SecurityPolicy

name string

The unique name of the resource.

args SecurityPolicyArgs

The arguments to resource properties.

opts CustomResourceOptions

Bag of options to control resource's behavior.

resource_name str

The unique name of the resource.

opts ResourceOptions

A bag of options that control this resource's behavior.

ctx Context

Context object for the current deployment.

name string

The unique name of the resource.

args SecurityPolicyArgs

The arguments to resource properties.

opts ResourceOption

Bag of options to control resource's behavior.

name string

The unique name of the resource.

args SecurityPolicyArgs

The arguments to resource properties.

opts CustomResourceOptions

Bag of options to control resource's behavior.

Description string

An optional description of this rule. Max size is 64.

Name string

The name of the security policy.

Project string

The project in which the resource belongs. If it is not provided, the provider project is used.

Rules List<SecurityPolicyRuleArgs>

The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match “*”). If no rules are provided when creating a security policy, a default rule with action “allow” will be added. Structure is documented below.

Description string

An optional description of this rule. Max size is 64.

Name string

The name of the security policy.

Project string

The project in which the resource belongs. If it is not provided, the provider project is used.

Rules []SecurityPolicyRule

The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match “*”). If no rules are provided when creating a security policy, a default rule with action “allow” will be added. Structure is documented below.

description string

An optional description of this rule. Max size is 64.

name string

The name of the security policy.

project string

The project in which the resource belongs. If it is not provided, the provider project is used.

rules SecurityPolicyRule[]

The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match “*”). If no rules are provided when creating a security policy, a default rule with action “allow” will be added. Structure is documented below.

description str

An optional description of this rule. Max size is 64.

name str

The name of the security policy.

project str

The project in which the resource belongs. If it is not provided, the provider project is used.

rules List[SecurityPolicyRule]

The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match “*”). If no rules are provided when creating a security policy, a default rule with action “allow” will be added. Structure is documented below.

Fingerprint string

Fingerprint of this resource.

Id string

The provider-assigned unique ID for this managed resource.

SelfLink string

The URI of the created resource.

Fingerprint string

Fingerprint of this resource.

Id string

The provider-assigned unique ID for this managed resource.

SelfLink string

The URI of the created resource.

fingerprint string

Fingerprint of this resource.

id string

The provider-assigned unique ID for this managed resource.

selfLink string

The URI of the created resource.

fingerprint str

Fingerprint of this resource.

id str

The provider-assigned unique ID for this managed resource.

self_link str

The URI of the created resource.

name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

resource_name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

Description string

An optional description of this rule. Max size is 64.

Fingerprint string

Fingerprint of this resource.

Name string

The name of the security policy.

Project string

The project in which the resource belongs. If it is not provided, the provider project is used.

Rules List<SecurityPolicyRuleArgs>

The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match “*”). If no rules are provided when creating a security policy, a default rule with action “allow” will be added. Structure is documented below.

SelfLink string

The URI of the created resource.

Description string

An optional description of this rule. Max size is 64.

Fingerprint string

Fingerprint of this resource.

Name string

The name of the security policy.

Project string

The project in which the resource belongs. If it is not provided, the provider project is used.

Rules []SecurityPolicyRule

The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match “*”). If no rules are provided when creating a security policy, a default rule with action “allow” will be added. Structure is documented below.

SelfLink string

The URI of the created resource.

description string

An optional description of this rule. Max size is 64.

fingerprint string

Fingerprint of this resource.

name string

The name of the security policy.

project string

The project in which the resource belongs. If it is not provided, the provider project is used.

rules SecurityPolicyRule[]

The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match “*”). If no rules are provided when creating a security policy, a default rule with action “allow” will be added. Structure is documented below.

selfLink string

The URI of the created resource.

description str

An optional description of this rule. Max size is 64.

fingerprint str

Fingerprint of this resource.

name str

The name of the security policy.

project str

The project in which the resource belongs. If it is not provided, the provider project is used.

rules List[SecurityPolicyRule]

The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match “*”). If no rules are provided when creating a security policy, a default rule with action “allow” will be added. Structure is documented below.

self_link str

The URI of the created resource.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Action string

Action to take when match matches the request. Valid values: * “allow” : allow access to target * “deny(status)” : deny access to target, returns the HTTP response code specified (valid values are 403, 404 and 502)

Match SecurityPolicyRuleMatchArgs

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced. Structure is documented below.

Priority int

An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.

Description string

An optional description of this rule. Max size is 64.

Preview bool

When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.

Action string

Action to take when match matches the request. Valid values: * “allow” : allow access to target * “deny(status)” : deny access to target, returns the HTTP response code specified (valid values are 403, 404 and 502)

Match SecurityPolicyRuleMatch

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced. Structure is documented below.

Priority int

An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.

Description string

An optional description of this rule. Max size is 64.

Preview bool

When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.

action string

Action to take when match matches the request. Valid values: * “allow” : allow access to target * “deny(status)” : deny access to target, returns the HTTP response code specified (valid values are 403, 404 and 502)

match SecurityPolicyRuleMatch

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced. Structure is documented below.

priority number

An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.

description string

An optional description of this rule. Max size is 64.

preview boolean

When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.

action str

Action to take when match matches the request. Valid values: * “allow” : allow access to target * “deny(status)” : deny access to target, returns the HTTP response code specified (valid values are 403, 404 and 502)

match Dict[SecurityPolicyRuleMatch]

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced. Structure is documented below.

priority float

An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.

description str

An optional description of this rule. Max size is 64.

preview bool

When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Config SecurityPolicyRuleMatchConfigArgs

The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified. Structure is documented below.

Expr SecurityPolicyRuleMatchExprArgs

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

VersionedExpr string

Predefined rule expression. If this field is specified, config must also be specified. Available options: * SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.

Config SecurityPolicyRuleMatchConfig

The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified. Structure is documented below.

Expr SecurityPolicyRuleMatchExpr

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

VersionedExpr string

Predefined rule expression. If this field is specified, config must also be specified. Available options: * SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.

config SecurityPolicyRuleMatchConfig

The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified. Structure is documented below.

expr SecurityPolicyRuleMatchExpr

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

versionedExpr string

Predefined rule expression. If this field is specified, config must also be specified. Available options: * SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.

config Dict[SecurityPolicyRuleMatchConfig]

The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified. Structure is documented below.

expr Dict[SecurityPolicyRuleMatchExpr]

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

versionedExpr str

Predefined rule expression. If this field is specified, config must also be specified. Available options: * SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

SrcIpRanges List<string>

Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 5 IP ranges per rule. A value of ‘*’ matches all IPs (can be used to override the default behavior).

SrcIpRanges []string

Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 5 IP ranges per rule. A value of ‘*’ matches all IPs (can be used to override the default behavior).

srcIpRanges string[]

Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 5 IP ranges per rule. A value of ‘*’ matches all IPs (can be used to override the default behavior).

srcIpRanges List[str]

Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 5 IP ranges per rule. A value of ‘*’ matches all IPs (can be used to override the default behavior).

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Expression string

Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.

Expression string

Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.

expression string

Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.

expression str

Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.