google::compute-security-policy

Creates a security policy.

Example

google::compute-security-policy security-policy-example
    name: "security-policy-example"
    description: "security-policy-example-desc"

    rule
        description: "security-policy-example-rule-desc"
        priority: 2
        action: 'allow'
        preview: true

        match
            versioned-expr: 'SRC_IPS_V1'
            config
                src-ip-ranges: ['*']
            end
        end
    end
end

Attributes

Attribute Description
name The name of the security policy. Must be a string 1-63 characters long and the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. Valid values satisfy the regex: [(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))]. (Required)
description The description of the security policy.
rule list subresource

The rule of the security policy.

description
The description of the security policy rule.
priority
The priority of the security policy rule. (Required)
action
The action to take for this rule. Valid values are allow, deny(403), deny(404) or deny(502). (Required)
preview
The preview flag indicates that this rule is not enforced.
match subresource

The match condition that incoming traffic is evaluated against for this rule. (Required)

config subresource

The configuration for the security policy rule matcher. (Required)

src-ip-ranges list
The ip ranges for this security policy rule matcher configuration. (Required)
versioned-expr
The versioned expression of the security policy rule matcher. Currently only supported value is SRC_IPS_V1. Currently the only supported value is SRC_IPS_V1. (Required)
fingerprint The fingerprint for this security policy.

Outputs

Attribute Description
self-link The fully-qualified URL of the security policy.
default-rule subresource The default rule for this security policy.