nsxt 3.8.0, Apr 14 25

nsxt 3.8.0 published on Monday, Apr 14, 2025 by vmware

nsxt.PolicySecurityPolicyRule

Explore with Pulumi AI

nsxt 3.8.0 published on Monday, Apr 14, 2025 by vmware

Create PolicySecurityPolicyRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new PolicySecurityPolicyRule(name: string, args: PolicySecurityPolicyRuleArgs, opts?: CustomResourceOptions);

@overload
def PolicySecurityPolicyRule(resource_name: str,
                             args: PolicySecurityPolicyRuleInitArgs,
                             opts: Optional[ResourceOptions] = None)

@overload
def PolicySecurityPolicyRule(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             display_name: Optional[str] = None,
                             sequence_number: Optional[float] = None,
                             policy_path: Optional[str] = None,
                             logged: Optional[bool] = None,
                             nsx_id: Optional[str] = None,
                             direction: Optional[str] = None,
                             disabled: Optional[bool] = None,
                             destination_groups: Optional[Sequence[str]] = None,
                             ip_version: Optional[str] = None,
                             log_label: Optional[str] = None,
                             action: Optional[str] = None,
                             notes: Optional[str] = None,
                             destinations_excluded: Optional[bool] = None,
                             description: Optional[str] = None,
                             policy_security_policy_rule_id: Optional[str] = None,
                             profiles: Optional[Sequence[str]] = None,
                             scopes: Optional[Sequence[str]] = None,
                             context: Optional[PolicySecurityPolicyRuleContextArgs] = None,
                             services: Optional[Sequence[str]] = None,
                             source_groups: Optional[Sequence[str]] = None,
                             sources_excluded: Optional[bool] = None,
                             tags: Optional[Sequence[PolicySecurityPolicyRuleTagArgs]] = None)

func NewPolicySecurityPolicyRule(ctx *Context, name string, args PolicySecurityPolicyRuleArgs, opts ...ResourceOption) (*PolicySecurityPolicyRule, error)

public PolicySecurityPolicyRule(string name, PolicySecurityPolicyRuleArgs args, CustomResourceOptions? opts = null)

public PolicySecurityPolicyRule(String name, PolicySecurityPolicyRuleArgs args)
public PolicySecurityPolicyRule(String name, PolicySecurityPolicyRuleArgs args, CustomResourceOptions options)

type: nsxt:PolicySecurityPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PolicySecurityPolicyRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PolicySecurityPolicyRuleInitArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PolicySecurityPolicyRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PolicySecurityPolicyRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PolicySecurityPolicyRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var policySecurityPolicyRuleResource = new Nsxt.PolicySecurityPolicyRule("policySecurityPolicyRuleResource", new()
{
    DisplayName = "string",
    SequenceNumber = 0,
    PolicyPath = "string",
    Logged = false,
    NsxId = "string",
    Direction = "string",
    Disabled = false,
    DestinationGroups = new[]
    {
        "string",
    },
    IpVersion = "string",
    LogLabel = "string",
    Action = "string",
    Notes = "string",
    DestinationsExcluded = false,
    Description = "string",
    PolicySecurityPolicyRuleId = "string",
    Profiles = new[]
    {
        "string",
    },
    Scopes = new[]
    {
        "string",
    },
    Context = new Nsxt.Inputs.PolicySecurityPolicyRuleContextArgs
    {
        ProjectId = "string",
    },
    Services = new[]
    {
        "string",
    },
    SourceGroups = new[]
    {
        "string",
    },
    SourcesExcluded = false,
    Tags = new[]
    {
        new Nsxt.Inputs.PolicySecurityPolicyRuleTagArgs
        {
            Scope = "string",
            Tag = "string",
        },
    },
});

