3. API Docs
  4. networkaccess
  5. AuthorizationRule
Cisco ISE v0.1.11 published on Monday, Dec 2, 2024 by Pulumi

ise.networkaccess.AuthorizationRule

Explore with Pulumi AI

ise logo
Cisco ISE v0.1.11 published on Monday, Dec 2, 2024 by Pulumi

    This resource can manage a Network Access Authorization Rule.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as ise from "@pulumi/ise";
    
    const example = new ise.networkaccess.AuthorizationRule("example", {
        policySetId: "d82952cb-b901-4b09-b363-5ebf39bdbaf9",
        name: "Rule1",
        "default": false,
        rank: 0,
        state: "enabled",
        conditionType: "ConditionAttributes",
        conditionIsNegate: false,
        conditionAttributeName: "Location",
        conditionAttributeValue: "All Locations",
        conditionDictionaryName: "DEVICE",
        conditionOperator: "equals",
        profiles: ["PermitAccess"],
        securityGroup: "BYOD",
    });
    
    import pulumi
    import pulumi_ise as ise
    
    example = ise.networkaccess.AuthorizationRule("example",
        policy_set_id="d82952cb-b901-4b09-b363-5ebf39bdbaf9",
        name="Rule1",
        default=False,
        rank=0,
        state="enabled",
        condition_type="ConditionAttributes",
        condition_is_negate=False,
        condition_attribute_name="Location",
        condition_attribute_value="All Locations",
        condition_dictionary_name="DEVICE",
        condition_operator="equals",
        profiles=["PermitAccess"],
        security_group="BYOD")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-ise/sdk/go/ise/networkaccess"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := networkaccess.NewAuthorizationRule(ctx, "example", &networkaccess.AuthorizationRuleArgs{
    			PolicySetId:             pulumi.String("d82952cb-b901-4b09-b363-5ebf39bdbaf9"),
    			Name:                    pulumi.String("Rule1"),
    			Default:                 pulumi.Bool(false),
    			Rank:                    pulumi.Int(0),
    			State:                   pulumi.String("enabled"),
    			ConditionType:           pulumi.String("ConditionAttributes"),
    			ConditionIsNegate:       pulumi.Bool(false),
    			ConditionAttributeName:  pulumi.String("Location"),
    			ConditionAttributeValue: pulumi.String("All Locations"),
    			ConditionDictionaryName: pulumi.String("DEVICE"),
    			ConditionOperator:       pulumi.String("equals"),
    			Profiles: pulumi.StringArray{
    				pulumi.String("PermitAccess"),
    			},
    			SecurityGroup: pulumi.String("BYOD"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Ise = Pulumi.Ise;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Ise.NetworkAccess.AuthorizationRule("example", new()
        {
            PolicySetId = "d82952cb-b901-4b09-b363-5ebf39bdbaf9",
            Name = "Rule1",
            Default = false,
            Rank = 0,
            State = "enabled",
            ConditionType = "ConditionAttributes",
            ConditionIsNegate = false,
            ConditionAttributeName = "Location",
            ConditionAttributeValue = "All Locations",
            ConditionDictionaryName = "DEVICE",
            ConditionOperator = "equals",
            Profiles = new[]
            {
                "PermitAccess",
            },
            SecurityGroup = "BYOD",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.ise.networkaccess.AuthorizationRule;
    import com.pulumi.ise.networkaccess.AuthorizationRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new AuthorizationRule("example", AuthorizationRuleArgs.builder()
                .policySetId("d82952cb-b901-4b09-b363-5ebf39bdbaf9")
                .name("Rule1")
                .default_(false)
                .rank(0)
                .state("enabled")
                .conditionType("ConditionAttributes")
                .conditionIsNegate(false)
                .conditionAttributeName("Location")
                .conditionAttributeValue("All Locations")
                .conditionDictionaryName("DEVICE")
                .conditionOperator("equals")
                .profiles("PermitAccess")
                .securityGroup("BYOD")
                .build());
    
