1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. compute
  5. OrganizationSecurityPolicyRule
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

gcp.compute.OrganizationSecurityPolicyRule

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

    A rule for the OrganizationSecurityPolicy.

    To get more information about OrganizationSecurityPolicyRule, see:

    Example Usage

    Organization Security Policy Rule Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
        displayName: "tf-test",
        parent: "organizations/123456789",
    });
    const policyOrganizationSecurityPolicyRule = new gcp.compute.OrganizationSecurityPolicyRule("policy", {
        policyId: policy.id,
        action: "allow",
        direction: "INGRESS",
        enableLogging: true,
        match: {
            config: {
                srcIpRanges: [
                    "192.168.0.0/16",
                    "10.0.0.0/8",
                ],
                layer4Configs: [
                    {
                        ipProtocol: "tcp",
                        ports: ["22"],
                    },
                    {
                        ipProtocol: "icmp",
                    },
                ],
            },
        },
        priority: 100,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    policy = gcp.compute.OrganizationSecurityPolicy("policy",
        display_name="tf-test",
        parent="organizations/123456789")
    policy_organization_security_policy_rule = gcp.compute.OrganizationSecurityPolicyRule("policy",
        policy_id=policy.id,
        action="allow",
        direction="INGRESS",
        enable_logging=True,
        match={
            "config": {
                "src_ip_ranges": [
                    "192.168.0.0/16",
                    "10.0.0.0/8",
                ],
                "layer4_configs": [
                    {
                        "ip_protocol": "tcp",
                        "ports": ["22"],
                    },
                    {
                        "ip_protocol": "icmp",
                    },
                ],
            },
        },
        priority=100)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		policy, err := compute.NewOrganizationSecurityPolicy(ctx, "policy", &compute.OrganizationSecurityPolicyArgs{
    			DisplayName: pulumi.String("tf-test"),
    			Parent:      pulumi.String("organizations/123456789"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewOrganizationSecurityPolicyRule(ctx, "policy", &compute.OrganizationSecurityPolicyRuleArgs{
    			PolicyId:      policy.ID(),
    			Action:        pulumi.String("allow"),
    			Direction:     pulumi.String("INGRESS"),
    			EnableLogging: pulumi.Bool(true),
    			Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
    				Config: &compute.OrganizationSecurityPolicyRuleMatchConfigArgs{
    					SrcIpRanges: pulumi.StringArray{
    						pulumi.String("192.168.0.0/16"),
    						pulumi.String("10.0.0.0/8"),
    					},
    					Layer4Configs: compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArray{
    						&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
    							IpProtocol: pulumi.String("tcp"),
    							Ports: pulumi.StringArray{
    								pulumi.String("22"),
    							},
    						},
    						&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
    							IpProtocol: pulumi.String("icmp"),
    						},
    					},
    				},
    			},
    			Priority: pulumi.Int(100),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var policy = new Gcp.Compute.OrganizationSecurityPolicy("policy", new()
        {
            DisplayName = "tf-test",
            Parent = "organizations/123456789",
        });
    
        var policyOrganizationSecurityPolicyRule = new Gcp.Compute.OrganizationSecurityPolicyRule("policy", new()
        {
            PolicyId = policy.Id,
            Action = "allow",
            Direction = "INGRESS",
            EnableLogging = true,
            Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
            {
                Config = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigArgs
                {
                    SrcIpRanges = new[]
                    {
                        "192.168.0.0/16",
                        "10.0.0.0/8",
                    },
                    Layer4Configs = new[]
                    {
                        new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
                        {
                            IpProtocol = "tcp",
                            Ports = new[]
                            {
                                "22",
                            },
                        },
                        new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
                        {
                            IpProtocol = "icmp",
                        },
                    },
                },
            },
            Priority = 100,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
    import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
    import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
    import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
    import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
    import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchConfigArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var policy = new OrganizationSecurityPolicy("policy", OrganizationSecurityPolicyArgs.builder()
                .displayName("tf-test")
                .parent("organizations/123456789")
                .build());
    
            var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
                .policyId(policy.id())
                .action("allow")
                .direction("INGRESS")
                .enableLogging(true)
                .match(OrganizationSecurityPolicyRuleMatchArgs.builder()
                    .config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
                        .srcIpRanges(                    
                            "192.168.0.0/16",
                            "10.0.0.0/8")
                        .layer4Configs(                    
                            OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
                                .ipProtocol("tcp")
                                .ports("22")
                                .build(),
                            OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
                                .ipProtocol("icmp")
                                .build())
                        .build())
                    .build())
                .priority(100)
                .build());
    
