1. Packages
  2. Oracle Cloud Infrastructure
  3. API Docs
  4. NetworkFirewall
  5. NetworkFirewallPolicyDecryptionProfile
Oracle Cloud Infrastructure v2.17.0 published on Friday, Nov 15, 2024 by Pulumi

oci.NetworkFirewall.NetworkFirewallPolicyDecryptionProfile

Explore with Pulumi AI

oci logo
Oracle Cloud Infrastructure v2.17.0 published on Friday, Nov 15, 2024 by Pulumi

    This resource provides the Network Firewall Policy Decryption Profile resource in Oracle Cloud Infrastructure Network Firewall service.

    Creates a new Decryption Profile for the Network Firewall Policy.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as oci from "@pulumi/oci";
    
    const testNetworkFirewallPolicyDecryptionProfile = new oci.networkfirewall.NetworkFirewallPolicyDecryptionProfile("test_network_firewall_policy_decryption_profile", {
        name: networkFirewallPolicyDecryptionProfileName,
        networkFirewallPolicyId: testNetworkFirewallPolicy.id,
        type: networkFirewallPolicyDecryptionProfileType,
        areCertificateExtensionsRestricted: networkFirewallPolicyDecryptionProfileAreCertificateExtensionsRestricted,
        isAutoIncludeAltName: networkFirewallPolicyDecryptionProfileIsAutoIncludeAltName,
        isExpiredCertificateBlocked: networkFirewallPolicyDecryptionProfileIsExpiredCertificateBlocked,
        isOutOfCapacityBlocked: networkFirewallPolicyDecryptionProfileIsOutOfCapacityBlocked,
        isRevocationStatusTimeoutBlocked: networkFirewallPolicyDecryptionProfileIsRevocationStatusTimeoutBlocked,
        isUnknownRevocationStatusBlocked: networkFirewallPolicyDecryptionProfileIsUnknownRevocationStatusBlocked,
        isUnsupportedCipherBlocked: networkFirewallPolicyDecryptionProfileIsUnsupportedCipherBlocked,
        isUnsupportedVersionBlocked: networkFirewallPolicyDecryptionProfileIsUnsupportedVersionBlocked,
        isUntrustedIssuerBlocked: networkFirewallPolicyDecryptionProfileIsUntrustedIssuerBlocked,
    });
    