        }
    }
    
    resources:
      example:
        type: ise:networkaccess:AuthorizationRule
        properties:
          policySetId: d82952cb-b901-4b09-b363-5ebf39bdbaf9
          name: Rule1
          default: false
          rank: 0
          state: enabled
          conditionType: ConditionAttributes
          conditionIsNegate: false
          conditionAttributeName: Location
          conditionAttributeValue: All Locations
          conditionDictionaryName: DEVICE
          conditionOperator: equals
          profiles:
            - PermitAccess
          securityGroup: BYOD
    

    Create AuthorizationRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AuthorizationRule(name: string, args: AuthorizationRuleArgs, opts?: CustomResourceOptions);
    @overload
    def AuthorizationRule(resource_name: str,
                          args: AuthorizationRuleArgs,
                          opts: Optional[ResourceOptions] = None)
    
    @overload
    def AuthorizationRule(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          policy_set_id: Optional[str] = None,
                          condition_type: Optional[str] = None,
                          default: Optional[bool] = None,
                          condition_dictionary_name: Optional[str] = None,
                          condition_dictionary_value: Optional[str] = None,
                          condition_id: Optional[str] = None,
                          condition_is_negate: Optional[bool] = None,
                          condition_attribute_value: Optional[str] = None,
                          childrens: Optional[Sequence[AuthorizationRuleChildrenArgs]] = None,
                          condition_operator: Optional[str] = None,
                          name: Optional[str] = None,
                          condition_attribute_name: Optional[str] = None,
                          profiles: Optional[Sequence[str]] = None,
                          rank: Optional[int] = None,
                          security_group: Optional[str] = None,
                          state: Optional[str] = None)
    func NewAuthorizationRule(ctx *Context, name string, args AuthorizationRuleArgs, opts ...ResourceOption) (*AuthorizationRule, error)
    public AuthorizationRule(string name, AuthorizationRuleArgs args, CustomResourceOptions? opts = null)
    public AuthorizationRule(String name, AuthorizationRuleArgs args)
    public AuthorizationRule(String name, AuthorizationRuleArgs args, CustomResourceOptions options)
    
    type: ise:networkaccess:AuthorizationRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AuthorizationRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AuthorizationRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AuthorizationRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AuthorizationRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AuthorizationRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var iseAuthorizationRuleResource = new Ise.NetworkAccess.AuthorizationRule("iseAuthorizationRuleResource", new()
    {
        PolicySetId = "string",
        ConditionType = "string",
        Default = false,
        ConditionDictionaryName = "string",
        ConditionDictionaryValue = "string",
        ConditionId = "string",
        ConditionIsNegate = false,
        ConditionAttributeValue = "string",
        Childrens = new[]
        {
            new Ise.NetworkAccess.Inputs.AuthorizationRuleChildrenArgs
            {
                ConditionType = "string",
                AttributeName = "string",
                AttributeValue = "string",
                Childrens = new[]
                {
                    new Ise.NetworkAccess.Inputs.AuthorizationRuleChildrenChildrenArgs
                    {
                        ConditionType = "string",
                        AttributeName = "string",
                        AttributeValue = "string",
                        DictionaryName = "string",
                        DictionaryValue = "string",
                        Id = "string",
                        IsNegate = false,
                        Operator = "string",
                    },
                },
                DictionaryName = "string",
                DictionaryValue = "string",
                Id = "string",
                IsNegate = false,
                Operator = "string",
            },
        },
        ConditionOperator = "string",
        Name = "string",
        ConditionAttributeName = "string",
        Profiles = new[]
        {
            "string",
        },
        Rank = 0,
        SecurityGroup = "string",
        State = "string",
    });
    
