Docs Home
panos 2.0.0 published on Tuesday, Apr 15, 2025 by paloaltonetworks
panos.DecryptionPolicy
Explore with Pulumi AI
panos 2.0.0 published on Tuesday, Apr 15, 2025 by paloaltonetworks
Create DecryptionPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DecryptionPolicy(name: string, args: DecryptionPolicyArgs, opts?: CustomResourceOptions);@overload
def DecryptionPolicy(resource_name: str,
args: DecryptionPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DecryptionPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
location: Optional[DecryptionPolicyLocationArgs] = None,
rules: Optional[Sequence[DecryptionPolicyRuleArgs]] = None)func NewDecryptionPolicy(ctx *Context, name string, args DecryptionPolicyArgs, opts ...ResourceOption) (*DecryptionPolicy, error)public DecryptionPolicy(string name, DecryptionPolicyArgs args, CustomResourceOptions? opts = null)
public DecryptionPolicy(String name, DecryptionPolicyArgs args)
public DecryptionPolicy(String name, DecryptionPolicyArgs args, CustomResourceOptions options)
type: panos:DecryptionPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DecryptionPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DecryptionPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DecryptionPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DecryptionPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DecryptionPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var decryptionPolicyResource = new Panos.DecryptionPolicy("decryptionPolicyResource", new()
{
Location = new Panos.Inputs.DecryptionPolicyLocationArgs
{
DeviceGroup = new Panos.Inputs.DecryptionPolicyLocationDeviceGroupArgs
{
Name = "string",
PanoramaDevice = "string",
Rulebase = "string",
},
Shared = new Panos.Inputs.DecryptionPolicyLocationSharedArgs
{
Rulebase = "string",
},
Vsys = new Panos.Inputs.DecryptionPolicyLocationVsysArgs
{
Name = "string",
NgfwDevice = "string",
},
},
Rules = new[]
{
new Panos.Inputs.DecryptionPolicyRuleArgs
{
Name = "string",
NegateDestination = false,
LogSetting = "string",
DestinationAddresses = new[]
{
"string",
},
DestinationHips = new[]
{
"string",
},
DestinationZones = new[]
{
"string",
},
Disabled = false,
GroupTag = "string",
NegateSource = false,
Action = "string",
LogSuccess = false,
Description = "string",
Categories = new[]
{
"string",
},
LogFail = false,
PacketBrokerProfile = "string",
Profile = "string",
Services = new[]
{
"string",
},
SourceAddresses = new[]
{
"string",
},
SourceHips = new[]
{
"string",
},
SourceUsers = new[]
{
"string",
},
SourceZones = new[]
{
"string",
},
Tags = new[]
{
"string",
},
Target = new Panos.Inputs.DecryptionPolicyRuleTargetArgs
{
Devices = new[]
{
new Panos.Inputs.DecryptionPolicyRuleTargetDeviceArgs
{
Name = "string",
Vsys = new[]
{
new Panos.Inputs.DecryptionPolicyRuleTargetDeviceVsyArgs
{
Name = "string",
},
},
},
},
Negate = false,
Tags = new[]
{
"string",
},
},
Type = new Panos.Inputs.DecryptionPolicyRuleTypeArgs
{
SshProxy = null,
SslForwardProxy = null,
SslInboundInspection = new Panos.Inputs.DecryptionPolicyRuleTypeSslInboundInspectionArgs
{
Certificates = new[]
{
"string",
},
},
},
},
},
});
example, err := panos.NewDecryptionPolicy(ctx, "decryptionPolicyResource", &panos.DecryptionPolicyArgs{
Location: &panos.DecryptionPolicyLocationArgs{
DeviceGroup: &panos.DecryptionPolicyLocationDeviceGroupArgs{
Name: pulumi.String("string"),
PanoramaDevice: pulumi.String("string"),
Rulebase: pulumi.String("string"),
},
Shared: &panos.DecryptionPolicyLocationSharedArgs{
Rulebase: pulumi.String("string"),
},
Vsys: &panos.DecryptionPolicyLocationVsysArgs{
Name: pulumi.String("string"),
NgfwDevice: pulumi.String("string"),
},
},
Rules: panos.DecryptionPolicyRuleArray{
&panos.DecryptionPolicyRuleArgs{
Name: pulumi.String("string"),
NegateDestination: pulumi.Bool(false),
LogSetting: pulumi.String("string"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("string"),
},
DestinationHips: pulumi.StringArray{
pulumi.String("string"),
},
DestinationZones: pulumi.StringArray{
pulumi.String("string"),
},
Disabled: pulumi.Bool(false),
