The GatewaySecurityPolicyRule resource is in a nested collection within a GatewaySecurityPolicy and represents a traffic matching condition and associated action to perform.
To get more information about GatewaySecurityPolicyRule, see:
resource "google_network_security_gateway_security_policy" "default" {
name = "my-gateway-security-policy"
location = "us-central1"
description = "gateway security policy created to be used as reference by the rule."
}
resource "google_network_security_gateway_security_policy_rule" "default" {
name = "my-gateway-security-policy-rule"
location = "us-central1"
gateway_security_policy = google_network_security_gateway_security_policy.default.name
enabled = true
description = "my description"
priority = 0
session_matcher = "host() == 'example.com'"
basic_profile = "ALLOW"
}
resource "google_network_security_gateway_security_policy" "default" {
name = "my-gateway-security-policy"
location = "us-central1"
description = "gateway security policy created to be used as reference by the rule."
}
resource "google_network_security_gateway_security_policy_rule" "default" {
name = "my-gateway-security-policy-rule"
location = "us-central1"
gateway_security_policy = google_network_security_gateway_security_policy.default.name
enabled = true
description = "my description"
priority = 0
session_matcher = "host() == 'example.com'"
application_matcher = "request.method == 'POST'"
tls_inspection_enabled = false
basic_profile = "ALLOW"
}
The following arguments are supported:
enabled
-
(Required)
Whether the rule is enforced.
priority
-
(Required)
Priority of the rule. Lower number corresponds to higher precedence.
session_matcher
-
(Required)
CEL expression for matching on session criteria.
basic_profile
-
(Required)
Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY.
Possible values are: BASIC_PROFILE_UNSPECIFIED
, ALLOW
, DENY
.
name
-
(Required)
Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule}
rule should match the pattern: (^a-z?$).
location
-
(Required)
The location of the gateway security policy.
gateway_security_policy
-
(Required)
The name of the gatewat security policy this rule belongs to.
description
-
(Optional)
Free-text description of the resource.
application_matcher
-
(Optional)
CEL expression for matching on L7/application level criteria.
tls_inspection_enabled
-
(Optional)
Flag to enable TLS inspection of traffic matching on. Can only be true if the
parent GatewaySecurityPolicy references a TLSInspectionConfig.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{gateway_security_policy}}/rules/{{name}}
self_link
-
Server-defined URL of this resource.
create_time
-
The timestamp when the resource was created.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits.
Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"
update_time
-
The timestamp when the resource was updated.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits.
Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
This resource provides the following Timeouts configuration options:
create
- Default is 30 minutes.update
- Default is 30 minutes.delete
- Default is 30 minutes.GatewaySecurityPolicyRule can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{gateway_security_policy}}/rules/{{name}}
{{project}}/{{location}}/{{gateway_security_policy}}/{{name}}
{{location}}/{{gateway_security_policy}}/{{name}}
In Terraform v1.5.0 and later, use an import
block to import GatewaySecurityPolicyRule using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{gateway_security_policy}}/rules/{{name}}"
to = google_network_security_gateway_security_policy_rule.default
}
When using the terraform import
command, GatewaySecurityPolicyRule can be imported using one of the formats above. For example:
$ terraform import google_network_security_gateway_security_policy_rule.default projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{gateway_security_policy}}/rules/{{name}}
$ terraform import google_network_security_gateway_security_policy_rule.default {{project}}/{{location}}/{{gateway_security_policy}}/{{name}}
$ terraform import google_network_security_gateway_security_policy_rule.default {{location}}/{{gateway_security_policy}}/{{name}}
This resource supports User Project Overrides.