Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.networksecurity/v1beta1.AuthorizationPolicy
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Creates a new AuthorizationPolicy in a given project and location.
Create AuthorizationPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuthorizationPolicy(name: string, args: AuthorizationPolicyArgs, opts?: CustomResourceOptions);
@overload
def AuthorizationPolicy(resource_name: str,
args: AuthorizationPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AuthorizationPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[AuthorizationPolicyAction] = None,
authorization_policy_id: Optional[str] = None,
description: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
project: Optional[str] = None,
rules: Optional[Sequence[RuleArgs]] = None)
func NewAuthorizationPolicy(ctx *Context, name string, args AuthorizationPolicyArgs, opts ...ResourceOption) (*AuthorizationPolicy, error)
public AuthorizationPolicy(string name, AuthorizationPolicyArgs args, CustomResourceOptions? opts = null)
public AuthorizationPolicy(String name, AuthorizationPolicyArgs args)
public AuthorizationPolicy(String name, AuthorizationPolicyArgs args, CustomResourceOptions options)
type: google-native:networksecurity/v1beta1:AuthorizationPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AuthorizationPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthorizationPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthorizationPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthorizationPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthorizationPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var google_nativeAuthorizationPolicyResource = new GoogleNative.NetworkSecurity.V1Beta1.AuthorizationPolicy("google-nativeAuthorizationPolicyResource", new()
{
Action = GoogleNative.NetworkSecurity.V1Beta1.AuthorizationPolicyAction.ActionUnspecified,
AuthorizationPolicyId = "string",
Description = "string",
Labels =
{
{ "string", "string" },
},
Location = "string",
Name = "string",
Project = "string",
Rules = new[]
{
new GoogleNative.NetworkSecurity.V1Beta1.Inputs.RuleArgs
{
Destinations = new[]
{
new GoogleNative.NetworkSecurity.V1Beta1.Inputs.DestinationArgs
{
Hosts = new[]
{
"string",
},
Ports = new[]
{
0,
},
HttpHeaderMatch = new GoogleNative.NetworkSecurity.V1Beta1.Inputs.HttpHeaderMatchArgs
{
HeaderName = "string",
RegexMatch = "string",
},
Methods = new[]
{
"string",
},
},
},
Sources = new[]
{
new GoogleNative.NetworkSecurity.V1Beta1.Inputs.SourceArgs
{
IpBlocks = new[]
{
"string",
},
Principals = new[]
{
"string",
},
},
},
},
},
});
example, err := networksecurityv1beta1.NewAuthorizationPolicy(ctx, "google-nativeAuthorizationPolicyResource", &networksecurityv1beta1.AuthorizationPolicyArgs{
Action: networksecurityv1beta1.AuthorizationPolicyActionActionUnspecified,
AuthorizationPolicyId: pulumi.String("string"),
Description: pulumi.String("string"),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
Location: pulumi.String("string"),
Name: pulumi.String("string"),
Project: pulumi.String("string"),
Rules: networksecurity.RuleTypeArray{
&networksecurity.RuleTypeArgs{
Destinations: networksecurity.DestinationArray{
&networksecurity.DestinationArgs{
Hosts: pulumi.StringArray{
pulumi.String("string"),
},
Ports: pulumi.IntArray{
pulumi.Int(0),
},
HttpHeaderMatch: &networksecurity.HttpHeaderMatchArgs{
HeaderName: pulumi.String("string"),
RegexMatch: pulumi.String("string"),
},
Methods: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Sources: networksecurity.SourceArray{
&networksecurity.SourceArgs{
IpBlocks: pulumi.StringArray{
pulumi.String("string"),
},
Principals: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
},
})
var google_nativeAuthorizationPolicyResource = new AuthorizationPolicy("google-nativeAuthorizationPolicyResource", AuthorizationPolicyArgs.builder()
.action("ACTION_UNSPECIFIED")
.authorizationPolicyId("string")
.description("string")
.labels(Map.of("string", "string"))
.location("string")
.name("string")
.project("string")
.rules(RuleArgs.builder()
.destinations(DestinationArgs.builder()
.hosts("string")
.ports(0)
.httpHeaderMatch(HttpHeaderMatchArgs.builder()
.headerName("string")
.regexMatch("string")
.build())
.methods("string")
.build())
.sources(SourceArgs.builder()
.ipBlocks("string")
.principals("string")
.build())
.build())
.build());
google_native_authorization_policy_resource = google_native.networksecurity.v1beta1.AuthorizationPolicy("google-nativeAuthorizationPolicyResource",
action=google_native.networksecurity.v1beta1.AuthorizationPolicyAction.ACTION_UNSPECIFIED,
authorization_policy_id="string",
description="string",
labels={
"string": "string",
},
location="string",
name="string",
project="string",
rules=[google_native.networksecurity.v1beta1.RuleArgs(
destinations=[google_native.networksecurity.v1beta1.DestinationArgs(
hosts=["string"],
ports=[0],
http_header_match=google_native.networksecurity.v1beta1.HttpHeaderMatchArgs(