    example, err := networkaccess.NewAuthorizationRule(ctx, "iseAuthorizationRuleResource", &networkaccess.AuthorizationRuleArgs{
    	PolicySetId:              pulumi.String("string"),
    	ConditionType:            pulumi.String("string"),
    	Default:                  pulumi.Bool(false),
    	ConditionDictionaryName:  pulumi.String("string"),
    	ConditionDictionaryValue: pulumi.String("string"),
    	ConditionId:              pulumi.String("string"),
    	ConditionIsNegate:        pulumi.Bool(false),
    	ConditionAttributeValue:  pulumi.String("string"),
    	Childrens: networkaccess.AuthorizationRuleChildrenArray{
    		&networkaccess.AuthorizationRuleChildrenArgs{
    			ConditionType:  pulumi.String("string"),
    			AttributeName:  pulumi.String("string"),
    			AttributeValue: pulumi.String("string"),
    			Childrens: networkaccess.AuthorizationRuleChildrenChildrenArray{
    				&networkaccess.AuthorizationRuleChildrenChildrenArgs{
    					ConditionType:   pulumi.String("string"),
    					AttributeName:   pulumi.String("string"),
    					AttributeValue:  pulumi.String("string"),
    					DictionaryName:  pulumi.String("string"),
    					DictionaryValue: pulumi.String("string"),
    					Id:              pulumi.String("string"),
    					IsNegate:        pulumi.Bool(false),
    					Operator:        pulumi.String("string"),
    				},
    			},
    			DictionaryName:  pulumi.String("string"),
    			DictionaryValue: pulumi.String("string"),
    			Id:              pulumi.String("string"),
    			IsNegate:        pulumi.Bool(false),
    			Operator:        pulumi.String("string"),
    		},
    	},
    	ConditionOperator:      pulumi.String("string"),
    	Name:                   pulumi.String("string"),
    	ConditionAttributeName: pulumi.String("string"),
    	Profiles: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Rank:          pulumi.Int(0),
    	SecurityGroup: pulumi.String("string"),
    	State:         pulumi.String("string"),
    })
    
    var iseAuthorizationRuleResource = new AuthorizationRule("iseAuthorizationRuleResource", AuthorizationRuleArgs.builder()
        .policySetId("string")
        .conditionType("string")
        .default_(false)
        .conditionDictionaryName("string")
        .conditionDictionaryValue("string")
        .conditionId("string")
        .conditionIsNegate(false)
        .conditionAttributeValue("string")
        .childrens(AuthorizationRuleChildrenArgs.builder()
            .conditionType("string")
            .attributeName("string")
            .attributeValue("string")
            .childrens(AuthorizationRuleChildrenChildrenArgs.builder()
                .conditionType("string")
                .attributeName("string")
                .attributeValue("string")
                .dictionaryName("string")
                .dictionaryValue("string")
                .id("string")
                .isNegate(false)
                .operator("string")
                .build())
            .dictionaryName("string")
            .dictionaryValue("string")
            .id("string")
            .isNegate(false)
            .operator("string")
            .build())
        .conditionOperator("string")
        .name("string")
        .conditionAttributeName("string")
        .profiles("string")
        .rank(0)
        .securityGroup("string")
        .state("string")
        .build());
    
    ise_authorization_rule_resource = ise.networkaccess.AuthorizationRule("iseAuthorizationRuleResource",
        policy_set_id="string",
        condition_type="string",
        default=False,
        condition_dictionary_name="string",
        condition_dictionary_value="string",
        condition_id="string",
        condition_is_negate=False,
        condition_attribute_value="string",
        childrens=[{
            "condition_type": "string",
            "attribute_name": "string",
            "attribute_value": "string",
            "childrens": [{
                "condition_type": "string",
                "attribute_name": "string",
                "attribute_value": "string",
                "dictionary_name": "string",
                "dictionary_value": "string",
                "id": "string",
                "is_negate": False,
                "operator": "string",
            }],
            "dictionary_name": "string",
            "dictionary_value": "string",
            "id": "string",
            "is_negate": False,
            "operator": "string",
        }],
        condition_operator="string",
        name="string",
        condition_attribute_name="string",
        profiles=["string"],
        rank=0,
        security_group="string",
        state="string")
    