GroupTag: pulumi.String("string"),
NegateSource: pulumi.Bool(false),
Action: pulumi.String("string"),
LogSuccess: pulumi.Bool(false),
Description: pulumi.String("string"),
Categories: pulumi.StringArray{
pulumi.String("string"),
},
LogFail: pulumi.Bool(false),
PacketBrokerProfile: pulumi.String("string"),
Profile: pulumi.String("string"),
Services: pulumi.StringArray{
pulumi.String("string"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("string"),
},
SourceHips: pulumi.StringArray{
pulumi.String("string"),
},
SourceUsers: pulumi.StringArray{
pulumi.String("string"),
},
SourceZones: pulumi.StringArray{
pulumi.String("string"),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
Target: &panos.DecryptionPolicyRuleTargetArgs{
Devices: panos.DecryptionPolicyRuleTargetDeviceArray{
&panos.DecryptionPolicyRuleTargetDeviceArgs{
Name: pulumi.String("string"),
Vsys: panos.DecryptionPolicyRuleTargetDeviceVsyArray{
&panos.DecryptionPolicyRuleTargetDeviceVsyArgs{
Name: pulumi.String("string"),
},
},
},
},
Negate: pulumi.Bool(false),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
},
Type: &panos.DecryptionPolicyRuleTypeArgs{
SshProxy: &panos.DecryptionPolicyRuleTypeSshProxyArgs{},
SslForwardProxy: &panos.DecryptionPolicyRuleTypeSslForwardProxyArgs{},
SslInboundInspection: &panos.DecryptionPolicyRuleTypeSslInboundInspectionArgs{
Certificates: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
},
})
var decryptionPolicyResource = new DecryptionPolicy("decryptionPolicyResource", DecryptionPolicyArgs.builder()
.location(DecryptionPolicyLocationArgs.builder()
.deviceGroup(DecryptionPolicyLocationDeviceGroupArgs.builder()
.name("string")
.panoramaDevice("string")
.rulebase("string")
.build())
.shared(DecryptionPolicyLocationSharedArgs.builder()
.rulebase("string")
.build())
.vsys(DecryptionPolicyLocationVsysArgs.builder()
.name("string")
.ngfwDevice("string")
.build())
.build())
.rules(DecryptionPolicyRuleArgs.builder()
.name("string")
.negateDestination(false)
.logSetting("string")
.destinationAddresses("string")
.destinationHips("string")
.destinationZones("string")
.disabled(false)
.groupTag("string")
.negateSource(false)
.action("string")
.logSuccess(false)
.description("string")
.categories("string")
.logFail(false)
.packetBrokerProfile("string")
.profile("string")
.services("string")
.sourceAddresses("string")
.sourceHips("string")
.sourceUsers("string")
.sourceZones("string")
.tags("string")
.target(DecryptionPolicyRuleTargetArgs.builder()
.devices(DecryptionPolicyRuleTargetDeviceArgs.builder()
.name("string")
.vsys(DecryptionPolicyRuleTargetDeviceVsyArgs.builder()
.name("string")
.build())
.build())
.negate(false)
.tags("string")
.build())
.type(DecryptionPolicyRuleTypeArgs.builder()
.sshProxy()
.sslForwardProxy()
.sslInboundInspection(DecryptionPolicyRuleTypeSslInboundInspectionArgs.builder()
.certificates("string")
.build())
.build())
.build())
.build());
decryption_policy_resource = panos.DecryptionPolicy("decryptionPolicyResource",
location={
"device_group": {
"name": "string",
"panorama_device": "string",
"rulebase": "string",
},
"shared": {
"rulebase": "string",
},
"vsys": {
"name": "string",
"ngfw_device": "string",
},
},
rules=[{
"name": "string",
"negate_destination": False,
"log_setting": "string",
"destination_addresses": ["string"],
"destination_hips": ["string"],
"destination_zones": ["string"],
"disabled": False,
"group_tag": "string",
"negate_source": False,
"action": "string",
"log_success": False,
"description": "string",
"categories": ["string"],
"log_fail": False,
"packet_broker_profile": "string",
"profile": "string",
"services": ["string"],
"source_addresses": ["string"],
"source_hips": ["string"],
"source_users": ["string"],
"source_zones": ["string"],
"tags": ["string"],
"target": {
"devices": [{
"name": "string",
"vsys": [{
"name": "string",
}],
}],
"negate": False,
"tags": ["string"],
},
"type": {
"ssh_proxy": {},
"ssl_forward_proxy": {},
"ssl_inbound_inspection": {
"certificates": ["string"],
},
},
}])
const decryptionPolicyResource = new panos.DecryptionPolicy("decryptionPolicyResource", {
