Expand description
A rule for the SecurityPolicy.
To get more information about SecurityPolicyRule, see:
- API documentation
- How-to Guides
§Example Usage
§Security Policy Rule Basic
ⓘ
use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
let default = security_policy::create(
"default",
SecurityPolicyArgs::builder()
.description("basic global security policy")
.name("policyruletest")
.type_("CLOUD_ARMOR")
.build_struct(),
);
let policyRule = security_policy_rule::create(
"policyRule",
SecurityPolicyRuleArgs::builder()
.action("allow")
.description("new rule")
.match_(
SecurityPolicyRuleMatch::builder()
.config(
SecurityPolicyRuleMatchConfig::builder()
.srcIpRanges(vec!["10.10.0.0/16",])
.build_struct(),
)
.versionedExpr("SRC_IPS_V1")
.build_struct(),
)
.preview(true)
.priority(100)
.security_policy("${default.name}")
.build_struct(),
);
}§Security Policy Rule Default Rule
resources:
default:
type: gcp:compute:SecurityPolicy
properties:
name: policyruletest
description: basic global security policy
type: CLOUD_ARMOR
defaultRule:
type: gcp:compute:SecurityPolicyRule
name: default_rule
properties:
securityPolicy: ${default.name}
description: default rule
action: deny
priority: '2147483647'
match:
versionedExpr: SRC_IPS_V1
config:
srcIpRanges:
- '*'
policyRule:
type: gcp:compute:SecurityPolicyRule
name: policy_rule
properties:
securityPolicy: ${default.name}
description: new rule
priority: 100
match:
versionedExpr: SRC_IPS_V1
config:
srcIpRanges:
- 10.10.0.0/16
action: allow
preview: true§Security Policy Rule Multiple Rules
ⓘ
use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
let default = security_policy::create(
"default",
SecurityPolicyArgs::builder()
.description("basic global security policy")
.name("policywithmultiplerules")
.type_("CLOUD_ARMOR")
.build_struct(),
);
let policyRuleOne = security_policy_rule::create(
"policyRuleOne",
SecurityPolicyRuleArgs::builder()
.action("allow")
.description("new rule one")
.match_(
SecurityPolicyRuleMatch::builder()
.config(
SecurityPolicyRuleMatchConfig::builder()
.srcIpRanges(vec!["10.10.0.0/16",])
.build_struct(),
)
.versionedExpr("SRC_IPS_V1")
.build_struct(),
)
.preview(true)
.priority(100)
.security_policy("${default.name}")
.build_struct(),
);
let policyRuleTwo = security_policy_rule::create(
"policyRuleTwo",
SecurityPolicyRuleArgs::builder()
.action("allow")
.description("new rule two")
.match_(
SecurityPolicyRuleMatch::builder()
.config(
SecurityPolicyRuleMatchConfig::builder()
.srcIpRanges(vec!["192.168.0.0/16", "10.0.0.0/8",])
.build_struct(),
)
.versionedExpr("SRC_IPS_V1")
.build_struct(),
)
.preview(true)
.priority(101)
.security_policy("${default.name}")
.build_struct(),
);
}§Import
SecurityPolicyRule can be imported using any of these accepted formats:
-
projects/{{project}}/global/securityPolicies/{{security_policy}}/priority/{{priority}} -
{{project}}/{{security_policy}}/{{priority}} -
{{security_policy}}/{{priority}}
When using the pulumi import command, SecurityPolicyRule can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/securityPolicyRule:SecurityPolicyRule default projects/{{project}}/global/securityPolicies/{{security_policy}}/priority/{{priority}}$ pulumi import gcp:compute/securityPolicyRule:SecurityPolicyRule default {{project}}/{{security_policy}}/{{priority}}$ pulumi import gcp:compute/securityPolicyRule:SecurityPolicyRule default {{security_policy}}/{{priority}}Structs§
- Use builder syntax to set the inputs and finish with
build_struct().
Functions§
- Registers a new resource with the given unique name and arguments