Strata Cloud Manager v0.4.3 published on Saturday, Nov 8, 2025 by Pulumi
Strata Cloud Manager v0.4.3 published on Saturday, Nov 8, 2025 by Pulumi
DecryptionRule resource
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as scm from "@pulumi/scm";
// --- 1. TAG Resource ---
const decryptionPositionTag = new scm.Tag("decryption_position_tag", {
name: "decryption-position-tag",
folder: "All",
color: "Purple",
});
// --- 2. ANCHOR DECRYPTION RULE (Used for relative positioning) ---
const anchorDecryptionRule = new scm.DecryptionRule("anchor_decryption_rule", {
name: "anchor-decryption-rule",
description: "Base rule for testing 'before' and 'after' positioning.",
folder: "All",
position: "pre",
action: "decrypt",
froms: ["trust"],
tos: ["untrust"],
sources: ["any"],
destinations: ["any"],
services: ["service-https"],
categories: ["high-risk"],
sourceUsers: ["any"],
type: {
sslForwardProxy: {},
},
destinationHips: ["any"],
tags: [decryptionPositionTag.name],
logSuccess: true,
logFail: true,
disabled: false,
negateSource: false,
negateDestination: false,
});
// --- 3. ABSOLUTE POSITIONING Examples ("top" and "bottom") ---
const ruleTopDecryptionRule = new scm.DecryptionRule("rule_top_decryption_rule", {
name: "top-absolute-decryption-rule",
description: "Placed at the very TOP of the Decryption rulebase.",
folder: "All",
position: "pre",
action: "no-decrypt",
relativePosition: "top",
froms: ["any"],
tos: ["any"],
sources: ["any"],
destinations: ["any"],
services: ["service-https"],
categories: ["high-risk"],
sourceUsers: ["any"],
type: {
sslForwardProxy: {},
},
});
const ruleBottomDecryptionRule = new scm.DecryptionRule("rule_bottom_decryption_rule", {
name: "bottom-absolute-decryption-rule",
description: "Placed at the very BOTTOM of the Decryption rulebase.",
folder: "All",
position: "pre",
action: "decrypt",
relativePosition: "bottom",
froms: ["any"],
tos: ["any"],
sources: ["any"],
destinations: ["any"],
services: ["service-https"],
categories: ["high-risk"],
sourceUsers: ["any"],
type: {
sslForwardProxy: {},
},
});
// --- 4. RELATIVE POSITIONING Examples ("before" and "after") ---
const ruleBeforeAnchorDecryption = new scm.DecryptionRule("rule_before_anchor_decryption", {
name: "before-anchor-decryption-rule",
description: "Positioned immediately BEFORE the anchor-decryption-rule. Updating",
folder: "All",
position: "pre",
action: "decrypt",
relativePosition: "before",
targetRule: anchorDecryptionRule.id,
froms: ["trust"],
tos: ["untrust"],
sources: ["10.1.1.0/24"],
destinations: ["any"],
services: ["service-https"],
categories: ["high-risk"],
sourceUsers: ["any"],
type: {
sslForwardProxy: {},
},
});
const ruleAfterAnchorDecryption = new scm.DecryptionRule("rule_after_anchor_decryption", {
name: "after-anchor-decryption-rule_123",
description: "Positioned immediately AFTER the anchor-decryption-rule.",
folder: "All",
position: "pre",
action: "decrypt",
relativePosition: "after",
targetRule: anchorDecryptionRule.id,
froms: ["any"],
tos: ["untrust"],
sources: ["any"],
destinations: ["192.168.1.10"],
services: ["service-https"],
categories: ["any"],
sourceUsers: ["any"],
type: {
sslForwardProxy: {},
},
});
import pulumi
import pulumi_scm as scm
# --- 1. TAG Resource ---
decryption_position_tag = scm.Tag("decryption_position_tag",
name="decryption-position-tag",
folder="All",
color="Purple")
# --- 2. ANCHOR DECRYPTION RULE (Used for relative positioning) ---
anchor_decryption_rule = scm.DecryptionRule("anchor_decryption_rule",
