Viewing docs for Google Cloud v9.23.0
published on Thursday, May 7, 2026 by Pulumi
published on Thursday, May 7, 2026 by Pulumi
Viewing docs for Google Cloud v9.23.0
published on Thursday, May 7, 2026 by Pulumi
published on Thursday, May 7, 2026 by Pulumi
A rule for the OrganizationSecurityPolicy.
To get more information about OrganizationSecurityPolicyRule, see:
Example Usage
Organization Security Policy Rule Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
shortName: "tf-test_72490",
parent: "organizations/123456789",
type: "CLOUD_ARMOR",
});
const policyOrganizationSecurityPolicyRule = new gcp.compute.OrganizationSecurityPolicyRule("policy", {
policyId: policy.id,
action: "allow",
match: {
config: {
srcIpRanges: ["192.168.0.0/16"],
},
versionedExpr: "SRC_IPS_V1",
},
priority: 100,
});
import pulumi
import pulumi_gcp as gcp
policy = gcp.compute.OrganizationSecurityPolicy("policy",
short_name="tf-test_72490",
parent="organizations/123456789",
type="CLOUD_ARMOR")
policy_organization_security_policy_rule = gcp.compute.OrganizationSecurityPolicyRule("policy",
policy_id=policy.id,
action="allow",
match={
"config": {
"src_ip_ranges": ["192.168.0.0/16"],
},
"versioned_expr": "SRC_IPS_V1",
},
priority=100)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
policy, err := compute.NewOrganizationSecurityPolicy(ctx, "policy", &compute.OrganizationSecurityPolicyArgs{
ShortName: pulumi.String("tf-test_72490"),
Parent: pulumi.String("organizations/123456789"),
Type: pulumi.String("CLOUD_ARMOR"),
})
if err != nil {
return err
}
_, err = compute.NewOrganizationSecurityPolicyRule(ctx, "policy", &compute.OrganizationSecurityPolicyRuleArgs{
PolicyId: policy.ID(),
Action: pulumi.String("allow"),
Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
Config: &compute.OrganizationSecurityPolicyRuleMatchConfigArgs{
SrcIpRanges: pulumi.StringArray{
pulumi.String("192.168.0.0/16"),
},
},
VersionedExpr: pulumi.String("SRC_IPS_V1"),
},
Priority: pulumi.Int(100),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var policy = new Gcp.Compute.OrganizationSecurityPolicy("policy", new()
{
ShortName = "tf-test_72490",
Parent = "organizations/123456789",
Type = "CLOUD_ARMOR",
});
var policyOrganizationSecurityPolicyRule = new Gcp.Compute.OrganizationSecurityPolicyRule("policy", new()
{
PolicyId = policy.Id,
Action = "allow",
Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
{
Config = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigArgs
{
SrcIpRanges = new[]
{
"192.168.0.0/16",
},
},
VersionedExpr = "SRC_IPS_V1",
},
Priority = 100,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new OrganizationSecurityPolicy("policy", OrganizationSecurityPolicyArgs.builder()
.shortName("tf-test_72490")
.parent("organizations/123456789")
.type("CLOUD_ARMOR")
.build());
var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
.policyId(policy.id())
.action("allow")
.match(OrganizationSecurityPolicyRuleMatchArgs.builder()
.config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
.srcIpRanges("192.168.0.0/16")
.build())
.versionedExpr("SRC_IPS_V1")
.build())
.priority(100)
.build());
}
}
resources:
policy:
type: gcp:compute:OrganizationSecurityPolicy
properties:
shortName: tf-test_72490
parent: organizations/123456789
type: CLOUD_ARMOR
policyOrganizationSecurityPolicyRule:
type: gcp:compute:OrganizationSecurityPolicyRule
name: policy
properties:
policyId: ${policy.id}
action: allow
match:
config:
srcIpRanges:
- 192.168.0.0/16
versionedExpr: SRC_IPS_V1
priority: 100
Organization Security Policy Rule Expression
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
shortName: "tf-test_89605",
parent: "organizations/123456789",
type: "CLOUD_ARMOR",
});
const policyOrganizationSecurityPolicyRule = new gcp.compute.OrganizationSecurityPolicyRule("policy", {
policyId: policy.id,
action: "allow",
match: {
expr: {
expression: "request.path.contains('/folder/test/')",
},
versionedExpr: "",
},
priority: 100,
});
import pulumi
import pulumi_gcp as gcp
policy = gcp.compute.OrganizationSecurityPolicy("policy",
short_name="tf-test_89605",
parent="organizations/123456789",
type="CLOUD_ARMOR")
policy_organization_security_policy_rule = gcp.compute.OrganizationSecurityPolicyRule("policy",
policy_id=policy.id,
action="allow",
match={
"expr": {
"expression": "request.path.contains('/folder/test/')",
},
"versioned_expr": "",
},
priority=100)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
policy, err := compute.NewOrganizationSecurityPolicy(ctx, "policy", &compute.OrganizationSecurityPolicyArgs{
ShortName: pulumi.String("tf-test_89605"),
Parent: pulumi.String("organizations/123456789"),
Type: pulumi.String("CLOUD_ARMOR"),
})
if err != nil {
return err
}
_, err = compute.NewOrganizationSecurityPolicyRule(ctx, "policy", &compute.OrganizationSecurityPolicyRuleArgs{
PolicyId: policy.ID(),
Action: pulumi.String("allow"),
Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
Expr: &compute.OrganizationSecurityPolicyRuleMatchExprArgs{
Expression: pulumi.String("request.path.contains('/folder/test/')"),
},
VersionedExpr: pulumi.String(""),
},
Priority: pulumi.Int(100),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var policy = new Gcp.Compute.OrganizationSecurityPolicy("policy", new()
{
ShortName = "tf-test_89605",
Parent = "organizations/123456789",
Type = "CLOUD_ARMOR",
});
var policyOrganizationSecurityPolicyRule = new Gcp.Compute.OrganizationSecurityPolicyRule("policy", new()
{
PolicyId = policy.Id,
Action = "allow",
Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
{
Expr = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchExprArgs
{
Expression = "request.path.contains('/folder/test/')",
},
VersionedExpr = "",
},
Priority = 100,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchExprArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new OrganizationSecurityPolicy("policy", OrganizationSecurityPolicyArgs.builder()
.shortName("tf-test_89605")
.parent("organizations/123456789")
.type("CLOUD_ARMOR")
.build());
var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
.policyId(policy.id())
.action("allow")
.match(OrganizationSecurityPolicyRuleMatchArgs.builder()
.expr(OrganizationSecurityPolicyRuleMatchExprArgs.builder()
.expression("request.path.contains('/folder/test/')")
.build())
.versionedExpr("")
.build())
.priority(100)
.build());
}
}
resources:
policy:
type: gcp:compute:OrganizationSecurityPolicy
properties:
shortName: tf-test_89605
parent: organizations/123456789
type: CLOUD_ARMOR
policyOrganizationSecurityPolicyRule:
type: gcp:compute:OrganizationSecurityPolicyRule
name: policy
properties:
policyId: ${policy.id}
action: allow
match:
expr:
expression: request.path.contains('/folder/test/')
versionedExpr: ""
priority: 100
Organization Security Policy Rule With Preconfigured Waf Config
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
shortName: "tf-test_56730",
parent: "organizations/123456789",
type: "CLOUD_ARMOR",
});
const policyOrganizationSecurityPolicyRule = new gcp.compute.OrganizationSecurityPolicyRule("policy", {
policyId: policy.id,
action: "allow",
match: {
expr: {
expression: "evaluatePreconfiguredWaf('sqli-stable', {'sensitivity': 2})",
},
versionedExpr: "",
},
preconfiguredWafConfig: {
exclusions: [
{
requestHeaders: [{
operator: "STARTS_WITH",
value: "User-Agent",
}],
requestUris: [{
operator: "CONTAINS",
value: "/admin/",
}],
targetRuleSet: "sqli-stable",
},
{
requestQueryParams: [{
operator: "EQUALS",
value: "user_input",
}],
targetRuleSet: "sqli-stable",
},
],
},
priority: 100,
});
import pulumi
import pulumi_gcp as gcp
policy = gcp.compute.OrganizationSecurityPolicy("policy",
short_name="tf-test_56730",
parent="organizations/123456789",
type="CLOUD_ARMOR")
policy_organization_security_policy_rule = gcp.compute.OrganizationSecurityPolicyRule("policy",
policy_id=policy.id,
action="allow",
match={
"expr": {
"expression": "evaluatePreconfiguredWaf('sqli-stable', {'sensitivity': 2})",
},
"versioned_expr": "",
},
preconfigured_waf_config={
"exclusions": [
{
"request_headers": [{
"operator": "STARTS_WITH",
"value": "User-Agent",
}],
"request_uris": [{
"operator": "CONTAINS",
"value": "/admin/",
}],
"target_rule_set": "sqli-stable",
},
{
"request_query_params": [{
"operator": "EQUALS",
"value": "user_input",
}],
"target_rule_set": "sqli-stable",
},
],
},
priority=100)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
policy, err := compute.NewOrganizationSecurityPolicy(ctx, "policy", &compute.OrganizationSecurityPolicyArgs{
ShortName: pulumi.String("tf-test_56730"),
Parent: pulumi.String("organizations/123456789"),
Type: pulumi.String("CLOUD_ARMOR"),
})
if err != nil {
return err
}
_, err = compute.NewOrganizationSecurityPolicyRule(ctx, "policy", &compute.OrganizationSecurityPolicyRuleArgs{
PolicyId: policy.ID(),
Action: pulumi.String("allow"),
Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
Expr: &compute.OrganizationSecurityPolicyRuleMatchExprArgs{
Expression: pulumi.String("evaluatePreconfiguredWaf('sqli-stable', {'sensitivity': 2})"),
},
VersionedExpr: pulumi.String(""),
},
PreconfiguredWafConfig: &compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigArgs{
Exclusions: compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionArray{
&compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionArgs{
RequestHeaders: compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderArray{
&compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderArgs{
Operator: pulumi.String("STARTS_WITH"),
Value: pulumi.String("User-Agent"),
},
},
RequestUris: compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArray{
&compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs{
Operator: pulumi.String("CONTAINS"),
Value: pulumi.String("/admin/"),
},
},
TargetRuleSet: pulumi.String("sqli-stable"),
},
&compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionArgs{
