Strata Cloud Manager v0.4.3 published on Saturday, Nov 8, 2025 by Pulumi
Strata Cloud Manager v0.4.3 published on Saturday, Nov 8, 2025 by Pulumi
DecryptionRule data source
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as scm from "@pulumi/scm";
// 1. RESOURCE: Create a rule to ensure a predictable target for lookups
const testDecryptionRule = new scm.DecryptionRule("test_decryption_rule", {
name: "data-source-test-rule",
description: "Rule created specifically for data source testing.",
folder: "All",
position: "pre",
action: "decrypt",
froms: ["trust"],
tos: ["untrust"],
sources: ["any"],
destinations: ["any"],
services: ["service-https"],
categories: ["high-risk"],
sourceUsers: ["any"],
type: {
sslForwardProxy: {},
},
});
// We use the ID from the resource created above.
const singleRuleById = scm.getDecryptionRuleOutput({
id: testDecryptionRule.id,
});
export const singleDecryptionRuleName = singleRuleById;
import pulumi
import pulumi_scm as scm
# 1. RESOURCE: Create a rule to ensure a predictable target for lookups
test_decryption_rule = scm.DecryptionRule("test_decryption_rule",
name="data-source-test-rule",
description="Rule created specifically for data source testing.",
folder="All",
position="pre",
action="decrypt",
froms=["trust"],
tos=["untrust"],
sources=["any"],
destinations=["any"],
services=["service-https"],
categories=["high-risk"],
source_users=["any"],
type={
"ssl_forward_proxy": {},
})
# We use the ID from the resource created above.
single_rule_by_id = scm.get_decryption_rule_output(id=test_decryption_rule.id)
pulumi.export("singleDecryptionRuleName", single_rule_by_id)
package main
import (
"github.com/pulumi/pulumi-scm/sdk/go/scm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// 1. RESOURCE: Create a rule to ensure a predictable target for lookups
testDecryptionRule, err := scm.NewDecryptionRule(ctx, "test_decryption_rule", &scm.DecryptionRuleArgs{
Name: pulumi.String("data-source-test-rule"),
Description: pulumi.String("Rule created specifically for data source testing."),
Folder: pulumi.String("All"),
Position: pulumi.String("pre"),
Action: pulumi.String("decrypt"),
Froms: pulumi.StringArray{
pulumi.String("trust"),
},
Tos: pulumi.StringArray{
pulumi.String("untrust"),
},
Sources: pulumi.StringArray{
pulumi.String("any"),
},
Destinations: pulumi.StringArray{
pulumi.String("any"),
},
Services: pulumi.StringArray{
pulumi.String("service-https"),
},
Categories: pulumi.StringArray{
pulumi.String("high-risk"),
},
SourceUsers: pulumi.StringArray{
pulumi.String("any"),
},
Type: &scm.DecryptionRuleTypeArgs{
SslForwardProxy: &scm.DecryptionRuleTypeSslForwardProxyArgs{},
},
})
if err != nil {
return err
}
// We use the ID from the resource created above.
singleRuleById := scm.LookupDecryptionRuleOutput(ctx, scm.GetDecryptionRuleOutputArgs{
Id: testDecryptionRule.ID(),
}, nil)
ctx.Export("singleDecryptionRuleName", singleRuleById)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Scm = Pulumi.Scm;
return await Deployment.RunAsync(() =>
{
// 1. RESOURCE: Create a rule to ensure a predictable target for lookups
var testDecryptionRule = new Scm.DecryptionRule("test_decryption_rule", new()
{
Name = "data-source-test-rule",
Description = "Rule created specifically for data source testing.",
Folder = "All",
Position = "pre",
Action = "decrypt",
Froms = new[]
{
"trust",
},
Tos = new[]
{
"untrust",
},
Sources = new[]
{
"any",
},
Destinations = new[]
{
"any",
},
Services = new[]
{
"service-https",
},
Categories = new[]
{
"high-risk",
},
SourceUsers = new[]
{
"any",
},
Type = new Scm.Inputs.DecryptionRuleTypeArgs
{
SslForwardProxy = null,
},
});
// We use the ID from the resource created above.
