gcp.compute.OrganizationSecurityPolicyRule
Explore with Pulumi AI
A rule for the OrganizationSecurityPolicy.
To get more information about OrganizationSecurityPolicyRule, see:
- API documentation
- How-to Guides
Example Usage
Organization Security Policy Rule Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
displayName: "tf-test",
parent: "organizations/123456789",
});
const policyOrganizationSecurityPolicyRule = new gcp.compute.OrganizationSecurityPolicyRule("policy", {
policyId: policy.id,
action: "allow",
direction: "INGRESS",
enableLogging: true,
match: {
config: {
srcIpRanges: [
"192.168.0.0/16",
"10.0.0.0/8",
],
layer4Configs: [
{
ipProtocol: "tcp",
ports: ["22"],
},
{
ipProtocol: "icmp",
},
],
},
},
priority: 100,
});
import pulumi
import pulumi_gcp as gcp
policy = gcp.compute.OrganizationSecurityPolicy("policy",
display_name="tf-test",
parent="organizations/123456789")
policy_organization_security_policy_rule = gcp.compute.OrganizationSecurityPolicyRule("policy",
policy_id=policy.id,
action="allow",
direction="INGRESS",
enable_logging=True,
match={
"config": {
"src_ip_ranges": [
"192.168.0.0/16",
"10.0.0.0/8",
],
"layer4_configs": [
{
"ip_protocol": "tcp",
"ports": ["22"],
},
{
"ip_protocol": "icmp",
},
],
},
},
priority=100)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
policy, err := compute.NewOrganizationSecurityPolicy(ctx, "policy", &compute.OrganizationSecurityPolicyArgs{
DisplayName: pulumi.String("tf-test"),
Parent: pulumi.String("organizations/123456789"),
})
if err != nil {
return err
}
_, err = compute.NewOrganizationSecurityPolicyRule(ctx, "policy", &compute.OrganizationSecurityPolicyRuleArgs{
PolicyId: policy.ID(),
Action: pulumi.String("allow"),
Direction: pulumi.String("INGRESS"),
EnableLogging: pulumi.Bool(true),
Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
Config: &compute.OrganizationSecurityPolicyRuleMatchConfigArgs{
SrcIpRanges: pulumi.StringArray{
pulumi.String("192.168.0.0/16"),
pulumi.String("10.0.0.0/8"),
},
Layer4Configs: compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArray{
&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
IpProtocol: pulumi.String("tcp"),
Ports: pulumi.StringArray{
pulumi.String("22"),
},
},
&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
IpProtocol: pulumi.String("icmp"),
},
},
},
},
Priority: pulumi.Int(100),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var policy = new Gcp.Compute.OrganizationSecurityPolicy("policy", new()
{
DisplayName = "tf-test",
Parent = "organizations/123456789",
});
var policyOrganizationSecurityPolicyRule = new Gcp.Compute.OrganizationSecurityPolicyRule("policy", new()
{
PolicyId = policy.Id,
Action = "allow",
Direction = "INGRESS",
EnableLogging = true,
Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
{
Config = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigArgs
{
SrcIpRanges = new[]
{
"192.168.0.0/16",
"10.0.0.0/8",
},
Layer4Configs = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
{
IpProtocol = "tcp",
Ports = new[]
{
"22",
},
},
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
{
IpProtocol = "icmp",
},
},
},
},
Priority = 100,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new OrganizationSecurityPolicy("policy", OrganizationSecurityPolicyArgs.builder()
.displayName("tf-test")
.parent("organizations/123456789")
.build());
var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
.policyId(policy.id())
.action("allow")
.direction("INGRESS")
.enableLogging(true)
.match(OrganizationSecurityPolicyRuleMatchArgs.builder()
.config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
.srcIpRanges(
"192.168.0.0/16",
"10.0.0.0/8")
.layer4Configs(
OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
.ipProtocol("tcp")
.ports("22")
.build(),
OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
.ipProtocol("icmp")
.build())
.build())
.build())
.priority(100)
.build());
}
}
resources:
policy:
type: gcp:compute:OrganizationSecurityPolicy
properties:
displayName: tf-test
parent: organizations/123456789
policyOrganizationSecurityPolicyRule:
type: gcp:compute:OrganizationSecurityPolicyRule
name: policy
properties:
policyId: ${policy.id}
action: allow
direction: INGRESS
enableLogging: true
match:
config:
srcIpRanges:
- 192.168.0.0/16
- 10.0.0.0/8
layer4Configs:
- ipProtocol: tcp
ports:
- '22'
- ipProtocol: icmp
priority: 100
Create OrganizationSecurityPolicyRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OrganizationSecurityPolicyRule(name: string, args: OrganizationSecurityPolicyRuleArgs, opts?: CustomResourceOptions);
@overload
def OrganizationSecurityPolicyRule(resource_name: str,
args: OrganizationSecurityPolicyRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def OrganizationSecurityPolicyRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
match: Optional[OrganizationSecurityPolicyRuleMatchArgs] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
description: Optional[str] = None,
direction: Optional[str] = None,
enable_logging: Optional[bool] = None,
preview: Optional[bool] = None,
target_resources: Optional[Sequence[str]] = None,
target_service_accounts: Optional[Sequence[str]] = None)
func NewOrganizationSecurityPolicyRule(ctx *Context, name string, args OrganizationSecurityPolicyRuleArgs, opts ...ResourceOption) (*OrganizationSecurityPolicyRule, error)
public OrganizationSecurityPolicyRule(string name, OrganizationSecurityPolicyRuleArgs args, CustomResourceOptions? opts = null)
public OrganizationSecurityPolicyRule(String name, OrganizationSecurityPolicyRuleArgs args)
public OrganizationSecurityPolicyRule(String name, OrganizationSecurityPolicyRuleArgs args, CustomResourceOptions options)
type: gcp:compute:OrganizationSecurityPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args OrganizationSecurityPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationSecurityPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationSecurityPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationSecurityPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationSecurityPolicyRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var organizationSecurityPolicyRuleResource = new Gcp.Compute.OrganizationSecurityPolicyRule("organizationSecurityPolicyRuleResource", new()
{
Action = "string",
Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
{
Config = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigArgs
{
Layer4Configs = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
{
IpProtocol = "string",
Ports = new[]
{
"string",
},
},
},
DestIpRanges = new[]
{
"string",
},
SrcIpRanges = new[]
{
"string",
},
},
Description = "string",
VersionedExpr = "string",
},
PolicyId = "string",
Priority = 0,
Description = "string",
Direction = "string",
EnableLogging = false,
Preview = false,
TargetResources = new[]
{
"string",
},
TargetServiceAccounts = new[]
{
"string",
},
});
example, err := compute.NewOrganizationSecurityPolicyRule(ctx, "organizationSecurityPolicyRuleResource", &compute.OrganizationSecurityPolicyRuleArgs{
Action: pulumi.String("string"),
Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
Config: &compute.OrganizationSecurityPolicyRuleMatchConfigArgs{
Layer4Configs: compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArray{
&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
IpProtocol: pulumi.String("string"),
Ports: pulumi.StringArray{
pulumi.String("string"),
},
},
},
DestIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
SrcIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
},
Description: pulumi.String("string"),
VersionedExpr: pulumi.String("string"),
},
PolicyId: pulumi.String("string"),
Priority: pulumi.Int(0),
Description: pulumi.String("string"),
Direction: pulumi.String("string"),
EnableLogging: pulumi.Bool(false),
Preview: pulumi.Bool(false),
TargetResources: pulumi.StringArray{
pulumi.String("string"),
},
TargetServiceAccounts: pulumi.StringArray{
pulumi.String("string"),
},
})
var organizationSecurityPolicyRuleResource = new OrganizationSecurityPolicyRule("organizationSecurityPolicyRuleResource", OrganizationSecurityPolicyRuleArgs.builder()
.action("string")
.match(OrganizationSecurityPolicyRuleMatchArgs.builder()
.config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
.layer4Configs(OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
.ipProtocol("string")
.ports("string")
.build())
.destIpRanges("string")
.srcIpRanges("string")
.build())
.description("string")
.versionedExpr("string")
.build())
.policyId("string")
.priority(0)
.description("string")
.direction("string")
.enableLogging(false)
.preview(false)
.targetResources("string")
.targetServiceAccounts("string")
.build());
organization_security_policy_rule_resource = gcp.compute.OrganizationSecurityPolicyRule("organizationSecurityPolicyRuleResource",
action="string",
match={
"config": {
"layer4_configs": [{
"ip_protocol": "string",
"ports": ["string"],
}],
"dest_ip_ranges": ["string"],
"src_ip_ranges": ["string"],
},
"description": "string",
"versioned_expr": "string",
},
policy_id="string",
priority=0,
description="string",
direction="string",
enable_logging=False,
preview=False,
target_resources=["string"],
target_service_accounts=["string"])
const organizationSecurityPolicyRuleResource = new gcp.compute.OrganizationSecurityPolicyRule("organizationSecurityPolicyRuleResource", {
action: "string",
match: {
config: {
layer4Configs: [{
ipProtocol: "string",
ports: ["string"],
}],
destIpRanges: ["string"],
srcIpRanges: ["string"],
},
description: "string",
versionedExpr: "string",
},
policyId: "string",
priority: 0,
description: "string",
direction: "string",
enableLogging: false,
preview: false,
targetResources: ["string"],
targetServiceAccounts: ["string"],
});
type: gcp:compute:OrganizationSecurityPolicyRule
properties:
action: string
description: string
direction: string
enableLogging: false
match:
config:
destIpRanges:
- string
layer4Configs:
- ipProtocol: string
ports:
- string
srcIpRanges:
- string
description: string
versionedExpr: string
policyId: string
preview: false
priority: 0
targetResources:
- string
targetServiceAccounts:
- string
OrganizationSecurityPolicyRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OrganizationSecurityPolicyRule resource accepts the following input properties:
- Action string
- The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
- Match
Organization
Security Policy Rule Match - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- Policy
Id string - The ID of the OrganizationSecurityPolicy this rule applies to.
- Priority int
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- Description string
- A description of the rule.
- Direction string
- The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
- Enable
Logging bool - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
- Preview bool
- If set to true, the specified action is not enforced.
- Target
Resources List<string> - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- Target
Service List<string>Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- Action string
- The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
- Match
Organization
Security Policy Rule Match Args - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- Policy
Id string - The ID of the OrganizationSecurityPolicy this rule applies to.
- Priority int
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- Description string
- A description of the rule.
- Direction string
- The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
- Enable
Logging bool - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
- Preview bool
- If set to true, the specified action is not enforced.
- Target
Resources []string - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- Target
Service []stringAccounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action String
- The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
- match
Organization
Security Policy Rule Match - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy
Id String - The ID of the OrganizationSecurityPolicy this rule applies to.
- priority Integer
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- description String
- A description of the rule.
- direction String
- The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
- enable
Logging Boolean - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
- preview Boolean
- If set to true, the specified action is not enforced.
- target
Resources List<String> - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target
Service List<String>Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action string
- The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
- match
Organization
Security Policy Rule Match - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy
Id string - The ID of the OrganizationSecurityPolicy this rule applies to.
- priority number
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- description string
- A description of the rule.
- direction string
- The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
- enable
Logging boolean - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
- preview boolean
- If set to true, the specified action is not enforced.
- target
Resources string[] - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target
Service string[]Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action str
- The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
- match
Organization
Security Policy Rule Match Args - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy_
id str - The ID of the OrganizationSecurityPolicy this rule applies to.
- priority int
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- description str
- A description of the rule.
- direction str
- The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
- enable_
logging bool - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
- preview bool
- If set to true, the specified action is not enforced.
- target_
resources Sequence[str] - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target_
service_ Sequence[str]accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action String
- The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
- match Property Map
- A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy
Id String - The ID of the OrganizationSecurityPolicy this rule applies to.
- priority Number
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- description String
- A description of the rule.
- direction String
- The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
- enable
Logging Boolean - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
- preview Boolean
- If set to true, the specified action is not enforced.
- target
Resources List<String> - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target
Service List<String>Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
Outputs
All input properties are implicitly available as output properties. Additionally, the OrganizationSecurityPolicyRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing OrganizationSecurityPolicyRule Resource
Get an existing OrganizationSecurityPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrganizationSecurityPolicyRuleState, opts?: CustomResourceOptions): OrganizationSecurityPolicyRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
description: Optional[str] = None,
direction: Optional[str] = None,
enable_logging: Optional[bool] = None,
match: Optional[OrganizationSecurityPolicyRuleMatchArgs] = None,
policy_id: Optional[str] = None,
preview: Optional[bool] = None,
priority: Optional[int] = None,
target_resources: Optional[Sequence[str]] = None,
target_service_accounts: Optional[Sequence[str]] = None) -> OrganizationSecurityPolicyRule
func GetOrganizationSecurityPolicyRule(ctx *Context, name string, id IDInput, state *OrganizationSecurityPolicyRuleState, opts ...ResourceOption) (*OrganizationSecurityPolicyRule, error)
public static OrganizationSecurityPolicyRule Get(string name, Input<string> id, OrganizationSecurityPolicyRuleState? state, CustomResourceOptions? opts = null)
public static OrganizationSecurityPolicyRule get(String name, Output<String> id, OrganizationSecurityPolicyRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
- Description string
- A description of the rule.
- Direction string
- The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
- Enable
Logging bool - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
- Match
Organization
Security Policy Rule Match - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- Policy
Id string - The ID of the OrganizationSecurityPolicy this rule applies to.
- Preview bool
- If set to true, the specified action is not enforced.
- Priority int
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- Target
Resources List<string> - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- Target
Service List<string>Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- Action string
- The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
- Description string
- A description of the rule.
- Direction string
- The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
- Enable
Logging bool - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
- Match
Organization
Security Policy Rule Match Args - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- Policy
Id string - The ID of the OrganizationSecurityPolicy this rule applies to.
- Preview bool
- If set to true, the specified action is not enforced.
- Priority int
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- Target
Resources []string - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- Target
Service []stringAccounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action String
- The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
- description String
- A description of the rule.
- direction String
- The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
- enable
Logging Boolean - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
- match
Organization
Security Policy Rule Match - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy
Id String - The ID of the OrganizationSecurityPolicy this rule applies to.
- preview Boolean
- If set to true, the specified action is not enforced.
- priority Integer
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- target
Resources List<String> - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target
Service List<String>Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action string
- The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
- description string
- A description of the rule.
- direction string
- The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
- enable
Logging boolean - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
- match
Organization
Security Policy Rule Match - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy
Id string - The ID of the OrganizationSecurityPolicy this rule applies to.
- preview boolean
- If set to true, the specified action is not enforced.
- priority number
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- target
Resources string[] - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target
Service string[]Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action str
- The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
- description str
- A description of the rule.
- direction str
- The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
- enable_
logging bool - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
- match
Organization
Security Policy Rule Match Args - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy_
id str - The ID of the OrganizationSecurityPolicy this rule applies to.
- preview bool
- If set to true, the specified action is not enforced.
- priority int
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- target_
resources Sequence[str] - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target_
service_ Sequence[str]accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action String
- The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".
- description String
- A description of the rule.
- direction String
- The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]
- enable
Logging Boolean - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
- match Property Map
- A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy
Id String - The ID of the OrganizationSecurityPolicy this rule applies to.
- preview Boolean
- If set to true, the specified action is not enforced.
- priority Number
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- target
Resources List<String> - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target
Service List<String>Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
Supporting Types
OrganizationSecurityPolicyRuleMatch, OrganizationSecurityPolicyRuleMatchArgs
- Config
Organization
Security Policy Rule Match Config - The configuration options for matching the rule. Structure is documented below.
- Description string
- A description of the rule.
- Versioned
Expr string - Preconfigured versioned expression. For organization security policy rules,
the only supported type is "FIREWALL".
Default value is
FIREWALL
. Possible values are:FIREWALL
.
- Config
Organization
Security Policy Rule Match Config - The configuration options for matching the rule. Structure is documented below.
- Description string
- A description of the rule.
- Versioned
Expr string - Preconfigured versioned expression. For organization security policy rules,
the only supported type is "FIREWALL".
Default value is
FIREWALL
. Possible values are:FIREWALL
.
- config
Organization
Security Policy Rule Match Config - The configuration options for matching the rule. Structure is documented below.
- description String
- A description of the rule.
- versioned
Expr String - Preconfigured versioned expression. For organization security policy rules,
the only supported type is "FIREWALL".
Default value is
FIREWALL
. Possible values are:FIREWALL
.
- config
Organization
Security Policy Rule Match Config - The configuration options for matching the rule. Structure is documented below.
- description string
- A description of the rule.
- versioned
Expr string - Preconfigured versioned expression. For organization security policy rules,
the only supported type is "FIREWALL".
Default value is
FIREWALL
. Possible values are:FIREWALL
.
- config
Organization
Security Policy Rule Match Config - The configuration options for matching the rule. Structure is documented below.
- description str
- A description of the rule.
- versioned_
expr str - Preconfigured versioned expression. For organization security policy rules,
the only supported type is "FIREWALL".
Default value is
FIREWALL
. Possible values are:FIREWALL
.
- config Property Map
- The configuration options for matching the rule. Structure is documented below.
- description String
- A description of the rule.
- versioned
Expr String - Preconfigured versioned expression. For organization security policy rules,
the only supported type is "FIREWALL".
Default value is
FIREWALL
. Possible values are:FIREWALL
.
OrganizationSecurityPolicyRuleMatchConfig, OrganizationSecurityPolicyRuleMatchConfigArgs
- Layer4Configs
List<Organization
Security Policy Rule Match Config Layer4Config> Pairs of IP protocols and ports that the rule should match. Structure is documented below.
The
layer4_config
block supports:- Dest
Ip List<string>Ranges - Destination IP address range in CIDR format. Required for EGRESS rules.
- Src
Ip List<string>Ranges - Source IP address range in CIDR format. Required for INGRESS rules.
- Layer4Configs
[]Organization
Security Policy Rule Match Config Layer4Config Pairs of IP protocols and ports that the rule should match. Structure is documented below.
The
layer4_config
block supports:- Dest
Ip []stringRanges - Destination IP address range in CIDR format. Required for EGRESS rules.
- Src
Ip []stringRanges - Source IP address range in CIDR format. Required for INGRESS rules.
- layer4Configs
List<Organization
Security Policy Rule Match Config Layer4Config> Pairs of IP protocols and ports that the rule should match. Structure is documented below.
The
layer4_config
block supports:- dest
Ip List<String>Ranges - Destination IP address range in CIDR format. Required for EGRESS rules.
- src
Ip List<String>Ranges - Source IP address range in CIDR format. Required for INGRESS rules.
- layer4Configs
Organization
Security Policy Rule Match Config Layer4Config[] Pairs of IP protocols and ports that the rule should match. Structure is documented below.
The
layer4_config
block supports:- dest
Ip string[]Ranges - Destination IP address range in CIDR format. Required for EGRESS rules.
- src
Ip string[]Ranges - Source IP address range in CIDR format. Required for INGRESS rules.
- layer4_
configs Sequence[OrganizationSecurity Policy Rule Match Config Layer4Config] Pairs of IP protocols and ports that the rule should match. Structure is documented below.
The
layer4_config
block supports:- dest_
ip_ Sequence[str]ranges - Destination IP address range in CIDR format. Required for EGRESS rules.
- src_
ip_ Sequence[str]ranges - Source IP address range in CIDR format. Required for INGRESS rules.
- layer4Configs List<Property Map>
Pairs of IP protocols and ports that the rule should match. Structure is documented below.
The
layer4_config
block supports:- dest
Ip List<String>Ranges - Destination IP address range in CIDR format. Required for EGRESS rules.
- src
Ip List<String>Ranges - Source IP address range in CIDR format. Required for INGRESS rules.
OrganizationSecurityPolicyRuleMatchConfigLayer4Config, OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- Ports List<string>
An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.
Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- Ports []string
An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.
Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports List<String>
An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.
Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports string[]
An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.
Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip_
protocol str - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports Sequence[str]
An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.
Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports List<String>
An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.
Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
Import
OrganizationSecurityPolicyRule can be imported using any of these accepted formats:
{{policy_id}}/priority/{{priority}}
When using the pulumi import
command, OrganizationSecurityPolicyRule can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/organizationSecurityPolicyRule:OrganizationSecurityPolicyRule default {{policy_id}}/priority/{{priority}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.