oci.NetworkFirewall.getNetworkFirewallPolicy
Explore with Pulumi AI
This data source provides details about a specific Network Firewall Policy resource in Oracle Cloud Infrastructure Network Firewall service.
Gets a NetworkFirewallPolicy given the network firewall policy identifier.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() =>
{
var testNetworkFirewallPolicy = Oci.NetworkFirewall.GetNetworkFirewallPolicy.Invoke(new()
{
NetworkFirewallPolicyId = oci_network_firewall_network_firewall_policy.Test_network_firewall_policy.Id,
});
});
package main
import (
"github.com/pulumi/pulumi-oci/sdk/go/oci/NetworkFirewall"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := NetworkFirewall.GetNetworkFirewallPolicy(ctx, &networkfirewall.GetNetworkFirewallPolicyArgs{
NetworkFirewallPolicyId: oci_network_firewall_network_firewall_policy.Test_network_firewall_policy.Id,
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.NetworkFirewall.NetworkFirewallFunctions;
import com.pulumi.oci.NetworkFirewall.inputs.GetNetworkFirewallPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var testNetworkFirewallPolicy = NetworkFirewallFunctions.getNetworkFirewallPolicy(GetNetworkFirewallPolicyArgs.builder()
.networkFirewallPolicyId(oci_network_firewall_network_firewall_policy.test_network_firewall_policy().id())
.build());
}
}
import pulumi
import pulumi_oci as oci
test_network_firewall_policy = oci.NetworkFirewall.get_network_firewall_policy(network_firewall_policy_id=%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testNetworkFirewallPolicy = oci.NetworkFirewall.getNetworkFirewallPolicy({
networkFirewallPolicyId: oci_network_firewall_network_firewall_policy.test_network_firewall_policy.id,
});
variables:
testNetworkFirewallPolicy:
fn::invoke:
Function: oci:NetworkFirewall:getNetworkFirewallPolicy
Arguments:
networkFirewallPolicyId: ${oci_network_firewall_network_firewall_policy.test_network_firewall_policy.id}
Using getNetworkFirewallPolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getNetworkFirewallPolicy(args: GetNetworkFirewallPolicyArgs, opts?: InvokeOptions): Promise<GetNetworkFirewallPolicyResult>
function getNetworkFirewallPolicyOutput(args: GetNetworkFirewallPolicyOutputArgs, opts?: InvokeOptions): Output<GetNetworkFirewallPolicyResult>
def get_network_firewall_policy(network_firewall_policy_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetNetworkFirewallPolicyResult
def get_network_firewall_policy_output(network_firewall_policy_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetNetworkFirewallPolicyResult]
func GetNetworkFirewallPolicy(ctx *Context, args *GetNetworkFirewallPolicyArgs, opts ...InvokeOption) (*GetNetworkFirewallPolicyResult, error)
func GetNetworkFirewallPolicyOutput(ctx *Context, args *GetNetworkFirewallPolicyOutputArgs, opts ...InvokeOption) GetNetworkFirewallPolicyResultOutput
> Note: This function is named GetNetworkFirewallPolicy
in the Go SDK.
public static class GetNetworkFirewallPolicy
{
public static Task<GetNetworkFirewallPolicyResult> InvokeAsync(GetNetworkFirewallPolicyArgs args, InvokeOptions? opts = null)
public static Output<GetNetworkFirewallPolicyResult> Invoke(GetNetworkFirewallPolicyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetNetworkFirewallPolicyResult> getNetworkFirewallPolicy(GetNetworkFirewallPolicyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: oci:NetworkFirewall/getNetworkFirewallPolicy:getNetworkFirewallPolicy
arguments:
# arguments dictionary
The following arguments are supported:
- Network
Firewall stringPolicy Id Unique Network Firewall Policy identifier
- Network
Firewall stringPolicy Id Unique Network Firewall Policy identifier
- network
Firewall StringPolicy Id Unique Network Firewall Policy identifier
- network
Firewall stringPolicy Id Unique Network Firewall Policy identifier
- network_
firewall_ strpolicy_ id Unique Network Firewall Policy identifier
- network
Firewall StringPolicy Id Unique Network Firewall Policy identifier
getNetworkFirewallPolicy Result
The following output properties are available:
- Application
Lists List<GetNetwork Firewall Policy Application List> Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.