RequestQueryParams: compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArray{
&compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs{
Operator: pulumi.String("EQUALS"),
Value: pulumi.String("user_input"),
},
},
TargetRuleSet: pulumi.String("sqli-stable"),
},
},
},
Priority: pulumi.Int(100),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var policy = new Gcp.Compute.OrganizationSecurityPolicy("policy", new()
{
ShortName = "tf-test_56730",
Parent = "organizations/123456789",
Type = "CLOUD_ARMOR",
});
var policyOrganizationSecurityPolicyRule = new Gcp.Compute.OrganizationSecurityPolicyRule("policy", new()
{
PolicyId = policy.Id,
Action = "allow",
Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
{
Expr = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchExprArgs
{
Expression = "evaluatePreconfiguredWaf('sqli-stable', {'sensitivity': 2})",
},
VersionedExpr = "",
},
PreconfiguredWafConfig = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRulePreconfiguredWafConfigArgs
{
Exclusions = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionArgs
{
RequestHeaders = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderArgs
{
Operator = "STARTS_WITH",
Value = "User-Agent",
},
},
RequestUris = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs
{
Operator = "CONTAINS",
Value = "/admin/",
},
},
TargetRuleSet = "sqli-stable",
},
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionArgs
{
RequestQueryParams = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs
{
Operator = "EQUALS",
Value = "user_input",
},
},
TargetRuleSet = "sqli-stable",
},
},
},
Priority = 100,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchExprArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRulePreconfiguredWafConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new OrganizationSecurityPolicy("policy", OrganizationSecurityPolicyArgs.builder()
.shortName("tf-test_56730")
.parent("organizations/123456789")
.type("CLOUD_ARMOR")
.build());
var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
.policyId(policy.id())
.action("allow")
.match(OrganizationSecurityPolicyRuleMatchArgs.builder()
.expr(OrganizationSecurityPolicyRuleMatchExprArgs.builder()
.expression("evaluatePreconfiguredWaf('sqli-stable', {'sensitivity': 2})")
.build())
.versionedExpr("")
.build())
.preconfiguredWafConfig(OrganizationSecurityPolicyRulePreconfiguredWafConfigArgs.builder()
.exclusions(
OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionArgs.builder()
.requestHeaders(OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderArgs.builder()
.operator("STARTS_WITH")
.value("User-Agent")
.build())
.requestUris(OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs.builder()
.operator("CONTAINS")
.value("/admin/")
.build())
.targetRuleSet("sqli-stable")
.build(),
OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionArgs.builder()
.requestQueryParams(OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs.builder()
.operator("EQUALS")
.value("user_input")
.build())
.targetRuleSet("sqli-stable")
.build())
.build())
.priority(100)
.build());
}
}
resources:
policy:
type: gcp:compute:OrganizationSecurityPolicy
properties:
shortName: tf-test_56730
parent: organizations/123456789
type: CLOUD_ARMOR
policyOrganizationSecurityPolicyRule:
type: gcp:compute:OrganizationSecurityPolicyRule
name: policy
properties:
policyId: ${policy.id}
action: allow
match:
expr:
expression: 'evaluatePreconfiguredWaf(''sqli-stable'', {''sensitivity'': 2})'
versionedExpr: ""
preconfiguredWafConfig:
exclusions:
- requestHeaders:
- operator: STARTS_WITH
value: User-Agent
requestUris:
- operator: CONTAINS
value: /admin/
targetRuleSet: sqli-stable
- requestQueryParams:
- operator: EQUALS
value: user_input
targetRuleSet: sqli-stable
priority: 100
Organization Security Policy Rule With Header Action
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
shortName: "tf-test_95154",
parent: "organizations/123456789",
type: "CLOUD_ARMOR",
});
const policyOrganizationSecurityPolicyRule = new gcp.compute.OrganizationSecurityPolicyRule("policy", {
policyId: policy.id,
action: "allow",
match: {
expr: {
expression: "request.path.contains('/login/')",
},
versionedExpr: "",
},
headerAction: {
requestHeadersToAdds: [
{
headerName: "X-Forwarded-For",
headerValue: "true",
},
{
headerName: "X-Custom-Header",
headerValue: "custom-value",
},
],
},
priority: 100,
});
import pulumi
import pulumi_gcp as gcp
policy = gcp.compute.OrganizationSecurityPolicy("policy",
short_name="tf-test_95154",
parent="organizations/123456789",
type="CLOUD_ARMOR")
policy_organization_security_policy_rule = gcp.compute.OrganizationSecurityPolicyRule("policy",
policy_id=policy.id,
action="allow",
match={
"expr": {
"expression": "request.path.contains('/login/')",
},
"versioned_expr": "",
},
header_action={
"request_headers_to_adds": [
{
"header_name": "X-Forwarded-For",
"header_value": "true",
},
{
"header_name": "X-Custom-Header",
"header_value": "custom-value",
},
],
},
priority=100)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
policy, err := compute.NewOrganizationSecurityPolicy(ctx, "policy", &compute.OrganizationSecurityPolicyArgs{
ShortName: pulumi.String("tf-test_95154"),
Parent: pulumi.String("organizations/123456789"),
Type: pulumi.String("CLOUD_ARMOR"),
})
if err != nil {
return err
}
_, err = compute.NewOrganizationSecurityPolicyRule(ctx, "policy", &compute.OrganizationSecurityPolicyRuleArgs{
PolicyId: policy.ID(),
Action: pulumi.String("allow"),
Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
Expr: &compute.OrganizationSecurityPolicyRuleMatchExprArgs{
Expression: pulumi.String("request.path.contains('/login/')"),
},
VersionedExpr: pulumi.String(""),
},
HeaderAction: &compute.OrganizationSecurityPolicyRuleHeaderActionArgs{
RequestHeadersToAdds: compute.OrganizationSecurityPolicyRuleHeaderActionRequestHeadersToAddArray{
&compute.OrganizationSecurityPolicyRuleHeaderActionRequestHeadersToAddArgs{
HeaderName: pulumi.String("X-Forwarded-For"),
HeaderValue: pulumi.String("true"),
},
&compute.OrganizationSecurityPolicyRuleHeaderActionRequestHeadersToAddArgs{
HeaderName: pulumi.String("X-Custom-Header"),
HeaderValue: pulumi.String("custom-value"),
},
},
},
Priority: pulumi.Int(100),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var policy = new Gcp.Compute.OrganizationSecurityPolicy("policy", new()
{
ShortName = "tf-test_95154",
Parent = "organizations/123456789",
Type = "CLOUD_ARMOR",
});
var policyOrganizationSecurityPolicyRule = new Gcp.Compute.OrganizationSecurityPolicyRule("policy", new()
{
PolicyId = policy.Id,
Action = "allow",
Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
{
Expr = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchExprArgs
{
Expression = "request.path.contains('/login/')",
},
VersionedExpr = "",
},
HeaderAction = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleHeaderActionArgs
{
RequestHeadersToAdds = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleHeaderActionRequestHeadersToAddArgs
{
HeaderName = "X-Forwarded-For",
HeaderValue = "true",
},
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleHeaderActionRequestHeadersToAddArgs
{
HeaderName = "X-Custom-Header",
HeaderValue = "custom-value",
},
},
},
Priority = 100,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchExprArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleHeaderActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new OrganizationSecurityPolicy("policy", OrganizationSecurityPolicyArgs.builder()
.shortName("tf-test_95154")
.parent("organizations/123456789")
.type("CLOUD_ARMOR")
.build());
var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
.policyId(policy.id())
.action("allow")
.match(OrganizationSecurityPolicyRuleMatchArgs.builder()
.expr(OrganizationSecurityPolicyRuleMatchExprArgs.builder()
.expression("request.path.contains('/login/')")
.build())
.versionedExpr("")
.build())
.headerAction(OrganizationSecurityPolicyRuleHeaderActionArgs.builder()
.requestHeadersToAdds(
OrganizationSecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()
.headerName("X-Forwarded-For")
.headerValue("true")
.build(),
OrganizationSecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()
.headerName("X-Custom-Header")
.headerValue("custom-value")
.build())
.build())
.priority(100)
.build());
}
}
resources:
policy:
type: gcp:compute:OrganizationSecurityPolicy
properties:
shortName: tf-test_95154
parent: organizations/123456789
type: CLOUD_ARMOR
policyOrganizationSecurityPolicyRule:
type: gcp:compute:OrganizationSecurityPolicyRule
name: policy
properties:
policyId: ${policy.id}
action: allow
match:
expr:
expression: request.path.contains('/login/')
versionedExpr: ""
headerAction:
requestHeadersToAdds:
- headerName: X-Forwarded-For
headerValue: 'true'
- headerName: X-Custom-Header
headerValue: custom-value
priority: 100
Organization Security Policy Rule With Redirect
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
shortName: "tf-test_64336",
parent: "organizations/123456789",
type: "CLOUD_ARMOR",
});
const policyOrganizationSecurityPolicyRule = new gcp.compute.OrganizationSecurityPolicyRule("policy", {
policyId: policy.id,
action: "redirect",
match: {
config: {
srcIpRanges: ["10.0.1.0/24"],
},
versionedExpr: "SRC_IPS_V1",
},
redirectOptions: {
type: "EXTERNAL_302",
target: "https://www.example.com/blocked",
},
priority: 100,
});
import pulumi
import pulumi_gcp as gcp
policy = gcp.compute.OrganizationSecurityPolicy("policy",
short_name="tf-test_64336",
parent="organizations/123456789",
type="CLOUD_ARMOR")
policy_organization_security_policy_rule = gcp.compute.OrganizationSecurityPolicyRule("policy",
policy_id=policy.id,
action="redirect",
match={
"config": {
"src_ip_ranges": ["10.0.1.0/24"],
},
"versioned_expr": "SRC_IPS_V1",
},
redirect_options={
"type": "EXTERNAL_302",
