Google Cloud v8.21.0, Mar 5 25

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

gcp.networksecurity.AuthzPolicy

Explore with Pulumi AI

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

pulumi/pulumi-gcp

Example Usage

Create AuthzPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AuthzPolicy(name: string, args: AuthzPolicyArgs, opts?: CustomResourceOptions);

@overload
def AuthzPolicy(resource_name: str,
                args: AuthzPolicyArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def AuthzPolicy(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                action: Optional[str] = None,
                location: Optional[str] = None,
                target: Optional[AuthzPolicyTargetArgs] = None,
                custom_provider: Optional[AuthzPolicyCustomProviderArgs] = None,
                description: Optional[str] = None,
                http_rules: Optional[Sequence[AuthzPolicyHttpRuleArgs]] = None,
                labels: Optional[Mapping[str, str]] = None,
                name: Optional[str] = None,
                project: Optional[str] = None)

func NewAuthzPolicy(ctx *Context, name string, args AuthzPolicyArgs, opts ...ResourceOption) (*AuthzPolicy, error)

public AuthzPolicy(string name, AuthzPolicyArgs args, CustomResourceOptions? opts = null)

public AuthzPolicy(String name, AuthzPolicyArgs args)
public AuthzPolicy(String name, AuthzPolicyArgs args, CustomResourceOptions options)

type: gcp:networksecurity:AuthzPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AuthzPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AuthzPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AuthzPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AuthzPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AuthzPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var authzPolicyResource = new Gcp.NetworkSecurity.AuthzPolicy("authzPolicyResource", new()
{
    Action = "string",
    Location = "string",
    Target = new Gcp.NetworkSecurity.Inputs.AuthzPolicyTargetArgs
    {
        LoadBalancingScheme = "string",
        Resources = new[]
        {
            "string",
        },
    },
    CustomProvider = new Gcp.NetworkSecurity.Inputs.AuthzPolicyCustomProviderArgs
    {
        AuthzExtension = new Gcp.NetworkSecurity.Inputs.AuthzPolicyCustomProviderAuthzExtensionArgs
        {
            Resources = new[]
            {
                "string",
            },
        },
        CloudIap = new Gcp.NetworkSecurity.Inputs.AuthzPolicyCustomProviderCloudIapArgs
        {
            Enabled = false,
        },
    },
    Description = "string",
    HttpRules = new[]
    {
        new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleArgs
        {
            From = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromArgs
            {
                NotSources = new[]
                {
                    new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromNotSourceArgs
                    {
                        Principals = new[]
                        {
                            new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromNotSourcePrincipalArgs
                            {
                                Contains = "string",
                                Exact = "string",
                                IgnoreCase = false,
                                Prefix = "string",
                                Suffix = "string",
                            },
                        },
                        Resources = new[]
                        {
                            new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromNotSourceResourceArgs
                            {
                                IamServiceAccount = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs
                                {
                                    Contains = "string",
                                    Exact = "string",
                                    IgnoreCase = false,
                                    Prefix = "string",
                                    Suffix = "string",
                                },
                                TagValueIdSet = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs
                                {
                                    Ids = new[]
                                    {
                                        "string",
                                    },
                                },
                            },
                        },
                    },
                },
                Sources = new[]
                {
                    new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromSourceArgs
                    {
                        Principals = new[]
                        {
                            new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromSourcePrincipalArgs
                            {
                                Contains = "string",
                                Exact = "string",
                                IgnoreCase = false,
                                Prefix = "string",
                                Suffix = "string",
                            },
                        },
                        Resources = new[]
                        {
                            new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromSourceResourceArgs
                            {
                                IamServiceAccount = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs
                                {
                                    Contains = "string",
                                    Exact = "string",
                                    IgnoreCase = false,
                                    Prefix = "string",
                                    Suffix = "string",
                                },
                                TagValueIdSet = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs
                                {
                                    Ids = new[]
                                    {
                                        "string",
                                    },
                                },
                            },
                        },
                    },
                },
            },
            To = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleToArgs
            {
                Operations = new[]
                {
                    new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleToOperationArgs
                    {
                        HeaderSet = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleToOperationHeaderSetArgs
                        {
                            Headers = new[]
                            {
                                new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs
                                {
                                    Name = "string",
                                    Value = new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs
                                    {
                                        Contains = "string",
                                        Exact = "string",
                                        IgnoreCase = false,
                                        Prefix = "string",
                                        Suffix = "string",
                                    },
                                },
                            },
                        },
                        Hosts = new[]
                        {
                            new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleToOperationHostArgs
                            {
                                Contains = "string",
                                Exact = "string",
                                IgnoreCase = false,
                                Prefix = "string",
                                Suffix = "string",
                            },
                        },
                        Methods = new[]
                        {
                            "string",
                        },
                        Paths = new[]
                        {
                            new Gcp.NetworkSecurity.Inputs.AuthzPolicyHttpRuleToOperationPathArgs
                            {
                                Contains = "string",
                                Exact = "string",
                                IgnoreCase = false,
                                Prefix = "string",
                                Suffix = "string",
                            },
                        },
                    },
                },
            },
            When = "string",
        },
    },
    Labels = 
    {
        { "string", "string" },
    },
    Name = "string",
    Project = "string",
});