- Compartment
Id string The OCID of the compartment containing the NetworkFirewall Policy.
- Decryption
Profiles List<GetNetwork Firewall Policy Decryption Profile> Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.
- Decryption
Rules List<GetNetwork Firewall Policy Decryption Rule> List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
- Dictionary<string, object>
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example:
{"foo-namespace.bar-key": "value"}
- Display
Name string A user-friendly optional name for the firewall policy. Avoid entering confidential information.
- Dictionary<string, object>
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example:
{"bar-key": "value"}
- Id string
The OCID of the resource - Network Firewall Policy.
- Ip
Address List<GetLists Network Firewall Policy Ip Address List> Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.
- Is
Firewall boolAttached To determine if any Network Firewall is associated with this Network Firewall Policy.
- Lifecycle
Details string A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.
- Mapped
Secrets List<GetNetwork Firewall Policy Mapped Secret> Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.
- Network
Firewall stringPolicy Id - Security
Rules List<GetNetwork Firewall Policy Security Rule> List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
- State string
The current state of the Network Firewall Policy.
- Dictionary<string, object>
Usage of system tag keys. These predefined keys are scoped to namespaces. Example:
{"orcl-cloud.free-tier-retained": "true"}
- Time
Created string The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- Time
Updated string The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- Url
Lists List<GetNetwork Firewall Policy Url List> Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.
- Application
Lists []GetNetwork Firewall Policy Application List Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.
- Compartment
Id string The OCID of the compartment containing the NetworkFirewall Policy.
- Decryption
Profiles []GetNetwork Firewall Policy Decryption Profile Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.
- Decryption
Rules []GetNetwork Firewall Policy Decryption Rule List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
- map[string]interface{}
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example:
{"foo-namespace.bar-key": "value"}
- Display
Name string A user-friendly optional name for the firewall policy. Avoid entering confidential information.
- map[string]interface{}
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example:
{"bar-key": "value"}
- Id string
The OCID of the resource - Network Firewall Policy.
- Ip
Address []GetLists Network Firewall Policy Ip Address List Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.
- Is
Firewall boolAttached To determine if any Network Firewall is associated with this Network Firewall Policy.
- Lifecycle
Details string A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.
- Mapped
Secrets []GetNetwork Firewall Policy Mapped Secret Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.
- Network
Firewall stringPolicy Id - Security
Rules []GetNetwork Firewall Policy Security Rule List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
- State string
The current state of the Network Firewall Policy.
- map[string]interface{}
Usage of system tag keys. These predefined keys are scoped to namespaces. Example:
{"orcl-cloud.free-tier-retained": "true"}
- Time
Created string The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- Time
Updated string The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- Url
Lists []GetNetwork Firewall Policy Url List Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.
- application
Lists List<GetPolicy Application List> Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.
- compartment
Id String The OCID of the compartment containing the NetworkFirewall Policy.
- decryption
Profiles List<GetPolicy Decryption Profile> Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.
- decryption
Rules List<GetPolicy Decryption Rule> List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
- Map<String,Object>
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example:
{"foo-namespace.bar-key": "value"}
- display
Name String A user-friendly optional name for the firewall policy. Avoid entering confidential information.
- Map<String,Object>
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example:
{"bar-key": "value"}
- id String
The OCID of the resource - Network Firewall Policy.
- ip
Address List<GetLists Policy Ip Address List> Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.
- is
Firewall BooleanAttached To determine if any Network Firewall is associated with this Network Firewall Policy.
- lifecycle
Details String A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.
- mapped
Secrets List<GetPolicy Mapped Secret> Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.
- network
Firewall StringPolicy Id - security
Rules List<GetPolicy Security Rule> List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
- state String
The current state of the Network Firewall Policy.