var singleRuleById = Scm.GetDecryptionRule.Invoke(new()
{
Id = testDecryptionRule.Id,
});
return new Dictionary<string, object?>
{
["singleDecryptionRuleName"] = singleRuleById,
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.scm.DecryptionRule;
import com.pulumi.scm.DecryptionRuleArgs;
import com.pulumi.scm.inputs.DecryptionRuleTypeArgs;
import com.pulumi.scm.inputs.DecryptionRuleTypeSslForwardProxyArgs;
import com.pulumi.scm.ScmFunctions;
import com.pulumi.scm.inputs.GetDecryptionRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// 1. RESOURCE: Create a rule to ensure a predictable target for lookups
var testDecryptionRule = new DecryptionRule("testDecryptionRule", DecryptionRuleArgs.builder()
.name("data-source-test-rule")
.description("Rule created specifically for data source testing.")
.folder("All")
.position("pre")
.action("decrypt")
.froms("trust")
.tos("untrust")
.sources("any")
.destinations("any")
.services("service-https")
.categories("high-risk")
.sourceUsers("any")
.type(DecryptionRuleTypeArgs.builder()
.sslForwardProxy(DecryptionRuleTypeSslForwardProxyArgs.builder()
.build())
.build())
.build());
// We use the ID from the resource created above.
final var singleRuleById = ScmFunctions.getDecryptionRule(GetDecryptionRuleArgs.builder()
.id(testDecryptionRule.id())
.build());
ctx.export("singleDecryptionRuleName", singleRuleById);
}
}
resources:
# 1. RESOURCE: Create a rule to ensure a predictable target for lookups
testDecryptionRule:
type: scm:DecryptionRule
name: test_decryption_rule
properties:
name: data-source-test-rule
description: Rule created specifically for data source testing.
folder: All
position: pre
action: decrypt
froms:
- trust
tos:
- untrust
sources:
- any
destinations:
- any
services:
- service-https
categories:
- high-risk
sourceUsers:
- any
type:
sslForwardProxy: {}
variables:
# We use the ID from the resource created above.
singleRuleById:
fn::invoke:
function: scm:getDecryptionRule
arguments:
id: ${testDecryptionRule.id}
outputs:
singleDecryptionRuleName: ${singleRuleById}
Using getDecryptionRule
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getDecryptionRule(args: GetDecryptionRuleArgs, opts?: InvokeOptions): Promise<GetDecryptionRuleResult>
function getDecryptionRuleOutput(args: GetDecryptionRuleOutputArgs, opts?: InvokeOptions): Output<GetDecryptionRuleResult>def get_decryption_rule(id: Optional[str] = None,
name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetDecryptionRuleResult
def get_decryption_rule_output(id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetDecryptionRuleResult]func LookupDecryptionRule(ctx *Context, args *LookupDecryptionRuleArgs, opts ...InvokeOption) (*LookupDecryptionRuleResult, error)
func LookupDecryptionRuleOutput(ctx *Context, args *LookupDecryptionRuleOutputArgs, opts ...InvokeOption) LookupDecryptionRuleResultOutput> Note: This function is named LookupDecryptionRule in the Go SDK.
public static class GetDecryptionRule
{
public static Task<GetDecryptionRuleResult> InvokeAsync(GetDecryptionRuleArgs args, InvokeOptions? opts = null)
public static Output<GetDecryptionRuleResult> Invoke(GetDecryptionRuleInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetDecryptionRuleResult> getDecryptionRule(GetDecryptionRuleArgs args, InvokeOptions options)
public static Output<GetDecryptionRuleResult> getDecryptionRule(GetDecryptionRuleArgs args, InvokeOptions options)
fn::invoke:
function: scm:index/getDecryptionRule:getDecryptionRule
arguments:
# arguments dictionaryThe following arguments are supported:
getDecryptionRule Result
The following output properties are available:
- Action string
- The action to be taken
- Categories List<string>
- The destination URL category
- Description string
- The description of the decryption rule
- Destination
Hips List<string> - The Host Integrity Profile of the destination host
- Destinations List<string>
- The destination addresses
- Device string
- The device in which the resource is defined
- Disabled bool
- Is the rule disabled?
- Folder string
- The folder in which the resource is defined
- Froms List<string>
- The source security zone
- Id string
- The UUID of the decryption rule
- Log
Fail bool - Log failed decryption events?
- Log
Setting string - The log settings of the decryption rule
- Log
Success bool - Log successful decryption events?
- Name string
- The name of the decryption rule
- Negate
Destination bool - Negate the destination addresses?
- Negate
Source bool - Negate the source addresses?
- Position string
- The position of a security rule
- Profile string
- The decryption profile associated with the decryption rule
- Relative
Position string - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - Services List<string>
- The destination services and/or service groups
- Snippet string
- The snippet in which the resource is defined
- Source
Hips List<string> - Source hip
- Source
Users List<string> - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - Sources List<string>
- The source addresses
- List<string>
- The tags associated with the decryption rule
- Target
Rule string - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - Tfid string
- Tos List<string>
- The destination security zone
- Type
Get
Decryption Rule Type - The type of decryption
- Action string
- The action to be taken
- Categories []string
- The destination URL category
- Description string
- The description of the decryption rule
- Destination
Hips []string - The Host Integrity Profile of the destination host
- Destinations []string
- The destination addresses
- Device string
- The device in which the resource is defined
- Disabled bool
- Is the rule disabled?
- Folder string
- The folder in which the resource is defined
- Froms []string
- The source security zone
- Id string
- The UUID of the decryption rule
- Log
Fail bool - Log failed decryption events?
- Log
Setting string - The log settings of the decryption rule
- Log
Success bool - Log successful decryption events?
- Name string
- The name of the decryption rule
- Negate
Destination bool - Negate the destination addresses?
- Negate
Source bool - Negate the source addresses?
- Position string
- The position of a security rule
- Profile string
- The decryption profile associated with the decryption rule
- Relative
Position string - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - Services []string
- The destination services and/or service groups
- Snippet string
- The snippet in which the resource is defined
- Source
Hips []string - Source hip
- Source
Users []string - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - Sources []string
- The source addresses
- []string
- The tags associated with the decryption rule
- Target
Rule string - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - Tfid string
- Tos []string
- The destination security zone
- Type
Get
Decryption Rule Type - The type of decryption
- action String
- The action to be taken
- categories List<String>
- The destination URL category
- description String
- The description of the decryption rule
- destination
Hips List<String> - The Host Integrity Profile of the destination host
- destinations List<String>
- The destination addresses
- device String
- The device in which the resource is defined
- disabled Boolean
- Is the rule disabled?
- folder String
- The folder in which the resource is defined
- froms List<String>
- The source security zone
- id String
- The UUID of the decryption rule
- log
Fail Boolean - Log failed decryption events?
- log
Setting String - The log settings of the decryption rule
- log
Success Boolean - Log successful decryption events?
- name String
- The name of the decryption rule
- negate
Destination Boolean - Negate the destination addresses?
- negate
Source Boolean - Negate the source addresses?
- position String
- The position of a security rule
- profile String
- The decryption profile associated with the decryption rule
- relative
Position String - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - services List<String>
- The destination services and/or service groups
- snippet String
- The snippet in which the resource is defined
- source
Hips List<String> - Source hip
- source
Users List<String> - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources List<String>
- The source addresses
- List<String>
- The tags associated with the decryption rule
- target
Rule String - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - tfid String
- tos List<String>
- The destination security zone
- type
Get
Decryption Rule Type - The type of decryption
- action string
- The action to be taken
- categories string[]
- The destination URL category
- description string
- The description of the decryption rule
- destination
Hips string[] - The Host Integrity Profile of the destination host
- destinations string[]
- The destination addresses
- device string
- The device in which the resource is defined
- disabled boolean
- Is the rule disabled?
- folder string
- The folder in which the resource is defined
- froms string[]
- The source security zone
- id string
- The UUID of the decryption rule
- log
Fail boolean - Log failed decryption events?
- log
Setting string - The log settings of the decryption rule
- log
Success boolean - Log successful decryption events?
- name string
- The name of the decryption rule
- negate
Destination boolean - Negate the destination addresses?
- negate
Source boolean - Negate the source addresses?
