Docs Home
Google Cloud v8.26.0 published on Thursday, Apr 10, 2025 by Pulumi
gcp.networksecurity.GatewaySecurityPolicyRule
Explore with Pulumi AI
- Example Usage
- Network Security Gateway Security Policy Rules Basic
- Network Security Gateway Security Policy Rules Advanced
- Create GatewaySecurityPolicyRule Resource
- Constructor syntax
- Constructor example
- GatewaySecurityPolicyRule Resource Properties
- Inputs
- Outputs
- Look up Existing GatewaySecurityPolicyRule Resource
- Import
- Package Details
The GatewaySecurityPolicyRule resource is in a nested collection within a GatewaySecurityPolicy and represents a traffic matching condition and associated action to perform.
To get more information about GatewaySecurityPolicyRule, see:
Example Usage
Network Security Gateway Security Policy Rules Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.GatewaySecurityPolicy("default", {
name: "my-gateway-security-policy",
location: "us-central1",
description: "gateway security policy created to be used as reference by the rule.",
});
const defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule("default", {
name: "my-gateway-security-policy-rule",
location: "us-central1",
gatewaySecurityPolicy: _default.name,
enabled: true,
description: "my description",
priority: 0,
sessionMatcher: "host() == 'example.com'",
basicProfile: "ALLOW",
});
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.GatewaySecurityPolicy("default",
name="my-gateway-security-policy",
location="us-central1",
description="gateway security policy created to be used as reference by the rule.")
default_gateway_security_policy_rule = gcp.networksecurity.GatewaySecurityPolicyRule("default",
name="my-gateway-security-policy-rule",
location="us-central1",
gateway_security_policy=default.name,
enabled=True,
description="my description",
priority=0,
session_matcher="host() == 'example.com'",
basic_profile="ALLOW")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := networksecurity.NewGatewaySecurityPolicy(ctx, "default", &networksecurity.GatewaySecurityPolicyArgs{
Name: pulumi.String("my-gateway-security-policy"),
Location: pulumi.String("us-central1"),
Description: pulumi.String("gateway security policy created to be used as reference by the rule."),
})
if err != nil {
return err
}
_, err = networksecurity.NewGatewaySecurityPolicyRule(ctx, "default", &networksecurity.GatewaySecurityPolicyRuleArgs{
Name: pulumi.String("my-gateway-security-policy-rule"),
Location: pulumi.String("us-central1"),
GatewaySecurityPolicy: _default.Name,
Enabled: pulumi.Bool(true),
Description: pulumi.String("my description"),
Priority: pulumi.Int(0),
SessionMatcher: pulumi.String("host() == 'example.com'"),
BasicProfile: pulumi.String("ALLOW"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkSecurity.GatewaySecurityPolicy("default", new()
{
Name = "my-gateway-security-policy",
Location = "us-central1",
Description = "gateway security policy created to be used as reference by the rule.",
});
var defaultGatewaySecurityPolicyRule = new Gcp.NetworkSecurity.GatewaySecurityPolicyRule("default", new()
{
Name = "my-gateway-security-policy-rule",
Location = "us-central1",
GatewaySecurityPolicy = @default.Name,
Enabled = true,
Description = "my description",
Priority = 0,
SessionMatcher = "host() == 'example.com'",
BasicProfile = "ALLOW",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new GatewaySecurityPolicy("default", GatewaySecurityPolicyArgs.builder()
.name("my-gateway-security-policy")
.location("us-central1")
.description("gateway security policy created to be used as reference by the rule.")
.build());
var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule("defaultGatewaySecurityPolicyRule", GatewaySecurityPolicyRuleArgs.builder()
.name("my-gateway-security-policy-rule")
.location("us-central1")
.gatewaySecurityPolicy(default_.name())
.enabled(true)
.description("my description")
.priority(0)
.sessionMatcher("host() == 'example.com'")
.basicProfile("ALLOW")
.build());
}
}
resources:
default:
type: gcp:networksecurity:GatewaySecurityPolicy
properties:
name: my-gateway-security-policy
location: us-central1
description: gateway security policy created to be used as reference by the rule.