- Map<String,Object>
Usage of system tag keys. These predefined keys are scoped to namespaces. Example:
{"orcl-cloud.free-tier-retained": "true"}
- time
Created String The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- time
Updated String The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- url
Lists List<GetPolicy Url List> Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.
- application
Lists GetNetwork Firewall Policy Application List[] Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.
- compartment
Id string The OCID of the compartment containing the NetworkFirewall Policy.
- decryption
Profiles GetNetwork Firewall Policy Decryption Profile[] Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.
- decryption
Rules GetNetwork Firewall Policy Decryption Rule[] List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
- {[key: string]: any}
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example:
{"foo-namespace.bar-key": "value"}
- display
Name string A user-friendly optional name for the firewall policy. Avoid entering confidential information.
- {[key: string]: any}
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example:
{"bar-key": "value"}
- id string
The OCID of the resource - Network Firewall Policy.
- ip
Address GetLists Network Firewall Policy Ip Address List[] Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.
- is
Firewall booleanAttached To determine if any Network Firewall is associated with this Network Firewall Policy.
- lifecycle
Details string A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.
- mapped
Secrets GetNetwork Firewall Policy Mapped Secret[] Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.
- network
Firewall stringPolicy Id - security
Rules GetNetwork Firewall Policy Security Rule[] List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
- state string
The current state of the Network Firewall Policy.
- {[key: string]: any}
Usage of system tag keys. These predefined keys are scoped to namespaces. Example:
{"orcl-cloud.free-tier-retained": "true"}
- time
Created string The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- time
Updated string The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- url
Lists GetNetwork Firewall Policy Url List[] Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.
- application_
lists GetNetwork Firewall Policy Application List] Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.
- compartment_
id str The OCID of the compartment containing the NetworkFirewall Policy.
- decryption_
profiles GetNetwork Firewall Policy Decryption Profile] Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.
- decryption_
rules GetNetwork Firewall Policy Decryption Rule] List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
- Mapping[str, Any]
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example:
{"foo-namespace.bar-key": "value"}
- display_
name str A user-friendly optional name for the firewall policy. Avoid entering confidential information.
- Mapping[str, Any]
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example:
{"bar-key": "value"}
- id str
The OCID of the resource - Network Firewall Policy.
- ip_
address_ Getlists Network Firewall Policy Ip Address List] Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.
- is_
firewall_ boolattached To determine if any Network Firewall is associated with this Network Firewall Policy.
- lifecycle_
details str A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.
- mapped_
secrets GetNetwork Firewall Policy Mapped Secret] Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.
- network_
firewall_ strpolicy_ id - security_
rules GetNetwork Firewall Policy Security Rule] List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
- state str
The current state of the Network Firewall Policy.
- Mapping[str, Any]
Usage of system tag keys. These predefined keys are scoped to namespaces. Example:
{"orcl-cloud.free-tier-retained": "true"}
- time_
created str The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- time_
updated str The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- url_
lists GetNetwork Firewall Policy Url List] Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.
- application
Lists List<Property Map> Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.
- compartment
Id String The OCID of the compartment containing the NetworkFirewall Policy.
- decryption
Profiles List<Property Map> Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.
- decryption
Rules List<Property Map> List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
- Map<Any>
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example:
{"foo-namespace.bar-key": "value"}
- display
Name String A user-friendly optional name for the firewall policy. Avoid entering confidential information.
- Map<Any>
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example:
{"bar-key": "value"}
- id String
The OCID of the resource - Network Firewall Policy.
- ip
Address List<Property Map>Lists Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.
- is
Firewall BooleanAttached To determine if any Network Firewall is associated with this Network Firewall Policy.
- lifecycle
Details String A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.
- mapped
Secrets List<Property Map> Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.
- network
Firewall StringPolicy Id - security
Rules List<Property Map> List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
- state String
The current state of the Network Firewall Policy.
- Map<Any>
Usage of system tag keys. These predefined keys are scoped to namespaces. Example:
{"orcl-cloud.free-tier-retained": "true"}
- time
Created String The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- time
Updated String The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- url
Lists List<Property Map> Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.
Supporting Types
GetNetworkFirewallPolicyApplicationList
GetNetworkFirewallPolicyApplicationListApplicationValue
- Icmp
Code int - Icmp
Type int - Maximum
Port int - Minimum
Port int - Type string
Type of the secrets mapped based on the policy.
- Icmp
Code int - Icmp
Type int - Maximum
Port int - Minimum
Port int - Type string
Type of the secrets mapped based on the policy.
- icmp
Code Integer - icmp
Type Integer - maximum
Port Integer - minimum
Port Integer - type String
Type of the secrets mapped based on the policy.
- icmp
Code number - icmp
Type number - maximum
Port number - minimum
Port number - type string
Type of the secrets mapped based on the policy.
- icmp_
code int - icmp_
type int - maximum_
port int - minimum_
port int - type str
Type of the secrets mapped based on the policy.
- icmp
Code Number - icmp
Type Number - maximum
Port Number - minimum
Port Number - type String
Type of the secrets mapped based on the policy.
GetNetworkFirewallPolicyDecryptionProfile
- Are
Certificate boolExtensions Restricted Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- Is
Auto boolInclude Alt Name Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- Is
Expired boolCertificate Blocked Whether to block sessions if server's certificate is expired.
- Is
Out boolOf Capacity Blocked Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- Is
Revocation boolStatus Timeout Blocked Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- Is
Unknown boolRevocation Status Blocked Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- Is
Unsupported boolCipher Blocked Whether to block sessions if SSL cipher suite is not supported.
- Is
Unsupported boolVersion Blocked Whether to block sessions if SSL version is not supported.
- Is
Untrusted boolIssuer Blocked Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- Key string
- Type string
Type of the secrets mapped based on the policy.
- Are
Certificate boolExtensions Restricted Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- Is
Auto boolInclude Alt Name Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- Is
Expired boolCertificate Blocked Whether to block sessions if server's certificate is expired.
- Is
Out boolOf Capacity Blocked Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- Is
Revocation boolStatus Timeout Blocked Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- Is
Unknown boolRevocation Status Blocked Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- Is
Unsupported boolCipher Blocked Whether to block sessions if SSL cipher suite is not supported.
- Is
Unsupported boolVersion Blocked Whether to block sessions if SSL version is not supported.
- Is
Untrusted boolIssuer Blocked Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- Key string
- Type string
Type of the secrets mapped based on the policy.
- are
Certificate BooleanExtensions Restricted Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- is
Auto BooleanInclude Alt Name Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- is
Expired BooleanCertificate Blocked Whether to block sessions if server's certificate is expired.
- is
Out BooleanOf Capacity Blocked Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- is
Revocation BooleanStatus Timeout Blocked Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- is
Unknown BooleanRevocation Status Blocked Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- is
Unsupported BooleanCipher Blocked Whether to block sessions if SSL cipher suite is not supported.
- is
Unsupported BooleanVersion Blocked Whether to block sessions if SSL version is not supported.
- is
Untrusted BooleanIssuer Blocked Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- key String
- type String
Type of the secrets mapped based on the policy.
- are
Certificate booleanExtensions Restricted Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- is
Auto booleanInclude Alt Name Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- is
Expired booleanCertificate Blocked Whether to block sessions if server's certificate is expired.
- is
Out booleanOf Capacity Blocked Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- is
Revocation booleanStatus Timeout Blocked Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- is
Unknown booleanRevocation Status Blocked Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- is
Unsupported booleanCipher Blocked Whether to block sessions if SSL cipher suite is not supported.
- is
Unsupported booleanVersion Blocked Whether to block sessions if SSL version is not supported.
- is
Untrusted booleanIssuer Blocked Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- key string
- type string
Type of the secrets mapped based on the policy.
- are_
certificate_ boolextensions_ restricted Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- is_
auto_ boolinclude_ alt_ name Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- is_
expired_ boolcertificate_ blocked Whether to block sessions if server's certificate is expired.
- is_
out_ boolof_ capacity_ blocked Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- is_
revocation_ boolstatus_ timeout_ blocked Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- is_
unknown_ boolrevocation_ status_ blocked Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- is_
unsupported_ boolcipher_ blocked Whether to block sessions if SSL cipher suite is not supported.
- is_
unsupported_ boolversion_ blocked Whether to block sessions if SSL version is not supported.
- is_
untrusted_ boolissuer_ blocked Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- key str
- type str
Type of the secrets mapped based on the policy.
- are
Certificate BooleanExtensions Restricted Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- is
Auto BooleanInclude Alt Name Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- is
Expired BooleanCertificate Blocked Whether to block sessions if server's certificate is expired.
- is
Out BooleanOf Capacity Blocked Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- is
Revocation BooleanStatus Timeout Blocked Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- is
Unknown BooleanRevocation Status Blocked Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- is
Unsupported BooleanCipher Blocked Whether to block sessions if SSL cipher suite is not supported.
- is
Unsupported BooleanVersion Blocked Whether to block sessions if SSL version is not supported.
- is
Untrusted BooleanIssuer Blocked Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- key String
- type String
Type of the secrets mapped based on the policy.
GetNetworkFirewallPolicyDecryptionRule
- Action string
Types of Action on the Traffic flow.
- ALLOW - Allows the traffic.
- DROP - Silently drops the traffic, e.g. without sending a TCP reset.
- REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
- INSPECT - Inspects traffic for vulnerability as specified in
inspection
, which may result in rejection.
- Conditions
List<Get
Network Firewall Policy Decryption Rule Condition> Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.
- Decryption
Profile string The name of the decryption profile to use.
- Name string
Name for the Security rule, must be unique within the policy.
- Secret string
The name of a mapped secret. Its
type
must match that of the specified decryption profile.
- Action string
Types of Action on the Traffic flow.
- ALLOW - Allows the traffic.
- DROP - Silently drops the traffic, e.g. without sending a TCP reset.
- REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
- INSPECT - Inspects traffic for vulnerability as specified in
inspection
, which may result in rejection.
- Conditions
[]Get
Network Firewall Policy Decryption Rule Condition Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.
- Decryption
Profile string The name of the decryption profile to use.
- Name string
Name for the Security rule, must be unique within the policy.
- Secret string
The name of a mapped secret. Its
type
must match that of the specified decryption profile.
- action String
Types of Action on the Traffic flow.
- ALLOW - Allows the traffic.
- DROP - Silently drops the traffic, e.g. without sending a TCP reset.
- REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
- INSPECT - Inspects traffic for vulnerability as specified in
inspection
, which may result in rejection.
- conditions
List<Get
Policy Decryption Rule Condition> Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.
- decryption
Profile String The name of the decryption profile to use.
- name String
Name for the Security rule, must be unique within the policy.
- secret String
The name of a mapped secret. Its
type
must match that of the specified decryption profile.
- action string
Types of Action on the Traffic flow.
- ALLOW - Allows the traffic.
- DROP - Silently drops the traffic, e.g. without sending a TCP reset.
- REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
- INSPECT - Inspects traffic for vulnerability as specified in
inspection
, which may result in rejection.
- conditions
Get
Network Firewall Policy Decryption Rule Condition[] Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.
- decryption
Profile string The name of the decryption profile to use.
- name string
Name for the Security rule, must be unique within the policy.
- secret string
The name of a mapped secret. Its
type
must match that of the specified decryption profile.
- action str
Types of Action on the Traffic flow.
- ALLOW - Allows the traffic.
- DROP - Silently drops the traffic, e.g. without sending a TCP reset.
- REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
- INSPECT - Inspects traffic for vulnerability as specified in
inspection
, which may result in rejection.
- conditions
Get
Network Firewall Policy Decryption Rule Condition] Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.
- decryption_
profile str The name of the decryption profile to use.
- name str
Name for the Security rule, must be unique within the policy.
- secret str
The name of a mapped secret. Its
type
must match that of the specified decryption profile.
- action String
Types of Action on the Traffic flow.
- ALLOW - Allows the traffic.
- DROP - Silently drops the traffic, e.g. without sending a TCP reset.
- REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
- INSPECT - Inspects traffic for vulnerability as specified in
inspection
, which may result in rejection.
- conditions List<Property Map>
Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.
- decryption
Profile String The name of the decryption profile to use.
- name String
Name for the Security rule, must be unique within the policy.
- secret String
The name of a mapped secret. Its
type
must match that of the specified decryption profile.
GetNetworkFirewallPolicyDecryptionRuleCondition
- Destinations List<string>
An array of IP address list names to be evaluated against the traffic destination address.
- Sources List<string>
An array of IP address list names to be evaluated against the traffic source address.
- Destinations []string
An array of IP address list names to be evaluated against the traffic destination address.
- Sources []string
An array of IP address list names to be evaluated against the traffic source address.
- destinations List<String>
An array of IP address list names to be evaluated against the traffic destination address.
- sources List<String>
An array of IP address list names to be evaluated against the traffic source address.
- destinations string[]
An array of IP address list names to be evaluated against the traffic destination address.
- sources string[]
An array of IP address list names to be evaluated against the traffic source address.
- destinations Sequence[str]
An array of IP address list names to be evaluated against the traffic destination address.
- sources Sequence[str]
An array of IP address list names to be evaluated against the traffic source address.
- destinations List<String>
An array of IP address list names to be evaluated against the traffic destination address.
- sources List<String>
An array of IP address list names to be evaluated against the traffic source address.
GetNetworkFirewallPolicyIpAddressList
- Ip
Address stringList Name - Ip
Address List<string>List Values
- Ip
Address stringList Name - Ip
Address []stringList Values
- ip
Address StringList Name - ip
Address List<String>List Values
- ip
Address stringList Name - ip
Address string[]List Values
- ip_
address_ strlist_ name - ip_
address_ Sequence[str]list_ values
- ip
Address StringList Name - ip
Address List<String>List Values
GetNetworkFirewallPolicyMappedSecret
- Key string
- Type string
Type of the secrets mapped based on the policy.
- Vault
Secret stringId OCID for the Vault Secret to be used.
- Version
Number int Version number of the secret to be used.
- Key string
- Type string
Type of the secrets mapped based on the policy.
- Vault
Secret stringId OCID for the Vault Secret to be used.
- Version
Number int Version number of the secret to be used.
- key String
- type String
Type of the secrets mapped based on the policy.
- vault
Secret StringId OCID for the Vault Secret to be used.
- version
Number Integer Version number of the secret to be used.
- key string
- type string
Type of the secrets mapped based on the policy.
- vault
Secret stringId OCID for the Vault Secret to be used.
- version
Number number Version number of the secret to be used.
- key str
- type str
Type of the secrets mapped based on the policy.
- vault_
secret_ strid OCID for the Vault Secret to be used.
- version_
number int Version number of the secret to be used.
- key String
- type String
Type of the secrets mapped based on the policy.
- vault
Secret StringId OCID for the Vault Secret to be used.
- version
Number Number Version number of the secret to be used.
GetNetworkFirewallPolicySecurityRule
- Action string
Types of Action on the Traffic flow.
- ALLOW - Allows the traffic.
- DROP - Silently drops the traffic, e.g. without sending a TCP reset.
- REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
- INSPECT - Inspects traffic for vulnerability as specified in
inspection
, which may result in rejection.
- Conditions
List<Get
Network Firewall Policy Security Rule Condition> Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.
- Inspection string
Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.
- INTRUSION_DETECTION - Intrusion Detection.
- INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in
type
.
- Name string
Name for the Security rule, must be unique within the policy.
- Action string
Types of Action on the Traffic flow.
- ALLOW - Allows the traffic.
- DROP - Silently drops the traffic, e.g. without sending a TCP reset.
- REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
- INSPECT - Inspects traffic for vulnerability as specified in
inspection
, which may result in rejection.
- Conditions
[]Get
Network Firewall Policy Security Rule Condition Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.
- Inspection string
Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.
- INTRUSION_DETECTION - Intrusion Detection.
- INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in
type
.
- Name string
Name for the Security rule, must be unique within the policy.
- action String
Types of Action on the Traffic flow.
- ALLOW - Allows the traffic.
- DROP - Silently drops the traffic, e.g. without sending a TCP reset.
- REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
- INSPECT - Inspects traffic for vulnerability as specified in
inspection
, which may result in rejection.
- conditions
List<Get
Policy Security Rule Condition> Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.
- inspection String
Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.
- INTRUSION_DETECTION - Intrusion Detection.
- INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in
type
.
- name String
Name for the Security rule, must be unique within the policy.
- action string
Types of Action on the Traffic flow.
- ALLOW - Allows the traffic.
- DROP - Silently drops the traffic, e.g. without sending a TCP reset.
- REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
- INSPECT - Inspects traffic for vulnerability as specified in
inspection
, which may result in rejection.
- conditions
Get
Network Firewall Policy Security Rule Condition[] Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.
- inspection string
Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.
- INTRUSION_DETECTION - Intrusion Detection.
- INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in
type
.
- name string
Name for the Security rule, must be unique within the policy.
- action str
Types of Action on the Traffic flow.
- ALLOW - Allows the traffic.
- DROP - Silently drops the traffic, e.g. without sending a TCP reset.
- REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
- INSPECT - Inspects traffic for vulnerability as specified in
inspection
, which may result in rejection.
- conditions
Get
Network Firewall Policy Security Rule Condition] Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.
- inspection str
Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.
- INTRUSION_DETECTION - Intrusion Detection.
- INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in
type
.
- name str
Name for the Security rule, must be unique within the policy.
- action String
Types of Action on the Traffic flow.
- ALLOW - Allows the traffic.
- DROP - Silently drops the traffic, e.g. without sending a TCP reset.
- REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
- INSPECT - Inspects traffic for vulnerability as specified in
inspection
, which may result in rejection.
- conditions List<Property Map>
Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.
- inspection String
Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.
- INTRUSION_DETECTION - Intrusion Detection.
- INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in
type
.
- name String
Name for the Security rule, must be unique within the policy.
GetNetworkFirewallPolicySecurityRuleCondition
- Applications List<string>
An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
- Destinations List<string>
An array of IP address list names to be evaluated against the traffic destination address.
- Sources List<string>
An array of IP address list names to be evaluated against the traffic source address.
- Urls List<string>
An array of URL pattern list names to be evaluated against the HTTP(S) request target.
- Applications []string
An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
- Destinations []string
An array of IP address list names to be evaluated against the traffic destination address.
- Sources []string
An array of IP address list names to be evaluated against the traffic source address.
- Urls []string
An array of URL pattern list names to be evaluated against the HTTP(S) request target.
- applications List<String>
An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
- destinations List<String>
An array of IP address list names to be evaluated against the traffic destination address.
- sources List<String>
An array of IP address list names to be evaluated against the traffic source address.
- urls List<String>
An array of URL pattern list names to be evaluated against the HTTP(S) request target.
- applications string[]
An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
- destinations string[]
An array of IP address list names to be evaluated against the traffic destination address.
- sources string[]
An array of IP address list names to be evaluated against the traffic source address.
- urls string[]
An array of URL pattern list names to be evaluated against the HTTP(S) request target.
- applications Sequence[str]
An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
- destinations Sequence[str]
An array of IP address list names to be evaluated against the traffic destination address.
- sources Sequence[str]
An array of IP address list names to be evaluated against the traffic source address.
- urls Sequence[str]
An array of URL pattern list names to be evaluated against the HTTP(S) request target.
- applications List<String>
An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
- destinations List<String>
An array of IP address list names to be evaluated against the traffic destination address.
- sources List<String>
An array of IP address list names to be evaluated against the traffic source address.
- urls List<String>
An array of URL pattern list names to be evaluated against the HTTP(S) request target.
GetNetworkFirewallPolicyUrlList
GetNetworkFirewallPolicyUrlListUrlListValue
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
oci
Terraform Provider.