location: {
deviceGroup: {
name: "string",
panoramaDevice: "string",
rulebase: "string",
},
shared: {
rulebase: "string",
},
vsys: {
name: "string",
ngfwDevice: "string",
},
},
rules: [{
name: "string",
negateDestination: false,
logSetting: "string",
destinationAddresses: ["string"],
destinationHips: ["string"],
destinationZones: ["string"],
disabled: false,
groupTag: "string",
negateSource: false,
action: "string",
logSuccess: false,
description: "string",
categories: ["string"],
logFail: false,
packetBrokerProfile: "string",
profile: "string",
services: ["string"],
sourceAddresses: ["string"],
sourceHips: ["string"],
sourceUsers: ["string"],
sourceZones: ["string"],
tags: ["string"],
target: {
devices: [{
name: "string",
vsys: [{
name: "string",
}],
}],
negate: false,
tags: ["string"],
},
type: {
sshProxy: {},
sslForwardProxy: {},
sslInboundInspection: {
certificates: ["string"],
},
},
}],
});
type: panos:DecryptionPolicy
properties:
location:
deviceGroup:
name: string
panoramaDevice: string
rulebase: string
shared:
rulebase: string
vsys:
name: string
ngfwDevice: string
rules:
- action: string
categories:
- string
description: string
destinationAddresses:
- string
destinationHips:
- string
destinationZones:
- string
disabled: false
groupTag: string
logFail: false
logSetting: string
logSuccess: false
name: string
negateDestination: false
negateSource: false
packetBrokerProfile: string
profile: string
services:
- string
sourceAddresses:
- string
sourceHips:
- string
sourceUsers:
- string
sourceZones:
- string
tags:
- string
target:
devices:
- name: string
vsys:
- name: string
negate: false
tags:
- string
type:
sshProxy: {}
sslForwardProxy: {}
sslInboundInspection:
certificates:
- string
DecryptionPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DecryptionPolicy resource accepts the following input properties:
- Location
Decryption
Policy Location - The location of this object.
- Rules
List<Decryption
Policy Rule>
- Location
Decryption
Policy Location Args - The location of this object.
- Rules
[]Decryption
Policy Rule Args
- location
Decryption
Policy Location - The location of this object.
- rules
List<Decryption
Policy Rule>
- location
Decryption
Policy Location - The location of this object.
- rules
Decryption
Policy Rule[]
- location
Decryption
Policy Location Args - The location of this object.
- rules
Sequence[Decryption
Policy Rule Args]
- location Property Map
- The location of this object.
- rules List<Property Map>
Outputs
All input properties are implicitly available as output properties. Additionally, the DecryptionPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing DecryptionPolicy Resource
Get an existing DecryptionPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DecryptionPolicyState, opts?: CustomResourceOptions): DecryptionPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
location: Optional[DecryptionPolicyLocationArgs] = None,
rules: Optional[Sequence[DecryptionPolicyRuleArgs]] = None) -> DecryptionPolicyfunc GetDecryptionPolicy(ctx *Context, name string, id IDInput, state *DecryptionPolicyState, opts ...ResourceOption) (*DecryptionPolicy, error)public static DecryptionPolicy Get(string name, Input<string> id, DecryptionPolicyState? state, CustomResourceOptions? opts = null)public static DecryptionPolicy get(String name, Output<String> id, DecryptionPolicyState state, CustomResourceOptions options)resources: _: type: panos:DecryptionPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Location
Decryption
Policy Location - The location of this object.
- Rules
List<Decryption
Policy Rule>
- Location
Decryption
Policy Location Args - The location of this object.
- Rules
[]Decryption
Policy Rule Args
- location
Decryption
Policy Location - The location of this object.
- rules
List<Decryption
Policy Rule>
- location
Decryption
Policy Location - The location of this object.
- rules
Decryption
Policy Rule[]
- location
Decryption
Policy Location Args - The location of this object.
- rules
Sequence[Decryption
Policy Rule Args]
- location Property Map
- The location of this object.
- rules List<Property Map>
Supporting Types
DecryptionPolicyLocation, DecryptionPolicyLocationArgs
- Device
Group DecryptionPolicy Location Device Group - Located in a specific device group.
-
Decryption
Policy Location Shared - Located in a shared rulebase
- Vsys
Decryption
Policy Location Vsys - Located in a specific vsys.
- Device
Group DecryptionPolicy Location Device Group - Located in a specific device group.
-
Decryption
Policy Location Shared - Located in a shared rulebase
- Vsys
Decryption
Policy Location Vsys - Located in a specific vsys.
- device
Group DecryptionPolicy Location Device Group - Located in a specific device group.
-
Decryption
Policy Location Shared - Located in a shared rulebase
- vsys
Decryption
Policy Location Vsys - Located in a specific vsys.
- device
Group DecryptionPolicy Location Device Group - Located in a specific device group.
-
Decryption
Policy Location Shared - Located in a shared rulebase
- vsys
Decryption
Policy Location Vsys - Located in a specific vsys.
- device_
group DecryptionPolicy Location Device Group - Located in a specific device group.
-
Decryption
Policy Location Shared - Located in a shared rulebase
- vsys
Decryption
Policy Location Vsys - Located in a specific vsys.
- device
Group Property Map - Located in a specific device group.
- Property Map
- Located in a shared rulebase
- vsys Property Map
- Located in a specific vsys.
DecryptionPolicyLocationDeviceGroup, DecryptionPolicyLocationDeviceGroupArgs
- Name string
- The device group.
- Panorama
Device string - The panorama device.
- Rulebase string
- The rulebase.
- Name string
- The device group.
- Panorama
Device string - The panorama device.
- Rulebase string
- The rulebase.
- name String
- The device group.
- panorama
Device String - The panorama device.
- rulebase String
- The rulebase.
- name string
- The device group.
- panorama
Device string - The panorama device.
- rulebase string
- The rulebase.
- name str
- The device group.
- panorama_
device str - The panorama device.
- rulebase str
- The rulebase.
- name String
- The device group.
- panorama
Device String - The panorama device.
- rulebase String
- The rulebase.
DecryptionPolicyLocationShared, DecryptionPolicyLocationSharedArgs
- Rulebase string
- Rulebase name
- Rulebase string
- Rulebase name
- rulebase String
- Rulebase name
- rulebase string
- Rulebase name
- rulebase str
- Rulebase name
- rulebase String
- Rulebase name
DecryptionPolicyLocationVsys, DecryptionPolicyLocationVsysArgs
- Name string
- The vsys name
- Ngfw
Device string - The NGFW device
- Name string
- The vsys name
- Ngfw
Device string - The NGFW device
- name String
- The vsys name
- ngfw
Device String - The NGFW device
- name string
- The vsys name
- ngfw
Device string - The NGFW device
- name str
- The vsys name
- ngfw_
device str - The NGFW device
- name String
- The vsys name
- ngfw
Device String - The NGFW device
DecryptionPolicyRule, DecryptionPolicyRuleArgs
- Name string
- Action string
- Categories List<string>
- Description string
- Destination
Addresses List<string> - Destination
Hips List<string> - Destination
Zones List<string> - Disabled bool
- Disable the rule
- Group
Tag string - Log
Fail bool - Log unsuccessful TLS handshakes
- Log
Setting string - Log
Success bool - Log successful TLS handshakes
- Negate
Destination bool - Negate
Source bool - Packet
Broker stringProfile - packet-broker profile
- Profile string
- decryption profile
- Services List<string>
- Source
Addresses List<string> - Source
Hips List<string> - Source
Users List<string> - Source
Zones List<string> - List<string>
- Target
Decryption
Policy Rule Target - Type
Decryption
Policy Rule Type
- Name string
- Action string
- Categories []string
- Description string
- Destination
Addresses []string - Destination
Hips []string - Destination
Zones []string - Disabled bool
- Disable the rule
- Group
Tag string - Log
Fail bool - Log unsuccessful TLS handshakes
- Log
Setting string - Log
Success bool - Log successful TLS handshakes
- Negate
Destination bool - Negate
Source bool - Packet
Broker stringProfile - packet-broker profile
- Profile string
- decryption profile
- Services []string
- Source
Addresses []string - Source
Hips []string - Source
Users []string - Source
Zones []string - []string
- Target
Decryption
Policy Rule Target - Type
Decryption
Policy Rule Type
- name String
- action String
- categories List<String>
- description String
- destination
Addresses List<String> - destination
Hips List<String> - destination
Zones List<String> - disabled Boolean
- Disable the rule
- group
Tag String - log
Fail Boolean - Log unsuccessful TLS handshakes
- log
Setting String - log
Success Boolean - Log successful TLS handshakes
- negate
Destination Boolean - negate
Source Boolean - packet
Broker StringProfile - packet-broker profile
- profile String
- decryption profile
- services List<String>
- source
Addresses List<String> - source
Hips List<String> - source
Users List<String> - source
Zones List<String> - List<String>
- target
Decryption
Policy Rule Target - type
Decryption
Policy Rule Type
- name string
- action string
- categories string[]
- description string
- destination
Addresses string[] - destination
Hips string[] - destination
Zones string[] - disabled boolean
- Disable the rule
- group
Tag string - log
Fail boolean - Log unsuccessful TLS handshakes
- log
Setting string - log
Success boolean - Log successful TLS handshakes
- negate
Destination boolean - negate
Source boolean - packet
Broker stringProfile - packet-broker profile
- profile string
- decryption profile
- services string[]
- source
Addresses string[] - source
Hips string[] - source
Users string[] - source
Zones string[] - string[]
- target
Decryption
Policy Rule Target - type
Decryption
Policy Rule Type
- name str
- action str
- categories Sequence[str]
- description str
- destination_
addresses Sequence[str] - destination_
hips Sequence[str] - destination_
zones Sequence[str] - disabled bool
- Disable the rule
- group_
tag str - log_
fail bool - Log unsuccessful TLS handshakes
- log_
setting str - log_
success bool - Log successful TLS handshakes
- negate_
destination bool - negate_
source bool - packet_
broker_ strprofile - packet-broker profile
- profile str
- decryption profile
- services Sequence[str]
- source_
addresses Sequence[str] - source_
hips Sequence[str] - source_
users Sequence[str] - source_
zones Sequence[str] - Sequence[str]
- target
Decryption
Policy Rule Target - type
Decryption
Policy Rule Type
- name String
- action String
- categories List<String>
- description String
- destination
Addresses List<String> - destination
Hips List<String> - destination
Zones List<String> - disabled Boolean
- Disable the rule
- group
Tag String - log
Fail Boolean - Log unsuccessful TLS handshakes
- log
Setting String - log
Success Boolean - Log successful TLS handshakes
- negate
Destination Boolean - negate
Source Boolean - packet
Broker StringProfile - packet-broker profile
- profile String
- decryption profile
- services List<String>
- source
Addresses List<String> - source
Hips List<String> - source
Users List<String> - source
Zones List<String> - List<String>
- target Property Map
- type Property Map
DecryptionPolicyRuleTarget, DecryptionPolicyRuleTargetArgs
- Devices
List<Decryption
Policy Rule Target Device> - Negate bool
- Target to all but these specified devices and tags
- List<string>
- Devices
[]Decryption
Policy Rule Target Device - Negate bool
- Target to all but these specified devices and tags
- []string
- devices
List<Decryption
Policy Rule Target Device> - negate Boolean
- Target to all but these specified devices and tags
- List<String>
- devices
Decryption
Policy Rule Target Device[] - negate boolean
- Target to all but these specified devices and tags
- string[]
- devices
Sequence[Decryption
Policy Rule Target Device] - negate bool
- Target to all but these specified devices and tags
- Sequence[str]
- devices List<Property Map>
- negate Boolean
- Target to all but these specified devices and tags
- List<String>
DecryptionPolicyRuleTargetDevice, DecryptionPolicyRuleTargetDeviceArgs
- name String
- vsys List<Property Map>
DecryptionPolicyRuleTargetDeviceVsy, DecryptionPolicyRuleTargetDeviceVsyArgs
- Name string
- Name string
- name String
- name string
- name str
- name String
DecryptionPolicyRuleType, DecryptionPolicyRuleTypeArgs
DecryptionPolicyRuleTypeSslInboundInspection, DecryptionPolicyRuleTypeSslInboundInspectionArgs
- Certificates List<string>
- Certificates []string
- certificates List<String>
- certificates string[]
- certificates Sequence[str]
- certificates List<String>
Package Details
- Repository
- panos paloaltonetworks/terraform-provider-panos
- License
- Notes
- This Pulumi package is based on the
panosTerraform Provider.
panos 2.0.0 published on Tuesday, Apr 15, 2025 by paloaltonetworks