The GatewaySecurityPolicy resource contains a collection of GatewaySecurityPolicyRules and associated metadata.
To get more information about GatewaySecurityPolicy, see:
resource "google_network_security_gateway_security_policy" "default" {
name = "my-gateway-security-policy"
location = "us-central1"
description = "my description"
}
resource "google_privateca_ca_pool" "default" {
provider = google-beta
name = "my-basic-ca-pool"
location = "us-central1"
tier = "DEVOPS"
publishing_options {
publish_ca_cert = false
publish_crl = false
}
issuance_policy {
maximum_lifetime = "1209600s"
baseline_values {
ca_options {
is_ca = false
}
key_usage {
base_key_usage {}
extended_key_usage {
server_auth = true
}
}
}
}
}
resource "google_privateca_certificate_authority" "default" {
provider = google-beta
pool = google_privateca_ca_pool.default.name
certificate_authority_id = "my-basic-certificate-authority"
location = "us-central1"
lifetime = "86400s"
type = "SELF_SIGNED"
deletion_protection = false
skip_grace_period = true
ignore_active_certificates_on_deletion = true
config {
subject_config {
subject {
organization = "Test LLC"
common_name = "my-ca"
}
}
x509_config {
ca_options {
is_ca = true
}
key_usage {
base_key_usage {
cert_sign = true
crl_sign = true
}
extended_key_usage {
server_auth = false
}
}
}
}
key_spec {
algorithm = "RSA_PKCS1_4096_SHA256"
}
}
resource "google_project_service_identity" "ns_sa" {
provider = google-beta
service = "networksecurity.googleapis.com"
}
resource "google_privateca_ca_pool_iam_member" "tls_inspection_permission" {
provider = google-beta
ca_pool = google_privateca_ca_pool.default.id
role = "roles/privateca.certificateManager"
member = "serviceAccount:${google_project_service_identity.ns_sa.email}"
}
resource "google_network_security_tls_inspection_policy" "default" {
provider = google-beta
name = "my-tls-inspection-policy"
location = "us-central1"
ca_pool = google_privateca_ca_pool.default.id
depends_on = [google_privateca_ca_pool.default, google_privateca_certificate_authority.default, google_privateca_ca_pool_iam_member.tls_inspection_permission]
}
resource "google_network_security_gateway_security_policy" "default" {
provider = google-beta
name = "my-gateway-security-policy"
location = "us-central1"
description = "my description"
tls_inspection_policy = google_network_security_tls_inspection_policy.default.id
depends_on = [google_network_security_tls_inspection_policy.default]
}
The following arguments are supported:
name
-
(Required)
Name of the resource. Name is of the form projects/{project}/locations/{location}/gatewaySecurityPolicies/{gatewaySecurityPolicy}
gatewaySecurityPolicy should match the pattern:(^a-z?$).description
-
(Optional)
A free-text description of the resource. Max length 1024 characters.
tls_inspection_policy
-
(Optional, Beta)
Name of a TlsInspectionPolicy resource that defines how TLS inspection is performed for any rule that enables it.
location
-
(Optional)
The location of the gateway security policy.
The default value is global
.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{name}}
self_link
-
Server-defined URL of this resource.
create_time
-
The timestamp when the resource was created.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits.
Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
update_time
-
The timestamp when the resource was updated.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits.
Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
This resource provides the following Timeouts configuration options:
create
- Default is 30 minutes.update
- Default is 30 minutes.delete
- Default is 30 minutes.GatewaySecurityPolicy can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{name}}
{{project}}/{{location}}/{{name}}
{{location}}/{{name}}
In Terraform v1.5.0 and later, use an import
block to import GatewaySecurityPolicy using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{name}}"
to = google_network_security_gateway_security_policy.default
}
When using the terraform import
command, GatewaySecurityPolicy can be imported using one of the formats above. For example:
$ terraform import google_network_security_gateway_security_policy.default projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{name}}
$ terraform import google_network_security_gateway_security_policy.default {{project}}/{{location}}/{{name}}
$ terraform import google_network_security_gateway_security_policy.default {{location}}/{{name}}
This resource supports User Project Overrides.