    const iseAuthorizationRuleResource = new ise.networkaccess.AuthorizationRule("iseAuthorizationRuleResource", {
        policySetId: "string",
        conditionType: "string",
        "default": false,
        conditionDictionaryName: "string",
        conditionDictionaryValue: "string",
        conditionId: "string",
        conditionIsNegate: false,
        conditionAttributeValue: "string",
        childrens: [{
            conditionType: "string",
            attributeName: "string",
            attributeValue: "string",
            childrens: [{
                conditionType: "string",
                attributeName: "string",
                attributeValue: "string",
                dictionaryName: "string",
                dictionaryValue: "string",
                id: "string",
                isNegate: false,
                operator: "string",
            }],
            dictionaryName: "string",
            dictionaryValue: "string",
            id: "string",
            isNegate: false,
            operator: "string",
        }],
        conditionOperator: "string",
        name: "string",
        conditionAttributeName: "string",
        profiles: ["string"],
        rank: 0,
        securityGroup: "string",
        state: "string",
    });
    
    type: ise:networkaccess:AuthorizationRule
    properties:
        childrens:
            - attributeName: string
              attributeValue: string
              childrens:
                - attributeName: string
                  attributeValue: string
                  conditionType: string
                  dictionaryName: string
                  dictionaryValue: string
                  id: string
                  isNegate: false
                  operator: string
              conditionType: string
              dictionaryName: string
              dictionaryValue: string
              id: string
              isNegate: false
              operator: string
        conditionAttributeName: string
        conditionAttributeValue: string
        conditionDictionaryName: string
        conditionDictionaryValue: string
        conditionId: string
        conditionIsNegate: false
        conditionOperator: string
        conditionType: string
        default: false
        name: string
        policySetId: string
        profiles:
            - string
        rank: 0
        securityGroup: string
        state: string
    

    AuthorizationRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AuthorizationRule resource accepts the following input properties:

    PolicySetId string
    Policy set ID
    Childrens List<AuthorizationRuleChildren>
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    ConditionAttributeName string
    Dictionary attribute name
    ConditionAttributeValue string
    Attribute value for condition. Value type is specified in dictionary object.
    ConditionDictionaryName string
    Dictionary name
    ConditionDictionaryValue string
    Dictionary value
    ConditionId string
    UUID for condition
    ConditionIsNegate bool
    Indicates whereas this condition is in negate mode
    ConditionOperator string
    Equality operator - Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    ConditionType string
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. - Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    Default bool
    Indicates if this rule is the default one
    Name string
    Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
    Profiles List<string>
    The authorization profile(s)
    Rank int
    The rank (priority) in relation to other rules. Lower rank is higher priority.
    SecurityGroup string
    Security group used in authorization policies
    State string
    The state that the rule is in. A disabled rule cannot be matched. - Choices: disabled, enabled, monitor
    PolicySetId string
    Policy set ID
    Childrens []AuthorizationRuleChildrenArgs
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    ConditionAttributeName string
    Dictionary attribute name
    ConditionAttributeValue string
    Attribute value for condition. Value type is specified in dictionary object.
    ConditionDictionaryName string
    Dictionary name
    ConditionDictionaryValue string
    Dictionary value
    ConditionId string
    UUID for condition
    ConditionIsNegate bool
    Indicates whereas this condition is in negate mode
    ConditionOperator string
    Equality operator - Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    ConditionType string
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. - Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    Default bool
    Indicates if this rule is the default one
    Name string
    Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
    Profiles []string
    The authorization profile(s)
    Rank int
    The rank (priority) in relation to other rules. Lower rank is higher priority.
    SecurityGroup string
    Security group used in authorization policies
    State string
    The state that the rule is in. A disabled rule cannot be matched. - Choices: disabled, enabled, monitor
    policySetId String
    Policy set ID
    childrens List<AuthorizationRuleChildren>
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    conditionAttributeName String
    Dictionary attribute name
    conditionAttributeValue String
    Attribute value for condition. Value type is specified in dictionary object.
    conditionDictionaryName String
    Dictionary name
    conditionDictionaryValue String
    Dictionary value
    conditionId String
    UUID for condition
    conditionIsNegate Boolean
    Indicates whereas this condition is in negate mode
    conditionOperator String
    Equality operator - Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    conditionType String
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. - Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    default_ Boolean
    Indicates if this rule is the default one
    name String
    Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
    profiles List<String>
    The authorization profile(s)
    rank Integer
    The rank (priority) in relation to other rules. Lower rank is higher priority.
    securityGroup String
    Security group used in authorization policies
    state String
    The state that the rule is in. A disabled rule cannot be matched. - Choices: disabled, enabled, monitor
    policySetId string
    Policy set ID
    childrens AuthorizationRuleChildren[]
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    conditionAttributeName string
    Dictionary attribute name
    conditionAttributeValue string
    Attribute value for condition. Value type is specified in dictionary object.
    conditionDictionaryName string
    Dictionary name
    conditionDictionaryValue string
    Dictionary value
    conditionId string
    UUID for condition
    conditionIsNegate boolean
    Indicates whereas this condition is in negate mode
    conditionOperator string
    Equality operator - Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    conditionType string
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. - Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    default boolean
    Indicates if this rule is the default one
    name string
    Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
    profiles string[]
    The authorization profile(s)
    rank number
    The rank (priority) in relation to other rules. Lower rank is higher priority.
    securityGroup string
    Security group used in authorization policies
    state string
    The state that the rule is in. A disabled rule cannot be matched. - Choices: disabled, enabled, monitor
    policy_set_id str
    Policy set ID
    childrens Sequence[AuthorizationRuleChildrenArgs]
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    condition_attribute_name str
    Dictionary attribute name
    condition_attribute_value str
    Attribute value for condition. Value type is specified in dictionary object.
    condition_dictionary_name str
    Dictionary name
    condition_dictionary_value str
    Dictionary value
    condition_id str
    UUID for condition
    condition_is_negate bool
    Indicates whereas this condition is in negate mode
    condition_operator str
    Equality operator - Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    condition_type str
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. - Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    default bool
    Indicates if this rule is the default one
    name str
    Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
    profiles Sequence[str]
    The authorization profile(s)
    rank int
    The rank (priority) in relation to other rules. Lower rank is higher priority.
    security_group str
    Security group used in authorization policies
    state str
    The state that the rule is in. A disabled rule cannot be matched. - Choices: disabled, enabled, monitor
    policySetId String
    Policy set ID
    childrens List<Property Map>
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    conditionAttributeName String
    Dictionary attribute name
    conditionAttributeValue String
    Attribute value for condition. Value type is specified in dictionary object.
    conditionDictionaryName String
    Dictionary name
    conditionDictionaryValue String
    Dictionary value
    conditionId String
    UUID for condition
    conditionIsNegate Boolean
    Indicates whereas this condition is in negate mode
    conditionOperator String
    Equality operator - Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    conditionType String
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. - Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    default Boolean
    Indicates if this rule is the default one
    name String
    Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
    profiles List<String>
    The authorization profile(s)
    rank Number
    The rank (priority) in relation to other rules. Lower rank is higher priority.
    securityGroup String
    Security group used in authorization policies
    state String
    The state that the rule is in. A disabled rule cannot be matched. - Choices: disabled, enabled, monitor

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AuthorizationRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing AuthorizationRule Resource