name="anchor-decryption-rule",
description="Base rule for testing 'before' and 'after' positioning.",
folder="All",
position="pre",
action="decrypt",
froms=["trust"],
tos=["untrust"],
sources=["any"],
destinations=["any"],
services=["service-https"],
categories=["high-risk"],
source_users=["any"],
type={
"ssl_forward_proxy": {},
},
destination_hips=["any"],
tags=[decryption_position_tag.name],
log_success=True,
log_fail=True,
disabled=False,
negate_source=False,
negate_destination=False)
# --- 3. ABSOLUTE POSITIONING Examples ("top" and "bottom") ---
rule_top_decryption_rule = scm.DecryptionRule("rule_top_decryption_rule",
name="top-absolute-decryption-rule",
description="Placed at the very TOP of the Decryption rulebase.",
folder="All",
position="pre",
action="no-decrypt",
relative_position="top",
froms=["any"],
tos=["any"],
sources=["any"],
destinations=["any"],
services=["service-https"],
categories=["high-risk"],
source_users=["any"],
type={
"ssl_forward_proxy": {},
})
rule_bottom_decryption_rule = scm.DecryptionRule("rule_bottom_decryption_rule",
name="bottom-absolute-decryption-rule",
description="Placed at the very BOTTOM of the Decryption rulebase.",
folder="All",
position="pre",
action="decrypt",
relative_position="bottom",
froms=["any"],
tos=["any"],
sources=["any"],
destinations=["any"],
services=["service-https"],
categories=["high-risk"],
source_users=["any"],
type={
"ssl_forward_proxy": {},
})
# --- 4. RELATIVE POSITIONING Examples ("before" and "after") ---
rule_before_anchor_decryption = scm.DecryptionRule("rule_before_anchor_decryption",
name="before-anchor-decryption-rule",
description="Positioned immediately BEFORE the anchor-decryption-rule. Updating",
folder="All",
position="pre",
action="decrypt",
relative_position="before",
target_rule=anchor_decryption_rule.id,
froms=["trust"],
tos=["untrust"],
sources=["10.1.1.0/24"],
destinations=["any"],
services=["service-https"],
categories=["high-risk"],
source_users=["any"],
type={
"ssl_forward_proxy": {},
})
rule_after_anchor_decryption = scm.DecryptionRule("rule_after_anchor_decryption",
name="after-anchor-decryption-rule_123",
description="Positioned immediately AFTER the anchor-decryption-rule.",
folder="All",
position="pre",
action="decrypt",
relative_position="after",
target_rule=anchor_decryption_rule.id,
froms=["any"],
tos=["untrust"],
sources=["any"],
destinations=["192.168.1.10"],
services=["service-https"],
categories=["any"],
source_users=["any"],
type={
"ssl_forward_proxy": {},
})
package main
import (
"github.com/pulumi/pulumi-scm/sdk/go/scm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// --- 1. TAG Resource ---
decryptionPositionTag, err := scm.NewTag(ctx, "decryption_position_tag", &scm.TagArgs{
Name: pulumi.String("decryption-position-tag"),
Folder: pulumi.String("All"),
Color: pulumi.String("Purple"),
})
if err != nil {
return err
}
// --- 2. ANCHOR DECRYPTION RULE (Used for relative positioning) ---
anchorDecryptionRule, err := scm.NewDecryptionRule(ctx, "anchor_decryption_rule", &scm.DecryptionRuleArgs{
Name: pulumi.String("anchor-decryption-rule"),
Description: pulumi.String("Base rule for testing 'before' and 'after' positioning."),
Folder: pulumi.String("All"),
Position: pulumi.String("pre"),
Action: pulumi.String("decrypt"),
Froms: pulumi.StringArray{
pulumi.String("trust"),
},
Tos: pulumi.StringArray{
pulumi.String("untrust"),
},
