Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.networksecurity/v1.Rule
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Creates a new GatewaySecurityPolicy in a given project and location. Auto-naming is currently not supported for this resource.
Create Rule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Rule(name: string, args: RuleArgs, opts?: CustomResourceOptions);@overload
def Rule(resource_name: str,
         args: RuleInitArgs,
         opts: Optional[ResourceOptions] = None)
@overload
def Rule(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         basic_profile: Optional[RuleBasicProfile] = None,
         enabled: Optional[bool] = None,
         gateway_security_policy_id: Optional[str] = None,
         name: Optional[str] = None,
         priority: Optional[int] = None,
         session_matcher: Optional[str] = None,
         application_matcher: Optional[str] = None,
         description: Optional[str] = None,
         gateway_security_policy_rule_id: Optional[str] = None,
         location: Optional[str] = None,
         project: Optional[str] = None,
         tls_inspection_enabled: Optional[bool] = None)func NewRule(ctx *Context, name string, args RuleArgs, opts ...ResourceOption) (*Rule, error)public Rule(string name, RuleArgs args, CustomResourceOptions? opts = null)type: google-native:networksecurity/v1:Rule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RuleInitArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ruleResource = new GoogleNative.NetworkSecurity.V1.Rule("ruleResource", new()
{
    BasicProfile = GoogleNative.NetworkSecurity.V1.RuleBasicProfile.BasicProfileUnspecified,
    Enabled = false,
    GatewaySecurityPolicyId = "string",
    Name = "string",
    Priority = 0,
    SessionMatcher = "string",
    ApplicationMatcher = "string",
    Description = "string",
    GatewaySecurityPolicyRuleId = "string",
    Location = "string",
    Project = "string",
    TlsInspectionEnabled = false,
});
example, err := networksecurity.NewRule(ctx, "ruleResource", &networksecurity.RuleArgs{
	BasicProfile:                networksecurity.RuleBasicProfileBasicProfileUnspecified,
	Enabled:                     pulumi.Bool(false),
	GatewaySecurityPolicyId:     pulumi.String("string"),
	Name:                        pulumi.String("string"),
	Priority:                    pulumi.Int(0),
	SessionMatcher:              pulumi.String("string"),
	ApplicationMatcher:          pulumi.String("string"),
	Description:                 pulumi.String("string"),
	GatewaySecurityPolicyRuleId: pulumi.String("string"),
	Location:                    pulumi.String("string"),
	Project:                     pulumi.String("string"),
	TlsInspectionEnabled:        pulumi.Bool(false),
})
var ruleResource = new com.pulumi.googlenative.networksecurity_v1.Rule("ruleResource", com.pulumi.googlenative.networksecurity_v1.RuleArgs.builder()
    .basicProfile("BASIC_PROFILE_UNSPECIFIED")
    .enabled(false)
    .gatewaySecurityPolicyId("string")
    .name("string")
    .priority(0)
    .sessionMatcher("string")
    .applicationMatcher("string")
    .description("string")
    .gatewaySecurityPolicyRuleId("string")
    .location("string")
    .project("string")
    .tlsInspectionEnabled(false)
    .build());
rule_resource = google_native.networksecurity.v1.Rule("ruleResource",
    basic_profile=google_native.networksecurity.v1.RuleBasicProfile.BASIC_PROFILE_UNSPECIFIED,
    enabled=False,
    gateway_security_policy_id="string",
    name="string",
    priority=0,
    session_matcher="string",
    application_matcher="string",
    description="string",
    gateway_security_policy_rule_id="string",
    location="string",
    project="string",
    tls_inspection_enabled=False)
const ruleResource = new google_native.networksecurity.v1.Rule("ruleResource", {
    basicProfile: google_native.networksecurity.v1.RuleBasicProfile.BasicProfileUnspecified,
    enabled: false,
    gatewaySecurityPolicyId: "string",
    name: "string",
    priority: 0,
    sessionMatcher: "string",
    applicationMatcher: "string",
    description: "string",
    gatewaySecurityPolicyRuleId: "string",
    location: "string",
    project: "string",
    tlsInspectionEnabled: false,
});
type: google-native:networksecurity/v1:Rule
properties:
    applicationMatcher: string
    basicProfile: BASIC_PROFILE_UNSPECIFIED
    description: string
    enabled: false
    gatewaySecurityPolicyId: string
    gatewaySecurityPolicyRuleId: string
    location: string
    name: string
    priority: 0
    project: string
    sessionMatcher: string
    tlsInspectionEnabled: false
Rule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Rule resource accepts the following input properties:
- BasicProfile Pulumi.Google Native. Network Security. V1. Rule Basic Profile 
- Profile which tells what the primitive action should be.
- Enabled bool
- Whether the rule is enforced.
- GatewaySecurity stringPolicy Id 
- Name string
- Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- Priority int
- Priority of the rule. Lower number corresponds to higher precedence.
- SessionMatcher string
- CEL expression for matching on session criteria.
- ApplicationMatcher string
- Optional. CEL expression for matching on L7/application level criteria.
- Description string
- Optional. Free-text description of the resource.
- GatewaySecurity stringPolicy Rule Id 
- The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
- Location string
- Project string
- TlsInspection boolEnabled 
- Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- BasicProfile RuleBasic Profile 
- Profile which tells what the primitive action should be.
- Enabled bool
- Whether the rule is enforced.
- GatewaySecurity stringPolicy Id 
- Name string
- Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- Priority int
- Priority of the rule. Lower number corresponds to higher precedence.
- SessionMatcher string
- CEL expression for matching on session criteria.
- ApplicationMatcher string
- Optional. CEL expression for matching on L7/application level criteria.
- Description string
- Optional. Free-text description of the resource.
- GatewaySecurity stringPolicy Rule Id 
- The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
- Location string
- Project string
- TlsInspection boolEnabled 
- Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- basicProfile RuleBasic Profile 
- Profile which tells what the primitive action should be.
- enabled Boolean
- Whether the rule is enforced.
- gatewaySecurity StringPolicy Id 
- name String
- Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- priority Integer
- Priority of the rule. Lower number corresponds to higher precedence.
- sessionMatcher String
- CEL expression for matching on session criteria.
- applicationMatcher String
- Optional. CEL expression for matching on L7/application level criteria.
- description String
- Optional. Free-text description of the resource.
- gatewaySecurity StringPolicy Rule Id 
- The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
- location String
- project String
- tlsInspection BooleanEnabled 
- Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- basicProfile RuleBasic Profile 
- Profile which tells what the primitive action should be.
- enabled boolean
- Whether the rule is enforced.
- gatewaySecurity stringPolicy Id 
- name string
- Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- priority number
- Priority of the rule. Lower number corresponds to higher precedence.
- sessionMatcher string
- CEL expression for matching on session criteria.
- applicationMatcher string
- Optional. CEL expression for matching on L7/application level criteria.
- description string
- Optional. Free-text description of the resource.
- gatewaySecurity stringPolicy Rule Id 
- The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
- location string
- project string
- tlsInspection booleanEnabled 
- Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- basic_profile RuleBasic Profile 
- Profile which tells what the primitive action should be.
- enabled bool
- Whether the rule is enforced.
- gateway_security_ strpolicy_ id 
- name str
- Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- priority int
- Priority of the rule. Lower number corresponds to higher precedence.
- session_matcher str
- CEL expression for matching on session criteria.
- application_matcher str
- Optional. CEL expression for matching on L7/application level criteria.
- description str
- Optional. Free-text description of the resource.
- gateway_security_ strpolicy_ rule_ id 
- The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
- location str
- project str
- tls_inspection_ boolenabled 
- Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- basicProfile "BASIC_PROFILE_UNSPECIFIED" | "ALLOW" | "DENY"
- Profile which tells what the primitive action should be.
- enabled Boolean
- Whether the rule is enforced.
- gatewaySecurity StringPolicy Id 
- name String
- Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- priority Number
- Priority of the rule. Lower number corresponds to higher precedence.
- sessionMatcher String
- CEL expression for matching on session criteria.
- applicationMatcher String
- Optional. CEL expression for matching on L7/application level criteria.
- description String
- Optional. Free-text description of the resource.
- gatewaySecurity StringPolicy Rule Id 
- The ID to use for the rule, which will become the final component of the rule's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
- location String
- project String
- tlsInspection BooleanEnabled 
- Optional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
Outputs
All input properties are implicitly available as output properties. Additionally, the Rule resource produces the following output properties:
- CreateTime string
- Time when the rule was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- UpdateTime string
- Time when the rule was updated.
- CreateTime string
- Time when the rule was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- UpdateTime string
- Time when the rule was updated.
- createTime String
- Time when the rule was created.
- id String
- The provider-assigned unique ID for this managed resource.
- updateTime String
- Time when the rule was updated.
- createTime string
- Time when the rule was created.
- id string
- The provider-assigned unique ID for this managed resource.
- updateTime string
- Time when the rule was updated.
- create_time str
- Time when the rule was created.
- id str
- The provider-assigned unique ID for this managed resource.
- update_time str
- Time when the rule was updated.
- createTime String
- Time when the rule was created.
- id String
- The provider-assigned unique ID for this managed resource.
- updateTime String
- Time when the rule was updated.
Supporting Types
RuleBasicProfile, RuleBasicProfileArgs      
- BasicProfile Unspecified 
- BASIC_PROFILE_UNSPECIFIEDIf there is not a mentioned action for the target.
- Allow
- ALLOWAllow the matched traffic.
- Deny
- DENYDeny the matched traffic.
- RuleBasic Profile Basic Profile Unspecified 
- BASIC_PROFILE_UNSPECIFIEDIf there is not a mentioned action for the target.
- RuleBasic Profile Allow 
- ALLOWAllow the matched traffic.
- RuleBasic Profile Deny 
- DENYDeny the matched traffic.
- BasicProfile Unspecified 
- BASIC_PROFILE_UNSPECIFIEDIf there is not a mentioned action for the target.
- Allow
- ALLOWAllow the matched traffic.
- Deny
- DENYDeny the matched traffic.
- BasicProfile Unspecified 
- BASIC_PROFILE_UNSPECIFIEDIf there is not a mentioned action for the target.
- Allow
- ALLOWAllow the matched traffic.
- Deny
- DENYDeny the matched traffic.
- BASIC_PROFILE_UNSPECIFIED
- BASIC_PROFILE_UNSPECIFIEDIf there is not a mentioned action for the target.
- ALLOW
- ALLOWAllow the matched traffic.
- DENY
- DENYDeny the matched traffic.
- "BASIC_PROFILE_UNSPECIFIED"
- BASIC_PROFILE_UNSPECIFIEDIf there is not a mentioned action for the target.
- "ALLOW"
- ALLOWAllow the matched traffic.
- "DENY"
- DENYDeny the matched traffic.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.