    Get an existing AuthorizationRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AuthorizationRuleState, opts?: CustomResourceOptions): AuthorizationRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            childrens: Optional[Sequence[AuthorizationRuleChildrenArgs]] = None,
            condition_attribute_name: Optional[str] = None,
            condition_attribute_value: Optional[str] = None,
            condition_dictionary_name: Optional[str] = None,
            condition_dictionary_value: Optional[str] = None,
            condition_id: Optional[str] = None,
            condition_is_negate: Optional[bool] = None,
            condition_operator: Optional[str] = None,
            condition_type: Optional[str] = None,
            default: Optional[bool] = None,
            name: Optional[str] = None,
            policy_set_id: Optional[str] = None,
            profiles: Optional[Sequence[str]] = None,
            rank: Optional[int] = None,
            security_group: Optional[str] = None,
            state: Optional[str] = None) -> AuthorizationRule
    func GetAuthorizationRule(ctx *Context, name string, id IDInput, state *AuthorizationRuleState, opts ...ResourceOption) (*AuthorizationRule, error)
    public static AuthorizationRule Get(string name, Input<string> id, AuthorizationRuleState? state, CustomResourceOptions? opts = null)
    public static AuthorizationRule get(String name, Output<String> id, AuthorizationRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Childrens List<AuthorizationRuleChildren>
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    ConditionAttributeName string
    Dictionary attribute name
    ConditionAttributeValue string
    Attribute value for condition. Value type is specified in dictionary object.
    ConditionDictionaryName string
    Dictionary name
    ConditionDictionaryValue string
    Dictionary value
    ConditionId string
    UUID for condition
    ConditionIsNegate bool
    Indicates whereas this condition is in negate mode
    ConditionOperator string
    Equality operator - Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    ConditionType string
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. - Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    Default bool
    Indicates if this rule is the default one
    Name string
    Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
    PolicySetId string
    Policy set ID
    Profiles List<string>
    The authorization profile(s)
    Rank int
    The rank (priority) in relation to other rules. Lower rank is higher priority.
    SecurityGroup string
    Security group used in authorization policies
    State string
    The state that the rule is in. A disabled rule cannot be matched. - Choices: disabled, enabled, monitor
    Childrens []AuthorizationRuleChildrenArgs
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    ConditionAttributeName string
    Dictionary attribute name
    ConditionAttributeValue string
    Attribute value for condition. Value type is specified in dictionary object.
    ConditionDictionaryName string
    Dictionary name
    ConditionDictionaryValue string
    Dictionary value
    ConditionId string
    UUID for condition
    ConditionIsNegate bool
    Indicates whereas this condition is in negate mode
    ConditionOperator string
    Equality operator - Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    ConditionType string
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. - Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    Default bool
    Indicates if this rule is the default one
    Name string
    Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
    PolicySetId string
    Policy set ID
    Profiles []string
    The authorization profile(s)
    Rank int
    The rank (priority) in relation to other rules. Lower rank is higher priority.
    SecurityGroup string
    Security group used in authorization policies
    State string
    The state that the rule is in. A disabled rule cannot be matched. - Choices: disabled, enabled, monitor
    childrens List<AuthorizationRuleChildren>
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    conditionAttributeName String
    Dictionary attribute name
    conditionAttributeValue String
    Attribute value for condition. Value type is specified in dictionary object.
    conditionDictionaryName String
    Dictionary name
    conditionDictionaryValue String
    Dictionary value
    conditionId String
    UUID for condition
    conditionIsNegate Boolean
    Indicates whereas this condition is in negate mode
    conditionOperator String
    Equality operator - Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    conditionType String
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. - Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    default_ Boolean
    Indicates if this rule is the default one
    name String
    Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
    policySetId String
    Policy set ID
    profiles List<String>
    The authorization profile(s)
    rank Integer
    The rank (priority) in relation to other rules. Lower rank is higher priority.
    securityGroup String
    Security group used in authorization policies
    state String
    The state that the rule is in. A disabled rule cannot be matched. - Choices: disabled, enabled, monitor
    childrens AuthorizationRuleChildren[]
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    conditionAttributeName string
    Dictionary attribute name
    conditionAttributeValue string
    Attribute value for condition. Value type is specified in dictionary object.
    conditionDictionaryName string
    Dictionary name
    conditionDictionaryValue string
    Dictionary value
    conditionId string
    UUID for condition
    conditionIsNegate boolean
    Indicates whereas this condition is in negate mode
    conditionOperator string
    Equality operator - Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    conditionType string
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. - Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    default boolean
    Indicates if this rule is the default one
    name string
    Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
    policySetId string
    Policy set ID
    profiles string[]
    The authorization profile(s)
    rank number
    The rank (priority) in relation to other rules. Lower rank is higher priority.
    securityGroup string
    Security group used in authorization policies
    state string
    The state that the rule is in. A disabled rule cannot be matched. - Choices: disabled, enabled, monitor
    childrens Sequence[AuthorizationRuleChildrenArgs]
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    condition_attribute_name str
    Dictionary attribute name
    condition_attribute_value str
    Attribute value for condition. Value type is specified in dictionary object.
    condition_dictionary_name str
    Dictionary name
    condition_dictionary_value str
    Dictionary value
    condition_id str
    UUID for condition
    condition_is_negate bool
    Indicates whereas this condition is in negate mode
    condition_operator str
    Equality operator - Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    condition_type str
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. - Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    default bool
    Indicates if this rule is the default one
    name str
    Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
    policy_set_id str
    Policy set ID
    profiles Sequence[str]
    The authorization profile(s)
    rank int
    The rank (priority) in relation to other rules. Lower rank is higher priority.
    security_group str
    Security group used in authorization policies
    state str
    The state that the rule is in. A disabled rule cannot be matched. - Choices: disabled, enabled, monitor
    childrens List<Property Map>
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    conditionAttributeName String
    Dictionary attribute name
    conditionAttributeValue String
    Attribute value for condition. Value type is specified in dictionary object.
    conditionDictionaryName String
    Dictionary name
    conditionDictionaryValue String
    Dictionary value
    conditionId String
    UUID for condition
    conditionIsNegate Boolean
    Indicates whereas this condition is in negate mode
    conditionOperator String
    Equality operator - Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    conditionType String
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. - Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    default Boolean
    Indicates if this rule is the default one
    name String
    Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
    policySetId String
    Policy set ID
    profiles List<String>
    The authorization profile(s)
    rank Number
    The rank (priority) in relation to other rules. Lower rank is higher priority.
    securityGroup String
    Security group used in authorization policies
    state String
    The state that the rule is in. A disabled rule cannot be matched. - Choices: disabled, enabled, monitor