Sources: pulumi.StringArray{
pulumi.String("any"),
},
Destinations: pulumi.StringArray{
pulumi.String("any"),
},
Services: pulumi.StringArray{
pulumi.String("service-https"),
},
Categories: pulumi.StringArray{
pulumi.String("high-risk"),
},
SourceUsers: pulumi.StringArray{
pulumi.String("any"),
},
Type: &scm.DecryptionRuleTypeArgs{
SslForwardProxy: &scm.DecryptionRuleTypeSslForwardProxyArgs{},
},
DestinationHips: pulumi.StringArray{
pulumi.String("any"),
},
Tags: pulumi.StringArray{
decryptionPositionTag.Name,
},
LogSuccess: pulumi.Bool(true),
LogFail: pulumi.Bool(true),
Disabled: pulumi.Bool(false),
NegateSource: pulumi.Bool(false),
NegateDestination: pulumi.Bool(false),
})
if err != nil {
return err
}
// --- 3. ABSOLUTE POSITIONING Examples ("top" and "bottom") ---
_, err = scm.NewDecryptionRule(ctx, "rule_top_decryption_rule", &scm.DecryptionRuleArgs{
Name: pulumi.String("top-absolute-decryption-rule"),
Description: pulumi.String("Placed at the very TOP of the Decryption rulebase."),
Folder: pulumi.String("All"),
Position: pulumi.String("pre"),
Action: pulumi.String("no-decrypt"),
RelativePosition: pulumi.String("top"),
Froms: pulumi.StringArray{
pulumi.String("any"),
},
Tos: pulumi.StringArray{
pulumi.String("any"),
},
Sources: pulumi.StringArray{
pulumi.String("any"),
},
Destinations: pulumi.StringArray{
pulumi.String("any"),
},
Services: pulumi.StringArray{
pulumi.String("service-https"),
},
Categories: pulumi.StringArray{
pulumi.String("high-risk"),
},
SourceUsers: pulumi.StringArray{
pulumi.String("any"),
},
Type: &scm.DecryptionRuleTypeArgs{
SslForwardProxy: &scm.DecryptionRuleTypeSslForwardProxyArgs{},
},
})
if err != nil {
return err
}
_, err = scm.NewDecryptionRule(ctx, "rule_bottom_decryption_rule", &scm.DecryptionRuleArgs{
Name: pulumi.String("bottom-absolute-decryption-rule"),
Description: pulumi.String("Placed at the very BOTTOM of the Decryption rulebase."),
Folder: pulumi.String("All"),
Position: pulumi.String("pre"),
Action: pulumi.String("decrypt"),
RelativePosition: pulumi.String("bottom"),
Froms: pulumi.StringArray{
pulumi.String("any"),
},
Tos: pulumi.StringArray{
pulumi.String("any"),
},
Sources: pulumi.StringArray{
pulumi.String("any"),
},
Destinations: pulumi.StringArray{
pulumi.String("any"),
},
Services: pulumi.StringArray{
pulumi.String("service-https"),
},
Categories: pulumi.StringArray{
pulumi.String("high-risk"),
},
SourceUsers: pulumi.StringArray{
pulumi.String("any"),
},
Type: &scm.DecryptionRuleTypeArgs{
SslForwardProxy: &scm.DecryptionRuleTypeSslForwardProxyArgs{},
},
})
if err != nil {
return err
}
// --- 4. RELATIVE POSITIONING Examples ("before" and "after") ---
_, err = scm.NewDecryptionRule(ctx, "rule_before_anchor_decryption", &scm.DecryptionRuleArgs{
Name: pulumi.String("before-anchor-decryption-rule"),
Description: pulumi.String("Positioned immediately BEFORE the anchor-decryption-rule. Updating"),
Folder: pulumi.String("All"),
Position: pulumi.String("pre"),
Action: pulumi.String("decrypt"),
RelativePosition: pulumi.String("before"),
TargetRule: anchorDecryptionRule.ID(),
Froms: pulumi.StringArray{
pulumi.String("trust"),
},
Tos: pulumi.StringArray{
pulumi.String("untrust"),
},
Sources: pulumi.StringArray{
pulumi.String("10.1.1.0/24"),
},
Destinations: pulumi.StringArray{
pulumi.String("any"),
},
Services: pulumi.StringArray{
pulumi.String("service-https"),
},
Categories: pulumi.StringArray{
pulumi.String("high-risk"),
},