header_name="string",
regex_match="string",
),
methods=["string"],
)],
sources=[google_native.networksecurity.v1beta1.SourceArgs(
ip_blocks=["string"],
principals=["string"],
)],
)])
const google_nativeAuthorizationPolicyResource = new google_native.networksecurity.v1beta1.AuthorizationPolicy("google-nativeAuthorizationPolicyResource", {
action: google_native.networksecurity.v1beta1.AuthorizationPolicyAction.ActionUnspecified,
authorizationPolicyId: "string",
description: "string",
labels: {
string: "string",
},
location: "string",
name: "string",
project: "string",
rules: [{
destinations: [{
hosts: ["string"],
ports: [0],
httpHeaderMatch: {
headerName: "string",
regexMatch: "string",
},
methods: ["string"],
}],
sources: [{
ipBlocks: ["string"],
principals: ["string"],
}],
}],
});
type: google-native:networksecurity/v1beta1:AuthorizationPolicy
properties:
action: ACTION_UNSPECIFIED
authorizationPolicyId: string
description: string
labels:
string: string
location: string
name: string
project: string
rules:
- destinations:
- hosts:
- string
httpHeaderMatch:
headerName: string
regexMatch: string
methods:
- string
ports:
- 0
sources:
- ipBlocks:
- string
principals:
- string
AuthorizationPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AuthorizationPolicy resource accepts the following input properties:
- Action
Pulumi.
Google Native. Network Security. V1Beta1. Authorization Policy Action - The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
- string
- Required. Short name of the AuthorizationPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "authz_policy".
- Description string
- Optional. Free-text description of the resource.
- Labels Dictionary<string, string>
- Optional. Set of label tags associated with the AuthorizationPolicy resource.
- Location string
- Name string
- Name of the AuthorizationPolicy resource. It matches pattern
projects/{project}/locations/{location}/authorizationPolicies/
. - Project string
- Rules
List<Pulumi.
Google Native. Network Security. V1Beta1. Inputs. Rule> - Optional. List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. A rule is a match if there is a matching source and destination. If left blank, the action specified in the
action
field will be applied on every request.
- Action
Authorization
Policy Action - The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
- string
- Required. Short name of the AuthorizationPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "authz_policy".
- Description string
- Optional. Free-text description of the resource.
- Labels map[string]string
- Optional. Set of label tags associated with the AuthorizationPolicy resource.
- Location string
- Name string
- Name of the AuthorizationPolicy resource. It matches pattern
projects/{project}/locations/{location}/authorizationPolicies/
. - Project string
- Rules
[]Rule
Type Args - Optional. List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. A rule is a match if there is a matching source and destination. If left blank, the action specified in the
action
field will be applied on every request.
- action
Authorization
Policy Action - The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
- String
- Required. Short name of the AuthorizationPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "authz_policy".
- description String
- Optional. Free-text description of the resource.
- labels Map<String,String>
- Optional. Set of label tags associated with the AuthorizationPolicy resource.
- location String
- name String
- Name of the AuthorizationPolicy resource. It matches pattern
projects/{project}/locations/{location}/authorizationPolicies/
. - project String
- rules List<Rule>
- Optional. List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. A rule is a match if there is a matching source and destination. If left blank, the action specified in the
action
field will be applied on every request.
- action
Authorization
Policy Action - The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
- string
- Required. Short name of the AuthorizationPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "authz_policy".
- description string
- Optional. Free-text description of the resource.
- labels {[key: string]: string}
- Optional. Set of label tags associated with the AuthorizationPolicy resource.
- location string
- name string
- Name of the AuthorizationPolicy resource. It matches pattern
projects/{project}/locations/{location}/authorizationPolicies/
. - project string
- rules Rule[]
- Optional. List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. A rule is a match if there is a matching source and destination. If left blank, the action specified in the
action
field will be applied on every request.
- action
Authorization
Policy Action - The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
- str
- Required. Short name of the AuthorizationPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "authz_policy".