example, err := networksecurity.NewAuthzPolicy(ctx, "authzPolicyResource", &networksecurity.AuthzPolicyArgs{
	Action:   pulumi.String("string"),
	Location: pulumi.String("string"),
	Target: &networksecurity.AuthzPolicyTargetArgs{
		LoadBalancingScheme: pulumi.String("string"),
		Resources: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	CustomProvider: &networksecurity.AuthzPolicyCustomProviderArgs{
		AuthzExtension: &networksecurity.AuthzPolicyCustomProviderAuthzExtensionArgs{
			Resources: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
		CloudIap: &networksecurity.AuthzPolicyCustomProviderCloudIapArgs{
			Enabled: pulumi.Bool(false),
		},
	},
	Description: pulumi.String("string"),
	HttpRules: networksecurity.AuthzPolicyHttpRuleArray{
		&networksecurity.AuthzPolicyHttpRuleArgs{
			From: &networksecurity.AuthzPolicyHttpRuleFromArgs{
				NotSources: networksecurity.AuthzPolicyHttpRuleFromNotSourceArray{
					&networksecurity.AuthzPolicyHttpRuleFromNotSourceArgs{
						Principals: networksecurity.AuthzPolicyHttpRuleFromNotSourcePrincipalArray{
							&networksecurity.AuthzPolicyHttpRuleFromNotSourcePrincipalArgs{
								Contains:   pulumi.String("string"),
								Exact:      pulumi.String("string"),
								IgnoreCase: pulumi.Bool(false),
								Prefix:     pulumi.String("string"),
								Suffix:     pulumi.String("string"),
							},
						},
						Resources: networksecurity.AuthzPolicyHttpRuleFromNotSourceResourceArray{
							&networksecurity.AuthzPolicyHttpRuleFromNotSourceResourceArgs{
								IamServiceAccount: &networksecurity.AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs{
									Contains:   pulumi.String("string"),
									Exact:      pulumi.String("string"),
									IgnoreCase: pulumi.Bool(false),
									Prefix:     pulumi.String("string"),
									Suffix:     pulumi.String("string"),
								},
								TagValueIdSet: &networksecurity.AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs{
									Ids: pulumi.StringArray{
										pulumi.String("string"),
									},
								},
							},
						},
					},
				},
				Sources: networksecurity.AuthzPolicyHttpRuleFromSourceArray{
					&networksecurity.AuthzPolicyHttpRuleFromSourceArgs{
						Principals: networksecurity.AuthzPolicyHttpRuleFromSourcePrincipalArray{
							&networksecurity.AuthzPolicyHttpRuleFromSourcePrincipalArgs{
								Contains:   pulumi.String("string"),
								Exact:      pulumi.String("string"),
								IgnoreCase: pulumi.Bool(false),
								Prefix:     pulumi.String("string"),
								Suffix:     pulumi.String("string"),
							},
						},
						Resources: networksecurity.AuthzPolicyHttpRuleFromSourceResourceArray{
							&networksecurity.AuthzPolicyHttpRuleFromSourceResourceArgs{
								IamServiceAccount: &networksecurity.AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs{
									Contains:   pulumi.String("string"),
									Exact:      pulumi.String("string"),
									IgnoreCase: pulumi.Bool(false),
									Prefix:     pulumi.String("string"),
									Suffix:     pulumi.String("string"),
								},
								TagValueIdSet: &networksecurity.AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs{
									Ids: pulumi.StringArray{
										pulumi.String("string"),
									},
								},
							},
						},
					},
				},
			},
			To: &networksecurity.AuthzPolicyHttpRuleToArgs{
				Operations: networksecurity.AuthzPolicyHttpRuleToOperationArray{
					&networksecurity.AuthzPolicyHttpRuleToOperationArgs{
						HeaderSet: &networksecurity.AuthzPolicyHttpRuleToOperationHeaderSetArgs{
							Headers: networksecurity.AuthzPolicyHttpRuleToOperationHeaderSetHeaderArray{
								&networksecurity.AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs{
									Name: pulumi.String("string"),
									Value: &networksecurity.AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs{
										Contains:   pulumi.String("string"),
										Exact:      pulumi.String("string"),
										IgnoreCase: pulumi.Bool(false),
										Prefix:     pulumi.String("string"),
										Suffix:     pulumi.String("string"),
									},
								},
							},
						},
						Hosts: networksecurity.AuthzPolicyHttpRuleToOperationHostArray{
							&networksecurity.AuthzPolicyHttpRuleToOperationHostArgs{
								Contains:   pulumi.String("string"),
								Exact:      pulumi.String("string"),
								IgnoreCase: pulumi.Bool(false),
								Prefix:     pulumi.String("string"),
								Suffix:     pulumi.String("string"),
							},
						},
						Methods: pulumi.StringArray{
							pulumi.String("string"),
						},
						Paths: networksecurity.AuthzPolicyHttpRuleToOperationPathArray{
							&networksecurity.AuthzPolicyHttpRuleToOperationPathArgs{
								Contains:   pulumi.String("string"),
								Exact:      pulumi.String("string"),
								IgnoreCase: pulumi.Bool(false),
								Prefix:     pulumi.String("string"),
								Suffix:     pulumi.String("string"),
							},
						},
					},
				},
			},
			When: pulumi.String("string"),
		},
	},
	Labels: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Name:    pulumi.String("string"),
	Project: pulumi.String("string"),
})

var authzPolicyResource = new AuthzPolicy("authzPolicyResource", AuthzPolicyArgs.builder()
    .action("string")
    .location("string")
    .target(AuthzPolicyTargetArgs.builder()
        .loadBalancingScheme("string")
        .resources("string")
        .build())
    .customProvider(AuthzPolicyCustomProviderArgs.builder()
        .authzExtension(AuthzPolicyCustomProviderAuthzExtensionArgs.builder()
            .resources("string")
            .build())
        .cloudIap(AuthzPolicyCustomProviderCloudIapArgs.builder()
            .enabled(false)
            .build())
        .build())
    .description("string")
    .httpRules(AuthzPolicyHttpRuleArgs.builder()
        .from(AuthzPolicyHttpRuleFromArgs.builder()
            .notSources(AuthzPolicyHttpRuleFromNotSourceArgs.builder()
                .principals(AuthzPolicyHttpRuleFromNotSourcePrincipalArgs.builder()
                    .contains("string")
                    .exact("string")
                    .ignoreCase(false)
                    .prefix("string")
                    .suffix("string")
                    .build())
                .resources(AuthzPolicyHttpRuleFromNotSourceResourceArgs.builder()
                    .iamServiceAccount(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs.builder()
                        .contains("string")
                        .exact("string")
                        .ignoreCase(false)
                        .prefix("string")
                        .suffix("string")
                        .build())
                    .tagValueIdSet(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs.builder()
                        .ids("string")
                        .build())
                    .build())
                .build())
            .sources(AuthzPolicyHttpRuleFromSourceArgs.builder()
                .principals(AuthzPolicyHttpRuleFromSourcePrincipalArgs.builder()
                    .contains("string")
                    .exact("string")
                    .ignoreCase(false)
                    .prefix("string")
                    .suffix("string")
                    .build())
                .resources(AuthzPolicyHttpRuleFromSourceResourceArgs.builder()
                    .iamServiceAccount(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs.builder()
                        .contains("string")
                        .exact("string")
                        .ignoreCase(false)
                        .prefix("string")
                        .suffix("string")
                        .build())
                    .tagValueIdSet(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs.builder()
                        .ids("string")
                        .build())
                    .build())
                .build())
            .build())
        .to(AuthzPolicyHttpRuleToArgs.builder()
            .operations(AuthzPolicyHttpRuleToOperationArgs.builder()
                .headerSet(AuthzPolicyHttpRuleToOperationHeaderSetArgs.builder()
                    .headers(AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs.builder()
                        .name("string")
                        .value(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs.builder()
                            .contains("string")
                            .exact("string")
                            .ignoreCase(false)
                            .prefix("string")
                            .suffix("string")
                            .build())
                        .build())
                    .build())
                .hosts(AuthzPolicyHttpRuleToOperationHostArgs.builder()
                    .contains("string")
                    .exact("string")
                    .ignoreCase(false)
                    .prefix("string")
                    .suffix("string")
                    .build())
                .methods("string")
                .paths(AuthzPolicyHttpRuleToOperationPathArgs.builder()
                    .contains("string")
                    .exact("string")
                    .ignoreCase(false)
                    .prefix("string")
                    .suffix("string")
                    .build())
                .build())
            .build())
        .when("string")
        .build())
    .labels(Map.of("string", "string"))
    .name("string")
    .project("string")
    .build());

authz_policy_resource = gcp.networksecurity.AuthzPolicy("authzPolicyResource",
    action="string",
    location="string",
    target={
        "load_balancing_scheme": "string",
        "resources": ["string"],
    },
    custom_provider={
        "authz_extension": {
            "resources": ["string"],
        },
        "cloud_iap": {
            "enabled": False,
        },
    },
    description="string",
    http_rules=[{
        "from_": {
            "not_sources": [{
                "principals": [{
                    "contains": "string",
                    "exact": "string",
                    "ignore_case": False,
                    "prefix": "string",
                    "suffix": "string",
                }],
                "resources": [{
                    "iam_service_account": {
                        "contains": "string",
                        "exact": "string",
                        "ignore_case": False,
                        "prefix": "string",
                        "suffix": "string",
                    },
                    "tag_value_id_set": {
                        "ids": ["string"],
                    },
                }],
            }],
            "sources": [{
                "principals": [{
                    "contains": "string",
                    "exact": "string",
                    "ignore_case": False,
                    "prefix": "string",
                    "suffix": "string",
                }],
                "resources": [{
                    "iam_service_account": {
                        "contains": "string",
                        "exact": "string",
                        "ignore_case": False,
                        "prefix": "string",
                        "suffix": "string",
                    },
                    "tag_value_id_set": {
                        "ids": ["string"],
                    },
                }],
            }],
        },
        "to": {
            "operations": [{
                "header_set": {
                    "headers": [{
                        "name": "string",
                        "value": {
                            "contains": "string",
                            "exact": "string",
                            "ignore_case": False,
                            "prefix": "string",
                            "suffix": "string",
                        },
                    }],
                },
                "hosts": [{
                    "contains": "string",
                    "exact": "string",
                    "ignore_case": False,
                    "prefix": "string",
                    "suffix": "string",
                }],
                "methods": ["string"],
                "paths": [{
                    "contains": "string",
                    "exact": "string",
                    "ignore_case": False,
                    "prefix": "string",
                    "suffix": "string",
                }],
            }],
        },
        "when": "string",
    }],
    labels={
        "string": "string",
    },
    name="string",
    project="string")

const authzPolicyResource = new gcp.networksecurity.AuthzPolicy("authzPolicyResource", {
    action: "string",
    location: "string",
    target: {
        loadBalancingScheme: "string",
        resources: ["string"],
    },
    customProvider: {
        authzExtension: {
            resources: ["string"],
        },
        cloudIap: {
            enabled: false,
        },
    },
    description: "string",
    httpRules: [{
        from: {
            notSources: [{
                principals: [{
                    contains: "string",
                    exact: "string",
                    ignoreCase: false,
                    prefix: "string",
                    suffix: "string",
                }],
                resources: [{
                    iamServiceAccount: {
                        contains: "string",
                        exact: "string",
                        ignoreCase: false,
                        prefix: "string",
                        suffix: "string",
                    },
                    tagValueIdSet: {
                        ids: ["string"],
                    },
                }],
            }],
            sources: [{
                principals: [{
                    contains: "string",
                    exact: "string",
                    ignoreCase: false,
                    prefix: "string",
                    suffix: "string",
                }],
                resources: [{
                    iamServiceAccount: {
                        contains: "string",
                        exact: "string",
                        ignoreCase: false,
                        prefix: "string",
                        suffix: "string",
                    },
                    tagValueIdSet: {
                        ids: ["string"],
                    },
                }],
            }],
        },
        to: {
            operations: [{
                headerSet: {
                    headers: [{
                        name: "string",
                        value: {
                            contains: "string",
                            exact: "string",
                            ignoreCase: false,
                            prefix: "string",
                            suffix: "string",
                        },
                    }],
                },
                hosts: [{
                    contains: "string",
                    exact: "string",
                    ignoreCase: false,
                    prefix: "string",
                    suffix: "string",
                }],
                methods: ["string"],
                paths: [{
                    contains: "string",
                    exact: "string",
                    ignoreCase: false,
                    prefix: "string",
                    suffix: "string",
                }],
            }],
        },
        when: "string",
    }],
    labels: {
        string: "string",
    },
    name: "string",
    project: "string",
});

type: gcp:networksecurity:AuthzPolicy
properties:
    action: string
    customProvider:
        authzExtension:
            resources:
                - string
        cloudIap:
            enabled: false
    description: string
    httpRules:
        - from:
            notSources:
                - principals:
                    - contains: string
                      exact: string
                      ignoreCase: false
                      prefix: string
                      suffix: string
                  resources:
                    - iamServiceAccount:
                        contains: string
                        exact: string
                        ignoreCase: false
                        prefix: string
                        suffix: string
                      tagValueIdSet:
                        ids:
                            - string
            sources:
                - principals:
                    - contains: string
                      exact: string
                      ignoreCase: false
                      prefix: string
                      suffix: string
                  resources:
                    - iamServiceAccount:
                        contains: string
                        exact: string
                        ignoreCase: false
                        prefix: string
                        suffix: string
                      tagValueIdSet:
                        ids:
                            - string
          to:
            operations:
                - headerSet:
                    headers:
                        - name: string
                          value:
                            contains: string
                            exact: string
                            ignoreCase: false
                            prefix: string
                            suffix: string
                  hosts:
                    - contains: string
                      exact: string
                      ignoreCase: false
                      prefix: string
                      suffix: string
                  methods:
                    - string
                  paths:
                    - contains: string
                      exact: string
                      ignoreCase: false
                      prefix: string
                      suffix: string
          when: string
    labels:
        string: string
    location: string
    name: string
    project: string
    target:
        loadBalancingScheme: string
        resources:
            - string

AuthzPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The AuthzPolicy resource accepts the following input properties:

Action string

When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order:

If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
If there are any DENY policies that match the request, the request is denied.
If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.

Location string

The location of the resource.

Target AuthzPolicyTarget

Specifies the set of resources to which this policy should be applied to. Structure is documented below.

CustomProvider AuthzPolicyCustomProvider

Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.

Description string

A human-readable description of the resource.

HttpRules List<AuthzPolicyHttpRule>

A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.

Labels Dictionary<string, string>

Set of labels associated with the AuthzExtension resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

Name string

Identifier. Name of the AuthzPolicy resource.

Project string

Action string

If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
If there are any DENY policies that match the request, the request is denied.
If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.

Location string

The location of the resource.

Target AuthzPolicyTargetArgs

Specifies the set of resources to which this policy should be applied to. Structure is documented below.

CustomProvider AuthzPolicyCustomProviderArgs

Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.

Description string

A human-readable description of the resource.

HttpRules []AuthzPolicyHttpRuleArgs

Labels map[string]string

Name string

Identifier. Name of the AuthzPolicy resource.

Project string

action String

If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
If there are any DENY policies that match the request, the request is denied.
If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.

location String

The location of the resource.

target AuthzPolicyTarget

Specifies the set of resources to which this policy should be applied to. Structure is documented below.

customProvider AuthzPolicyCustomProvider

Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.

description String

A human-readable description of the resource.

httpRules List<AuthzPolicyHttpRule>

labels Map<String,String>

name String

Identifier. Name of the AuthzPolicy resource.

project String

action string

If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
If there are any DENY policies that match the request, the request is denied.
If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.

location string

The location of the resource.

target AuthzPolicyTarget

Specifies the set of resources to which this policy should be applied to. Structure is documented below.

customProvider AuthzPolicyCustomProvider

Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.

description string

A human-readable description of the resource.

httpRules AuthzPolicyHttpRule[]

labels {[key: string]: string}

name string

Identifier. Name of the AuthzPolicy resource.

project string

action str

If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
If there are any DENY policies that match the request, the request is denied.
If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.

location str

The location of the resource.

target AuthzPolicyTargetArgs

Specifies the set of resources to which this policy should be applied to. Structure is documented below.

custom_provider AuthzPolicyCustomProviderArgs

Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.

description str

A human-readable description of the resource.

http_rules Sequence[AuthzPolicyHttpRuleArgs]

labels Mapping[str, str]

name str

Identifier. Name of the AuthzPolicy resource.

project str

action String

If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
If there are any DENY policies that match the request, the request is denied.
If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.

location String

The location of the resource.

target Property Map

Specifies the set of resources to which this policy should be applied to. Structure is documented below.

customProvider Property Map

Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.

description String

A human-readable description of the resource.

httpRules List<Property Map>

labels Map<String>

name String

Identifier. Name of the AuthzPolicy resource.

project String

Outputs

All input properties are implicitly available as output properties. Additionally, the AuthzPolicy resource produces the following output properties:

CreateTime string: The timestamp when the resource was created.
EffectiveLabels Dictionary<string, string>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
Id string: The provider-assigned unique ID for this managed resource.
PulumiLabels Dictionary<string, string>: The combination of labels configured directly on the resource and default labels configured on the provider.
UpdateTime string: The timestamp when the resource was updated.

CreateTime string: The timestamp when the resource was created.
EffectiveLabels map[string]string: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
Id string: The provider-assigned unique ID for this managed resource.
PulumiLabels map[string]string: The combination of labels configured directly on the resource and default labels configured on the provider.
UpdateTime string: The timestamp when the resource was updated.

createTime String: The timestamp when the resource was created.
effectiveLabels Map<String,String>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id String: The provider-assigned unique ID for this managed resource.
pulumiLabels Map<String,String>: The combination of labels configured directly on the resource and default labels configured on the provider.
updateTime String: The timestamp when the resource was updated.

createTime string: The timestamp when the resource was created.
effectiveLabels {[key: string]: string}: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id string: The provider-assigned unique ID for this managed resource.
pulumiLabels {[key: string]: string}: The combination of labels configured directly on the resource and default labels configured on the provider.
updateTime string: The timestamp when the resource was updated.

create_time str: The timestamp when the resource was created.
effective_labels Mapping[str, str]: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id str: The provider-assigned unique ID for this managed resource.
pulumi_labels Mapping[str, str]: The combination of labels configured directly on the resource and default labels configured on the provider.
update_time str: The timestamp when the resource was updated.

createTime String: The timestamp when the resource was created.
effectiveLabels Map<String>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id String: The provider-assigned unique ID for this managed resource.
pulumiLabels Map<String>: The combination of labels configured directly on the resource and default labels configured on the provider.
updateTime String: The timestamp when the resource was updated.

Look up Existing AuthzPolicy Resource

Get an existing AuthzPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AuthzPolicyState, opts?: CustomResourceOptions): AuthzPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        create_time: Optional[str] = None,
        custom_provider: Optional[AuthzPolicyCustomProviderArgs] = None,
        description: Optional[str] = None,
        effective_labels: Optional[Mapping[str, str]] = None,
        http_rules: Optional[Sequence[AuthzPolicyHttpRuleArgs]] = None,
        labels: Optional[Mapping[str, str]] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        project: Optional[str] = None,
        pulumi_labels: Optional[Mapping[str, str]] = None,
        target: Optional[AuthzPolicyTargetArgs] = None,
        update_time: Optional[str] = None) -> AuthzPolicy

func GetAuthzPolicy(ctx *Context, name string, id IDInput, state *AuthzPolicyState, opts ...ResourceOption) (*AuthzPolicy, error)

public static AuthzPolicy Get(string name, Input<string> id, AuthzPolicyState? state, CustomResourceOptions? opts = null)

public static AuthzPolicy get(String name, Output<String> id, AuthzPolicyState state, CustomResourceOptions options)

resources:  _:    type: gcp:networksecurity:AuthzPolicy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string

If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
If there are any DENY policies that match the request, the request is denied.
If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.

CreateTime string

The timestamp when the resource was created.

CustomProvider AuthzPolicyCustomProvider

Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.

Description string

A human-readable description of the resource.

EffectiveLabels Dictionary<string, string>

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

HttpRules List<AuthzPolicyHttpRule>

Labels Dictionary<string, string>

Location string

The location of the resource.

Name string

Identifier. Name of the AuthzPolicy resource.

Project string

PulumiLabels Dictionary<string, string>

The combination of labels configured directly on the resource and default labels configured on the provider.

Target AuthzPolicyTarget

Specifies the set of resources to which this policy should be applied to. Structure is documented below.

UpdateTime string

The timestamp when the resource was updated.

Action string

If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
If there are any DENY policies that match the request, the request is denied.
If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.

CreateTime string

The timestamp when the resource was created.

CustomProvider AuthzPolicyCustomProviderArgs

Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.

Description string

A human-readable description of the resource.

EffectiveLabels map[string]string

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

HttpRules []AuthzPolicyHttpRuleArgs

Labels map[string]string

Location string

The location of the resource.

Name string

Identifier. Name of the AuthzPolicy resource.

Project string

PulumiLabels map[string]string

The combination of labels configured directly on the resource and default labels configured on the provider.

Target AuthzPolicyTargetArgs

Specifies the set of resources to which this policy should be applied to. Structure is documented below.

UpdateTime string

The timestamp when the resource was updated.

action String

If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
If there are any DENY policies that match the request, the request is denied.
If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.

createTime String

The timestamp when the resource was created.

customProvider AuthzPolicyCustomProvider

Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.

description String

A human-readable description of the resource.

effectiveLabels Map<String,String>

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

httpRules List<AuthzPolicyHttpRule>

labels Map<String,String>

location String

The location of the resource.

name String

Identifier. Name of the AuthzPolicy resource.

project String

pulumiLabels Map<String,String>

The combination of labels configured directly on the resource and default labels configured on the provider.

target AuthzPolicyTarget

Specifies the set of resources to which this policy should be applied to. Structure is documented below.

updateTime String

The timestamp when the resource was updated.

action string

If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
If there are any DENY policies that match the request, the request is denied.
If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.

createTime string

The timestamp when the resource was created.

customProvider AuthzPolicyCustomProvider

Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.

description string

A human-readable description of the resource.

effectiveLabels {[key: string]: string}

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

httpRules AuthzPolicyHttpRule[]

labels {[key: string]: string}

location string

The location of the resource.

name string

Identifier. Name of the AuthzPolicy resource.

project string

pulumiLabels {[key: string]: string}

The combination of labels configured directly on the resource and default labels configured on the provider.

target AuthzPolicyTarget

Specifies the set of resources to which this policy should be applied to. Structure is documented below.

updateTime string

The timestamp when the resource was updated.

action str

If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
If there are any DENY policies that match the request, the request is denied.
If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.

create_time str

The timestamp when the resource was created.

custom_provider AuthzPolicyCustomProviderArgs

Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.

description str

A human-readable description of the resource.

effective_labels Mapping[str, str]

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

http_rules Sequence[AuthzPolicyHttpRuleArgs]

labels Mapping[str, str]

location str

The location of the resource.

name str

Identifier. Name of the AuthzPolicy resource.

project str

pulumi_labels Mapping[str, str]

The combination of labels configured directly on the resource and default labels configured on the provider.

target AuthzPolicyTargetArgs

Specifies the set of resources to which this policy should be applied to. Structure is documented below.

update_time str

The timestamp when the resource was updated.

action String

If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
If there are any DENY policies that match the request, the request is denied.
If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values are: ALLOW, DENY, CUSTOM.

createTime String

The timestamp when the resource was created.

customProvider Property Map

Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.

description String

A human-readable description of the resource.

effectiveLabels Map<String>

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

httpRules List<Property Map>

labels Map<String>

location String

The location of the resource.

name String

Identifier. Name of the AuthzPolicy resource.

project String

pulumiLabels Map<String>

The combination of labels configured directly on the resource and default labels configured on the provider.

target Property Map

Specifies the set of resources to which this policy should be applied to. Structure is documented below.

updateTime String

The timestamp when the resource was updated.

Supporting Types

AuthzPolicyCustomProvider, AuthzPolicyCustomProviderArgs

AuthzExtension AuthzPolicyCustomProviderAuthzExtension: Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. Structure is documented below.
CloudIap AuthzPolicyCustomProviderCloudIap: Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. Structure is documented below.

AuthzExtension AuthzPolicyCustomProviderAuthzExtension: Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. Structure is documented below.
CloudIap AuthzPolicyCustomProviderCloudIap: Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. Structure is documented below.

authzExtension AuthzPolicyCustomProviderAuthzExtension: Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. Structure is documented below.
cloudIap AuthzPolicyCustomProviderCloudIap: Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. Structure is documented below.

authzExtension AuthzPolicyCustomProviderAuthzExtension: Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. Structure is documented below.
cloudIap AuthzPolicyCustomProviderCloudIap: Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. Structure is documented below.

authz_extension AuthzPolicyCustomProviderAuthzExtension: Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. Structure is documented below.
cloud_iap AuthzPolicyCustomProviderCloudIap: Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. Structure is documented below.

authzExtension Property Map: Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. Structure is documented below.
cloudIap Property Map: Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. Structure is documented below.

AuthzPolicyCustomProviderAuthzExtension, AuthzPolicyCustomProviderAuthzExtensionArgs

Resources List<string>: A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.

Resources []string: A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.

resources List<String>: A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.

resources string[]: A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.

resources Sequence[str]: A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.

resources List<String>: A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.

AuthzPolicyCustomProviderCloudIap, AuthzPolicyCustomProviderCloudIapArgs

Enabled bool: Enable Cloud IAP at the AuthzPolicy level.

Enabled bool: Enable Cloud IAP at the AuthzPolicy level.

enabled Boolean: Enable Cloud IAP at the AuthzPolicy level.

enabled boolean: Enable Cloud IAP at the AuthzPolicy level.

enabled bool: Enable Cloud IAP at the AuthzPolicy level.

enabled Boolean: Enable Cloud IAP at the AuthzPolicy level.

AuthzPolicyHttpRule, AuthzPolicyHttpRuleArgs

From AuthzPolicyHttpRuleFrom: Describes properties of one or more sources of a request. Structure is documented below.
To AuthzPolicyHttpRuleTo: Describes properties of one or more targets of a request Structure is documented below.
When string: CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.

From AuthzPolicyHttpRuleFrom: Describes properties of one or more sources of a request. Structure is documented below.
To AuthzPolicyHttpRuleTo: Describes properties of one or more targets of a request Structure is documented below.
When string: CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.

from AuthzPolicyHttpRuleFrom: Describes properties of one or more sources of a request. Structure is documented below.
to AuthzPolicyHttpRuleTo: Describes properties of one or more targets of a request Structure is documented below.
when String: CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.

from AuthzPolicyHttpRuleFrom: Describes properties of one or more sources of a request. Structure is documented below.
to AuthzPolicyHttpRuleTo: Describes properties of one or more targets of a request Structure is documented below.
when string: CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.

from_ AuthzPolicyHttpRuleFrom: Describes properties of one or more sources of a request. Structure is documented below.
to AuthzPolicyHttpRuleTo: Describes properties of one or more targets of a request Structure is documented below.
when str: CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.

from Property Map: Describes properties of one or more sources of a request. Structure is documented below.
to Property Map: Describes properties of one or more targets of a request Structure is documented below.
when String: CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.

AuthzPolicyHttpRuleFrom, AuthzPolicyHttpRuleFromArgs

NotSources List<AuthzPolicyHttpRuleFromNotSource>: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
Sources List<AuthzPolicyHttpRuleFromSource>: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.

NotSources []AuthzPolicyHttpRuleFromNotSource: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
Sources []AuthzPolicyHttpRuleFromSource: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.

notSources List<AuthzPolicyHttpRuleFromNotSource>: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
sources List<AuthzPolicyHttpRuleFromSource>: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.

notSources AuthzPolicyHttpRuleFromNotSource[]: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
sources AuthzPolicyHttpRuleFromSource[]: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.

not_sources Sequence[AuthzPolicyHttpRuleFromNotSource]: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
sources Sequence[AuthzPolicyHttpRuleFromSource]: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.

notSources List<Property Map>: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.
sources List<Property Map>: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. Structure is documented below.

AuthzPolicyHttpRuleFromNotSource, AuthzPolicyHttpRuleFromNotSourceArgs

Principals List<AuthzPolicyHttpRuleFromNotSourcePrincipal>: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
Resources List<AuthzPolicyHttpRuleFromNotSourceResource>: A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.

Principals []AuthzPolicyHttpRuleFromNotSourcePrincipal: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
Resources []AuthzPolicyHttpRuleFromNotSourceResource: A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.

principals List<AuthzPolicyHttpRuleFromNotSourcePrincipal>: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
resources List<AuthzPolicyHttpRuleFromNotSourceResource>: A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.

principals AuthzPolicyHttpRuleFromNotSourcePrincipal[]: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
resources AuthzPolicyHttpRuleFromNotSourceResource[]: A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.

principals Sequence[AuthzPolicyHttpRuleFromNotSourcePrincipal]: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
resources Sequence[AuthzPolicyHttpRuleFromNotSourceResource]: A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.

principals List<Property Map>: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
resources List<Property Map>: A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.

AuthzPolicyHttpRuleFromNotSourcePrincipal, AuthzPolicyHttpRuleFromNotSourcePrincipalArgs

Contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

Exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

IgnoreCase bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

Prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

Suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

Contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

Exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

IgnoreCase bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

Prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

Suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains String

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact String

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase Boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix String

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix String

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains str

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact str

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignore_case bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix str

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix str

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains String

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact String

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase Boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix String

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix String

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

AuthzPolicyHttpRuleFromNotSourceResource, AuthzPolicyHttpRuleFromNotSourceResourceArgs

IamServiceAccount AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount: An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
TagValueIdSet AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.

IamServiceAccount AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount: An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
TagValueIdSet AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.

iamServiceAccount AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount: An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
tagValueIdSet AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.

iamServiceAccount AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount: An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
tagValueIdSet AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.

iam_service_account AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount: An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
tag_value_id_set AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.

iamServiceAccount Property Map: An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
tagValueIdSet Property Map: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.

AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount, AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs

Contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

Exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

IgnoreCase bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

Prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

Suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

Contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

Exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

IgnoreCase bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

Prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

Suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains String

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact String

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase Boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix String

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix String

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains str

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact str

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignore_case bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix str

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix str

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains String

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact String

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase Boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix String

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix String

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet, AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs

Ids List<string>: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.

Ids []string: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.

ids List<String>: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.

ids string[]: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.

ids Sequence[str]: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.

ids List<String>: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.

AuthzPolicyHttpRuleFromSource, AuthzPolicyHttpRuleFromSourceArgs

Principals List<AuthzPolicyHttpRuleFromSourcePrincipal>: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
Resources List<AuthzPolicyHttpRuleFromSourceResource>: A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.

Principals []AuthzPolicyHttpRuleFromSourcePrincipal: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
Resources []AuthzPolicyHttpRuleFromSourceResource: A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.

principals List<AuthzPolicyHttpRuleFromSourcePrincipal>: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
resources List<AuthzPolicyHttpRuleFromSourceResource>: A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.

principals AuthzPolicyHttpRuleFromSourcePrincipal[]: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
resources AuthzPolicyHttpRuleFromSourceResource[]: A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.

principals Sequence[AuthzPolicyHttpRuleFromSourcePrincipal]: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
resources Sequence[AuthzPolicyHttpRuleFromSourceResource]: A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.

principals List<Property Map>: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals. Structure is documented below.
resources List<Property Map>: A list of resources to match against the resource of the source VM of a request. Limited to 5 resources. Structure is documented below.

AuthzPolicyHttpRuleFromSourcePrincipal, AuthzPolicyHttpRuleFromSourcePrincipalArgs

Contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

Exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

IgnoreCase bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

Prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

Suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

Contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

Exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

IgnoreCase bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

Prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

Suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains String

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact String

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase Boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix String

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix String

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains str

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact str

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignore_case bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix str

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix str

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains String

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact String

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase Boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix String

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix String

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

AuthzPolicyHttpRuleFromSourceResource, AuthzPolicyHttpRuleFromSourceResourceArgs

IamServiceAccount AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount: An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
TagValueIdSet AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.

IamServiceAccount AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount: An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
TagValueIdSet AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.

iamServiceAccount AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount: An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
tagValueIdSet AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.

iamServiceAccount AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount: An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
tagValueIdSet AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.

iam_service_account AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount: An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
tag_value_id_set AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.

iamServiceAccount Property Map: An IAM service account to match against the source service account of the VM sending the request. Structure is documented below.
tagValueIdSet Property Map: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. Structure is documented below.

AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount, AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs

Contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

Exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

IgnoreCase bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

Prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

Suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

Contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

Exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

IgnoreCase bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

Prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

Suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains String

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact String

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase Boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix String

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix String

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains str

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact str

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignore_case bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix str

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix str

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains String

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact String

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase Boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix String

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix String

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet, AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs

Ids List<string>: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.

Ids []string: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.

ids List<String>: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.

ids string[]: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.

ids Sequence[str]: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.

ids List<String>: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.

AuthzPolicyHttpRuleTo, AuthzPolicyHttpRuleToArgs

Operations List<AuthzPolicyHttpRuleToOperation>: Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. Structure is documented below.

Operations []AuthzPolicyHttpRuleToOperation: Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. Structure is documented below.

operations List<AuthzPolicyHttpRuleToOperation>: Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. Structure is documented below.

operations AuthzPolicyHttpRuleToOperation[]: Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. Structure is documented below.

operations Sequence[AuthzPolicyHttpRuleToOperation]: Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. Structure is documented below.

operations List<Property Map>: Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. Structure is documented below.

AuthzPolicyHttpRuleToOperation, AuthzPolicyHttpRuleToOperationArgs

HeaderSet AuthzPolicyHttpRuleToOperationHeaderSet: A list of headers to match against in http header. Structure is documented below.
Hosts List<AuthzPolicyHttpRuleToOperationHost>: A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
Methods List<string>: A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
Paths List<AuthzPolicyHttpRuleToOperationPath>: A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. Structure is documented below.

HeaderSet AuthzPolicyHttpRuleToOperationHeaderSet: A list of headers to match against in http header. Structure is documented below.
Hosts []AuthzPolicyHttpRuleToOperationHost: A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
Methods []string: A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
Paths []AuthzPolicyHttpRuleToOperationPath: A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. Structure is documented below.

headerSet AuthzPolicyHttpRuleToOperationHeaderSet: A list of headers to match against in http header. Structure is documented below.
hosts List<AuthzPolicyHttpRuleToOperationHost>: A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
methods List<String>: A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
paths List<AuthzPolicyHttpRuleToOperationPath>: A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. Structure is documented below.

headerSet AuthzPolicyHttpRuleToOperationHeaderSet: A list of headers to match against in http header. Structure is documented below.
hosts AuthzPolicyHttpRuleToOperationHost[]: A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
methods string[]: A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
paths AuthzPolicyHttpRuleToOperationPath[]: A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. Structure is documented below.

header_set AuthzPolicyHttpRuleToOperationHeaderSet: A list of headers to match against in http header. Structure is documented below.
hosts Sequence[AuthzPolicyHttpRuleToOperationHost]: A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
methods Sequence[str]: A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
paths Sequence[AuthzPolicyHttpRuleToOperationPath]: A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. Structure is documented below.

headerSet Property Map: A list of headers to match against in http header. Structure is documented below.
hosts List<Property Map>: A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.
methods List<String>: A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
paths List<Property Map>: A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. Structure is documented below.

AuthzPolicyHttpRuleToOperationHeaderSet, AuthzPolicyHttpRuleToOperationHeaderSetArgs

Headers List<AuthzPolicyHttpRuleToOperationHeaderSetHeader>: A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.

Headers []AuthzPolicyHttpRuleToOperationHeaderSetHeader: A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.

headers List<AuthzPolicyHttpRuleToOperationHeaderSetHeader>: A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.

headers AuthzPolicyHttpRuleToOperationHeaderSetHeader[]: A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.

headers Sequence[AuthzPolicyHttpRuleToOperationHeaderSetHeader]: A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.

headers List<Property Map>: A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Structure is documented below.

AuthzPolicyHttpRuleToOperationHeaderSetHeader, AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs

Name string: Specifies the name of the header in the request.
Value AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue: Specifies how the header match will be performed. Structure is documented below.

Name string: Specifies the name of the header in the request.
Value AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue: Specifies how the header match will be performed. Structure is documented below.

name String: Specifies the name of the header in the request.
value AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue: Specifies how the header match will be performed. Structure is documented below.

name string: Specifies the name of the header in the request.
value AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue: Specifies how the header match will be performed. Structure is documented below.

name str: Specifies the name of the header in the request.
value AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue: Specifies how the header match will be performed. Structure is documented below.

name String: Specifies the name of the header in the request.
value Property Map: Specifies how the header match will be performed. Structure is documented below.

AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue, AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs

Contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

Exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

IgnoreCase bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

Prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

Suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

Contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

Exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

IgnoreCase bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

Prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

Suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains String

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact String

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase Boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix String

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix String

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains str

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact str

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignore_case bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix str

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix str

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains String

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact String

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase Boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix String

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix String

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

AuthzPolicyHttpRuleToOperationHost, AuthzPolicyHttpRuleToOperationHostArgs

Contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

Exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

IgnoreCase bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

Prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

Suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

Contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

Exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

IgnoreCase bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

Prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

Suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains String

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact String

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase Boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix String

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix String

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains str

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact str

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignore_case bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix str

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix str

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains String

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact String

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase Boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix String

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix String

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

AuthzPolicyHttpRuleToOperationPath, AuthzPolicyHttpRuleToOperationPathArgs

Contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

Exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

IgnoreCase bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

Prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

Suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

Contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

Exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

IgnoreCase bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

Prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

Suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains String

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact String

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase Boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix String

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix String

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains string

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact string

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix string

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix string

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains str

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact str

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignore_case bool

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix str

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix str

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

contains String

The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc.def

exact String

The input string must match exactly the string specified here. Examples:

abc only matches the value abc.

ignoreCase Boolean

If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.

prefix String

The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value abc.xyz

suffix String

The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. Examples:

abc matches the value xyz.abc

AuthzPolicyTarget, AuthzPolicyTargetArgs

LoadBalancingScheme string: All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. For more information, refer to Backend services overview. Possible values are: INTERNAL_MANAGED, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED.
Resources List<string>: A list of references to the Forwarding Rules on which this policy will be applied.

LoadBalancingScheme string: All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. For more information, refer to Backend services overview. Possible values are: INTERNAL_MANAGED, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED.
Resources []string: A list of references to the Forwarding Rules on which this policy will be applied.

loadBalancingScheme String: All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. For more information, refer to Backend services overview. Possible values are: INTERNAL_MANAGED, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED.
resources List<String>: A list of references to the Forwarding Rules on which this policy will be applied.

loadBalancingScheme string: All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. For more information, refer to Backend services overview. Possible values are: INTERNAL_MANAGED, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED.
resources string[]: A list of references to the Forwarding Rules on which this policy will be applied.

load_balancing_scheme str: All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. For more information, refer to Backend services overview. Possible values are: INTERNAL_MANAGED, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED.
resources Sequence[str]: A list of references to the Forwarding Rules on which this policy will be applied.

loadBalancingScheme String: All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. For more information, refer to Backend services overview. Possible values are: INTERNAL_MANAGED, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED.
resources List<String>: A list of references to the Forwarding Rules on which this policy will be applied.

Import

AuthzPolicy can be imported using any of these accepted formats:

projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}
{{project}}/{{location}}/{{name}}
{{location}}/{{name}}
{{name}}

When using the pulumi import command, AuthzPolicy can be imported using one of the formats above. For example:

$ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}

$ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{project}}/{{location}}/{{name}}

$ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{location}}/{{name}}

$ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{name}}

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

pulumi/pulumi-gcp

gcp.networksecurity.AuthzPolicy

On this page

On this page

Example Usage

Create AuthzPolicy Resource

Constructor syntax

Parameters

Constructor example

AuthzPolicy Resource Properties

Inputs

Outputs

Look up Existing AuthzPolicy Resource

Supporting Types

AuthzPolicyCustomProvider, AuthzPolicyCustomProviderArgs

AuthzPolicyCustomProviderAuthzExtension, AuthzPolicyCustomProviderAuthzExtensionArgs

AuthzPolicyCustomProviderCloudIap, AuthzPolicyCustomProviderCloudIapArgs

AuthzPolicyHttpRule, AuthzPolicyHttpRuleArgs

AuthzPolicyHttpRuleFrom, AuthzPolicyHttpRuleFromArgs

AuthzPolicyHttpRuleFromNotSource, AuthzPolicyHttpRuleFromNotSourceArgs

AuthzPolicyHttpRuleFromNotSourcePrincipal, AuthzPolicyHttpRuleFromNotSourcePrincipalArgs

AuthzPolicyHttpRuleFromNotSourceResource, AuthzPolicyHttpRuleFromNotSourceResourceArgs

AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount, AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs

AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet, AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs

AuthzPolicyHttpRuleFromSource, AuthzPolicyHttpRuleFromSourceArgs

AuthzPolicyHttpRuleFromSourcePrincipal, AuthzPolicyHttpRuleFromSourcePrincipalArgs

AuthzPolicyHttpRuleFromSourceResource, AuthzPolicyHttpRuleFromSourceResourceArgs

AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount, AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs

AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet, AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs

AuthzPolicyHttpRuleTo, AuthzPolicyHttpRuleToArgs

AuthzPolicyHttpRuleToOperation, AuthzPolicyHttpRuleToOperationArgs

AuthzPolicyHttpRuleToOperationHeaderSet, AuthzPolicyHttpRuleToOperationHeaderSetArgs

AuthzPolicyHttpRuleToOperationHeaderSetHeader, AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs

AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue, AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs

AuthzPolicyHttpRuleToOperationHost, AuthzPolicyHttpRuleToOperationHostArgs

AuthzPolicyHttpRuleToOperationPath, AuthzPolicyHttpRuleToOperationPathArgs

AuthzPolicyTarget, AuthzPolicyTargetArgs

Import

Package Details

On this page

On this page