SourceUsers: pulumi.StringArray{
pulumi.String("any"),
},
Type: &scm.DecryptionRuleTypeArgs{
SslForwardProxy: &scm.DecryptionRuleTypeSslForwardProxyArgs{},
},
})
if err != nil {
return err
}
_, err = scm.NewDecryptionRule(ctx, "rule_after_anchor_decryption", &scm.DecryptionRuleArgs{
Name: pulumi.String("after-anchor-decryption-rule_123"),
Description: pulumi.String("Positioned immediately AFTER the anchor-decryption-rule."),
Folder: pulumi.String("All"),
Position: pulumi.String("pre"),
Action: pulumi.String("decrypt"),
RelativePosition: pulumi.String("after"),
TargetRule: anchorDecryptionRule.ID(),
Froms: pulumi.StringArray{
pulumi.String("any"),
},
Tos: pulumi.StringArray{
pulumi.String("untrust"),
},
Sources: pulumi.StringArray{
pulumi.String("any"),
},
Destinations: pulumi.StringArray{
pulumi.String("192.168.1.10"),
},
Services: pulumi.StringArray{
pulumi.String("service-https"),
},
Categories: pulumi.StringArray{
pulumi.String("any"),
},
SourceUsers: pulumi.StringArray{
pulumi.String("any"),
},
Type: &scm.DecryptionRuleTypeArgs{
SslForwardProxy: &scm.DecryptionRuleTypeSslForwardProxyArgs{},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Scm = Pulumi.Scm;
return await Deployment.RunAsync(() =>
{
// --- 1. TAG Resource ---
var decryptionPositionTag = new Scm.Tag("decryption_position_tag", new()
{
Name = "decryption-position-tag",
Folder = "All",
Color = "Purple",
});
// --- 2. ANCHOR DECRYPTION RULE (Used for relative positioning) ---
var anchorDecryptionRule = new Scm.DecryptionRule("anchor_decryption_rule", new()
{
Name = "anchor-decryption-rule",
Description = "Base rule for testing 'before' and 'after' positioning.",
Folder = "All",
Position = "pre",
Action = "decrypt",
Froms = new[]
{
"trust",
},
Tos = new[]
{
"untrust",
},
Sources = new[]
{
"any",
},
Destinations = new[]
{
"any",
},
Services = new[]
{
"service-https",
},
Categories = new[]
{
"high-risk",
},
SourceUsers = new[]
{
"any",
},
Type = new Scm.Inputs.DecryptionRuleTypeArgs
{
SslForwardProxy = null,
},
DestinationHips = new[]
{
"any",
},
Tags = new[]
{
decryptionPositionTag.Name,
},
LogSuccess = true,
LogFail = true,
Disabled = false,
NegateSource = false,
NegateDestination = false,
});
// --- 3. ABSOLUTE POSITIONING Examples ("top" and "bottom") ---
var ruleTopDecryptionRule = new Scm.DecryptionRule("rule_top_decryption_rule", new()
{
Name = "top-absolute-decryption-rule",
Description = "Placed at the very TOP of the Decryption rulebase.",
Folder = "All",
Position = "pre",
Action = "no-decrypt",
RelativePosition = "top",
Froms = new[]
{
"any",
},
Tos = new[]
{
"any",
},
Sources = new[]
{
"any",
},
Destinations = new[]
{
"any",
},
Services = new[]
{
"service-https",
},
Categories = new[]
{
"high-risk",
},
SourceUsers = new[]
{
"any",
},
Type = new Scm.Inputs.DecryptionRuleTypeArgs
{
SslForwardProxy = null,
},
});
var ruleBottomDecryptionRule = new Scm.DecryptionRule("rule_bottom_decryption_rule", new()
{
Name = "bottom-absolute-decryption-rule",
Description = "Placed at the very BOTTOM of the Decryption rulebase.",
Folder = "All",
Position = "pre",
Action = "decrypt",
RelativePosition = "bottom",
Froms = new[]
{
"any",
},
Tos = new[]
{
"any",
},
Sources = new[]
{
"any",
},
Destinations = new[]
{
"any",
},
Services = new[]
{
"service-https",
},
Categories = new[]
{
"high-risk",
},
SourceUsers = new[]
{
"any",
},
Type = new Scm.Inputs.DecryptionRuleTypeArgs
{
SslForwardProxy = null,
},
});
// --- 4. RELATIVE POSITIONING Examples ("before" and "after") ---
var ruleBeforeAnchorDecryption = new Scm.DecryptionRule("rule_before_anchor_decryption", new()
{
Name = "before-anchor-decryption-rule",
Description = "Positioned immediately BEFORE the anchor-decryption-rule. Updating",
Folder = "All",
Position = "pre",
Action = "decrypt",
RelativePosition = "before",
TargetRule = anchorDecryptionRule.Id,
Froms = new[]
{
"trust",
},
Tos = new[]
{
"untrust",
},
Sources = new[]
{
"10.1.1.0/24",
},
Destinations = new[]
{
"any",
},
Services = new[]
{
"service-https",
},
Categories = new[]
{
"high-risk",
},
SourceUsers = new[]
{
"any",
},
Type = new Scm.Inputs.DecryptionRuleTypeArgs
{
SslForwardProxy = null,
},
});
var ruleAfterAnchorDecryption = new Scm.DecryptionRule("rule_after_anchor_decryption", new()
{
Name = "after-anchor-decryption-rule_123",
Description = "Positioned immediately AFTER the anchor-decryption-rule.",
Folder = "All",
Position = "pre",
Action = "decrypt",
RelativePosition = "after",
TargetRule = anchorDecryptionRule.Id,
Froms = new[]
{
"any",
},
Tos = new[]
{
"untrust",
},
Sources = new[]
{
"any",
},
Destinations = new[]
{
"192.168.1.10",
},
Services = new[]
{
"service-https",
},
Categories = new[]
{
"any",
},
SourceUsers = new[]
{
"any",
},
Type = new Scm.Inputs.DecryptionRuleTypeArgs
{
SslForwardProxy = null,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.scm.Tag;
import com.pulumi.scm.TagArgs;
import com.pulumi.scm.DecryptionRule;
import com.pulumi.scm.DecryptionRuleArgs;
import com.pulumi.scm.inputs.DecryptionRuleTypeArgs;
import com.pulumi.scm.inputs.DecryptionRuleTypeSslForwardProxyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// --- 1. TAG Resource ---
var decryptionPositionTag = new Tag("decryptionPositionTag", TagArgs.builder()
.name("decryption-position-tag")
.folder("All")
.color("Purple")
.build());
// --- 2. ANCHOR DECRYPTION RULE (Used for relative positioning) ---
var anchorDecryptionRule = new DecryptionRule("anchorDecryptionRule", DecryptionRuleArgs.builder()
.name("anchor-decryption-rule")
.description("Base rule for testing 'before' and 'after' positioning.")
.folder("All")
.position("pre")
.action("decrypt")
.froms("trust")
.tos("untrust")
.sources("any")
.destinations("any")
.services("service-https")
.categories("high-risk")
.sourceUsers("any")
.type(DecryptionRuleTypeArgs.builder()
.sslForwardProxy(DecryptionRuleTypeSslForwardProxyArgs.builder()
.build())
.build())
.destinationHips("any")
.tags(decryptionPositionTag.name())
.logSuccess(true)
.logFail(true)
.disabled(false)
.negateSource(false)
.negateDestination(false)
.build());
// --- 3. ABSOLUTE POSITIONING Examples ("top" and "bottom") ---
var ruleTopDecryptionRule = new DecryptionRule("ruleTopDecryptionRule", DecryptionRuleArgs.builder()
.name("top-absolute-decryption-rule")
.description("Placed at the very TOP of the Decryption rulebase.")
.folder("All")
.position("pre")
.action("no-decrypt")
.relativePosition("top")
.froms("any")
.tos("any")
.sources("any")
.destinations("any")
.services("service-https")
.categories("high-risk")
.sourceUsers("any")
.type(DecryptionRuleTypeArgs.builder()
.sslForwardProxy(DecryptionRuleTypeSslForwardProxyArgs.builder()
.build())
.build())
.build());
var ruleBottomDecryptionRule = new DecryptionRule("ruleBottomDecryptionRule", DecryptionRuleArgs.builder()
.name("bottom-absolute-decryption-rule")
.description("Placed at the very BOTTOM of the Decryption rulebase.")