- description str
- Optional. Free-text description of the resource.
- labels Mapping[str, str]
- Optional. Set of label tags associated with the AuthorizationPolicy resource.
- location str
- name str
- Name of the AuthorizationPolicy resource. It matches pattern
projects/{project}/locations/{location}/authorizationPolicies/
. - project str
- rules
Sequence[Rule
Args] - Optional. List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. A rule is a match if there is a matching source and destination. If left blank, the action specified in the
action
field will be applied on every request.
- action "ACTION_UNSPECIFIED" | "ALLOW" | "DENY"
- The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
- String
- Required. Short name of the AuthorizationPolicy resource to be created. This value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. "authz_policy".
- description String
- Optional. Free-text description of the resource.
- labels Map<String>
- Optional. Set of label tags associated with the AuthorizationPolicy resource.
- location String
- name String
- Name of the AuthorizationPolicy resource. It matches pattern
projects/{project}/locations/{location}/authorizationPolicies/
. - project String
- rules List<Property Map>
- Optional. List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. A rule is a match if there is a matching source and destination. If left blank, the action specified in the
action
field will be applied on every request.
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthorizationPolicy resource produces the following output properties:
- Create
Time string - The timestamp when the resource was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Update
Time string - The timestamp when the resource was updated.
- Create
Time string - The timestamp when the resource was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Update
Time string - The timestamp when the resource was updated.
- create
Time String - The timestamp when the resource was created.
- id String
- The provider-assigned unique ID for this managed resource.
- update
Time String - The timestamp when the resource was updated.
- create
Time string - The timestamp when the resource was created.
- id string
- The provider-assigned unique ID for this managed resource.
- update
Time string - The timestamp when the resource was updated.
- create_
time str - The timestamp when the resource was created.
- id str
- The provider-assigned unique ID for this managed resource.
- update_
time str - The timestamp when the resource was updated.
- create
Time String - The timestamp when the resource was created.
- id String
- The provider-assigned unique ID for this managed resource.
- update
Time String - The timestamp when the resource was updated.
Supporting Types
AuthorizationPolicyAction, AuthorizationPolicyActionArgs
- Action
Unspecified - ACTION_UNSPECIFIEDDefault value.
- Allow
- ALLOWGrant access.
- Deny
- DENYDeny access. Deny rules should be avoided unless they are used to provide a default "deny all" fallback.
- Authorization
Policy Action Action Unspecified - ACTION_UNSPECIFIEDDefault value.
- Authorization
Policy Action Allow - ALLOWGrant access.
- Authorization
Policy Action Deny - DENYDeny access. Deny rules should be avoided unless they are used to provide a default "deny all" fallback.
- Action
Unspecified - ACTION_UNSPECIFIEDDefault value.
- Allow
- ALLOWGrant access.
- Deny
- DENYDeny access. Deny rules should be avoided unless they are used to provide a default "deny all" fallback.
- Action
Unspecified - ACTION_UNSPECIFIEDDefault value.
- Allow
- ALLOWGrant access.
- Deny
- DENYDeny access. Deny rules should be avoided unless they are used to provide a default "deny all" fallback.
- ACTION_UNSPECIFIED
- ACTION_UNSPECIFIEDDefault value.
- ALLOW
- ALLOWGrant access.
- DENY
- DENYDeny access. Deny rules should be avoided unless they are used to provide a default "deny all" fallback.
- "ACTION_UNSPECIFIED"
- ACTION_UNSPECIFIEDDefault value.
- "ALLOW"
- ALLOWGrant access.
- "DENY"
- DENYDeny access. Deny rules should be avoided unless they are used to provide a default "deny all" fallback.
Destination, DestinationArgs
- Hosts List<string>
- List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
- Ports List<int>
- List of destination ports to match. At least one port should match.
- Http
Header Pulumi.Match Google Native. Network Security. V1Beta1. Inputs. Http Header Match - Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
- Methods List<string>
- Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
- Hosts []string
- List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
- Ports []int
- List of destination ports to match. At least one port should match.
- Http
Header HttpMatch Header Match - Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
- Methods []string
- Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
- hosts List<String>
- List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
- ports List<Integer>
- List of destination ports to match. At least one port should match.
- http
Header HttpMatch Header Match - Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
- methods List<String>
- Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
- hosts string[]
- List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
- ports number[]
- List of destination ports to match. At least one port should match.
- http
Header HttpMatch Header Match - Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
- methods string[]
- Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
- hosts Sequence[str]
- List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
- ports Sequence[int]
- List of destination ports to match. At least one port should match.
- http_
header_ Httpmatch Header Match - Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
- methods Sequence[str]
- Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
- hosts List<String>
- List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
- ports List<Number>
- List of destination ports to match. At least one port should match.
- http
Header Property MapMatch - Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
- methods List<String>
- Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
DestinationResponse, DestinationResponseArgs
- Hosts List<string>
- List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
- Http
Header Pulumi.Match Google Native. Network Security. V1Beta1. Inputs. Http Header Match Response - Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
- Methods List<string>
- Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
- Ports List<int>
- List of destination ports to match. At least one port should match.
- Hosts []string
- List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
- Http
Header HttpMatch Header Match Response - Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
- Methods []string
- Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
- Ports []int
- List of destination ports to match. At least one port should match.
- hosts List<String>
- List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
- http
Header HttpMatch Header Match Response - Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
- methods List<String>
- Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
- ports List<Integer>
- List of destination ports to match. At least one port should match.
- hosts string[]
- List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
- http
Header HttpMatch Header Match Response - Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
- methods string[]
- Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
- ports number[]
- List of destination ports to match. At least one port should match.
- hosts Sequence[str]
- List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
- http_
header_ Httpmatch Header Match Response - Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
- methods Sequence[str]
- Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
- ports Sequence[int]
- List of destination ports to match. At least one port should match.
- hosts List<String>
- List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
- http
Header Property MapMatch - Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
- methods List<String>
- Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
- ports List<Number>
- List of destination ports to match. At least one port should match.
HttpHeaderMatch, HttpHeaderMatchArgs
- Header
Name string - The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
- Regex
Match string - The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.
- Header
Name string - The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
- Regex
Match string - The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.
- header
Name String - The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
- regex
Match String - The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.
- header
Name string - The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
- regex
Match string - The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.
- header_
name str - The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
- regex_
match str - The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.
- header
Name String - The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
- regex
Match String - The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.
HttpHeaderMatchResponse, HttpHeaderMatchResponseArgs
- Header
Name string - The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
- Regex
Match string - The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.
- Header
Name string - The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
- Regex
Match string - The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.
- header
Name String - The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
- regex
Match String - The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.
- header
Name string - The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
- regex
Match string - The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.
- header_
name str - The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
- regex_
match str - The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.
- header
Name String - The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
- regex
Match String - The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.
Rule, RuleArgs
- Destinations
List<Pulumi.
Google Native. Network Security. V1Beta1. Inputs. Destination> - Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
- Sources
List<Pulumi.
Google Native. Network Security. V1Beta1. Inputs. Source> - Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.
- Destinations []Destination
- Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
- Sources []Source
- Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.
- destinations List<Destination>
- Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
- sources List<Source>
- Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.
- destinations Destination[]
- Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
- sources Source[]
- Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.
- destinations Sequence[Destination]
- Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
- sources Sequence[Source]
- Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.
- destinations List<Property Map>
- Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
- sources List<Property Map>
- Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.
RuleResponse, RuleResponseArgs
- Destinations
List<Pulumi.
Google Native. Network Security. V1Beta1. Inputs. Destination Response> - Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
- Sources
List<Pulumi.
Google Native. Network Security. V1Beta1. Inputs. Source Response> - Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.
- Destinations
[]Destination
Response - Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
- Sources
[]Source
Response - Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.
- destinations
List<Destination
Response> - Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
- sources
List<Source
Response> - Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.
- destinations
Destination
Response[] - Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
- sources
Source
Response[] - Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.
- destinations
Sequence[Destination
Response] - Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
- sources
Sequence[Source
Response] - Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.
- destinations List<Property Map>
- Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
- sources List<Property Map>
- Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.
Source, SourceArgs
- Ip
Blocks List<string> - Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
- Principals List<string>
- Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.
- Ip
Blocks []string - Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
- Principals []string
- Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.
- ip
Blocks List<String> - Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
- principals List<String>
- Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.
- ip
Blocks string[] - Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
- principals string[]
- Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.
- ip_
blocks Sequence[str] - Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
- principals Sequence[str]
- Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.
- ip
Blocks List<String> - Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
- principals List<String>
- Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.
SourceResponse, SourceResponseArgs
- Ip
Blocks List<string> - Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
- Principals List<string>
- Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.
- Ip
Blocks []string - Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
- Principals []string
- Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.
- ip
Blocks List<String> - Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
- principals List<String>
- Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.
- ip
Blocks string[] - Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
- principals string[]
- Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.
- ip_
blocks Sequence[str] - Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
- principals Sequence[str]
- Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.
- ip
Blocks List<String> - Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
- principals List<String>
- Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.