"target": "https://www.example.com/blocked",
},
priority=100)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
policy, err := compute.NewOrganizationSecurityPolicy(ctx, "policy", &compute.OrganizationSecurityPolicyArgs{
ShortName: pulumi.String("tf-test_64336"),
Parent: pulumi.String("organizations/123456789"),
Type: pulumi.String("CLOUD_ARMOR"),
})
if err != nil {
return err
}
_, err = compute.NewOrganizationSecurityPolicyRule(ctx, "policy", &compute.OrganizationSecurityPolicyRuleArgs{
PolicyId: policy.ID(),
Action: pulumi.String("redirect"),
Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
Config: &compute.OrganizationSecurityPolicyRuleMatchConfigArgs{
SrcIpRanges: pulumi.StringArray{
pulumi.String("10.0.1.0/24"),
},
},
VersionedExpr: pulumi.String("SRC_IPS_V1"),
},
RedirectOptions: &compute.OrganizationSecurityPolicyRuleRedirectOptionsArgs{
Type: pulumi.String("EXTERNAL_302"),
Target: pulumi.String("https://www.example.com/blocked"),
},
Priority: pulumi.Int(100),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var policy = new Gcp.Compute.OrganizationSecurityPolicy("policy", new()
{
ShortName = "tf-test_64336",
Parent = "organizations/123456789",
Type = "CLOUD_ARMOR",
});
var policyOrganizationSecurityPolicyRule = new Gcp.Compute.OrganizationSecurityPolicyRule("policy", new()
{
PolicyId = policy.Id,
Action = "redirect",
Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
{
Config = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigArgs
{
SrcIpRanges = new[]
{
"10.0.1.0/24",
},
},
VersionedExpr = "SRC_IPS_V1",
},
RedirectOptions = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleRedirectOptionsArgs
{
Type = "EXTERNAL_302",
Target = "https://www.example.com/blocked",
},
Priority = 100,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchConfigArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleRedirectOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new OrganizationSecurityPolicy("policy", OrganizationSecurityPolicyArgs.builder()
.shortName("tf-test_64336")
.parent("organizations/123456789")
.type("CLOUD_ARMOR")
.build());
var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
.policyId(policy.id())
.action("redirect")
.match(OrganizationSecurityPolicyRuleMatchArgs.builder()
.config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
.srcIpRanges("10.0.1.0/24")
.build())
.versionedExpr("SRC_IPS_V1")
.build())
.redirectOptions(OrganizationSecurityPolicyRuleRedirectOptionsArgs.builder()
.type("EXTERNAL_302")
.target("https://www.example.com/blocked")
.build())
.priority(100)
.build());
}
}
resources:
policy:
type: gcp:compute:OrganizationSecurityPolicy
properties:
shortName: tf-test_64336
parent: organizations/123456789
type: CLOUD_ARMOR
policyOrganizationSecurityPolicyRule:
type: gcp:compute:OrganizationSecurityPolicyRule
name: policy
properties:
policyId: ${policy.id}
action: redirect
match:
config:
srcIpRanges:
- 10.0.1.0/24
versionedExpr: SRC_IPS_V1
redirectOptions:
type: EXTERNAL_302
target: https://www.example.com/blocked
priority: 100
Organization Security Policy Rule Firewall
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
displayName: "tf-test",
parent: "organizations/123456789",
type: "FIREWALL",
});
const policyOrganizationSecurityPolicyRule = new gcp.compute.OrganizationSecurityPolicyRule("policy", {
policyId: policy.id,
action: "allow",
direction: "INGRESS",
enableLogging: true,
match: {
config: {
srcIpRanges: [
"192.168.0.0/16",
"10.0.0.0/8",
],
layer4Configs: [
{
ipProtocol: "tcp",
ports: ["22"],
},
{
ipProtocol: "icmp",
},
],
},
},
priority: 100,
});
import pulumi
import pulumi_gcp as gcp
policy = gcp.compute.OrganizationSecurityPolicy("policy",
display_name="tf-test",
parent="organizations/123456789",
type="FIREWALL")
policy_organization_security_policy_rule = gcp.compute.OrganizationSecurityPolicyRule("policy",
policy_id=policy.id,
action="allow",
direction="INGRESS",
enable_logging=True,
match={
"config": {
"src_ip_ranges": [
"192.168.0.0/16",
"10.0.0.0/8",
],
"layer4_configs": [
{
"ip_protocol": "tcp",
"ports": ["22"],
},
{
"ip_protocol": "icmp",
},
],
},
},
priority=100)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
policy, err := compute.NewOrganizationSecurityPolicy(ctx, "policy", &compute.OrganizationSecurityPolicyArgs{
DisplayName: pulumi.String("tf-test"),
Parent: pulumi.String("organizations/123456789"),
Type: pulumi.String("FIREWALL"),
})
if err != nil {
return err
}
_, err = compute.NewOrganizationSecurityPolicyRule(ctx, "policy", &compute.OrganizationSecurityPolicyRuleArgs{
PolicyId: policy.ID(),
Action: pulumi.String("allow"),
Direction: pulumi.String("INGRESS"),
EnableLogging: pulumi.Bool(true),
Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
Config: &compute.OrganizationSecurityPolicyRuleMatchConfigArgs{
SrcIpRanges: pulumi.StringArray{
pulumi.String("192.168.0.0/16"),
pulumi.String("10.0.0.0/8"),
},
Layer4Configs: compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArray{
&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
IpProtocol: pulumi.String("tcp"),
Ports: pulumi.StringArray{
pulumi.String("22"),
},
},
&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
IpProtocol: pulumi.String("icmp"),
},
},
},
},
Priority: pulumi.Int(100),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var policy = new Gcp.Compute.OrganizationSecurityPolicy("policy", new()
{
DisplayName = "tf-test",
Parent = "organizations/123456789",
Type = "FIREWALL",
});
var policyOrganizationSecurityPolicyRule = new Gcp.Compute.OrganizationSecurityPolicyRule("policy", new()
{
PolicyId = policy.Id,
Action = "allow",
Direction = "INGRESS",
EnableLogging = true,
Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
{
Config = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigArgs
{
SrcIpRanges = new[]
{
"192.168.0.0/16",
"10.0.0.0/8",
},
Layer4Configs = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
{
IpProtocol = "tcp",
Ports = new[]
{
"22",
},
},
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
{
IpProtocol = "icmp",
},
},
},
},
Priority = 100,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new OrganizationSecurityPolicy("policy", OrganizationSecurityPolicyArgs.builder()
.displayName("tf-test")
.parent("organizations/123456789")
.type("FIREWALL")
.build());
var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
.policyId(policy.id())
.action("allow")
.direction("INGRESS")
.enableLogging(true)
.match(OrganizationSecurityPolicyRuleMatchArgs.builder()
.config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
.srcIpRanges(
"192.168.0.0/16",
"10.0.0.0/8")
.layer4Configs(
OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
.ipProtocol("tcp")
.ports("22")
.build(),
OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
.ipProtocol("icmp")
.build())
.build())
.build())
.priority(100)
.build());
}
}
resources:
policy:
type: gcp:compute:OrganizationSecurityPolicy
properties:
displayName: tf-test
parent: organizations/123456789
type: FIREWALL
policyOrganizationSecurityPolicyRule:
type: gcp:compute:OrganizationSecurityPolicyRule
name: policy
properties:
policyId: ${policy.id}
action: allow
direction: INGRESS
enableLogging: true
match:
config:
srcIpRanges:
- 192.168.0.0/16
- 10.0.0.0/8
layer4Configs:
- ipProtocol: tcp
ports:
- '22'
- ipProtocol: icmp
priority: 100
Create OrganizationSecurityPolicyRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OrganizationSecurityPolicyRule(name: string, args: OrganizationSecurityPolicyRuleArgs, opts?: CustomResourceOptions);@overload
def OrganizationSecurityPolicyRule(resource_name: str,
args: OrganizationSecurityPolicyRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def OrganizationSecurityPolicyRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
priority: Optional[int] = None,
match: Optional[OrganizationSecurityPolicyRuleMatchArgs] = None,
policy_id: Optional[str] = None,
action: Optional[str] = None,
description: Optional[str] = None,
direction: Optional[str] = None,
enable_logging: Optional[bool] = None,
header_action: Optional[OrganizationSecurityPolicyRuleHeaderActionArgs] = None,
preconfigured_waf_config: Optional[OrganizationSecurityPolicyRulePreconfiguredWafConfigArgs] = None,
preview: Optional[bool] = None,
redirect_options: Optional[OrganizationSecurityPolicyRuleRedirectOptionsArgs] = None,
target_resources: Optional[Sequence[str]] = None,
target_service_accounts: Optional[Sequence[str]] = None)func NewOrganizationSecurityPolicyRule(ctx *Context, name string, args OrganizationSecurityPolicyRuleArgs, opts ...ResourceOption) (*OrganizationSecurityPolicyRule, error)public OrganizationSecurityPolicyRule(string name, OrganizationSecurityPolicyRuleArgs args, CustomResourceOptions? opts = null)
public OrganizationSecurityPolicyRule(String name, OrganizationSecurityPolicyRuleArgs args)
public OrganizationSecurityPolicyRule(String name, OrganizationSecurityPolicyRuleArgs args, CustomResourceOptions options)
type: gcp:compute:OrganizationSecurityPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args OrganizationSecurityPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationSecurityPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationSecurityPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationSecurityPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationSecurityPolicyRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var organizationSecurityPolicyRuleResource = new Gcp.Compute.OrganizationSecurityPolicyRule("organizationSecurityPolicyRuleResource", new()
{
Priority = 0,
Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
{
Config = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigArgs
{
DestIpRanges = new[]
{
"string",
},
Layer4Configs = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
{
IpProtocol = "string",
Ports = new[]
{
"string",
},
},
},
SrcIpRanges = new[]
{
"string",
},
},
Description = "string",
Expr = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchExprArgs
{
Expression = "string",
},
VersionedExpr = "string",
},
PolicyId = "string",
Action = "string",
Description = "string",
Direction = "string",
EnableLogging = false,
HeaderAction = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleHeaderActionArgs
{
RequestHeadersToAdds = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleHeaderActionRequestHeadersToAddArgs
{
HeaderName = "string",
HeaderValue = "string",
},
},
},
PreconfiguredWafConfig = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRulePreconfiguredWafConfigArgs
{
Exclusions = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionArgs
{
TargetRuleSet = "string",
RequestCookies = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookyArgs
{
Operator = "string",
Value = "string",
},
},
RequestHeaders = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderArgs
{
Operator = "string",
Value = "string",
},
},
RequestQueryParams = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs
{
Operator = "string",
Value = "string",
},
},
RequestUris = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs
{
Operator = "string",
Value = "string",
},
},
TargetRuleIds = new[]
{
"string",
},
},
},
},
Preview = false,
RedirectOptions = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleRedirectOptionsArgs
{
Type = "string",
Target = "string",
},
TargetResources = new[]
{
"string",
},
TargetServiceAccounts = new[]
{
"string",
},
});
example, err := compute.NewOrganizationSecurityPolicyRule(ctx, "organizationSecurityPolicyRuleResource", &compute.OrganizationSecurityPolicyRuleArgs{
Priority: pulumi.Int(0),
Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
Config: &compute.OrganizationSecurityPolicyRuleMatchConfigArgs{
DestIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
Layer4Configs: compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArray{
&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
IpProtocol: pulumi.String("string"),
Ports: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SrcIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
},
Description: pulumi.String("string"),
Expr: &compute.OrganizationSecurityPolicyRuleMatchExprArgs{
Expression: pulumi.String("string"),
},
VersionedExpr: pulumi.String("string"),
},
PolicyId: pulumi.String("string"),
Action: pulumi.String("string"),
Description: pulumi.String("string"),
Direction: pulumi.String("string"),
EnableLogging: pulumi.Bool(false),
HeaderAction: &compute.OrganizationSecurityPolicyRuleHeaderActionArgs{
RequestHeadersToAdds: compute.OrganizationSecurityPolicyRuleHeaderActionRequestHeadersToAddArray{
&compute.OrganizationSecurityPolicyRuleHeaderActionRequestHeadersToAddArgs{
HeaderName: pulumi.String("string"),
HeaderValue: pulumi.String("string"),
},
},
},
PreconfiguredWafConfig: &compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigArgs{
Exclusions: compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionArray{
&compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionArgs{
TargetRuleSet: pulumi.String("string"),
RequestCookies: compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookyArray{
&compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookyArgs{
Operator: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
RequestHeaders: compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderArray{
&compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderArgs{
Operator: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
RequestQueryParams: compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArray{
&compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs{
Operator: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
RequestUris: compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArray{
&compute.OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs{
Operator: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
TargetRuleIds: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
Preview: pulumi.Bool(false),
RedirectOptions: &compute.OrganizationSecurityPolicyRuleRedirectOptionsArgs{
Type: pulumi.String("string"),
Target: pulumi.String("string"),
},
TargetResources: pulumi.StringArray{
pulumi.String("string"),
},
TargetServiceAccounts: pulumi.StringArray{
pulumi.String("string"),
},
})
var organizationSecurityPolicyRuleResource = new OrganizationSecurityPolicyRule("organizationSecurityPolicyRuleResource", OrganizationSecurityPolicyRuleArgs.builder()
.priority(0)
.match(OrganizationSecurityPolicyRuleMatchArgs.builder()
.config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
.destIpRanges("string")
.layer4Configs(OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
.ipProtocol("string")
.ports("string")
.build())
.srcIpRanges("string")
.build())
.description("string")
.expr(OrganizationSecurityPolicyRuleMatchExprArgs.builder()
.expression("string")
.build())
.versionedExpr("string")
.build())
.policyId("string")
.action("string")
.description("string")
.direction("string")
.enableLogging(false)
.headerAction(OrganizationSecurityPolicyRuleHeaderActionArgs.builder()
.requestHeadersToAdds(OrganizationSecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()
.headerName("string")
.headerValue("string")
.build())
.build())
.preconfiguredWafConfig(OrganizationSecurityPolicyRulePreconfiguredWafConfigArgs.builder()
.exclusions(OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionArgs.builder()
.targetRuleSet("string")
.requestCookies(OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookyArgs.builder()
.operator("string")
.value("string")
.build())
.requestHeaders(OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderArgs.builder()
.operator("string")
.value("string")
.build())
.requestQueryParams(OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs.builder()
.operator("string")
.value("string")
.build())
.requestUris(OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs.builder()
.operator("string")
.value("string")
.build())
.targetRuleIds("string")
.build())
.build())
.preview(false)
.redirectOptions(OrganizationSecurityPolicyRuleRedirectOptionsArgs.builder()
.type("string")
.target("string")
.build())
.targetResources("string")
.targetServiceAccounts("string")
.build());
organization_security_policy_rule_resource = gcp.compute.OrganizationSecurityPolicyRule("organizationSecurityPolicyRuleResource",
priority=0,
match={
"config": {
"dest_ip_ranges": ["string"],
"layer4_configs": [{
"ip_protocol": "string",
"ports": ["string"],
}],
"src_ip_ranges": ["string"],
},
"description": "string",
"expr": {
"expression": "string",
},
"versioned_expr": "string",
},
policy_id="string",
action="string",
description="string",
direction="string",
enable_logging=False,
header_action={
"request_headers_to_adds": [{
"header_name": "string",
"header_value": "string",
}],
},
preconfigured_waf_config={
"exclusions": [{
"target_rule_set": "string",
"request_cookies": [{
"operator": "string",
"value": "string",
}],
"request_headers": [{
"operator": "string",
"value": "string",
}],
"request_query_params": [{
"operator": "string",
"value": "string",
}],
"request_uris": [{
"operator": "string",
"value": "string",
}],
"target_rule_ids": ["string"],
}],
},
preview=False,
redirect_options={
"type": "string",
"target": "string",
},
target_resources=["string"],
target_service_accounts=["string"])
const organizationSecurityPolicyRuleResource = new gcp.compute.OrganizationSecurityPolicyRule("organizationSecurityPolicyRuleResource", {
priority: 0,
match: {
config: {
destIpRanges: ["string"],
layer4Configs: [{
ipProtocol: "string",
ports: ["string"],
}],
srcIpRanges: ["string"],
},
description: "string",
expr: {
expression: "string",
},
versionedExpr: "string",
},
policyId: "string",
action: "string",
description: "string",
direction: "string",
enableLogging: false,
headerAction: {
requestHeadersToAdds: [{
headerName: "string",
headerValue: "string",
}],
},
preconfiguredWafConfig: {
exclusions: [{
targetRuleSet: "string",
requestCookies: [{
operator: "string",
value: "string",
}],
requestHeaders: [{
operator: "string",
value: "string",
}],
requestQueryParams: [{
operator: "string",
value: "string",
}],
requestUris: [{
operator: "string",
value: "string",
}],
targetRuleIds: ["string"],
}],
},
preview: false,
redirectOptions: {
type: "string",
target: "string",
},
targetResources: ["string"],
targetServiceAccounts: ["string"],
});
type: gcp:compute:OrganizationSecurityPolicyRule
properties:
action: string
description: string
direction: string
enableLogging: false
headerAction:
requestHeadersToAdds:
- headerName: string
headerValue: string
match:
config:
destIpRanges:
- string
layer4Configs:
- ipProtocol: string
ports:
- string
srcIpRanges:
- string
description: string
expr:
expression: string
versionedExpr: string
policyId: string
preconfiguredWafConfig:
exclusions:
- requestCookies:
- operator: string
value: string
requestHeaders:
- operator: string
value: string
requestQueryParams:
- operator: string
value: string
requestUris:
- operator: string
value: string
targetRuleIds:
- string
targetRuleSet: string
preview: false
priority: 0
redirectOptions:
target: string
type: string
targetResources:
- string
targetServiceAccounts:
- string
OrganizationSecurityPolicyRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OrganizationSecurityPolicyRule resource accepts the following input properties:
- Action string
- The Action to perform when the client connection triggers the rule. Valid actions are: "allow": allow access to target. "deny": deny access to target. "gotoNext": forward the request to the next hierarchical policy for evaluation. "redirect": redirect to a different target. Parameters for this action can be configured via redirectOptions. Only EXTERNAL_302 redirect type is supported for organization security policies.
- Match
Organization
Security Policy Rule Match - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- Policy
Id string - The ID of the OrganizationSecurityPolicy this rule applies to.
- Priority int
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- Description string
- A description of the rule.
- Direction string
- (Optional, Beta)
The direction in which this rule applies. If unspecified an INGRESS rule is created.
This field may only be specified when the versionedExpr is set to FIREWALL.
Possible values are:
INGRESS,EGRESS. - Enable
Logging bool - (Optional, Beta) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. This field may only be specified when the versionedExpr is set to FIREWALL.
- Header
Action OrganizationSecurity Policy Rule Header Action - Optional, additional actions that are performed on headers. Structure is documented below.
- Preconfigured
Waf OrganizationConfig Security Policy Rule Preconfigured Waf Config - Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below.
- Preview bool
- If set to true, the specified action is not enforced.
- Redirect
Options OrganizationSecurity Policy Rule Redirect Options - Parameters defining the redirect action. Cannot be specified for any other actions. Note: For organization security policies, only EXTERNAL_302 redirect type is supported. GOOGLE_RECAPTCHA is not supported. Structure is documented below.
- Target
Resources List<string> - (Optional, Beta) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- Target
Service List<string>Accounts - (Optional, Beta) A list of service accounts indicating the sets of instances that are applied with this rule.
- Action string
- The Action to perform when the client connection triggers the rule. Valid actions are: "allow": allow access to target. "deny": deny access to target. "gotoNext": forward the request to the next hierarchical policy for evaluation. "redirect": redirect to a different target. Parameters for this action can be configured via redirectOptions. Only EXTERNAL_302 redirect type is supported for organization security policies.
- Match
Organization
Security Policy Rule Match Args - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- Policy
Id string - The ID of the OrganizationSecurityPolicy this rule applies to.
- Priority int
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- Description string
- A description of the rule.
- Direction string
- (Optional, Beta)
The direction in which this rule applies. If unspecified an INGRESS rule is created.
This field may only be specified when the versionedExpr is set to FIREWALL.
Possible values are:
INGRESS,EGRESS. - Enable
Logging bool - (Optional, Beta) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. This field may only be specified when the versionedExpr is set to FIREWALL.
- Header
Action OrganizationSecurity Policy Rule Header Action Args - Optional, additional actions that are performed on headers. Structure is documented below.
- Preconfigured
Waf OrganizationConfig Security Policy Rule Preconfigured Waf Config Args - Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below.
- Preview bool
- If set to true, the specified action is not enforced.
- Redirect
Options OrganizationSecurity Policy Rule Redirect Options Args - Parameters defining the redirect action. Cannot be specified for any other actions. Note: For organization security policies, only EXTERNAL_302 redirect type is supported. GOOGLE_RECAPTCHA is not supported. Structure is documented below.
- Target
Resources []string - (Optional, Beta) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- Target
Service []stringAccounts - (Optional, Beta) A list of service accounts indicating the sets of instances that are applied with this rule.
- action String
- The Action to perform when the client connection triggers the rule. Valid actions are: "allow": allow access to target. "deny": deny access to target. "gotoNext": forward the request to the next hierarchical policy for evaluation. "redirect": redirect to a different target. Parameters for this action can be configured via redirectOptions. Only EXTERNAL_302 redirect type is supported for organization security policies.
- match
Organization
Security Policy Rule Match - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy
Id String - The ID of the OrganizationSecurityPolicy this rule applies to.
- priority Integer
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- description String
- A description of the rule.
- direction String
- (Optional, Beta)
The direction in which this rule applies. If unspecified an INGRESS rule is created.
This field may only be specified when the versionedExpr is set to FIREWALL.
Possible values are:
INGRESS,EGRESS. - enable
Logging Boolean - (Optional, Beta) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. This field may only be specified when the versionedExpr is set to FIREWALL.
- header
Action OrganizationSecurity Policy Rule Header Action - Optional, additional actions that are performed on headers. Structure is documented below.
- preconfigured
Waf OrganizationConfig Security Policy Rule Preconfigured Waf Config - Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below.
- preview Boolean
- If set to true, the specified action is not enforced.
- redirect
Options OrganizationSecurity Policy Rule Redirect Options - Parameters defining the redirect action. Cannot be specified for any other actions. Note: For organization security policies, only EXTERNAL_302 redirect type is supported. GOOGLE_RECAPTCHA is not supported. Structure is documented below.
- target
Resources List<String> - (Optional, Beta) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target
Service List<String>Accounts - (Optional, Beta) A list of service accounts indicating the sets of instances that are applied with this rule.
- action string
- The Action to perform when the client connection triggers the rule. Valid actions are: "allow": allow access to target. "deny": deny access to target. "gotoNext": forward the request to the next hierarchical policy for evaluation. "redirect": redirect to a different target. Parameters for this action can be configured via redirectOptions. Only EXTERNAL_302 redirect type is supported for organization security policies.
- match
Organization
Security Policy Rule Match - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy
Id string - The ID of the OrganizationSecurityPolicy this rule applies to.
- priority number
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- description string
- A description of the rule.
- direction string
- (Optional, Beta)
The direction in which this rule applies. If unspecified an INGRESS rule is created.
This field may only be specified when the versionedExpr is set to FIREWALL.
Possible values are:
INGRESS,EGRESS. - enable
Logging boolean - (Optional, Beta) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. This field may only be specified when the versionedExpr is set to FIREWALL.
- header
Action OrganizationSecurity Policy Rule Header Action - Optional, additional actions that are performed on headers. Structure is documented below.
- preconfigured
Waf OrganizationConfig Security Policy Rule Preconfigured Waf Config - Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below.
- preview boolean
- If set to true, the specified action is not enforced.
- redirect
Options OrganizationSecurity Policy Rule Redirect Options - Parameters defining the redirect action. Cannot be specified for any other actions. Note: For organization security policies, only EXTERNAL_302 redirect type is supported. GOOGLE_RECAPTCHA is not supported. Structure is documented below.
- target
Resources string[] - (Optional, Beta) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target
Service string[]Accounts - (Optional, Beta) A list of service accounts indicating the sets of instances that are applied with this rule.
- action str
- The Action to perform when the client connection triggers the rule. Valid actions are: "allow": allow access to target. "deny": deny access to target. "gotoNext": forward the request to the next hierarchical policy for evaluation. "redirect": redirect to a different target. Parameters for this action can be configured via redirectOptions. Only EXTERNAL_302 redirect type is supported for organization security policies.
- match
Organization
Security Policy Rule Match Args - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy_
id str - The ID of the OrganizationSecurityPolicy this rule applies to.
- priority int
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- description str
- A description of the rule.
- direction str
- (Optional, Beta)
The direction in which this rule applies. If unspecified an INGRESS rule is created.
This field may only be specified when the versionedExpr is set to FIREWALL.
Possible values are:
INGRESS,EGRESS. - enable_
logging bool - (Optional, Beta) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. This field may only be specified when the versionedExpr is set to FIREWALL.
- header_
action OrganizationSecurity Policy Rule Header Action Args - Optional, additional actions that are performed on headers. Structure is documented below.
- preconfigured_
waf_ Organizationconfig Security Policy Rule Preconfigured Waf Config Args - Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below.
- preview bool
- If set to true, the specified action is not enforced.
- redirect_
options OrganizationSecurity Policy Rule Redirect Options Args - Parameters defining the redirect action. Cannot be specified for any other actions. Note: For organization security policies, only EXTERNAL_302 redirect type is supported. GOOGLE_RECAPTCHA is not supported. Structure is documented below.
- target_
resources Sequence[str] - (Optional, Beta) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target_
service_ Sequence[str]accounts - (Optional, Beta) A list of service accounts indicating the sets of instances that are applied with this rule.
- action String
- The Action to perform when the client connection triggers the rule. Valid actions are: "allow": allow access to target. "deny": deny access to target. "gotoNext": forward the request to the next hierarchical policy for evaluation. "redirect": redirect to a different target. Parameters for this action can be configured via redirectOptions. Only EXTERNAL_302 redirect type is supported for organization security policies.
- match Property Map
- A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy
Id String - The ID of the OrganizationSecurityPolicy this rule applies to.
- priority Number
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- description String
- A description of the rule.
- direction String
- (Optional, Beta)
The direction in which this rule applies. If unspecified an INGRESS rule is created.
This field may only be specified when the versionedExpr is set to FIREWALL.
Possible values are:
INGRESS,EGRESS. - enable
Logging Boolean - (Optional, Beta) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. This field may only be specified when the versionedExpr is set to FIREWALL.
- header
Action Property Map - Optional, additional actions that are performed on headers. Structure is documented below.
- preconfigured
Waf Property MapConfig - Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below.
- preview Boolean
- If set to true, the specified action is not enforced.
- redirect
Options Property Map - Parameters defining the redirect action. Cannot be specified for any other actions. Note: For organization security policies, only EXTERNAL_302 redirect type is supported. GOOGLE_RECAPTCHA is not supported. Structure is documented below.
- target
Resources List<String> - (Optional, Beta) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target
Service List<String>Accounts - (Optional, Beta) A list of service accounts indicating the sets of instances that are applied with this rule.
Outputs
All input properties are implicitly available as output properties. Additionally, the OrganizationSecurityPolicyRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing OrganizationSecurityPolicyRule Resource
Get an existing OrganizationSecurityPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrganizationSecurityPolicyRuleState, opts?: CustomResourceOptions): OrganizationSecurityPolicyRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
description: Optional[str] = None,
direction: Optional[str] = None,
enable_logging: Optional[bool] = None,
header_action: Optional[OrganizationSecurityPolicyRuleHeaderActionArgs] = None,
match: Optional[OrganizationSecurityPolicyRuleMatchArgs] = None,
policy_id: Optional[str] = None,
preconfigured_waf_config: Optional[OrganizationSecurityPolicyRulePreconfiguredWafConfigArgs] = None,
preview: Optional[bool] = None,
priority: Optional[int] = None,
redirect_options: Optional[OrganizationSecurityPolicyRuleRedirectOptionsArgs] = None,
target_resources: Optional[Sequence[str]] = None,
target_service_accounts: Optional[Sequence[str]] = None) -> OrganizationSecurityPolicyRulefunc GetOrganizationSecurityPolicyRule(ctx *Context, name string, id IDInput, state *OrganizationSecurityPolicyRuleState, opts ...ResourceOption) (*OrganizationSecurityPolicyRule, error)public static OrganizationSecurityPolicyRule Get(string name, Input<string> id, OrganizationSecurityPolicyRuleState? state, CustomResourceOptions? opts = null)public static OrganizationSecurityPolicyRule get(String name, Output<String> id, OrganizationSecurityPolicyRuleState state, CustomResourceOptions options)resources: _: type: gcp:compute:OrganizationSecurityPolicyRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- The Action to perform when the client connection triggers the rule. Valid actions are: "allow": allow access to target. "deny": deny access to target. "gotoNext": forward the request to the next hierarchical policy for evaluation. "redirect": redirect to a different target. Parameters for this action can be configured via redirectOptions. Only EXTERNAL_302 redirect type is supported for organization security policies.
- Description string
- A description of the rule.
- Direction string
- (Optional, Beta)
The direction in which this rule applies. If unspecified an INGRESS rule is created.
This field may only be specified when the versionedExpr is set to FIREWALL.
Possible values are:
INGRESS,EGRESS. - Enable
Logging bool - (Optional, Beta) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. This field may only be specified when the versionedExpr is set to FIREWALL.
- Header
Action OrganizationSecurity Policy Rule Header Action - Optional, additional actions that are performed on headers. Structure is documented below.
- Match
Organization
Security Policy Rule Match - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- Policy
Id string - The ID of the OrganizationSecurityPolicy this rule applies to.
- Preconfigured
Waf OrganizationConfig Security Policy Rule Preconfigured Waf Config - Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below.
- Preview bool
- If set to true, the specified action is not enforced.
- Priority int
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- Redirect
Options OrganizationSecurity Policy Rule Redirect Options - Parameters defining the redirect action. Cannot be specified for any other actions. Note: For organization security policies, only EXTERNAL_302 redirect type is supported. GOOGLE_RECAPTCHA is not supported. Structure is documented below.
- Target
Resources List<string> - (Optional, Beta) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- Target
Service List<string>Accounts - (Optional, Beta) A list of service accounts indicating the sets of instances that are applied with this rule.
- Action string
- The Action to perform when the client connection triggers the rule. Valid actions are: "allow": allow access to target. "deny": deny access to target. "gotoNext": forward the request to the next hierarchical policy for evaluation. "redirect": redirect to a different target. Parameters for this action can be configured via redirectOptions. Only EXTERNAL_302 redirect type is supported for organization security policies.
- Description string
- A description of the rule.
- Direction string
- (Optional, Beta)
The direction in which this rule applies. If unspecified an INGRESS rule is created.
This field may only be specified when the versionedExpr is set to FIREWALL.
Possible values are:
INGRESS,EGRESS. - Enable
Logging bool - (Optional, Beta) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. This field may only be specified when the versionedExpr is set to FIREWALL.
- Header
Action OrganizationSecurity Policy Rule Header Action Args - Optional, additional actions that are performed on headers. Structure is documented below.
- Match
Organization
Security Policy Rule Match Args - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- Policy
Id string - The ID of the OrganizationSecurityPolicy this rule applies to.
- Preconfigured
Waf OrganizationConfig Security Policy Rule Preconfigured Waf Config Args - Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below.
- Preview bool
- If set to true, the specified action is not enforced.
- Priority int
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- Redirect
Options OrganizationSecurity Policy Rule Redirect Options Args - Parameters defining the redirect action. Cannot be specified for any other actions. Note: For organization security policies, only EXTERNAL_302 redirect type is supported. GOOGLE_RECAPTCHA is not supported. Structure is documented below.
- Target
Resources []string - (Optional, Beta) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- Target
Service []stringAccounts - (Optional, Beta) A list of service accounts indicating the sets of instances that are applied with this rule.
- action String
- The Action to perform when the client connection triggers the rule. Valid actions are: "allow": allow access to target. "deny": deny access to target. "gotoNext": forward the request to the next hierarchical policy for evaluation. "redirect": redirect to a different target. Parameters for this action can be configured via redirectOptions. Only EXTERNAL_302 redirect type is supported for organization security policies.
- description String
- A description of the rule.
- direction String
- (Optional, Beta)
The direction in which this rule applies. If unspecified an INGRESS rule is created.
This field may only be specified when the versionedExpr is set to FIREWALL.
Possible values are:
INGRESS,EGRESS. - enable
Logging Boolean - (Optional, Beta) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. This field may only be specified when the versionedExpr is set to FIREWALL.
- header
Action OrganizationSecurity Policy Rule Header Action - Optional, additional actions that are performed on headers. Structure is documented below.
- match
Organization
Security Policy Rule Match - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy
Id String - The ID of the OrganizationSecurityPolicy this rule applies to.
- preconfigured
Waf OrganizationConfig Security Policy Rule Preconfigured Waf Config - Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below.
- preview Boolean
- If set to true, the specified action is not enforced.
- priority Integer
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- redirect
Options OrganizationSecurity Policy Rule Redirect Options - Parameters defining the redirect action. Cannot be specified for any other actions. Note: For organization security policies, only EXTERNAL_302 redirect type is supported. GOOGLE_RECAPTCHA is not supported. Structure is documented below.
- target
Resources List<String> - (Optional, Beta) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target
Service List<String>Accounts - (Optional, Beta) A list of service accounts indicating the sets of instances that are applied with this rule.
- action string
- The Action to perform when the client connection triggers the rule. Valid actions are: "allow": allow access to target. "deny": deny access to target. "gotoNext": forward the request to the next hierarchical policy for evaluation. "redirect": redirect to a different target. Parameters for this action can be configured via redirectOptions. Only EXTERNAL_302 redirect type is supported for organization security policies.
- description string
- A description of the rule.
- direction string
- (Optional, Beta)
The direction in which this rule applies. If unspecified an INGRESS rule is created.
This field may only be specified when the versionedExpr is set to FIREWALL.
Possible values are:
INGRESS,EGRESS. - enable
Logging boolean - (Optional, Beta) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. This field may only be specified when the versionedExpr is set to FIREWALL.
- header
Action OrganizationSecurity Policy Rule Header Action - Optional, additional actions that are performed on headers. Structure is documented below.
- match
Organization
Security Policy Rule Match - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy
Id string - The ID of the OrganizationSecurityPolicy this rule applies to.
- preconfigured
Waf OrganizationConfig Security Policy Rule Preconfigured Waf Config - Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below.
- preview boolean
- If set to true, the specified action is not enforced.
- priority number
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- redirect
Options OrganizationSecurity Policy Rule Redirect Options - Parameters defining the redirect action. Cannot be specified for any other actions. Note: For organization security policies, only EXTERNAL_302 redirect type is supported. GOOGLE_RECAPTCHA is not supported. Structure is documented below.
- target
Resources string[] - (Optional, Beta) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target
Service string[]Accounts - (Optional, Beta) A list of service accounts indicating the sets of instances that are applied with this rule.
- action str
- The Action to perform when the client connection triggers the rule. Valid actions are: "allow": allow access to target. "deny": deny access to target. "gotoNext": forward the request to the next hierarchical policy for evaluation. "redirect": redirect to a different target. Parameters for this action can be configured via redirectOptions. Only EXTERNAL_302 redirect type is supported for organization security policies.
- description str
- A description of the rule.
- direction str
- (Optional, Beta)
The direction in which this rule applies. If unspecified an INGRESS rule is created.
This field may only be specified when the versionedExpr is set to FIREWALL.
Possible values are:
INGRESS,EGRESS. - enable_
logging bool - (Optional, Beta) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. This field may only be specified when the versionedExpr is set to FIREWALL.
- header_
action OrganizationSecurity Policy Rule Header Action Args - Optional, additional actions that are performed on headers. Structure is documented below.
- match
Organization
Security Policy Rule Match Args - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy_
id str - The ID of the OrganizationSecurityPolicy this rule applies to.
- preconfigured_
waf_ Organizationconfig Security Policy Rule Preconfigured Waf Config Args - Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below.
- preview bool
- If set to true, the specified action is not enforced.
- priority int
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- redirect_
options OrganizationSecurity Policy Rule Redirect Options Args - Parameters defining the redirect action. Cannot be specified for any other actions. Note: For organization security policies, only EXTERNAL_302 redirect type is supported. GOOGLE_RECAPTCHA is not supported. Structure is documented below.
- target_
resources Sequence[str] - (Optional, Beta) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target_
service_ Sequence[str]accounts - (Optional, Beta) A list of service accounts indicating the sets of instances that are applied with this rule.
- action String
- The Action to perform when the client connection triggers the rule. Valid actions are: "allow": allow access to target. "deny": deny access to target. "gotoNext": forward the request to the next hierarchical policy for evaluation. "redirect": redirect to a different target. Parameters for this action can be configured via redirectOptions. Only EXTERNAL_302 redirect type is supported for organization security policies.
- description String
- A description of the rule.
- direction String
- (Optional, Beta)
The direction in which this rule applies. If unspecified an INGRESS rule is created.
This field may only be specified when the versionedExpr is set to FIREWALL.
Possible values are:
INGRESS,EGRESS. - enable
Logging Boolean - (Optional, Beta) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. This field may only be specified when the versionedExpr is set to FIREWALL.
- header
Action Property Map - Optional, additional actions that are performed on headers. Structure is documented below.
- match Property Map
- A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
- policy
Id String - The ID of the OrganizationSecurityPolicy this rule applies to.
- preconfigured
Waf Property MapConfig - Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below.
- preview Boolean
- If set to true, the specified action is not enforced.
- priority Number
- An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- redirect
Options Property Map - Parameters defining the redirect action. Cannot be specified for any other actions. Note: For organization security policies, only EXTERNAL_302 redirect type is supported. GOOGLE_RECAPTCHA is not supported. Structure is documented below.
- target
Resources List<String> - (Optional, Beta) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- target
Service List<String>Accounts - (Optional, Beta) A list of service accounts indicating the sets of instances that are applied with this rule.
Supporting Types
OrganizationSecurityPolicyRuleHeaderAction, OrganizationSecurityPolicyRuleHeaderActionArgs
- Request
Headers List<OrganizationTo Adds Security Policy Rule Header Action Request Headers To Add> - The list of request headers to add or overwrite if they're already present. Structure is documented below.
- Request
Headers []OrganizationTo Adds Security Policy Rule Header Action Request Headers To Add - The list of request headers to add or overwrite if they're already present. Structure is documented below.
- request
Headers List<OrganizationTo Adds Security Policy Rule Header Action Request Headers To Add> - The list of request headers to add or overwrite if they're already present. Structure is documented below.
- request
Headers OrganizationTo Adds Security Policy Rule Header Action Request Headers To Add[] - The list of request headers to add or overwrite if they're already present. Structure is documented below.
- request_
headers_ Sequence[Organizationto_ adds Security Policy Rule Header Action Request Headers To Add] - The list of request headers to add or overwrite if they're already present. Structure is documented below.
- request
Headers List<Property Map>To Adds - The list of request headers to add or overwrite if they're already present. Structure is documented below.
OrganizationSecurityPolicyRuleHeaderActionRequestHeadersToAdd, OrganizationSecurityPolicyRuleHeaderActionRequestHeadersToAddArgs
- Header
Name string - The name of the header to set.
- Header
Value string - The value to set the named header to.
- Header
Name string - The name of the header to set.
- Header
Value string - The value to set the named header to.
- header
Name String - The name of the header to set.
- header
Value String - The value to set the named header to.
- header
Name string - The name of the header to set.
- header
Value string - The value to set the named header to.
- header_
name str - The name of the header to set.
- header_
value str - The value to set the named header to.
- header
Name String - The name of the header to set.
- header
Value String - The value to set the named header to.
OrganizationSecurityPolicyRuleMatch, OrganizationSecurityPolicyRuleMatchArgs
- Config
Organization
Security Policy Rule Match Config - The configuration options for matching the rule. Structure is documented below.
- Description string
- A description of the rule.
- Expr
Organization
Security Policy Rule Match Expr - User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.
- Versioned
Expr string - Preconfigured versioned expression. For organization security policy rules, the only supported type is "SRC_IPS_V1". NOTE : 'FIREWALL' type is deprecated. Please use 'google_compute_firewall_policy_rule' resource instead.
- Config
Organization
Security Policy Rule Match Config - The configuration options for matching the rule. Structure is documented below.
- Description string
- A description of the rule.
- Expr
Organization
Security Policy Rule Match Expr - User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.
- Versioned
Expr string - Preconfigured versioned expression. For organization security policy rules, the only supported type is "SRC_IPS_V1". NOTE : 'FIREWALL' type is deprecated. Please use 'google_compute_firewall_policy_rule' resource instead.
- config
Organization
Security Policy Rule Match Config - The configuration options for matching the rule. Structure is documented below.
- description String
- A description of the rule.
- expr
Organization
Security Policy Rule Match Expr - User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.
- versioned
Expr String - Preconfigured versioned expression. For organization security policy rules, the only supported type is "SRC_IPS_V1". NOTE : 'FIREWALL' type is deprecated. Please use 'google_compute_firewall_policy_rule' resource instead.
- config
Organization
Security Policy Rule Match Config - The configuration options for matching the rule. Structure is documented below.
- description string
- A description of the rule.
- expr
Organization
Security Policy Rule Match Expr - User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.
- versioned
Expr string - Preconfigured versioned expression. For organization security policy rules, the only supported type is "SRC_IPS_V1". NOTE : 'FIREWALL' type is deprecated. Please use 'google_compute_firewall_policy_rule' resource instead.
- config
Organization
Security Policy Rule Match Config - The configuration options for matching the rule. Structure is documented below.
- description str
- A description of the rule.
- expr
Organization
Security Policy Rule Match Expr - User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.
- versioned_
expr str - Preconfigured versioned expression. For organization security policy rules, the only supported type is "SRC_IPS_V1". NOTE : 'FIREWALL' type is deprecated. Please use 'google_compute_firewall_policy_rule' resource instead.
- config Property Map
- The configuration options for matching the rule. Structure is documented below.
- description String
- A description of the rule.
- expr Property Map
- User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.
- versioned
Expr String - Preconfigured versioned expression. For organization security policy rules, the only supported type is "SRC_IPS_V1". NOTE : 'FIREWALL' type is deprecated. Please use 'google_compute_firewall_policy_rule' resource instead.
OrganizationSecurityPolicyRuleMatchConfig, OrganizationSecurityPolicyRuleMatchConfigArgs
- Dest
Ip List<string>Ranges - (Optional, Beta) Destination IP address range in CIDR format. Required for EGRESS rules. This field may only be specified when versionedExpr is set to FIREWALL.
- Layer4Configs
List<Organization
Security Policy Rule Match Config Layer4Config> (Optional, Beta) Pairs of IP protocols and ports that the rule should match. This field may only be specified when versionedExpr is set to FIREWALL. Structure is documented below.
The
layer4Configblock supports:- Src
Ip List<string>Ranges - Source IP address range in CIDR format. Required for INGRESS rules.
- Dest
Ip []stringRanges - (Optional, Beta) Destination IP address range in CIDR format. Required for EGRESS rules. This field may only be specified when versionedExpr is set to FIREWALL.
- Layer4Configs
[]Organization
Security Policy Rule Match Config Layer4Config (Optional, Beta) Pairs of IP protocols and ports that the rule should match. This field may only be specified when versionedExpr is set to FIREWALL. Structure is documented below.
The
layer4Configblock supports:- Src
Ip []stringRanges - Source IP address range in CIDR format. Required for INGRESS rules.
- dest
Ip List<String>Ranges - (Optional, Beta) Destination IP address range in CIDR format. Required for EGRESS rules. This field may only be specified when versionedExpr is set to FIREWALL.
- layer4Configs
List<Organization
Security Policy Rule Match Config Layer4Config> (Optional, Beta) Pairs of IP protocols and ports that the rule should match. This field may only be specified when versionedExpr is set to FIREWALL. Structure is documented below.
The
layer4Configblock supports:- src
Ip List<String>Ranges - Source IP address range in CIDR format. Required for INGRESS rules.
- dest
Ip string[]Ranges - (Optional, Beta) Destination IP address range in CIDR format. Required for EGRESS rules. This field may only be specified when versionedExpr is set to FIREWALL.
- layer4Configs
Organization
Security Policy Rule Match Config Layer4Config[] (Optional, Beta) Pairs of IP protocols and ports that the rule should match. This field may only be specified when versionedExpr is set to FIREWALL. Structure is documented below.
The
layer4Configblock supports:- src
Ip string[]Ranges - Source IP address range in CIDR format. Required for INGRESS rules.
- dest_
ip_ Sequence[str]ranges - (Optional, Beta) Destination IP address range in CIDR format. Required for EGRESS rules. This field may only be specified when versionedExpr is set to FIREWALL.
- layer4_
configs Sequence[OrganizationSecurity Policy Rule Match Config Layer4Config] (Optional, Beta) Pairs of IP protocols and ports that the rule should match. This field may only be specified when versionedExpr is set to FIREWALL. Structure is documented below.
The
layer4Configblock supports:- src_
ip_ Sequence[str]ranges - Source IP address range in CIDR format. Required for INGRESS rules.
- dest
Ip List<String>Ranges - (Optional, Beta) Destination IP address range in CIDR format. Required for EGRESS rules. This field may only be specified when versionedExpr is set to FIREWALL.
- layer4Configs List<Property Map>
(Optional, Beta) Pairs of IP protocols and ports that the rule should match. This field may only be specified when versionedExpr is set to FIREWALL. Structure is documented below.
The
layer4Configblock supports:- src
Ip List<String>Ranges - Source IP address range in CIDR format. Required for INGRESS rules.
OrganizationSecurityPolicyRuleMatchConfigLayer4Config, OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- Ports List<string>
An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.
Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- Ports []string
An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.
Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports List<String>
An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.
Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports string[]
An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.
Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip_
protocol str - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports Sequence[str]
An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.
Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports List<String>
An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.
Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
OrganizationSecurityPolicyRuleMatchExpr, OrganizationSecurityPolicyRuleMatchExprArgs
- Expression string
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- Expression string
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- expression String
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- expression string
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- expression str
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- expression String
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
OrganizationSecurityPolicyRulePreconfiguredWafConfig, OrganizationSecurityPolicyRulePreconfiguredWafConfigArgs
- Exclusions
List<Organization
Security Policy Rule Preconfigured Waf Config Exclusion> - An exclusion to apply during preconfigured WAF evaluation. Structure is documented below.
- Exclusions
[]Organization
Security Policy Rule Preconfigured Waf Config Exclusion - An exclusion to apply during preconfigured WAF evaluation. Structure is documented below.
- exclusions
List<Organization
Security Policy Rule Preconfigured Waf Config Exclusion> - An exclusion to apply during preconfigured WAF evaluation. Structure is documented below.
- exclusions
Organization
Security Policy Rule Preconfigured Waf Config Exclusion[] - An exclusion to apply during preconfigured WAF evaluation. Structure is documented below.
- exclusions
Sequence[Organization
Security Policy Rule Preconfigured Waf Config Exclusion] - An exclusion to apply during preconfigured WAF evaluation. Structure is documented below.
- exclusions List<Property Map>
- An exclusion to apply during preconfigured WAF evaluation. Structure is documented below.
OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusion, OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionArgs
- Target
Rule stringSet - Target WAF rule set to apply the preconfigured WAF exclusion.
-
List<Organization
Security Policy Rule Preconfigured Waf Config Exclusion Request Cooky> - Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below.
- Request
Headers List<OrganizationSecurity Policy Rule Preconfigured Waf Config Exclusion Request Header> - Request header whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below.
- Request
Query List<OrganizationParams Security Policy Rule Preconfigured Waf Config Exclusion Request Query Param> - Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body. Structure is documented below.
- Request
Uris List<OrganizationSecurity Policy Rule Preconfigured Waf Config Exclusion Request Uri> - Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded. Structure is documented below.
- Target
Rule List<string>Ids - A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
- Target
Rule stringSet - Target WAF rule set to apply the preconfigured WAF exclusion.
-
[]Organization
Security Policy Rule Preconfigured Waf Config Exclusion Request Cooky - Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below.
- Request
Headers []OrganizationSecurity Policy Rule Preconfigured Waf Config Exclusion Request Header - Request header whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below.
- Request
Query []OrganizationParams Security Policy Rule Preconfigured Waf Config Exclusion Request Query Param - Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body. Structure is documented below.
- Request
Uris []OrganizationSecurity Policy Rule Preconfigured Waf Config Exclusion Request Uri - Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded. Structure is documented below.
- Target
Rule []stringIds - A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
- target
Rule StringSet - Target WAF rule set to apply the preconfigured WAF exclusion.
-
List<Organization
Security Policy Rule Preconfigured Waf Config Exclusion Request Cooky> - Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below.
- request
Headers List<OrganizationSecurity Policy Rule Preconfigured Waf Config Exclusion Request Header> - Request header whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below.
- request
Query List<OrganizationParams Security Policy Rule Preconfigured Waf Config Exclusion Request Query Param> - Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body. Structure is documented below.
- request
Uris List<OrganizationSecurity Policy Rule Preconfigured Waf Config Exclusion Request Uri> - Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded. Structure is documented below.
- target
Rule List<String>Ids - A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
- target
Rule stringSet - Target WAF rule set to apply the preconfigured WAF exclusion.
-
Organization
Security Policy Rule Preconfigured Waf Config Exclusion Request Cooky[] - Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below.
- request
Headers OrganizationSecurity Policy Rule Preconfigured Waf Config Exclusion Request Header[] - Request header whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below.
- request
Query OrganizationParams Security Policy Rule Preconfigured Waf Config Exclusion Request Query Param[] - Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body. Structure is documented below.
- request
Uris OrganizationSecurity Policy Rule Preconfigured Waf Config Exclusion Request Uri[] - Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded. Structure is documented below.
- target
Rule string[]Ids - A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
- target_
rule_ strset - Target WAF rule set to apply the preconfigured WAF exclusion.
-
Sequence[Organization
Security Policy Rule Preconfigured Waf Config Exclusion Request Cooky] - Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below.
- request_
headers Sequence[OrganizationSecurity Policy Rule Preconfigured Waf Config Exclusion Request Header] - Request header whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below.
- request_
query_ Sequence[Organizationparams Security Policy Rule Preconfigured Waf Config Exclusion Request Query Param] - Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body. Structure is documented below.
- request_
uris Sequence[OrganizationSecurity Policy Rule Preconfigured Waf Config Exclusion Request Uri] - Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded. Structure is documented below.
- target_
rule_ Sequence[str]ids - A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
- target
Rule StringSet - Target WAF rule set to apply the preconfigured WAF exclusion.
- List<Property Map>
- Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below.
- request
Headers List<Property Map> - Request header whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below.
- request
Query List<Property Map>Params - Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body. Structure is documented below.
- request
Uris List<Property Map> - Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded. Structure is documented below.
- target
Rule List<String>Ids - A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.
OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCooky, OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookyArgs
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator str
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value str
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader, OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderArgs
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator str
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value str
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam, OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator str
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value str
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri, OrganizationSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- Operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- Value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator string
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value string
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator str
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value str
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
- operator String
- You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.
- value String
- A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
OrganizationSecurityPolicyRuleRedirectOptions, OrganizationSecurityPolicyRuleRedirectOptionsArgs
Import
OrganizationSecurityPolicyRule can be imported using any of these accepted formats:
{{policy_id}}/priority/{{priority}}
When using the pulumi import command, OrganizationSecurityPolicyRule can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/organizationSecurityPolicyRule:OrganizationSecurityPolicyRule default {{policy_id}}/priority/{{priority}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.
Viewing docs for Google Cloud v9.23.0
published on Thursday, May 7, 2026 by Pulumi
published on Thursday, May 7, 2026 by Pulumi