        }
    }
    
    resources:
      policy:
        type: gcp:compute:OrganizationSecurityPolicy
        properties:
          displayName: tf-test
          parent: organizations/123456789
      policyOrganizationSecurityPolicyRule:
        type: gcp:compute:OrganizationSecurityPolicyRule
        name: policy
        properties:
          policyId: ${policy.id}
          action: allow
          direction: INGRESS
          enableLogging: true
          match:
            config:
              srcIpRanges:
                - 192.168.0.0/16
                - 10.0.0.0/8
              layer4Configs:
                - ipProtocol: tcp
                  ports:
                    - '22'
                - ipProtocol: icmp
          priority: 100
    

    Create OrganizationSecurityPolicyRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new OrganizationSecurityPolicyRule(name: string, args: OrganizationSecurityPolicyRuleArgs, opts?: CustomResourceOptions);
    @overload
    def OrganizationSecurityPolicyRule(resource_name: str,
                                       args: OrganizationSecurityPolicyRuleArgs,
                                       opts: Optional[ResourceOptions] = None)
    
    @overload
    def OrganizationSecurityPolicyRule(resource_name: str,
                                       opts: Optional[ResourceOptions] = None,
                                       action: Optional[str] = None,
                                       match: Optional[OrganizationSecurityPolicyRuleMatchArgs] = None,
                                       policy_id: Optional[str] = None,
                                       priority: Optional[int] = None,
                                       description: Optional[str] = None,
                                       direction: Optional[str] = None,
                                       enable_logging: Optional[bool] = None,
                                       preview: Optional[bool] = None,
                                       target_resources: Optional[Sequence[str]] = None,
                                       target_service_accounts: Optional[Sequence[str]] = None)
    func NewOrganizationSecurityPolicyRule(ctx *Context, name string, args OrganizationSecurityPolicyRuleArgs, opts ...ResourceOption) (*OrganizationSecurityPolicyRule, error)
    public OrganizationSecurityPolicyRule(string name, OrganizationSecurityPolicyRuleArgs args, CustomResourceOptions? opts = null)
    public OrganizationSecurityPolicyRule(String name, OrganizationSecurityPolicyRuleArgs args)
    public OrganizationSecurityPolicyRule(String name, OrganizationSecurityPolicyRuleArgs args, CustomResourceOptions options)
    
    type: gcp:compute:OrganizationSecurityPolicyRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args OrganizationSecurityPolicyRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args OrganizationSecurityPolicyRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args OrganizationSecurityPolicyRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args OrganizationSecurityPolicyRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args OrganizationSecurityPolicyRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var organizationSecurityPolicyRuleResource = new Gcp.Compute.OrganizationSecurityPolicyRule("organizationSecurityPolicyRuleResource", new()
    {
        Action = "string",
        Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
        {
            Config = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigArgs
            {
                Layer4Configs = new[]
                {
                    new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
                    {
                        IpProtocol = "string",
                        Ports = new[]
                        {
                            "string",
                        },
                    },
                },
                DestIpRanges = new[]
                {
                    "string",
                },
                SrcIpRanges = new[]
                {
                    "string",
                },
            },
            Description = "string",
            VersionedExpr = "string",
        },
        PolicyId = "string",
        Priority = 0,
        Description = "string",
        Direction = "string",
        EnableLogging = false,
        Preview = false,
        TargetResources = new[]
        {
            "string",
        },
        TargetServiceAccounts = new[]
        {
            "string",
        },
    });
    
    example, err := compute.NewOrganizationSecurityPolicyRule(ctx, "organizationSecurityPolicyRuleResource", &compute.OrganizationSecurityPolicyRuleArgs{
    	Action: pulumi.String("string"),
    	Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
    		Config: &compute.OrganizationSecurityPolicyRuleMatchConfigArgs{
    			Layer4Configs: compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArray{
    				&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
    					IpProtocol: pulumi.String("string"),
    					Ports: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			DestIpRanges: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			SrcIpRanges: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    		Description:   pulumi.String("string"),
    		VersionedExpr: pulumi.String("string"),
    	},
    	PolicyId:      pulumi.String("string"),
    	Priority:      pulumi.Int(0),
    	Description:   pulumi.String("string"),
    	Direction:     pulumi.String("string"),
    	EnableLogging: pulumi.Bool(false),
    	Preview:       pulumi.Bool(false),
    	TargetResources: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	TargetServiceAccounts: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    })
    