    Supporting Types

    AuthorizationRuleChildren, AuthorizationRuleChildrenArgs

    ConditionType string
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.

    • Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    AttributeName string
    Dictionary attribute name
    AttributeValue string
    Attribute value for condition. Value type is specified in dictionary object.
    Childrens List<AuthorizationRuleChildrenChildren>
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    DictionaryName string
    Dictionary name
    DictionaryValue string
    Dictionary value
    Id string
    UUID for condition
    IsNegate bool
    Indicates whereas this condition is in negate mode
    Operator string
    Equality operator

    • Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    ConditionType string
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.

    • Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    AttributeName string
    Dictionary attribute name
    AttributeValue string
    Attribute value for condition. Value type is specified in dictionary object.
    Childrens []AuthorizationRuleChildrenChildren
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    DictionaryName string
    Dictionary name
    DictionaryValue string
    Dictionary value
    Id string
    UUID for condition
    IsNegate bool
    Indicates whereas this condition is in negate mode
    Operator string
    Equality operator

    • Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    conditionType String
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.

    • Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    attributeName String
    Dictionary attribute name
    attributeValue String
    Attribute value for condition. Value type is specified in dictionary object.
    childrens List<AuthorizationRuleChildrenChildren>
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    dictionaryName String
    Dictionary name
    dictionaryValue String
    Dictionary value
    id String
    UUID for condition
    isNegate Boolean
    Indicates whereas this condition is in negate mode
    operator String
    Equality operator

    • Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    conditionType string
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.

    • Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    attributeName string
    Dictionary attribute name
    attributeValue string
    Attribute value for condition. Value type is specified in dictionary object.
    childrens AuthorizationRuleChildrenChildren[]
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    dictionaryName string
    Dictionary name
    dictionaryValue string
    Dictionary value
    id string
    UUID for condition
    isNegate boolean
    Indicates whereas this condition is in negate mode
    operator string
    Equality operator

    • Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    condition_type str
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.

    • Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    attribute_name str
    Dictionary attribute name
    attribute_value str
    Attribute value for condition. Value type is specified in dictionary object.
    childrens Sequence[AuthorizationRuleChildrenChildren]
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    dictionary_name str
    Dictionary name
    dictionary_value str
    Dictionary value
    id str
    UUID for condition
    is_negate bool
    Indicates whereas this condition is in negate mode
    operator str
    Equality operator

    • Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    conditionType String
    Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.

    • Choices: ConditionAndBlock, ConditionAttributes, ConditionOrBlock, ConditionReference
    attributeName String
    Dictionary attribute name
    attributeValue String
    Attribute value for condition. Value type is specified in dictionary object.
    childrens List<Property Map>
    List of child conditions. condition_type must be one of ConditionAndBlock or ConditionOrBlock.
    dictionaryName String
    Dictionary name
    dictionaryValue String
    Dictionary value
    id String
    UUID for condition
    isNegate Boolean
    Indicates whereas this condition is in negate mode
    operator String
    Equality operator

    • Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith

    AuthorizationRuleChildrenChildren, AuthorizationRuleChildrenChildrenArgs

    ConditionType string
    Condition type.

    • Choices: ConditionAttributes, ConditionReference
    AttributeName string
    Dictionary attribute name
    AttributeValue string
    Attribute value for condition. Value type is specified in dictionary object.
    DictionaryName string
    Dictionary name
    DictionaryValue string
    Dictionary value
    Id string
    UUID for condition
    IsNegate bool
    Indicates whereas this condition is in negate mode
    Operator string
    Equality operator

    • Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    ConditionType string
    Condition type.

    • Choices: ConditionAttributes, ConditionReference
    AttributeName string
    Dictionary attribute name
    AttributeValue string
    Attribute value for condition. Value type is specified in dictionary object.
    DictionaryName string
    Dictionary name
    DictionaryValue string
    Dictionary value
    Id string
    UUID for condition
    IsNegate bool
    Indicates whereas this condition is in negate mode
    Operator string
    Equality operator

    • Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    conditionType String
    Condition type.

    • Choices: ConditionAttributes, ConditionReference
    attributeName String
    Dictionary attribute name
    attributeValue String
    Attribute value for condition. Value type is specified in dictionary object.
    dictionaryName String
    Dictionary name
    dictionaryValue String
    Dictionary value
    id String
    UUID for condition
    isNegate Boolean
    Indicates whereas this condition is in negate mode
    operator String
    Equality operator

    • Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    conditionType string
    Condition type.

    • Choices: ConditionAttributes, ConditionReference
    attributeName string
    Dictionary attribute name
    attributeValue string
    Attribute value for condition. Value type is specified in dictionary object.
    dictionaryName string
    Dictionary name
    dictionaryValue string
    Dictionary value
    id string
    UUID for condition
    isNegate boolean
    Indicates whereas this condition is in negate mode
    operator string
    Equality operator

    • Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    condition_type str
    Condition type.

    • Choices: ConditionAttributes, ConditionReference
    attribute_name str
    Dictionary attribute name
    attribute_value str
    Attribute value for condition. Value type is specified in dictionary object.
    dictionary_name str
    Dictionary name
    dictionary_value str
    Dictionary value
    id str
    UUID for condition
    is_negate bool
    Indicates whereas this condition is in negate mode
    operator str
    Equality operator

    • Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith
    conditionType String
    Condition type.

    • Choices: ConditionAttributes, ConditionReference
    attributeName String
    Dictionary attribute name
    attributeValue String
    Attribute value for condition. Value type is specified in dictionary object.
    dictionaryName String
    Dictionary name
    dictionaryValue String
    Dictionary value
    id String
    UUID for condition
    isNegate Boolean
    Indicates whereas this condition is in negate mode
    operator String
    Equality operator

    • Choices: contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith

    Import

    $ pulumi import ise:networkaccess/authorizationRule:AuthorizationRule example "76d24097-41c4-4558-a4d0-a8c07ac08470,76d24097-41c4-4558-a4d0-a8c07ac08470"
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    ise pulumi/pulumi-ise
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the ise Terraform Provider.
    ise logo
    Cisco ISE v0.1.11 published on Monday, Dec 2, 2024 by Pulumi