- position string
- The position of a security rule
- profile string
- The decryption profile associated with the decryption rule
- relative
Position string - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - services string[]
- The destination services and/or service groups
- snippet string
- The snippet in which the resource is defined
- source
Hips string[] - Source hip
- source
Users string[] - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources string[]
- The source addresses
- string[]
- The tags associated with the decryption rule
- target
Rule string - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - tfid string
- tos string[]
- The destination security zone
- type
Get
Decryption Rule Type - The type of decryption
- action str
- The action to be taken
- categories Sequence[str]
- The destination URL category
- description str
- The description of the decryption rule
- destination_
hips Sequence[str] - The Host Integrity Profile of the destination host
- destinations Sequence[str]
- The destination addresses
- device str
- The device in which the resource is defined
- disabled bool
- Is the rule disabled?
- folder str
- The folder in which the resource is defined
- froms Sequence[str]
- The source security zone
- id str
- The UUID of the decryption rule
- log_
fail bool - Log failed decryption events?
- log_
setting str - The log settings of the decryption rule
- log_
success bool - Log successful decryption events?
- name str
- The name of the decryption rule
- negate_
destination bool - Negate the destination addresses?
- negate_
source bool - Negate the source addresses?
- position str
- The position of a security rule
- profile str
- The decryption profile associated with the decryption rule
- relative_
position str - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - services Sequence[str]
- The destination services and/or service groups
- snippet str
- The snippet in which the resource is defined
- source_
hips Sequence[str] - Source hip
- source_
users Sequence[str] - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources Sequence[str]
- The source addresses
- Sequence[str]
- The tags associated with the decryption rule
- target_
rule str - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - tfid str
- tos Sequence[str]
- The destination security zone
- type
Get
Decryption Rule Type - The type of decryption
- action String
- The action to be taken
- categories List<String>
- The destination URL category
- description String
- The description of the decryption rule
- destination
Hips List<String> - The Host Integrity Profile of the destination host
- destinations List<String>
- The destination addresses
- device String
- The device in which the resource is defined
- disabled Boolean
- Is the rule disabled?
- folder String
- The folder in which the resource is defined
- froms List<String>
- The source security zone
- id String
- The UUID of the decryption rule
- log
Fail Boolean - Log failed decryption events?
- log
Setting String - The log settings of the decryption rule
- log
Success Boolean - Log successful decryption events?
- name String
- The name of the decryption rule
- negate
Destination Boolean - Negate the destination addresses?
- negate
Source Boolean - Negate the source addresses?
- position String
- The position of a security rule
- profile String
- The decryption profile associated with the decryption rule
- relative
Position String - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - services List<String>
- The destination services and/or service groups
- snippet String
- The snippet in which the resource is defined
- source
Hips List<String> - Source hip
- source
Users List<String> - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources List<String>
- The source addresses
- List<String>
- The tags associated with the decryption rule
- target
Rule String - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - tfid String
- tos List<String>
- The destination security zone
- type Property Map
- The type of decryption
Supporting Types
GetDecryptionRuleType
- Ssl
Forward GetProxy Decryption Rule Type Ssl Forward Proxy - Ssl forward proxy
- Ssl
Inbound stringInspection - add the certificate name for SSL inbound inspection
- Ssl
Forward GetProxy Decryption Rule Type Ssl Forward Proxy - Ssl forward proxy
- Ssl
Inbound stringInspection - add the certificate name for SSL inbound inspection
- ssl
Forward GetProxy Decryption Rule Type Ssl Forward Proxy - Ssl forward proxy
- ssl
Inbound StringInspection - add the certificate name for SSL inbound inspection
- ssl
Forward GetProxy Decryption Rule Type Ssl Forward Proxy - Ssl forward proxy
- ssl
Inbound stringInspection - add the certificate name for SSL inbound inspection
- ssl_
forward_ Getproxy Decryption Rule Type Ssl Forward Proxy - Ssl forward proxy
- ssl_
inbound_ strinspection - add the certificate name for SSL inbound inspection
- ssl
Forward Property MapProxy - Ssl forward proxy
- ssl
Inbound StringInspection - add the certificate name for SSL inbound inspection
Package Details
- Repository
- scm pulumi/pulumi-scm
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
scmTerraform Provider.
Strata Cloud Manager v0.4.3 published on Saturday, Nov 8, 2025 by Pulumi