    var organizationSecurityPolicyRuleResource = new OrganizationSecurityPolicyRule("organizationSecurityPolicyRuleResource", OrganizationSecurityPolicyRuleArgs.builder()
        .action("string")
        .match(OrganizationSecurityPolicyRuleMatchArgs.builder()
            .config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
                .layer4Configs(OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
                    .ipProtocol("string")
                    .ports("string")
                    .build())
                .destIpRanges("string")
                .srcIpRanges("string")
                .build())
            .description("string")
            .versionedExpr("string")
            .build())
        .policyId("string")
        .priority(0)
        .description("string")
        .direction("string")
        .enableLogging(false)
        .preview(false)
        .targetResources("string")
        .targetServiceAccounts("string")
        .build());
    
    organization_security_policy_rule_resource = gcp.compute.OrganizationSecurityPolicyRule("organizationSecurityPolicyRuleResource",
        action="string",
        match={
            "config": {
                "layer4_configs": [{
                    "ip_protocol": "string",
                    "ports": ["string"],
                }],
                "dest_ip_ranges": ["string"],
                "src_ip_ranges": ["string"],
            },
            "description": "string",
            "versioned_expr": "string",
        },
        policy_id="string",
        priority=0,
        description="string",
        direction="string",
        enable_logging=False,
        preview=False,
        target_resources=["string"],
        target_service_accounts=["string"])
    
    const organizationSecurityPolicyRuleResource = new gcp.compute.OrganizationSecurityPolicyRule("organizationSecurityPolicyRuleResource", {
        action: "string",
        match: {
            config: {
                layer4Configs: [{
                    ipProtocol: "string",
                    ports: ["string"],
                }],
                destIpRanges: ["string"],
                srcIpRanges: ["string"],
            },
            description: "string",
            versionedExpr: "string",
        },
        policyId: "string",
        priority: 0,
        description: "string",
        direction: "string",
        enableLogging: false,
        preview: false,
        targetResources: ["string"],
        targetServiceAccounts: ["string"],
    });
    
    type: gcp:compute:OrganizationSecurityPolicyRule
    properties:
        action: string
        description: string
        direction: string
        enableLogging: false
        match:
            config:
                destIpRanges:
                    - string
                layer4Configs:
                    - ipProtocol: string
                      ports:
                        - string
                srcIpRanges:
                    - string
            description: string
            versionedExpr: string
        policyId: string
        preview: false
        priority: 0
        targetResources:
            - string
        targetServiceAccounts:
            - string
    

    OrganizationSecurityPolicyRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The OrganizationSecurityPolicyRule resource accepts the following input properties:

    Action string
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
    Match OrganizationSecurityPolicyRuleMatch
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    PolicyId string
    The ID of the OrganizationSecurityPolicy this rule applies to.
    Priority int
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
    Description string
    A description of the rule.
    Direction string
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
    EnableLogging bool
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    Preview bool
    If set to true, the specified action is not enforced.
    TargetResources List<string>
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    TargetServiceAccounts List<string>
    A list of service accounts indicating the sets of instances that are applied with this rule.
    Action string
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
    Match OrganizationSecurityPolicyRuleMatchArgs
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    PolicyId string
    The ID of the OrganizationSecurityPolicy this rule applies to.
    Priority int
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
    Description string
    A description of the rule.
    Direction string
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
    EnableLogging bool
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    Preview bool
    If set to true, the specified action is not enforced.
    TargetResources []string
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    TargetServiceAccounts []string
    A list of service accounts indicating the sets of instances that are applied with this rule.
    action String
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
    match OrganizationSecurityPolicyRuleMatch
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    policyId String
    The ID of the OrganizationSecurityPolicy this rule applies to.
    priority Integer
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
    description String
    A description of the rule.
    direction String
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
    enableLogging Boolean
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    preview Boolean
    If set to true, the specified action is not enforced.
    targetResources List<String>
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    targetServiceAccounts List<String>
    A list of service accounts indicating the sets of instances that are applied with this rule.
    action string
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
    match OrganizationSecurityPolicyRuleMatch
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    policyId string
    The ID of the OrganizationSecurityPolicy this rule applies to.
    priority number
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
    description string
    A description of the rule.
    direction string
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
    enableLogging boolean
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    preview boolean
    If set to true, the specified action is not enforced.
    targetResources string[]
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    targetServiceAccounts string[]
    A list of service accounts indicating the sets of instances that are applied with this rule.
    action str
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
    match OrganizationSecurityPolicyRuleMatchArgs
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    policy_id str
    The ID of the OrganizationSecurityPolicy this rule applies to.
    priority int
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
    description str
    A description of the rule.
    direction str
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
    enable_logging bool
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    preview bool
    If set to true, the specified action is not enforced.
    target_resources Sequence[str]
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    target_service_accounts Sequence[str]
    A list of service accounts indicating the sets of instances that are applied with this rule.
    action String
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
    match Property Map
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    policyId String
    The ID of the OrganizationSecurityPolicy this rule applies to.
    priority Number
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
    description String
    A description of the rule.
    direction String
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
    enableLogging Boolean
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    preview Boolean
    If set to true, the specified action is not enforced.
    targetResources List<String>
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    targetServiceAccounts List<String>
    A list of service accounts indicating the sets of instances that are applied with this rule.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the OrganizationSecurityPolicyRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing OrganizationSecurityPolicyRule Resource