example, err := nsxt.NewPolicySecurityPolicyRule(ctx, "policySecurityPolicyRuleResource", &nsxt.PolicySecurityPolicyRuleArgs{
	DisplayName:    pulumi.String("string"),
	SequenceNumber: pulumi.Float64(0),
	PolicyPath:     pulumi.String("string"),
	Logged:         pulumi.Bool(false),
	NsxId:          pulumi.String("string"),
	Direction:      pulumi.String("string"),
	Disabled:       pulumi.Bool(false),
	DestinationGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	IpVersion:                  pulumi.String("string"),
	LogLabel:                   pulumi.String("string"),
	Action:                     pulumi.String("string"),
	Notes:                      pulumi.String("string"),
	DestinationsExcluded:       pulumi.Bool(false),
	Description:                pulumi.String("string"),
	PolicySecurityPolicyRuleId: pulumi.String("string"),
	Profiles: pulumi.StringArray{
		pulumi.String("string"),
	},
	Scopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Context: &nsxt.PolicySecurityPolicyRuleContextArgs{
		ProjectId: pulumi.String("string"),
	},
	Services: pulumi.StringArray{
		pulumi.String("string"),
	},
	SourceGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	SourcesExcluded: pulumi.Bool(false),
	Tags: nsxt.PolicySecurityPolicyRuleTagArray{
		&nsxt.PolicySecurityPolicyRuleTagArgs{
			Scope: pulumi.String("string"),
			Tag:   pulumi.String("string"),
		},
	},
})

var policySecurityPolicyRuleResource = new PolicySecurityPolicyRule("policySecurityPolicyRuleResource", PolicySecurityPolicyRuleArgs.builder()
    .displayName("string")
    .sequenceNumber(0)
    .policyPath("string")
    .logged(false)
    .nsxId("string")
    .direction("string")
    .disabled(false)
    .destinationGroups("string")
    .ipVersion("string")
    .logLabel("string")
    .action("string")
    .notes("string")
    .destinationsExcluded(false)
    .description("string")
    .policySecurityPolicyRuleId("string")
    .profiles("string")
    .scopes("string")
    .context(PolicySecurityPolicyRuleContextArgs.builder()
        .projectId("string")
        .build())
    .services("string")
    .sourceGroups("string")
    .sourcesExcluded(false)
    .tags(PolicySecurityPolicyRuleTagArgs.builder()
        .scope("string")
        .tag("string")
        .build())
    .build());

policy_security_policy_rule_resource = nsxt.PolicySecurityPolicyRule("policySecurityPolicyRuleResource",
    display_name="string",
    sequence_number=0,
    policy_path="string",
    logged=False,
    nsx_id="string",
    direction="string",
    disabled=False,
    destination_groups=["string"],
    ip_version="string",
    log_label="string",
    action="string",
    notes="string",
    destinations_excluded=False,
    description="string",
    policy_security_policy_rule_id="string",
    profiles=["string"],
    scopes=["string"],
    context={
        "project_id": "string",
    },
    services=["string"],
    source_groups=["string"],
    sources_excluded=False,
    tags=[{
        "scope": "string",
        "tag": "string",
    }])

const policySecurityPolicyRuleResource = new nsxt.PolicySecurityPolicyRule("policySecurityPolicyRuleResource", {
    displayName: "string",
    sequenceNumber: 0,
    policyPath: "string",
    logged: false,
    nsxId: "string",
    direction: "string",
    disabled: false,
    destinationGroups: ["string"],
    ipVersion: "string",
    logLabel: "string",
    action: "string",
    notes: "string",
    destinationsExcluded: false,
    description: "string",
    policySecurityPolicyRuleId: "string",
    profiles: ["string"],
    scopes: ["string"],
    context: {
        projectId: "string",
    },
    services: ["string"],
    sourceGroups: ["string"],
    sourcesExcluded: false,
    tags: [{
        scope: "string",
        tag: "string",
    }],
});

type: nsxt:PolicySecurityPolicyRule
properties:
    action: string
    context:
        projectId: string
    description: string
    destinationGroups:
        - string
    destinationsExcluded: false
    direction: string
    disabled: false
    displayName: string
    ipVersion: string
    logLabel: string
    logged: false
    notes: string
    nsxId: string
    policyPath: string
    policySecurityPolicyRuleId: string
    profiles:
        - string
    scopes:
        - string
    sequenceNumber: 0
    services:
        - string
    sourceGroups:
        - string
    sourcesExcluded: false
    tags:
        - scope: string
          tag: string

PolicySecurityPolicyRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The PolicySecurityPolicyRule resource accepts the following input properties:

DisplayName string: Display name of the resource.
PolicyPath string: The path of the Security Policy which the object belongs to
SequenceNumber double: This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain. Please note that sequence numbers should start with 1 and not 0 to avoid confusion.
Action string: Rule action, one of ALLOW, DROP, REJECT and JUMP_TO_APPLICATION. Default is ALLOW. JUMP_TO_APPLICATION is only applicable in Environment category.
Context PolicySecurityPolicyRuleContext: The context which the object belongs to. If it's not provided, it will be derived from policy_path.
Description string: Description of the resource.
DestinationGroups List<string>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
DestinationsExcluded bool: A boolean value indicating negation of destination groups.
Direction string: Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
Disabled bool: Flag to disable this rule. Default is false.
IpVersion string: Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6. For Ethernet category rules, use NONE value.
LogLabel string: Additional information (string) which will be propagated to the rule syslog.
Logged bool: Flag to enable packet logging. Default is false.
Notes string: Additional notes on changes.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
PolicySecurityPolicyRuleId string
Profiles List<string>: Set of profile paths relevant for this rule.
Scopes List<string>: Set of policy object paths where the rule is applied.
Services List<string>: Set of service paths to match.
SourceGroups List<string>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
SourcesExcluded bool: A boolean value indicating negation of source groups.
Tags List<PolicySecurityPolicyRuleTag>: A list of scope + tag pairs to associate with this policy.

DisplayName string: Display name of the resource.
PolicyPath string: The path of the Security Policy which the object belongs to
SequenceNumber float64: This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain. Please note that sequence numbers should start with 1 and not 0 to avoid confusion.
Action string: Rule action, one of ALLOW, DROP, REJECT and JUMP_TO_APPLICATION. Default is ALLOW. JUMP_TO_APPLICATION is only applicable in Environment category.
Context PolicySecurityPolicyRuleContextArgs: The context which the object belongs to. If it's not provided, it will be derived from policy_path.
Description string: Description of the resource.
DestinationGroups []string: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
DestinationsExcluded bool: A boolean value indicating negation of destination groups.
Direction string: Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
Disabled bool: Flag to disable this rule. Default is false.
IpVersion string: Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6. For Ethernet category rules, use NONE value.
LogLabel string: Additional information (string) which will be propagated to the rule syslog.
Logged bool: Flag to enable packet logging. Default is false.
Notes string: Additional notes on changes.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
PolicySecurityPolicyRuleId string
Profiles []string: Set of profile paths relevant for this rule.
Scopes []string: Set of policy object paths where the rule is applied.
Services []string: Set of service paths to match.
SourceGroups []string: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
SourcesExcluded bool: A boolean value indicating negation of source groups.
Tags []PolicySecurityPolicyRuleTagArgs: A list of scope + tag pairs to associate with this policy.

displayName String: Display name of the resource.
policyPath String: The path of the Security Policy which the object belongs to
sequenceNumber Double: This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain. Please note that sequence numbers should start with 1 and not 0 to avoid confusion.
action String: Rule action, one of ALLOW, DROP, REJECT and JUMP_TO_APPLICATION. Default is ALLOW. JUMP_TO_APPLICATION is only applicable in Environment category.
context PolicySecurityPolicyRuleContext: The context which the object belongs to. If it's not provided, it will be derived from policy_path.
description String: Description of the resource.
destinationGroups List<String>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinationsExcluded Boolean: A boolean value indicating negation of destination groups.
direction String: Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
disabled Boolean: Flag to disable this rule. Default is false.
ipVersion String: Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6. For Ethernet category rules, use NONE value.
logLabel String: Additional information (string) which will be propagated to the rule syslog.
logged Boolean: Flag to enable packet logging. Default is false.
notes String: Additional notes on changes.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the resource.
policySecurityPolicyRuleId String
profiles List<String>: Set of profile paths relevant for this rule.
scopes List<String>: Set of policy object paths where the rule is applied.
services List<String>: Set of service paths to match.
sourceGroups List<String>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sourcesExcluded Boolean: A boolean value indicating negation of source groups.
tags List<PolicySecurityPolicyRuleTag>: A list of scope + tag pairs to associate with this policy.

displayName string: Display name of the resource.
policyPath string: The path of the Security Policy which the object belongs to
sequenceNumber number: This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain. Please note that sequence numbers should start with 1 and not 0 to avoid confusion.
action string: Rule action, one of ALLOW, DROP, REJECT and JUMP_TO_APPLICATION. Default is ALLOW. JUMP_TO_APPLICATION is only applicable in Environment category.
context PolicySecurityPolicyRuleContext: The context which the object belongs to. If it's not provided, it will be derived from policy_path.
description string: Description of the resource.
destinationGroups string[]: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinationsExcluded boolean: A boolean value indicating negation of destination groups.
direction string: Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
disabled boolean: Flag to disable this rule. Default is false.
ipVersion string: Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6. For Ethernet category rules, use NONE value.
logLabel string: Additional information (string) which will be propagated to the rule syslog.
logged boolean: Flag to enable packet logging. Default is false.
notes string: Additional notes on changes.
nsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
policySecurityPolicyRuleId string
profiles string[]: Set of profile paths relevant for this rule.
scopes string[]: Set of policy object paths where the rule is applied.
services string[]: Set of service paths to match.
sourceGroups string[]: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sourcesExcluded boolean: A boolean value indicating negation of source groups.
tags PolicySecurityPolicyRuleTag[]: A list of scope + tag pairs to associate with this policy.

display_name str: Display name of the resource.
policy_path str: The path of the Security Policy which the object belongs to
sequence_number float: This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain. Please note that sequence numbers should start with 1 and not 0 to avoid confusion.
action str: Rule action, one of ALLOW, DROP, REJECT and JUMP_TO_APPLICATION. Default is ALLOW. JUMP_TO_APPLICATION is only applicable in Environment category.
context PolicySecurityPolicyRuleContextArgs: The context which the object belongs to. If it's not provided, it will be derived from policy_path.
description str: Description of the resource.
destination_groups Sequence[str]: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinations_excluded bool: A boolean value indicating negation of destination groups.
direction str: Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
disabled bool: Flag to disable this rule. Default is false.
ip_version str: Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6. For Ethernet category rules, use NONE value.
log_label str: Additional information (string) which will be propagated to the rule syslog.
logged bool: Flag to enable packet logging. Default is false.
notes str: Additional notes on changes.
nsx_id str: The NSX ID of this resource. If set, this ID will be used to create the resource.
policy_security_policy_rule_id str
profiles Sequence[str]: Set of profile paths relevant for this rule.
scopes Sequence[str]: Set of policy object paths where the rule is applied.
services Sequence[str]: Set of service paths to match.
source_groups Sequence[str]: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sources_excluded bool: A boolean value indicating negation of source groups.
tags Sequence[PolicySecurityPolicyRuleTagArgs]: A list of scope + tag pairs to associate with this policy.

displayName String: Display name of the resource.
policyPath String: The path of the Security Policy which the object belongs to
sequenceNumber Number: This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain. Please note that sequence numbers should start with 1 and not 0 to avoid confusion.
action String: Rule action, one of ALLOW, DROP, REJECT and JUMP_TO_APPLICATION. Default is ALLOW. JUMP_TO_APPLICATION is only applicable in Environment category.
context Property Map: The context which the object belongs to. If it's not provided, it will be derived from policy_path.
description String: Description of the resource.
destinationGroups List<String>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinationsExcluded Boolean: A boolean value indicating negation of destination groups.
direction String: Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
disabled Boolean: Flag to disable this rule. Default is false.
ipVersion String: Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6. For Ethernet category rules, use NONE value.
logLabel String: Additional information (string) which will be propagated to the rule syslog.
logged Boolean: Flag to enable packet logging. Default is false.
notes String: Additional notes on changes.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the resource.
policySecurityPolicyRuleId String
profiles List<String>: Set of profile paths relevant for this rule.
scopes List<String>: Set of policy object paths where the rule is applied.
services List<String>: Set of service paths to match.
sourceGroups List<String>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sourcesExcluded Boolean: A boolean value indicating negation of source groups.
tags List<Property Map>: A list of scope + tag pairs to associate with this policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the PolicySecurityPolicyRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Path string: The NSX path of the policy resource.
Revision double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
RuleId double: Unique positive number that is assigned by the system and is useful for debugging.

Id string: The provider-assigned unique ID for this managed resource.
Path string: The NSX path of the policy resource.
Revision float64: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
RuleId float64: Unique positive number that is assigned by the system and is useful for debugging.

id String: The provider-assigned unique ID for this managed resource.
path String: The NSX path of the policy resource.
revision Double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId Double: Unique positive number that is assigned by the system and is useful for debugging.

id string: The provider-assigned unique ID for this managed resource.
path string: The NSX path of the policy resource.
revision number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId number: Unique positive number that is assigned by the system and is useful for debugging.

id str: The provider-assigned unique ID for this managed resource.
path str: The NSX path of the policy resource.
revision float: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rule_id float: Unique positive number that is assigned by the system and is useful for debugging.

id String: The provider-assigned unique ID for this managed resource.
path String: The NSX path of the policy resource.
revision Number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId Number: Unique positive number that is assigned by the system and is useful for debugging.

Look up Existing PolicySecurityPolicyRule Resource

Get an existing PolicySecurityPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PolicySecurityPolicyRuleState, opts?: CustomResourceOptions): PolicySecurityPolicyRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        context: Optional[PolicySecurityPolicyRuleContextArgs] = None,
        description: Optional[str] = None,
        destination_groups: Optional[Sequence[str]] = None,
        destinations_excluded: Optional[bool] = None,
        direction: Optional[str] = None,
        disabled: Optional[bool] = None,
        display_name: Optional[str] = None,
        ip_version: Optional[str] = None,
        log_label: Optional[str] = None,
        logged: Optional[bool] = None,
        notes: Optional[str] = None,
        nsx_id: Optional[str] = None,
        path: Optional[str] = None,
        policy_path: Optional[str] = None,
        policy_security_policy_rule_id: Optional[str] = None,
        profiles: Optional[Sequence[str]] = None,
        revision: Optional[float] = None,
        rule_id: Optional[float] = None,
        scopes: Optional[Sequence[str]] = None,
        sequence_number: Optional[float] = None,
        services: Optional[Sequence[str]] = None,
        source_groups: Optional[Sequence[str]] = None,
        sources_excluded: Optional[bool] = None,
        tags: Optional[Sequence[PolicySecurityPolicyRuleTagArgs]] = None) -> PolicySecurityPolicyRule

func GetPolicySecurityPolicyRule(ctx *Context, name string, id IDInput, state *PolicySecurityPolicyRuleState, opts ...ResourceOption) (*PolicySecurityPolicyRule, error)

public static PolicySecurityPolicyRule Get(string name, Input<string> id, PolicySecurityPolicyRuleState? state, CustomResourceOptions? opts = null)

public static PolicySecurityPolicyRule get(String name, Output<String> id, PolicySecurityPolicyRuleState state, CustomResourceOptions options)

resources:  _:    type: nsxt:PolicySecurityPolicyRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string: Rule action, one of ALLOW, DROP, REJECT and JUMP_TO_APPLICATION. Default is ALLOW. JUMP_TO_APPLICATION is only applicable in Environment category.
Context PolicySecurityPolicyRuleContext: The context which the object belongs to. If it's not provided, it will be derived from policy_path.
Description string: Description of the resource.
DestinationGroups List<string>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
DestinationsExcluded bool: A boolean value indicating negation of destination groups.
Direction string: Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
Disabled bool: Flag to disable this rule. Default is false.
DisplayName string: Display name of the resource.
IpVersion string: Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6. For Ethernet category rules, use NONE value.
LogLabel string: Additional information (string) which will be propagated to the rule syslog.
Logged bool: Flag to enable packet logging. Default is false.
Notes string: Additional notes on changes.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
Path string: The NSX path of the policy resource.
PolicyPath string: The path of the Security Policy which the object belongs to
PolicySecurityPolicyRuleId string
Profiles List<string>: Set of profile paths relevant for this rule.
Revision double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
RuleId double: Unique positive number that is assigned by the system and is useful for debugging.
Scopes List<string>: Set of policy object paths where the rule is applied.
SequenceNumber double: This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain. Please note that sequence numbers should start with 1 and not 0 to avoid confusion.
Services List<string>: Set of service paths to match.
SourceGroups List<string>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
SourcesExcluded bool: A boolean value indicating negation of source groups.
Tags List<PolicySecurityPolicyRuleTag>: A list of scope + tag pairs to associate with this policy.

Action string: Rule action, one of ALLOW, DROP, REJECT and JUMP_TO_APPLICATION. Default is ALLOW. JUMP_TO_APPLICATION is only applicable in Environment category.
Context PolicySecurityPolicyRuleContextArgs: The context which the object belongs to. If it's not provided, it will be derived from policy_path.
Description string: Description of the resource.
DestinationGroups []string: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
DestinationsExcluded bool: A boolean value indicating negation of destination groups.
Direction string: Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
Disabled bool: Flag to disable this rule. Default is false.
DisplayName string: Display name of the resource.
IpVersion string: Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6. For Ethernet category rules, use NONE value.
LogLabel string: Additional information (string) which will be propagated to the rule syslog.
Logged bool: Flag to enable packet logging. Default is false.
Notes string: Additional notes on changes.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
Path string: The NSX path of the policy resource.
PolicyPath string: The path of the Security Policy which the object belongs to
PolicySecurityPolicyRuleId string
Profiles []string: Set of profile paths relevant for this rule.
Revision float64: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
RuleId float64: Unique positive number that is assigned by the system and is useful for debugging.
Scopes []string: Set of policy object paths where the rule is applied.
SequenceNumber float64: This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain. Please note that sequence numbers should start with 1 and not 0 to avoid confusion.
Services []string: Set of service paths to match.
SourceGroups []string: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
SourcesExcluded bool: A boolean value indicating negation of source groups.
Tags []PolicySecurityPolicyRuleTagArgs: A list of scope + tag pairs to associate with this policy.

action String: Rule action, one of ALLOW, DROP, REJECT and JUMP_TO_APPLICATION. Default is ALLOW. JUMP_TO_APPLICATION is only applicable in Environment category.
context PolicySecurityPolicyRuleContext: The context which the object belongs to. If it's not provided, it will be derived from policy_path.
description String: Description of the resource.
destinationGroups List<String>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinationsExcluded Boolean: A boolean value indicating negation of destination groups.
direction String: Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
disabled Boolean: Flag to disable this rule. Default is false.
displayName String: Display name of the resource.
ipVersion String: Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6. For Ethernet category rules, use NONE value.
logLabel String: Additional information (string) which will be propagated to the rule syslog.
logged Boolean: Flag to enable packet logging. Default is false.
notes String: Additional notes on changes.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the resource.
path String: The NSX path of the policy resource.
policyPath String: The path of the Security Policy which the object belongs to
policySecurityPolicyRuleId String
profiles List<String>: Set of profile paths relevant for this rule.
revision Double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId Double: Unique positive number that is assigned by the system and is useful for debugging.
scopes List<String>: Set of policy object paths where the rule is applied.
sequenceNumber Double: This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain. Please note that sequence numbers should start with 1 and not 0 to avoid confusion.
services List<String>: Set of service paths to match.
sourceGroups List<String>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sourcesExcluded Boolean: A boolean value indicating negation of source groups.
tags List<PolicySecurityPolicyRuleTag>: A list of scope + tag pairs to associate with this policy.

action string: Rule action, one of ALLOW, DROP, REJECT and JUMP_TO_APPLICATION. Default is ALLOW. JUMP_TO_APPLICATION is only applicable in Environment category.
context PolicySecurityPolicyRuleContext: The context which the object belongs to. If it's not provided, it will be derived from policy_path.
description string: Description of the resource.
destinationGroups string[]: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinationsExcluded boolean: A boolean value indicating negation of destination groups.
direction string: Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
disabled boolean: Flag to disable this rule. Default is false.
displayName string: Display name of the resource.
ipVersion string: Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6. For Ethernet category rules, use NONE value.
logLabel string: Additional information (string) which will be propagated to the rule syslog.
logged boolean: Flag to enable packet logging. Default is false.
notes string: Additional notes on changes.
nsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
path string: The NSX path of the policy resource.
policyPath string: The path of the Security Policy which the object belongs to
policySecurityPolicyRuleId string
profiles string[]: Set of profile paths relevant for this rule.
revision number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId number: Unique positive number that is assigned by the system and is useful for debugging.
scopes string[]: Set of policy object paths where the rule is applied.
sequenceNumber number: This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain. Please note that sequence numbers should start with 1 and not 0 to avoid confusion.
services string[]: Set of service paths to match.
sourceGroups string[]: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sourcesExcluded boolean: A boolean value indicating negation of source groups.
tags PolicySecurityPolicyRuleTag[]: A list of scope + tag pairs to associate with this policy.

action str: Rule action, one of ALLOW, DROP, REJECT and JUMP_TO_APPLICATION. Default is ALLOW. JUMP_TO_APPLICATION is only applicable in Environment category.
context PolicySecurityPolicyRuleContextArgs: The context which the object belongs to. If it's not provided, it will be derived from policy_path.
description str: Description of the resource.
destination_groups Sequence[str]: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinations_excluded bool: A boolean value indicating negation of destination groups.
direction str: Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
disabled bool: Flag to disable this rule. Default is false.
display_name str: Display name of the resource.
ip_version str: Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6. For Ethernet category rules, use NONE value.
log_label str: Additional information (string) which will be propagated to the rule syslog.
logged bool: Flag to enable packet logging. Default is false.
notes str: Additional notes on changes.
nsx_id str: The NSX ID of this resource. If set, this ID will be used to create the resource.
path str: The NSX path of the policy resource.
policy_path str: The path of the Security Policy which the object belongs to
policy_security_policy_rule_id str
profiles Sequence[str]: Set of profile paths relevant for this rule.
revision float: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rule_id float: Unique positive number that is assigned by the system and is useful for debugging.
scopes Sequence[str]: Set of policy object paths where the rule is applied.
sequence_number float: This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain. Please note that sequence numbers should start with 1 and not 0 to avoid confusion.
services Sequence[str]: Set of service paths to match.
source_groups Sequence[str]: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sources_excluded bool: A boolean value indicating negation of source groups.
tags Sequence[PolicySecurityPolicyRuleTagArgs]: A list of scope + tag pairs to associate with this policy.

action String: Rule action, one of ALLOW, DROP, REJECT and JUMP_TO_APPLICATION. Default is ALLOW. JUMP_TO_APPLICATION is only applicable in Environment category.
context Property Map: The context which the object belongs to. If it's not provided, it will be derived from policy_path.
description String: Description of the resource.
destinationGroups List<String>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinationsExcluded Boolean: A boolean value indicating negation of destination groups.
direction String: Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
disabled Boolean: Flag to disable this rule. Default is false.
displayName String: Display name of the resource.
ipVersion String: Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6. For Ethernet category rules, use NONE value.
logLabel String: Additional information (string) which will be propagated to the rule syslog.
logged Boolean: Flag to enable packet logging. Default is false.
notes String: Additional notes on changes.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the resource.
path String: The NSX path of the policy resource.
policyPath String: The path of the Security Policy which the object belongs to
policySecurityPolicyRuleId String
profiles List<String>: Set of profile paths relevant for this rule.
revision Number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId Number: Unique positive number that is assigned by the system and is useful for debugging.
scopes List<String>: Set of policy object paths where the rule is applied.
sequenceNumber Number: This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain. Please note that sequence numbers should start with 1 and not 0 to avoid confusion.
services List<String>: Set of service paths to match.
sourceGroups List<String>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sourcesExcluded Boolean: A boolean value indicating negation of source groups.
tags List<Property Map>: A list of scope + tag pairs to associate with this policy.

Supporting Types

PolicySecurityPolicyRuleContext, PolicySecurityPolicyRuleContextArgs

ProjectId string: The ID of the project which the object belongs to

ProjectId string: The ID of the project which the object belongs to

projectId String: The ID of the project which the object belongs to

projectId string: The ID of the project which the object belongs to

project_id str: The ID of the project which the object belongs to

projectId String: The ID of the project which the object belongs to

PolicySecurityPolicyRuleTag, PolicySecurityPolicyRuleTagArgs

Scope string: Set of policy object paths where the rule is applied.
Tag string: A list of scope + tag pairs to associate with this policy.

Scope string: Set of policy object paths where the rule is applied.
Tag string: A list of scope + tag pairs to associate with this policy.

scope String: Set of policy object paths where the rule is applied.
tag String: A list of scope + tag pairs to associate with this policy.

scope string: Set of policy object paths where the rule is applied.
tag string: A list of scope + tag pairs to associate with this policy.

scope str: Set of policy object paths where the rule is applied.
tag str: A list of scope + tag pairs to associate with this policy.

scope String: Set of policy object paths where the rule is applied.
tag String: A list of scope + tag pairs to associate with this policy.

Package Details

Repository: nsxt vmware/terraform-provider-nsxt
License
Notes: This Pulumi package is based on the nsxt Terraform Provider.

nsxt 3.8.0 published on Monday, Apr 14, 2025 by vmware

vmware/terraform-provider-nsxt

nsxt.PolicySecurityPolicyRule

On this page

On this page

Create PolicySecurityPolicyRule Resource

Constructor syntax

Parameters

Constructor example

PolicySecurityPolicyRule Resource Properties

Inputs

Outputs

Look up Existing PolicySecurityPolicyRule Resource

Supporting Types

PolicySecurityPolicyRuleContext, PolicySecurityPolicyRuleContextArgs

PolicySecurityPolicyRuleTag, PolicySecurityPolicyRuleTagArgs

Package Details

On this page

On this page