defaultGatewaySecurityPolicyRule:
type: gcp:networksecurity:GatewaySecurityPolicyRule
name: default
properties:
name: my-gateway-security-policy-rule
location: us-central1
gatewaySecurityPolicy: ${default.name}
enabled: true
description: my description
priority: 0
sessionMatcher: host() == 'example.com'
basicProfile: ALLOW
Network Security Gateway Security Policy Rules Advanced
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networksecurity.GatewaySecurityPolicy("default", {
name: "my-gateway-security-policy",
location: "us-central1",
description: "gateway security policy created to be used as reference by the rule.",
});
const defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule("default", {
name: "my-gateway-security-policy-rule",
location: "us-central1",
gatewaySecurityPolicy: _default.name,
enabled: true,
description: "my description",
priority: 0,
sessionMatcher: "host() == 'example.com'",
applicationMatcher: "request.method == 'POST'",
tlsInspectionEnabled: false,
basicProfile: "ALLOW",
});
import pulumi
import pulumi_gcp as gcp
default = gcp.networksecurity.GatewaySecurityPolicy("default",
name="my-gateway-security-policy",
location="us-central1",
description="gateway security policy created to be used as reference by the rule.")
default_gateway_security_policy_rule = gcp.networksecurity.GatewaySecurityPolicyRule("default",
name="my-gateway-security-policy-rule",
location="us-central1",
gateway_security_policy=default.name,
enabled=True,
description="my description",
priority=0,
session_matcher="host() == 'example.com'",
application_matcher="request.method == 'POST'",
tls_inspection_enabled=False,
basic_profile="ALLOW")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := networksecurity.NewGatewaySecurityPolicy(ctx, "default", &networksecurity.GatewaySecurityPolicyArgs{
Name: pulumi.String("my-gateway-security-policy"),
Location: pulumi.String("us-central1"),
Description: pulumi.String("gateway security policy created to be used as reference by the rule."),
})
if err != nil {
return err
}
_, err = networksecurity.NewGatewaySecurityPolicyRule(ctx, "default", &networksecurity.GatewaySecurityPolicyRuleArgs{
Name: pulumi.String("my-gateway-security-policy-rule"),
Location: pulumi.String("us-central1"),
GatewaySecurityPolicy: _default.Name,
Enabled: pulumi.Bool(true),
Description: pulumi.String("my description"),
Priority: pulumi.Int(0),
SessionMatcher: pulumi.String("host() == 'example.com'"),
ApplicationMatcher: pulumi.String("request.method == 'POST'"),
TlsInspectionEnabled: pulumi.Bool(false),
BasicProfile: pulumi.String("ALLOW"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkSecurity.GatewaySecurityPolicy("default", new()
{
Name = "my-gateway-security-policy",
Location = "us-central1",
Description = "gateway security policy created to be used as reference by the rule.",
});
var defaultGatewaySecurityPolicyRule = new Gcp.NetworkSecurity.GatewaySecurityPolicyRule("default", new()
{
Name = "my-gateway-security-policy-rule",
Location = "us-central1",
GatewaySecurityPolicy = @default.Name,
Enabled = true,
Description = "my description",
Priority = 0,
SessionMatcher = "host() == 'example.com'",
ApplicationMatcher = "request.method == 'POST'",
TlsInspectionEnabled = false,
BasicProfile = "ALLOW",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new GatewaySecurityPolicy("default", GatewaySecurityPolicyArgs.builder()
.name("my-gateway-security-policy")
.location("us-central1")
.description("gateway security policy created to be used as reference by the rule.")
.build());
var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule("defaultGatewaySecurityPolicyRule", GatewaySecurityPolicyRuleArgs.builder()
.name("my-gateway-security-policy-rule")
.location("us-central1")
.gatewaySecurityPolicy(default_.name())
.enabled(true)
.description("my description")
.priority(0)
.sessionMatcher("host() == 'example.com'")
.applicationMatcher("request.method == 'POST'")
.tlsInspectionEnabled(false)
.basicProfile("ALLOW")
.build());
}
}
resources:
default:
type: gcp:networksecurity:GatewaySecurityPolicy
properties:
name: my-gateway-security-policy
location: us-central1
description: gateway security policy created to be used as reference by the rule.