    Get an existing OrganizationSecurityPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: OrganizationSecurityPolicyRuleState, opts?: CustomResourceOptions): OrganizationSecurityPolicyRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            action: Optional[str] = None,
            description: Optional[str] = None,
            direction: Optional[str] = None,
            enable_logging: Optional[bool] = None,
            match: Optional[OrganizationSecurityPolicyRuleMatchArgs] = None,
            policy_id: Optional[str] = None,
            preview: Optional[bool] = None,
            priority: Optional[int] = None,
            target_resources: Optional[Sequence[str]] = None,
            target_service_accounts: Optional[Sequence[str]] = None) -> OrganizationSecurityPolicyRule
    func GetOrganizationSecurityPolicyRule(ctx *Context, name string, id IDInput, state *OrganizationSecurityPolicyRuleState, opts ...ResourceOption) (*OrganizationSecurityPolicyRule, error)
    public static OrganizationSecurityPolicyRule Get(string name, Input<string> id, OrganizationSecurityPolicyRuleState? state, CustomResourceOptions? opts = null)
    public static OrganizationSecurityPolicyRule get(String name, Output<String> id, OrganizationSecurityPolicyRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Action string
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
    Description string
    A description of the rule.
    Direction string
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
    EnableLogging bool
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    Match OrganizationSecurityPolicyRuleMatch
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    PolicyId string
    The ID of the OrganizationSecurityPolicy this rule applies to.
    Preview bool
    If set to true, the specified action is not enforced.
    Priority int
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
    TargetResources List<string>
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    TargetServiceAccounts List<string>
    A list of service accounts indicating the sets of instances that are applied with this rule.
    Action string
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
    Description string
    A description of the rule.
    Direction string
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
    EnableLogging bool
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    Match OrganizationSecurityPolicyRuleMatchArgs
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    PolicyId string
    The ID of the OrganizationSecurityPolicy this rule applies to.
    Preview bool
    If set to true, the specified action is not enforced.
    Priority int
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
    TargetResources []string
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    TargetServiceAccounts []string
    A list of service accounts indicating the sets of instances that are applied with this rule.
    action String
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
    description String
    A description of the rule.
    direction String
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
    enableLogging Boolean
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    match OrganizationSecurityPolicyRuleMatch
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    policyId String
    The ID of the OrganizationSecurityPolicy this rule applies to.
    preview Boolean
    If set to true, the specified action is not enforced.
    priority Integer
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
    targetResources List<String>
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    targetServiceAccounts List<String>
    A list of service accounts indicating the sets of instances that are applied with this rule.
    action string
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
    description string
    A description of the rule.
    direction string
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
    enableLogging boolean
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    match OrganizationSecurityPolicyRuleMatch
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    policyId string
    The ID of the OrganizationSecurityPolicy this rule applies to.
    preview boolean
    If set to true, the specified action is not enforced.
    priority number
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
    targetResources string[]
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    targetServiceAccounts string[]
    A list of service accounts indicating the sets of instances that are applied with this rule.
    action str
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
    description str
    A description of the rule.
    direction str
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
    enable_logging bool
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    match OrganizationSecurityPolicyRuleMatchArgs
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    policy_id str
    The ID of the OrganizationSecurityPolicy this rule applies to.
    preview bool
    If set to true, the specified action is not enforced.
    priority int
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
    target_resources Sequence[str]
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    target_service_accounts Sequence[str]
    A list of service accounts indicating the sets of instances that are applied with this rule.
    action String
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
    description String
    A description of the rule.
    direction String
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
    enableLogging Boolean
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    match Property Map
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    policyId String
    The ID of the OrganizationSecurityPolicy this rule applies to.
    preview Boolean
    If set to true, the specified action is not enforced.
    priority Number
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
    targetResources List<String>
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    targetServiceAccounts List<String>
    A list of service accounts indicating the sets of instances that are applied with this rule.