    import pulumi
    import pulumi_oci as oci
    
    test_network_firewall_policy_decryption_profile = oci.network_firewall.NetworkFirewallPolicyDecryptionProfile("test_network_firewall_policy_decryption_profile",
        name=network_firewall_policy_decryption_profile_name,
        network_firewall_policy_id=test_network_firewall_policy["id"],
        type=network_firewall_policy_decryption_profile_type,
        are_certificate_extensions_restricted=network_firewall_policy_decryption_profile_are_certificate_extensions_restricted,
        is_auto_include_alt_name=network_firewall_policy_decryption_profile_is_auto_include_alt_name,
        is_expired_certificate_blocked=network_firewall_policy_decryption_profile_is_expired_certificate_blocked,
        is_out_of_capacity_blocked=network_firewall_policy_decryption_profile_is_out_of_capacity_blocked,
        is_revocation_status_timeout_blocked=network_firewall_policy_decryption_profile_is_revocation_status_timeout_blocked,
        is_unknown_revocation_status_blocked=network_firewall_policy_decryption_profile_is_unknown_revocation_status_blocked,
        is_unsupported_cipher_blocked=network_firewall_policy_decryption_profile_is_unsupported_cipher_blocked,
        is_unsupported_version_blocked=network_firewall_policy_decryption_profile_is_unsupported_version_blocked,
        is_untrusted_issuer_blocked=network_firewall_policy_decryption_profile_is_untrusted_issuer_blocked)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/NetworkFirewall"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := NetworkFirewall.NewNetworkFirewallPolicyDecryptionProfile(ctx, "test_network_firewall_policy_decryption_profile", &NetworkFirewall.NetworkFirewallPolicyDecryptionProfileArgs{
    			Name:                               pulumi.Any(networkFirewallPolicyDecryptionProfileName),
    			NetworkFirewallPolicyId:            pulumi.Any(testNetworkFirewallPolicy.Id),
    			Type:                               pulumi.Any(networkFirewallPolicyDecryptionProfileType),
    			AreCertificateExtensionsRestricted: pulumi.Any(networkFirewallPolicyDecryptionProfileAreCertificateExtensionsRestricted),
    			IsAutoIncludeAltName:               pulumi.Any(networkFirewallPolicyDecryptionProfileIsAutoIncludeAltName),
    			IsExpiredCertificateBlocked:        pulumi.Any(networkFirewallPolicyDecryptionProfileIsExpiredCertificateBlocked),
    			IsOutOfCapacityBlocked:             pulumi.Any(networkFirewallPolicyDecryptionProfileIsOutOfCapacityBlocked),
    			IsRevocationStatusTimeoutBlocked:   pulumi.Any(networkFirewallPolicyDecryptionProfileIsRevocationStatusTimeoutBlocked),
    			IsUnknownRevocationStatusBlocked:   pulumi.Any(networkFirewallPolicyDecryptionProfileIsUnknownRevocationStatusBlocked),
    			IsUnsupportedCipherBlocked:         pulumi.Any(networkFirewallPolicyDecryptionProfileIsUnsupportedCipherBlocked),
    			IsUnsupportedVersionBlocked:        pulumi.Any(networkFirewallPolicyDecryptionProfileIsUnsupportedVersionBlocked),
    			IsUntrustedIssuerBlocked:           pulumi.Any(networkFirewallPolicyDecryptionProfileIsUntrustedIssuerBlocked),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Oci = Pulumi.Oci;
    
    return await Deployment.RunAsync(() => 
    {
        var testNetworkFirewallPolicyDecryptionProfile = new Oci.NetworkFirewall.NetworkFirewallPolicyDecryptionProfile("test_network_firewall_policy_decryption_profile", new()
        {
            Name = networkFirewallPolicyDecryptionProfileName,
            NetworkFirewallPolicyId = testNetworkFirewallPolicy.Id,
            Type = networkFirewallPolicyDecryptionProfileType,
            AreCertificateExtensionsRestricted = networkFirewallPolicyDecryptionProfileAreCertificateExtensionsRestricted,
            IsAutoIncludeAltName = networkFirewallPolicyDecryptionProfileIsAutoIncludeAltName,
            IsExpiredCertificateBlocked = networkFirewallPolicyDecryptionProfileIsExpiredCertificateBlocked,
            IsOutOfCapacityBlocked = networkFirewallPolicyDecryptionProfileIsOutOfCapacityBlocked,
            IsRevocationStatusTimeoutBlocked = networkFirewallPolicyDecryptionProfileIsRevocationStatusTimeoutBlocked,
            IsUnknownRevocationStatusBlocked = networkFirewallPolicyDecryptionProfileIsUnknownRevocationStatusBlocked,
            IsUnsupportedCipherBlocked = networkFirewallPolicyDecryptionProfileIsUnsupportedCipherBlocked,
            IsUnsupportedVersionBlocked = networkFirewallPolicyDecryptionProfileIsUnsupportedVersionBlocked,
            IsUntrustedIssuerBlocked = networkFirewallPolicyDecryptionProfileIsUntrustedIssuerBlocked,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.oci.NetworkFirewall.NetworkFirewallPolicyDecryptionProfile;
    import com.pulumi.oci.NetworkFirewall.NetworkFirewallPolicyDecryptionProfileArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testNetworkFirewallPolicyDecryptionProfile = new NetworkFirewallPolicyDecryptionProfile("testNetworkFirewallPolicyDecryptionProfile", NetworkFirewallPolicyDecryptionProfileArgs.builder()
                .name(networkFirewallPolicyDecryptionProfileName)
                .networkFirewallPolicyId(testNetworkFirewallPolicy.id())
                .type(networkFirewallPolicyDecryptionProfileType)
                .areCertificateExtensionsRestricted(networkFirewallPolicyDecryptionProfileAreCertificateExtensionsRestricted)
                .isAutoIncludeAltName(networkFirewallPolicyDecryptionProfileIsAutoIncludeAltName)
                .isExpiredCertificateBlocked(networkFirewallPolicyDecryptionProfileIsExpiredCertificateBlocked)
                .isOutOfCapacityBlocked(networkFirewallPolicyDecryptionProfileIsOutOfCapacityBlocked)
                .isRevocationStatusTimeoutBlocked(networkFirewallPolicyDecryptionProfileIsRevocationStatusTimeoutBlocked)
                .isUnknownRevocationStatusBlocked(networkFirewallPolicyDecryptionProfileIsUnknownRevocationStatusBlocked)
                .isUnsupportedCipherBlocked(networkFirewallPolicyDecryptionProfileIsUnsupportedCipherBlocked)
                .isUnsupportedVersionBlocked(networkFirewallPolicyDecryptionProfileIsUnsupportedVersionBlocked)
                .isUntrustedIssuerBlocked(networkFirewallPolicyDecryptionProfileIsUntrustedIssuerBlocked)
                .build());
    
        }
    }
    
    resources:
      testNetworkFirewallPolicyDecryptionProfile:
        type: oci:NetworkFirewall:NetworkFirewallPolicyDecryptionProfile
        name: test_network_firewall_policy_decryption_profile
        properties:
          name: ${networkFirewallPolicyDecryptionProfileName}
          networkFirewallPolicyId: ${testNetworkFirewallPolicy.id}
          type: ${networkFirewallPolicyDecryptionProfileType}
          areCertificateExtensionsRestricted: ${networkFirewallPolicyDecryptionProfileAreCertificateExtensionsRestricted}
          isAutoIncludeAltName: ${networkFirewallPolicyDecryptionProfileIsAutoIncludeAltName}
          isExpiredCertificateBlocked: ${networkFirewallPolicyDecryptionProfileIsExpiredCertificateBlocked}
          isOutOfCapacityBlocked: ${networkFirewallPolicyDecryptionProfileIsOutOfCapacityBlocked}
          isRevocationStatusTimeoutBlocked: ${networkFirewallPolicyDecryptionProfileIsRevocationStatusTimeoutBlocked}
          isUnknownRevocationStatusBlocked: ${networkFirewallPolicyDecryptionProfileIsUnknownRevocationStatusBlocked}
          isUnsupportedCipherBlocked: ${networkFirewallPolicyDecryptionProfileIsUnsupportedCipherBlocked}
          isUnsupportedVersionBlocked: ${networkFirewallPolicyDecryptionProfileIsUnsupportedVersionBlocked}
          isUntrustedIssuerBlocked: ${networkFirewallPolicyDecryptionProfileIsUntrustedIssuerBlocked}
    

    Create NetworkFirewallPolicyDecryptionProfile Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new NetworkFirewallPolicyDecryptionProfile(name: string, args: NetworkFirewallPolicyDecryptionProfileArgs, opts?: CustomResourceOptions);
    @overload
    def NetworkFirewallPolicyDecryptionProfile(resource_name: str,
                                               args: NetworkFirewallPolicyDecryptionProfileArgs,
                                               opts: Optional[ResourceOptions] = None)
    
    @overload
    def NetworkFirewallPolicyDecryptionProfile(resource_name: str,
                                               opts: Optional[ResourceOptions] = None,
                                               network_firewall_policy_id: Optional[str] = None,
                                               type: Optional[str] = None,
                                               are_certificate_extensions_restricted: Optional[bool] = None,
                                               is_auto_include_alt_name: Optional[bool] = None,
                                               is_expired_certificate_blocked: Optional[bool] = None,
                                               is_out_of_capacity_blocked: Optional[bool] = None,
                                               is_revocation_status_timeout_blocked: Optional[bool] = None,
                                               is_unknown_revocation_status_blocked: Optional[bool] = None,
                                               is_unsupported_cipher_blocked: Optional[bool] = None,
                                               is_unsupported_version_blocked: Optional[bool] = None,
                                               is_untrusted_issuer_blocked: Optional[bool] = None,
                                               name: Optional[str] = None)
    func NewNetworkFirewallPolicyDecryptionProfile(ctx *Context, name string, args NetworkFirewallPolicyDecryptionProfileArgs, opts ...ResourceOption) (*NetworkFirewallPolicyDecryptionProfile, error)
    public NetworkFirewallPolicyDecryptionProfile(string name, NetworkFirewallPolicyDecryptionProfileArgs args, CustomResourceOptions? opts = null)
    public NetworkFirewallPolicyDecryptionProfile(String name, NetworkFirewallPolicyDecryptionProfileArgs args)
    public NetworkFirewallPolicyDecryptionProfile(String name, NetworkFirewallPolicyDecryptionProfileArgs args, CustomResourceOptions options)
    
    type: oci:NetworkFirewall:NetworkFirewallPolicyDecryptionProfile
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args NetworkFirewallPolicyDecryptionProfileArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args NetworkFirewallPolicyDecryptionProfileArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args NetworkFirewallPolicyDecryptionProfileArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args NetworkFirewallPolicyDecryptionProfileArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args NetworkFirewallPolicyDecryptionProfileArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var networkFirewallPolicyDecryptionProfileResource = new Oci.NetworkFirewall.NetworkFirewallPolicyDecryptionProfile("networkFirewallPolicyDecryptionProfileResource", new()
    {
        NetworkFirewallPolicyId = "string",
        Type = "string",
        AreCertificateExtensionsRestricted = false,
        IsAutoIncludeAltName = false,
        IsExpiredCertificateBlocked = false,
        IsOutOfCapacityBlocked = false,
        IsRevocationStatusTimeoutBlocked = false,
        IsUnknownRevocationStatusBlocked = false,
        IsUnsupportedCipherBlocked = false,
        IsUnsupportedVersionBlocked = false,
        IsUntrustedIssuerBlocked = false,
        Name = "string",
    });
    
    example, err := NetworkFirewall.NewNetworkFirewallPolicyDecryptionProfile(ctx, "networkFirewallPolicyDecryptionProfileResource", &NetworkFirewall.NetworkFirewallPolicyDecryptionProfileArgs{
    	NetworkFirewallPolicyId:            pulumi.String("string"),
    	Type:                               pulumi.String("string"),
    	AreCertificateExtensionsRestricted: pulumi.Bool(false),
    	IsAutoIncludeAltName:               pulumi.Bool(false),
    	IsExpiredCertificateBlocked:        pulumi.Bool(false),
    	IsOutOfCapacityBlocked:             pulumi.Bool(false),
    	IsRevocationStatusTimeoutBlocked:   pulumi.Bool(false),
    	IsUnknownRevocationStatusBlocked:   pulumi.Bool(false),
    	IsUnsupportedCipherBlocked:         pulumi.Bool(false),
    	IsUnsupportedVersionBlocked:        pulumi.Bool(false),
    	IsUntrustedIssuerBlocked:           pulumi.Bool(false),
    	Name:                               pulumi.String("string"),
    })
    
    var networkFirewallPolicyDecryptionProfileResource = new NetworkFirewallPolicyDecryptionProfile("networkFirewallPolicyDecryptionProfileResource", NetworkFirewallPolicyDecryptionProfileArgs.builder()
        .networkFirewallPolicyId("string")
        .type("string")
        .areCertificateExtensionsRestricted(false)
        .isAutoIncludeAltName(false)
        .isExpiredCertificateBlocked(false)
        .isOutOfCapacityBlocked(false)
        .isRevocationStatusTimeoutBlocked(false)
        .isUnknownRevocationStatusBlocked(false)
        .isUnsupportedCipherBlocked(false)
        .isUnsupportedVersionBlocked(false)
        .isUntrustedIssuerBlocked(false)
        .name("string")
        .build());
    
    network_firewall_policy_decryption_profile_resource = oci.network_firewall.NetworkFirewallPolicyDecryptionProfile("networkFirewallPolicyDecryptionProfileResource",
        network_firewall_policy_id="string",
        type="string",
        are_certificate_extensions_restricted=False,
        is_auto_include_alt_name=False,
        is_expired_certificate_blocked=False,
        is_out_of_capacity_blocked=False,
        is_revocation_status_timeout_blocked=False,
        is_unknown_revocation_status_blocked=False,
        is_unsupported_cipher_blocked=False,
        is_unsupported_version_blocked=False,
        is_untrusted_issuer_blocked=False,
        name="string")
    
    const networkFirewallPolicyDecryptionProfileResource = new oci.networkfirewall.NetworkFirewallPolicyDecryptionProfile("networkFirewallPolicyDecryptionProfileResource", {
        networkFirewallPolicyId: "string",
        type: "string",
        areCertificateExtensionsRestricted: false,
        isAutoIncludeAltName: false,
        isExpiredCertificateBlocked: false,
        isOutOfCapacityBlocked: false,
        isRevocationStatusTimeoutBlocked: false,
        isUnknownRevocationStatusBlocked: false,
        isUnsupportedCipherBlocked: false,
        isUnsupportedVersionBlocked: false,
        isUntrustedIssuerBlocked: false,
        name: "string",
    });
    
    type: oci:NetworkFirewall:NetworkFirewallPolicyDecryptionProfile
    properties:
        areCertificateExtensionsRestricted: false
        isAutoIncludeAltName: false
        isExpiredCertificateBlocked: false
        isOutOfCapacityBlocked: false
        isRevocationStatusTimeoutBlocked: false
        isUnknownRevocationStatusBlocked: false
        isUnsupportedCipherBlocked: false
        isUnsupportedVersionBlocked: false
        isUntrustedIssuerBlocked: false
        name: string
        networkFirewallPolicyId: string
        type: string
    

    NetworkFirewallPolicyDecryptionProfile Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The NetworkFirewallPolicyDecryptionProfile resource accepts the following input properties:

    NetworkFirewallPolicyId string

    Unique Network Firewall Policy identifier

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    Type string
    Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
    AreCertificateExtensionsRestricted bool
    (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
    IsAutoIncludeAltName bool
    (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
    IsExpiredCertificateBlocked bool
    (Updatable) Whether to block sessions if server's certificate is expired.
    IsOutOfCapacityBlocked bool
    (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
    IsRevocationStatusTimeoutBlocked bool
    (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
    IsUnknownRevocationStatusBlocked bool
    (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
    IsUnsupportedCipherBlocked bool
    (Updatable) Whether to block sessions if SSL cipher suite is not supported.
    IsUnsupportedVersionBlocked bool
    (Updatable) Whether to block sessions if SSL version is not supported.
    IsUntrustedIssuerBlocked bool
    (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
    Name string
    Name of the decryption profile.
    NetworkFirewallPolicyId string

    Unique Network Firewall Policy identifier

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    Type string
    Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
    AreCertificateExtensionsRestricted bool
    (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
    IsAutoIncludeAltName bool
    (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
    IsExpiredCertificateBlocked bool
    (Updatable) Whether to block sessions if server's certificate is expired.
    IsOutOfCapacityBlocked bool
    (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
    IsRevocationStatusTimeoutBlocked bool
    (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
    IsUnknownRevocationStatusBlocked bool
    (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
    IsUnsupportedCipherBlocked bool
    (Updatable) Whether to block sessions if SSL cipher suite is not supported.
    IsUnsupportedVersionBlocked bool
    (Updatable) Whether to block sessions if SSL version is not supported.
    IsUntrustedIssuerBlocked bool
    (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
    Name string
    Name of the decryption profile.
    networkFirewallPolicyId String

    Unique Network Firewall Policy identifier

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    type String
    Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
    areCertificateExtensionsRestricted Boolean
    (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
    isAutoIncludeAltName Boolean
    (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
    isExpiredCertificateBlocked Boolean
    (Updatable) Whether to block sessions if server's certificate is expired.
    isOutOfCapacityBlocked Boolean
    (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
    isRevocationStatusTimeoutBlocked Boolean
    (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
    isUnknownRevocationStatusBlocked Boolean
    (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
    isUnsupportedCipherBlocked Boolean
    (Updatable) Whether to block sessions if SSL cipher suite is not supported.
    isUnsupportedVersionBlocked Boolean
    (Updatable) Whether to block sessions if SSL version is not supported.
    isUntrustedIssuerBlocked Boolean
    (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
    name String
    Name of the decryption profile.
    networkFirewallPolicyId string

    Unique Network Firewall Policy identifier

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    type string
    Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
    areCertificateExtensionsRestricted boolean
    (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
    isAutoIncludeAltName boolean
    (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
    isExpiredCertificateBlocked boolean
    (Updatable) Whether to block sessions if server's certificate is expired.
    isOutOfCapacityBlocked boolean
    (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
    isRevocationStatusTimeoutBlocked boolean
    (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
    isUnknownRevocationStatusBlocked boolean
    (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
    isUnsupportedCipherBlocked boolean
    (Updatable) Whether to block sessions if SSL cipher suite is not supported.
    isUnsupportedVersionBlocked boolean
    (Updatable) Whether to block sessions if SSL version is not supported.
    isUntrustedIssuerBlocked boolean
    (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
    name string
    Name of the decryption profile.
    network_firewall_policy_id str

    Unique Network Firewall Policy identifier

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    type str
    Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
    are_certificate_extensions_restricted bool
    (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
    is_auto_include_alt_name bool
    (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
    is_expired_certificate_blocked bool
    (Updatable) Whether to block sessions if server's certificate is expired.
    is_out_of_capacity_blocked bool
    (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
    is_revocation_status_timeout_blocked bool
    (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
    is_unknown_revocation_status_blocked bool
    (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
    is_unsupported_cipher_blocked bool
    (Updatable) Whether to block sessions if SSL cipher suite is not supported.
    is_unsupported_version_blocked bool
    (Updatable) Whether to block sessions if SSL version is not supported.
    is_untrusted_issuer_blocked bool
    (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
    name str
    Name of the decryption profile.
    networkFirewallPolicyId String

    Unique Network Firewall Policy identifier

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    type String
    Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
    areCertificateExtensionsRestricted Boolean
    (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
    isAutoIncludeAltName Boolean
    (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
    isExpiredCertificateBlocked Boolean
    (Updatable) Whether to block sessions if server's certificate is expired.
    isOutOfCapacityBlocked Boolean
    (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
    isRevocationStatusTimeoutBlocked Boolean
    (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
    isUnknownRevocationStatusBlocked Boolean
    (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
    isUnsupportedCipherBlocked Boolean
    (Updatable) Whether to block sessions if SSL cipher suite is not supported.
    isUnsupportedVersionBlocked Boolean
    (Updatable) Whether to block sessions if SSL version is not supported.
    isUntrustedIssuerBlocked Boolean
    (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
    name String
    Name of the decryption profile.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the NetworkFirewallPolicyDecryptionProfile resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    ParentResourceId string
    OCID of the Network Firewall Policy this decryption profile belongs to.
    Id string
    The provider-assigned unique ID for this managed resource.
    ParentResourceId string
    OCID of the Network Firewall Policy this decryption profile belongs to.
    id String
    The provider-assigned unique ID for this managed resource.
    parentResourceId String
    OCID of the Network Firewall Policy this decryption profile belongs to.
    id string
    The provider-assigned unique ID for this managed resource.
    parentResourceId string
    OCID of the Network Firewall Policy this decryption profile belongs to.
    id str
    The provider-assigned unique ID for this managed resource.
    parent_resource_id str
    OCID of the Network Firewall Policy this decryption profile belongs to.
    id String
    The provider-assigned unique ID for this managed resource.
    parentResourceId String
    OCID of the Network Firewall Policy this decryption profile belongs to.

    Look up Existing NetworkFirewallPolicyDecryptionProfile Resource

    Get an existing NetworkFirewallPolicyDecryptionProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: NetworkFirewallPolicyDecryptionProfileState, opts?: CustomResourceOptions): NetworkFirewallPolicyDecryptionProfile
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            are_certificate_extensions_restricted: Optional[bool] = None,
            is_auto_include_alt_name: Optional[bool] = None,
            is_expired_certificate_blocked: Optional[bool] = None,
            is_out_of_capacity_blocked: Optional[bool] = None,
            is_revocation_status_timeout_blocked: Optional[bool] = None,
            is_unknown_revocation_status_blocked: Optional[bool] = None,
            is_unsupported_cipher_blocked: Optional[bool] = None,
            is_unsupported_version_blocked: Optional[bool] = None,
            is_untrusted_issuer_blocked: Optional[bool] = None,
            name: Optional[str] = None,
            network_firewall_policy_id: Optional[str] = None,
            parent_resource_id: Optional[str] = None,
            type: Optional[str] = None) -> NetworkFirewallPolicyDecryptionProfile
    func GetNetworkFirewallPolicyDecryptionProfile(ctx *Context, name string, id IDInput, state *NetworkFirewallPolicyDecryptionProfileState, opts ...ResourceOption) (*NetworkFirewallPolicyDecryptionProfile, error)
    public static NetworkFirewallPolicyDecryptionProfile Get(string name, Input<string> id, NetworkFirewallPolicyDecryptionProfileState? state, CustomResourceOptions? opts = null)
    public static NetworkFirewallPolicyDecryptionProfile get(String name, Output<String> id, NetworkFirewallPolicyDecryptionProfileState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AreCertificateExtensionsRestricted bool
    (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
    IsAutoIncludeAltName bool
    (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
    IsExpiredCertificateBlocked bool
    (Updatable) Whether to block sessions if server's certificate is expired.
    IsOutOfCapacityBlocked bool
    (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
    IsRevocationStatusTimeoutBlocked bool
    (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
    IsUnknownRevocationStatusBlocked bool
    (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
    IsUnsupportedCipherBlocked bool
    (Updatable) Whether to block sessions if SSL cipher suite is not supported.
    IsUnsupportedVersionBlocked bool
    (Updatable) Whether to block sessions if SSL version is not supported.
    IsUntrustedIssuerBlocked bool
    (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
    Name string
    Name of the decryption profile.
    NetworkFirewallPolicyId string

    Unique Network Firewall Policy identifier

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    ParentResourceId string
    OCID of the Network Firewall Policy this decryption profile belongs to.
    Type string
    Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
    AreCertificateExtensionsRestricted bool
    (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
    IsAutoIncludeAltName bool
    (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
    IsExpiredCertificateBlocked bool
    (Updatable) Whether to block sessions if server's certificate is expired.
    IsOutOfCapacityBlocked bool
    (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
    IsRevocationStatusTimeoutBlocked bool
    (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
    IsUnknownRevocationStatusBlocked bool
    (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
    IsUnsupportedCipherBlocked bool
    (Updatable) Whether to block sessions if SSL cipher suite is not supported.
    IsUnsupportedVersionBlocked bool
    (Updatable) Whether to block sessions if SSL version is not supported.
    IsUntrustedIssuerBlocked bool
    (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
    Name string
    Name of the decryption profile.
    NetworkFirewallPolicyId string

    Unique Network Firewall Policy identifier

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    ParentResourceId string
    OCID of the Network Firewall Policy this decryption profile belongs to.
    Type string
    Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
    areCertificateExtensionsRestricted Boolean
    (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
    isAutoIncludeAltName Boolean
    (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
    isExpiredCertificateBlocked Boolean
    (Updatable) Whether to block sessions if server's certificate is expired.
    isOutOfCapacityBlocked Boolean
    (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
    isRevocationStatusTimeoutBlocked Boolean
    (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
    isUnknownRevocationStatusBlocked Boolean
    (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
    isUnsupportedCipherBlocked Boolean
    (Updatable) Whether to block sessions if SSL cipher suite is not supported.
    isUnsupportedVersionBlocked Boolean
    (Updatable) Whether to block sessions if SSL version is not supported.
    isUntrustedIssuerBlocked Boolean
    (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
    name String
    Name of the decryption profile.
    networkFirewallPolicyId String

    Unique Network Firewall Policy identifier

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    parentResourceId String
    OCID of the Network Firewall Policy this decryption profile belongs to.
    type String
    Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
    areCertificateExtensionsRestricted boolean
    (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
    isAutoIncludeAltName boolean
    (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
    isExpiredCertificateBlocked boolean
    (Updatable) Whether to block sessions if server's certificate is expired.
    isOutOfCapacityBlocked boolean
    (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
    isRevocationStatusTimeoutBlocked boolean
    (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
    isUnknownRevocationStatusBlocked boolean
    (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
    isUnsupportedCipherBlocked boolean
    (Updatable) Whether to block sessions if SSL cipher suite is not supported.
    isUnsupportedVersionBlocked boolean
    (Updatable) Whether to block sessions if SSL version is not supported.
    isUntrustedIssuerBlocked boolean
    (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
    name string
    Name of the decryption profile.
    networkFirewallPolicyId string

    Unique Network Firewall Policy identifier

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    parentResourceId string
    OCID of the Network Firewall Policy this decryption profile belongs to.
    type string
    Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
    are_certificate_extensions_restricted bool
    (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
    is_auto_include_alt_name bool
    (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
    is_expired_certificate_blocked bool
    (Updatable) Whether to block sessions if server's certificate is expired.
    is_out_of_capacity_blocked bool
    (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
    is_revocation_status_timeout_blocked bool
    (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
    is_unknown_revocation_status_blocked bool
    (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
    is_unsupported_cipher_blocked bool
    (Updatable) Whether to block sessions if SSL cipher suite is not supported.
    is_unsupported_version_blocked bool
    (Updatable) Whether to block sessions if SSL version is not supported.
    is_untrusted_issuer_blocked bool
    (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
    name str
    Name of the decryption profile.
    network_firewall_policy_id str

    Unique Network Firewall Policy identifier

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    parent_resource_id str
    OCID of the Network Firewall Policy this decryption profile belongs to.
    type str
    Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
    areCertificateExtensionsRestricted Boolean
    (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
    isAutoIncludeAltName Boolean
    (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
    isExpiredCertificateBlocked Boolean
    (Updatable) Whether to block sessions if server's certificate is expired.
    isOutOfCapacityBlocked Boolean
    (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
    isRevocationStatusTimeoutBlocked Boolean
    (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
    isUnknownRevocationStatusBlocked Boolean
    (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
    isUnsupportedCipherBlocked Boolean
    (Updatable) Whether to block sessions if SSL cipher suite is not supported.
    isUnsupportedVersionBlocked Boolean
    (Updatable) Whether to block sessions if SSL version is not supported.
    isUntrustedIssuerBlocked Boolean
    (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
    name String
    Name of the decryption profile.
    networkFirewallPolicyId String

    Unique Network Firewall Policy identifier

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    parentResourceId String
    OCID of the Network Firewall Policy this decryption profile belongs to.
    type String
    Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION

    Import

    NetworkFirewallPolicyDecryptionProfiles can be imported using the name, e.g.

    $ pulumi import oci:NetworkFirewall/networkFirewallPolicyDecryptionProfile:NetworkFirewallPolicyDecryptionProfile test_network_firewall_policy_decryption_profile "networkFirewallPolicies/{networkFirewallPolicyId}/decryptionProfiles/{decryptionProfileName}"
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    oci pulumi/pulumi-oci
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the oci Terraform Provider.
    oci logo
    Oracle Cloud Infrastructure v2.17.0 published on Friday, Nov 15, 2024 by Pulumi