defaultGatewaySecurityPolicyRule:
type: gcp:networksecurity:GatewaySecurityPolicyRule
name: default
properties:
name: my-gateway-security-policy-rule
location: us-central1
gatewaySecurityPolicy: ${default.name}
enabled: true
description: my description
priority: 0
sessionMatcher: host() == 'example.com'
applicationMatcher: request.method == 'POST'
tlsInspectionEnabled: false
basicProfile: ALLOW
Create GatewaySecurityPolicyRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GatewaySecurityPolicyRule(name: string, args: GatewaySecurityPolicyRuleArgs, opts?: CustomResourceOptions);@overload
def GatewaySecurityPolicyRule(resource_name: str,
args: GatewaySecurityPolicyRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GatewaySecurityPolicyRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
basic_profile: Optional[str] = None,
enabled: Optional[bool] = None,
gateway_security_policy: Optional[str] = None,
location: Optional[str] = None,
priority: Optional[int] = None,
session_matcher: Optional[str] = None,
application_matcher: Optional[str] = None,
description: Optional[str] = None,
name: Optional[str] = None,
project: Optional[str] = None,
tls_inspection_enabled: Optional[bool] = None)func NewGatewaySecurityPolicyRule(ctx *Context, name string, args GatewaySecurityPolicyRuleArgs, opts ...ResourceOption) (*GatewaySecurityPolicyRule, error)public GatewaySecurityPolicyRule(string name, GatewaySecurityPolicyRuleArgs args, CustomResourceOptions? opts = null)public GatewaySecurityPolicyRule(String name, GatewaySecurityPolicyRuleArgs args)
public GatewaySecurityPolicyRule(String name, GatewaySecurityPolicyRuleArgs args, CustomResourceOptions options)
type: gcp:networksecurity:GatewaySecurityPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. GatewaySecurityPolicyRuleArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. GatewaySecurityPolicyRuleArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. GatewaySecurityPolicyRuleArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. GatewaySecurityPolicyRuleArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. GatewaySecurityPolicyRuleArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var gatewaySecurityPolicyRuleResource = new Gcp.NetworkSecurity.GatewaySecurityPolicyRule("gatewaySecurityPolicyRuleResource", new()
{
BasicProfile = "string",
Enabled = false,
GatewaySecurityPolicy = "string",
Location = "string",
Priority = 0,
SessionMatcher = "string",
ApplicationMatcher = "string",
Description = "string",
Name = "string",
Project = "string",
TlsInspectionEnabled = false,
});
example, err := networksecurity.NewGatewaySecurityPolicyRule(ctx, "gatewaySecurityPolicyRuleResource", &networksecurity.GatewaySecurityPolicyRuleArgs{
BasicProfile: pulumi.String("string"),
Enabled: pulumi.Bool(false),
GatewaySecurityPolicy: pulumi.String("string"),
Location: pulumi.String("string"),
Priority: pulumi.Int(0),
SessionMatcher: pulumi.String("string"),
ApplicationMatcher: pulumi.String("string"),
Description: pulumi.String("string"),
Name: pulumi.String("string"),
Project: pulumi.String("string"),
TlsInspectionEnabled: pulumi.Bool(false),
})
var gatewaySecurityPolicyRuleResource = new GatewaySecurityPolicyRule("gatewaySecurityPolicyRuleResource", GatewaySecurityPolicyRuleArgs.builder()
.basicProfile("string")
.enabled(false)
.gatewaySecurityPolicy("string")
.location("string")
.priority(0)
.sessionMatcher("string")
.applicationMatcher("string")
.description("string")
.name("string")
.project("string")
.tlsInspectionEnabled(false)
.build());
gateway_security_policy_rule_resource = gcp.networksecurity.GatewaySecurityPolicyRule("gatewaySecurityPolicyRuleResource",
basic_profile="string",
enabled=False,
gateway_security_policy="string",
location="string",
priority=0,
session_matcher="string",
application_matcher="string",
description="string",
name="string",
project="string",
tls_inspection_enabled=False)
const gatewaySecurityPolicyRuleResource = new gcp.networksecurity.GatewaySecurityPolicyRule("gatewaySecurityPolicyRuleResource", {
basicProfile: "string",
enabled: false,
gatewaySecurityPolicy: "string",
location: "string",
priority: 0,
sessionMatcher: "string",
applicationMatcher: "string",
description: "string",
name: "string",
project: "string",
tlsInspectionEnabled: false,
});
type: gcp:networksecurity:GatewaySecurityPolicyRule
properties:
applicationMatcher: string
basicProfile: string
description: string
enabled: false
gatewaySecurityPolicy: string
location: string
name: string
priority: 0
project: string
sessionMatcher: string
tlsInspectionEnabled: false
GatewaySecurityPolicyRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GatewaySecurityPolicyRule resource accepts the following input properties:
- Basic
Profile This property is required. string - Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY.