    Supporting Types

    OrganizationSecurityPolicyRuleMatch, OrganizationSecurityPolicyRuleMatchArgs

    Config OrganizationSecurityPolicyRuleMatchConfig
    The configuration options for matching the rule. Structure is documented below.
    Description string
    A description of the rule.
    VersionedExpr string
    Preconfigured versioned expression. For organization security policy rules, the only supported type is "FIREWALL". Default value is FIREWALL. Possible values are: FIREWALL.
    Config OrganizationSecurityPolicyRuleMatchConfig
    The configuration options for matching the rule. Structure is documented below.
    Description string
    A description of the rule.
    VersionedExpr string
    Preconfigured versioned expression. For organization security policy rules, the only supported type is "FIREWALL". Default value is FIREWALL. Possible values are: FIREWALL.
    config OrganizationSecurityPolicyRuleMatchConfig
    The configuration options for matching the rule. Structure is documented below.
    description String
    A description of the rule.
    versionedExpr String
    Preconfigured versioned expression. For organization security policy rules, the only supported type is "FIREWALL". Default value is FIREWALL. Possible values are: FIREWALL.
    config OrganizationSecurityPolicyRuleMatchConfig
    The configuration options for matching the rule. Structure is documented below.
    description string
    A description of the rule.
    versionedExpr string
    Preconfigured versioned expression. For organization security policy rules, the only supported type is "FIREWALL". Default value is FIREWALL. Possible values are: FIREWALL.
    config OrganizationSecurityPolicyRuleMatchConfig
    The configuration options for matching the rule. Structure is documented below.
    description str
    A description of the rule.
    versioned_expr str
    Preconfigured versioned expression. For organization security policy rules, the only supported type is "FIREWALL". Default value is FIREWALL. Possible values are: FIREWALL.
    config Property Map
    The configuration options for matching the rule. Structure is documented below.
    description String
    A description of the rule.
    versionedExpr String
    Preconfigured versioned expression. For organization security policy rules, the only supported type is "FIREWALL". Default value is FIREWALL. Possible values are: FIREWALL.

    OrganizationSecurityPolicyRuleMatchConfig, OrganizationSecurityPolicyRuleMatchConfigArgs

    Layer4Configs List<OrganizationSecurityPolicyRuleMatchConfigLayer4Config>

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    DestIpRanges List<string>
    Destination IP address range in CIDR format. Required for EGRESS rules.
    SrcIpRanges List<string>
    Source IP address range in CIDR format. Required for INGRESS rules.
    Layer4Configs []OrganizationSecurityPolicyRuleMatchConfigLayer4Config

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    DestIpRanges []string
    Destination IP address range in CIDR format. Required for EGRESS rules.
    SrcIpRanges []string
    Source IP address range in CIDR format. Required for INGRESS rules.
    layer4Configs List<OrganizationSecurityPolicyRuleMatchConfigLayer4Config>

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    destIpRanges List<String>
    Destination IP address range in CIDR format. Required for EGRESS rules.
    srcIpRanges List<String>
    Source IP address range in CIDR format. Required for INGRESS rules.
    layer4Configs OrganizationSecurityPolicyRuleMatchConfigLayer4Config[]

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    destIpRanges string[]
    Destination IP address range in CIDR format. Required for EGRESS rules.
    srcIpRanges string[]
    Source IP address range in CIDR format. Required for INGRESS rules.
    layer4_configs Sequence[OrganizationSecurityPolicyRuleMatchConfigLayer4Config]

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    dest_ip_ranges Sequence[str]
    Destination IP address range in CIDR format. Required for EGRESS rules.
    src_ip_ranges Sequence[str]
    Source IP address range in CIDR format. Required for INGRESS rules.
    layer4Configs List<Property Map>

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    destIpRanges List<String>
    Destination IP address range in CIDR format. Required for EGRESS rules.
    srcIpRanges List<String>
    Source IP address range in CIDR format. Required for INGRESS rules.

    OrganizationSecurityPolicyRuleMatchConfigLayer4Config, OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs

    IpProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    Ports List<string>

    An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.

    Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

    IpProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    Ports []string

    An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.

    Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

    ipProtocol String
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    ports List<String>

    An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.

    Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

    ipProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    ports string[]

    An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.

    Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

    ip_protocol str
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    ports Sequence[str]

    An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.

    Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

    ipProtocol String
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    ports List<String>

    An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.

    Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

    Import

    OrganizationSecurityPolicyRule can be imported using any of these accepted formats:

    • {{policy_id}}/priority/{{priority}}

    When using the pulumi import command, OrganizationSecurityPolicyRule can be imported using one of the formats above. For example:

    $ pulumi import gcp:compute/organizationSecurityPolicyRule:OrganizationSecurityPolicyRule default {{policy_id}}/priority/{{priority}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi