Google Cloud Native v0.32.0, Nov 29 23

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.networksecurity/v1.getAuthorizationPolicy

Explore with Pulumi AI

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

Using getAuthorizationPolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAuthorizationPolicy(args: GetAuthorizationPolicyArgs, opts?: InvokeOptions): Promise<GetAuthorizationPolicyResult>
function getAuthorizationPolicyOutput(args: GetAuthorizationPolicyOutputArgs, opts?: InvokeOptions): Output<GetAuthorizationPolicyResult>

def get_authorization_policy(authorization_policy_id: Optional[str] = None,
                             location: Optional[str] = None,
                             project: Optional[str] = None,
                             opts: Optional[InvokeOptions] = None) -> GetAuthorizationPolicyResult
def get_authorization_policy_output(authorization_policy_id: Optional[pulumi.Input[str]] = None,
                             location: Optional[pulumi.Input[str]] = None,
                             project: Optional[pulumi.Input[str]] = None,
                             opts: Optional[InvokeOptions] = None) -> Output[GetAuthorizationPolicyResult]

func LookupAuthorizationPolicy(ctx *Context, args *LookupAuthorizationPolicyArgs, opts ...InvokeOption) (*LookupAuthorizationPolicyResult, error)
func LookupAuthorizationPolicyOutput(ctx *Context, args *LookupAuthorizationPolicyOutputArgs, opts ...InvokeOption) LookupAuthorizationPolicyResultOutput

> Note: This function is named LookupAuthorizationPolicy in the Go SDK.

public static class GetAuthorizationPolicy 
{
    public static Task<GetAuthorizationPolicyResult> InvokeAsync(GetAuthorizationPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetAuthorizationPolicyResult> Invoke(GetAuthorizationPolicyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetAuthorizationPolicyResult> getAuthorizationPolicy(GetAuthorizationPolicyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: google-native:networksecurity/v1:getAuthorizationPolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

AuthorizationPolicyId string
Location string
Project string

AuthorizationPolicyId string
Location string
Project string

authorizationPolicyId String
location String
project String

authorizationPolicyId string
location string
project string

authorization_policy_id str
location str
project str

authorizationPolicyId String
location String
project String

getAuthorizationPolicy Result

The following output properties are available:

Action string: The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
CreateTime string: The timestamp when the resource was created.
Description string: Optional. Free-text description of the resource.
Labels Dictionary<string, string>: Optional. Set of label tags associated with the AuthorizationPolicy resource.
Name string: Name of the AuthorizationPolicy resource. It matches pattern projects/{project}/locations/{location}/authorizationPolicies/.
Rules List<Pulumi.GoogleNative.NetworkSecurity.V1.Outputs.RuleResponse>: Optional. List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. A rule is a match if there is a matching source and destination. If left blank, the action specified in the action field will be applied on every request.
UpdateTime string: The timestamp when the resource was updated.

Action string: The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
CreateTime string: The timestamp when the resource was created.
Description string: Optional. Free-text description of the resource.
Labels map[string]string: Optional. Set of label tags associated with the AuthorizationPolicy resource.
Name string: Name of the AuthorizationPolicy resource. It matches pattern projects/{project}/locations/{location}/authorizationPolicies/.
Rules []RuleResponse: Optional. List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. A rule is a match if there is a matching source and destination. If left blank, the action specified in the action field will be applied on every request.
UpdateTime string: The timestamp when the resource was updated.

action String: The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
createTime String: The timestamp when the resource was created.
description String: Optional. Free-text description of the resource.
labels Map<String,String>: Optional. Set of label tags associated with the AuthorizationPolicy resource.
name String: Name of the AuthorizationPolicy resource. It matches pattern projects/{project}/locations/{location}/authorizationPolicies/.
rules List<RuleResponse>: Optional. List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. A rule is a match if there is a matching source and destination. If left blank, the action specified in the action field will be applied on every request.
updateTime String: The timestamp when the resource was updated.

action string: The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
createTime string: The timestamp when the resource was created.
description string: Optional. Free-text description of the resource.
labels {[key: string]: string}: Optional. Set of label tags associated with the AuthorizationPolicy resource.
name string: Name of the AuthorizationPolicy resource. It matches pattern projects/{project}/locations/{location}/authorizationPolicies/.
rules RuleResponse[]: Optional. List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. A rule is a match if there is a matching source and destination. If left blank, the action specified in the action field will be applied on every request.
updateTime string: The timestamp when the resource was updated.

action str: The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
create_time str: The timestamp when the resource was created.
description str: Optional. Free-text description of the resource.
labels Mapping[str, str]: Optional. Set of label tags associated with the AuthorizationPolicy resource.
name str: Name of the AuthorizationPolicy resource. It matches pattern projects/{project}/locations/{location}/authorizationPolicies/.
rules Sequence[RuleResponse]: Optional. List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. A rule is a match if there is a matching source and destination. If left blank, the action specified in the action field will be applied on every request.
update_time str: The timestamp when the resource was updated.

action String: The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
createTime String: The timestamp when the resource was created.
description String: Optional. Free-text description of the resource.
labels Map<String>: Optional. Set of label tags associated with the AuthorizationPolicy resource.
name String: Name of the AuthorizationPolicy resource. It matches pattern projects/{project}/locations/{location}/authorizationPolicies/.
rules List<Property Map>: Optional. List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. A rule is a match if there is a matching source and destination. If left blank, the action specified in the action field will be applied on every request.
updateTime String: The timestamp when the resource was updated.

Supporting Types

DestinationResponse

Hosts List<string>: List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
HttpHeaderMatch Pulumi.GoogleNative.NetworkSecurity.V1.Inputs.HttpHeaderMatchResponse: Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
Methods List<string>: Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
Ports List<int>: List of destination ports to match. At least one port should match.

Hosts []string: List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
HttpHeaderMatch HttpHeaderMatchResponse: Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
Methods []string: Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
Ports []int: List of destination ports to match. At least one port should match.

hosts List<String>: List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
httpHeaderMatch HttpHeaderMatchResponse: Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
methods List<String>: Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
ports List<Integer>: List of destination ports to match. At least one port should match.

hosts string[]: List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
httpHeaderMatch HttpHeaderMatchResponse: Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
methods string[]: Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
ports number[]: List of destination ports to match. At least one port should match.

hosts Sequence[str]: List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
http_header_match HttpHeaderMatchResponse: Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
methods Sequence[str]: Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
ports Sequence[int]: List of destination ports to match. At least one port should match.

hosts List<String>: List of host names to match. Matched against the ":authority" header in http requests. At least one host should match. Each host can be an exact match, or a prefix match (example "mydomain.") or a suffix match (example ".myorg.com") or a presence (any) match "*".
httpHeaderMatch Property Map: Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. At least one header should match. Avoid using header matches to make authorization decisions unless there is a strong guarantee that requests arrive through a trusted client or proxy.
methods List<String>: Optional. A list of HTTP methods to match. At least one method should match. Should not be set for gRPC services.
ports List<Number>: List of destination ports to match. At least one port should match.

HttpHeaderMatchResponse

HeaderName string: The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
RegexMatch string: The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.

HeaderName string: The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
RegexMatch string: The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.

headerName String: The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
regexMatch String: The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.

headerName string: The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
regexMatch string: The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.

header_name str: The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
regex_match str: The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.

headerName String: The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method".
regexMatch String: The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.

RuleResponse

Destinations List<Pulumi.GoogleNative.NetworkSecurity.V1.Inputs.DestinationResponse>: Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
Sources List<Pulumi.GoogleNative.NetworkSecurity.V1.Inputs.SourceResponse>: Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.

Destinations []DestinationResponse: Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
Sources []SourceResponse: Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.

destinations List<DestinationResponse>: Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
sources List<SourceResponse>: Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.

destinations DestinationResponse[]: Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
sources SourceResponse[]: Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.

destinations Sequence[DestinationResponse]: Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
sources Sequence[SourceResponse]: Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.

destinations List<Property Map>: Optional. List of attributes for the traffic destination. All of the destinations must match. A destination is a match if a request matches all the specified hosts, ports, methods and headers. If not set, the action specified in the 'action' field will be applied without any rule checks for the destination.
sources List<Property Map>: Optional. List of attributes for the traffic source. All of the sources must match. A source is a match if both principals and ip_blocks match. If not set, the action specified in the 'action' field will be applied without any rule checks for the source.

SourceResponse

IpBlocks List<string>: Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
Principals List<string>: Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.

IpBlocks []string: Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
Principals []string: Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.

ipBlocks List<String>: Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
principals List<String>: Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.

ipBlocks string[]: Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
principals string[]: Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.

ip_blocks Sequence[str]: Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
principals Sequence[str]: Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.

ipBlocks List<String>: Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.
principals List<String>: Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.networksecurity/v1.getAuthorizationPolicy

On this page

On this page

Using getAuthorizationPolicy

getAuthorizationPolicy Result

Supporting Types

DestinationResponse

HttpHeaderMatchResponse

RuleResponse

SourceResponse

Package Details

On this page

On this page