Possible values are:
BASIC_PROFILE_UNSPECIFIED,ALLOW,DENY. - Enabled
This property is required. bool - Whether the rule is enforced.
- Gateway
Security Policy stringThis property is required. 
Changes to this property will trigger replacement. - The name of the gatewat security policy this rule belongs to.
- Location
string
This property is required. Changes to this property will trigger replacement. - The location of the gateway security policy.
- Priority
This property is required. int - Priority of the rule. Lower number corresponds to higher precedence.
- Session
Matcher This property is required. string - CEL expression for matching on session criteria.
- Application
Matcher string - CEL expression for matching on L7/application level criteria.
- Description string
- Free-text description of the resource.
- Name
- Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- Project
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Tls
Inspection boolEnabled - Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- Basic
Profile This property is required. string - Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY.
Possible values are:
BASIC_PROFILE_UNSPECIFIED,ALLOW,DENY. - Enabled
This property is required. bool - Whether the rule is enforced.
- Gateway
Security Policy stringThis property is required. Changes to this property will trigger replacement. - The name of the gatewat security policy this rule belongs to.
- Location
string
This property is required. Changes to this property will trigger replacement. - The location of the gateway security policy.
- Priority
This property is required. int - Priority of the rule. Lower number corresponds to higher precedence.
- Session
Matcher This property is required. string - CEL expression for matching on session criteria.
- Application
Matcher string - CEL expression for matching on L7/application level criteria.
- Description string
- Free-text description of the resource.
- Name
- Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- Project
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Tls
Inspection boolEnabled - Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- basic
Profile This property is required. String - Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY.
Possible values are:
BASIC_PROFILE_UNSPECIFIED,ALLOW,DENY. - enabled
This property is required. Boolean - Whether the rule is enforced.
- gateway
Security Policy StringThis property is required. Changes to this property will trigger replacement. - The name of the gatewat security policy this rule belongs to.
- location
String
This property is required. Changes to this property will trigger replacement. - The location of the gateway security policy.
- priority
This property is required. Integer - Priority of the rule. Lower number corresponds to higher precedence.
- session
Matcher This property is required. String - CEL expression for matching on session criteria.
- application
Matcher String - CEL expression for matching on L7/application level criteria.
- description String
- Free-text description of the resource.
- name
- Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- project
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- tls
Inspection BooleanEnabled - Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- basic
Profile This property is required. string - Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY.
Possible values are:
BASIC_PROFILE_UNSPECIFIED,ALLOW,DENY. - enabled
This property is required. boolean - Whether the rule is enforced.
- gateway
Security Policy stringThis property is required. Changes to this property will trigger replacement. - The name of the gatewat security policy this rule belongs to.
- location
string
This property is required. Changes to this property will trigger replacement. - The location of the gateway security policy.
- priority
This property is required. number - Priority of the rule. Lower number corresponds to higher precedence.
- session
Matcher This property is required. string - CEL expression for matching on session criteria.
- application
Matcher string - CEL expression for matching on L7/application level criteria.
- description string
- Free-text description of the resource.
- name
- Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- project
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- tls
Inspection booleanEnabled - Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- basic_
profile This property is required. str - Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY.
Possible values are:
BASIC_PROFILE_UNSPECIFIED,ALLOW,DENY. - enabled
This property is required. bool - Whether the rule is enforced.
- gateway_
security_ policy strThis property is required. Changes to this property will trigger replacement. - The name of the gatewat security policy this rule belongs to.
- location
str
This property is required. Changes to this property will trigger replacement. - The location of the gateway security policy.
- priority
This property is required. int - Priority of the rule. Lower number corresponds to higher precedence.
- session_
matcher This property is required. str - CEL expression for matching on session criteria.
- application_
matcher str - CEL expression for matching on L7/application level criteria.
- description str
- Free-text description of the resource.
- name
- Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- project
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- tls_
inspection_ boolenabled - Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- basic
Profile This property is required. String - Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY.
Possible values are:
BASIC_PROFILE_UNSPECIFIED,ALLOW,DENY. - enabled
This property is required. Boolean - Whether the rule is enforced.
- gateway
Security Policy StringThis property is required. Changes to this property will trigger replacement. - The name of the gatewat security policy this rule belongs to.
- location
String
This property is required. Changes to this property will trigger replacement. - The location of the gateway security policy.
- priority
This property is required. Number - Priority of the rule. Lower number corresponds to higher precedence.
- session
Matcher This property is required. String - CEL expression for matching on session criteria.
- application
Matcher String - CEL expression for matching on L7/application level criteria.
- description String
- Free-text description of the resource.
- name
- Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- project
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- tls
Inspection BooleanEnabled - Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
Outputs
All input properties are implicitly available as output properties. Additionally, the GatewaySecurityPolicyRule resource produces the following output properties:
- Create
Time string - The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
- Id string
- The provider-assigned unique ID for this managed resource.
- Self
Link string - Server-defined URL of this resource.
- Update
Time string - The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- Create
Time string - The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
- Id string
- The provider-assigned unique ID for this managed resource.
- Self
Link string - Server-defined URL of this resource.
- Update
Time string - The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- create
Time String - The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
- id String
- The provider-assigned unique ID for this managed resource.
- self
Link String - Server-defined URL of this resource.
- update
Time String - The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- create
Time string - The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
- id string
- The provider-assigned unique ID for this managed resource.
- self
Link string - Server-defined URL of this resource.
- update
Time string - The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- create_
time str - The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
- id str
- The provider-assigned unique ID for this managed resource.
- self_
link str - Server-defined URL of this resource.
- update_
time str - The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- create
Time String - The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
- id String
- The provider-assigned unique ID for this managed resource.
- self
Link String - Server-defined URL of this resource.
- update
Time String - The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
Look up Existing GatewaySecurityPolicyRule Resource
Get an existing GatewaySecurityPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GatewaySecurityPolicyRuleState, opts?: CustomResourceOptions): GatewaySecurityPolicyRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
application_matcher: Optional[str] = None,
basic_profile: Optional[str] = None,
create_time: Optional[str] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
gateway_security_policy: Optional[str] = None,
location: Optional[str] = None,
name: Optional[str] = None,
priority: Optional[int] = None,
project: Optional[str] = None,
self_link: Optional[str] = None,
session_matcher: Optional[str] = None,
tls_inspection_enabled: Optional[bool] = None,
update_time: Optional[str] = None) -> GatewaySecurityPolicyRulefunc GetGatewaySecurityPolicyRule(ctx *Context, name string, id IDInput, state *GatewaySecurityPolicyRuleState, opts ...ResourceOption) (*GatewaySecurityPolicyRule, error)public static GatewaySecurityPolicyRule Get(string name, Input<string> id, GatewaySecurityPolicyRuleState? state, CustomResourceOptions? opts = null)public static GatewaySecurityPolicyRule get(String name, Output<String> id, GatewaySecurityPolicyRuleState state, CustomResourceOptions options)resources: _: type: gcp:networksecurity:GatewaySecurityPolicyRule get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Application
Matcher string - CEL expression for matching on L7/application level criteria.
- Basic
Profile string - Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY.
Possible values are:
BASIC_PROFILE_UNSPECIFIED,ALLOW,DENY. - Create
Time string - The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
- Description string
- Free-text description of the resource.
- Enabled bool
- Whether the rule is enforced.
- Gateway
Security Policy - The name of the gatewat security policy this rule belongs to.
- Location
- The location of the gateway security policy.
- Name
- Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- Priority int
- Priority of the rule. Lower number corresponds to higher precedence.
- Project
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Self
Link string - Server-defined URL of this resource.
- Session
Matcher string - CEL expression for matching on session criteria.
- Tls
Inspection boolEnabled - Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- Update
Time string - The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- Application
Matcher string - CEL expression for matching on L7/application level criteria.
- Basic
Profile string - Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY.
Possible values are:
BASIC_PROFILE_UNSPECIFIED,ALLOW,DENY. - Create
Time string - The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
- Description string
- Free-text description of the resource.
- Enabled bool
- Whether the rule is enforced.
- Gateway
Security Policy - The name of the gatewat security policy this rule belongs to.
- Location
- The location of the gateway security policy.
- Name
- Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- Priority int
- Priority of the rule. Lower number corresponds to higher precedence.
- Project
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Self
Link string - Server-defined URL of this resource.
- Session
Matcher string - CEL expression for matching on session criteria.
- Tls
Inspection boolEnabled - Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- Update
Time string - The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- application
Matcher String - CEL expression for matching on L7/application level criteria.
- basic
Profile String - Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY.
Possible values are:
BASIC_PROFILE_UNSPECIFIED,ALLOW,DENY. - create
Time String - The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
- description String
- Free-text description of the resource.
- enabled Boolean
- Whether the rule is enforced.
- gateway
Security Policy - The name of the gatewat security policy this rule belongs to.
- location
- The location of the gateway security policy.
- name
- Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- priority Integer
- Priority of the rule. Lower number corresponds to higher precedence.
- project
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- self
Link String - Server-defined URL of this resource.
- session
Matcher String - CEL expression for matching on session criteria.
- tls
Inspection BooleanEnabled - Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- update
Time String - The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- application
Matcher string - CEL expression for matching on L7/application level criteria.
- basic
Profile string - Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY.
Possible values are:
BASIC_PROFILE_UNSPECIFIED,ALLOW,DENY. - create
Time string - The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
- description string
- Free-text description of the resource.
- enabled boolean
- Whether the rule is enforced.
- gateway
Security Policy - The name of the gatewat security policy this rule belongs to.
- location
- The location of the gateway security policy.
- name
- Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- priority number
- Priority of the rule. Lower number corresponds to higher precedence.
- project
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- self
Link string - Server-defined URL of this resource.
- session
Matcher string - CEL expression for matching on session criteria.
- tls
Inspection booleanEnabled - Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- update
Time string - The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- application_
matcher str - CEL expression for matching on L7/application level criteria.
- basic_
profile str - Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY.
Possible values are:
BASIC_PROFILE_UNSPECIFIED,ALLOW,DENY. - create_
time str - The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
- description str
- Free-text description of the resource.
- enabled bool
- Whether the rule is enforced.
- gateway_
security_ policy - The name of the gatewat security policy this rule belongs to.
- location
- The location of the gateway security policy.
- name
- Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- priority int
- Priority of the rule. Lower number corresponds to higher precedence.
- project
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- self_
link str - Server-defined URL of this resource.
- session_
matcher str - CEL expression for matching on session criteria.
- tls_
inspection_ boolenabled - Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- update_
time str - The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- application
Matcher String - CEL expression for matching on L7/application level criteria.
- basic
Profile String - Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY.
Possible values are:
BASIC_PROFILE_UNSPECIFIED,ALLOW,DENY. - create
Time String - The timestamp when the resource was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
- description String
- Free-text description of the resource.
- enabled Boolean
- Whether the rule is enforced.
- gateway
Security Policy - The name of the gatewat security policy this rule belongs to.
- location
- The location of the gateway security policy.
- name
- Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
- priority Number
- Priority of the rule. Lower number corresponds to higher precedence.
- project
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- self
Link String - Server-defined URL of this resource.
- session
Matcher String - CEL expression for matching on session criteria.
- tls
Inspection BooleanEnabled - Flag to enable TLS inspection of traffic matching on. Can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
- update
Time String - The timestamp when the resource was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
Import
GatewaySecurityPolicyRule can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{gateway_security_policy}}/rules/{{name}}{{project}}/{{location}}/{{gateway_security_policy}}/{{name}}{{location}}/{{gateway_security_policy}}/{{name}}
When using the pulumi import command, GatewaySecurityPolicyRule can be imported using one of the formats above. For example:
$ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{gateway_security_policy}}/rules/{{name}}
$ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default {{project}}/{{location}}/{{gateway_security_policy}}/{{name}}
$ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default {{location}}/{{gateway_security_policy}}/{{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.
- Example Usage
- Network Security Gateway Security Policy Rules Basic
- Network Security Gateway Security Policy Rules Advanced
- Create GatewaySecurityPolicyRule Resource
- Constructor syntax
- Constructor example
- GatewaySecurityPolicyRule Resource Properties
- Inputs
- Outputs
- Look up Existing GatewaySecurityPolicyRule Resource
- Import
- Package Details