.folder("All")
.position("pre")
.action("decrypt")
.relativePosition("bottom")
.froms("any")
.tos("any")
.sources("any")
.destinations("any")
.services("service-https")
.categories("high-risk")
.sourceUsers("any")
.type(DecryptionRuleTypeArgs.builder()
.sslForwardProxy(DecryptionRuleTypeSslForwardProxyArgs.builder()
.build())
.build())
.build());
// --- 4. RELATIVE POSITIONING Examples ("before" and "after") ---
var ruleBeforeAnchorDecryption = new DecryptionRule("ruleBeforeAnchorDecryption", DecryptionRuleArgs.builder()
.name("before-anchor-decryption-rule")
.description("Positioned immediately BEFORE the anchor-decryption-rule. Updating")
.folder("All")
.position("pre")
.action("decrypt")
.relativePosition("before")
.targetRule(anchorDecryptionRule.id())
.froms("trust")
.tos("untrust")
.sources("10.1.1.0/24")
.destinations("any")
.services("service-https")
.categories("high-risk")
.sourceUsers("any")
.type(DecryptionRuleTypeArgs.builder()
.sslForwardProxy(DecryptionRuleTypeSslForwardProxyArgs.builder()
.build())
.build())
.build());
var ruleAfterAnchorDecryption = new DecryptionRule("ruleAfterAnchorDecryption", DecryptionRuleArgs.builder()
.name("after-anchor-decryption-rule_123")
.description("Positioned immediately AFTER the anchor-decryption-rule.")
.folder("All")
.position("pre")
.action("decrypt")
.relativePosition("after")
.targetRule(anchorDecryptionRule.id())
.froms("any")
.tos("untrust")
.sources("any")
.destinations("192.168.1.10")
.services("service-https")
.categories("any")
.sourceUsers("any")
.type(DecryptionRuleTypeArgs.builder()
.sslForwardProxy(DecryptionRuleTypeSslForwardProxyArgs.builder()
.build())
.build())
.build());
}
}
resources:
# --- 1. TAG Resource ---
decryptionPositionTag:
type: scm:Tag
name: decryption_position_tag
properties:
name: decryption-position-tag
folder: All
color: Purple
# --- 2. ANCHOR DECRYPTION RULE (Used for relative positioning) ---
anchorDecryptionRule:
type: scm:DecryptionRule
name: anchor_decryption_rule
properties:
name: anchor-decryption-rule
description: Base rule for testing 'before' and 'after' positioning.
folder: All
position: pre
action: decrypt
froms: # Source security zone
- trust
tos: # Destination security zone
- untrust
sources: # Source addresses
- any
destinations: # Destination addresses
- any
services: # Services (e.g., standard HTTPS port)
- service-https
categories: # Destination URL Category
- high-risk
sourceUsers: # Source user/group
- any
type:
sslForwardProxy: {}
destinationHips:
- any
tags:
- ${decryptionPositionTag.name}
logSuccess: true
logFail: true
disabled: false
negateSource: false
negateDestination: false
# --- 3. ABSOLUTE POSITIONING Examples ("top" and "bottom") ---
ruleTopDecryptionRule:
type: scm:DecryptionRule
name: rule_top_decryption_rule
properties:
name: top-absolute-decryption-rule
description: Placed at the very TOP of the Decryption rulebase.
folder: All
position: pre
action: no-decrypt
relativePosition: top
froms:
- any
tos:
- any
sources:
- any
destinations:
- any
services:
- service-https
categories:
- high-risk
sourceUsers:
- any
type:
sslForwardProxy: {}
ruleBottomDecryptionRule:
type: scm:DecryptionRule
name: rule_bottom_decryption_rule
properties:
name: bottom-absolute-decryption-rule
description: Placed at the very BOTTOM of the Decryption rulebase.
folder: All
position: pre
action: decrypt
relativePosition: bottom
froms:
- any
tos:
- any
sources:
- any
destinations:
- any
services:
- service-https
categories:
- high-risk
sourceUsers:
- any
type:
sslForwardProxy: {}
# --- 4. RELATIVE POSITIONING Examples ("before" and "after") ---
ruleBeforeAnchorDecryption:
type: scm:DecryptionRule
name: rule_before_anchor_decryption
properties:
name: before-anchor-decryption-rule
description: Positioned immediately BEFORE the anchor-decryption-rule. Updating
folder: All
position: pre
action: decrypt
relativePosition: before
targetRule: ${anchorDecryptionRule.id}
froms:
- trust
tos:
- untrust
sources: # Specific source subnet
- 10.1.1.0/24
destinations:
- any
services:
- service-https
categories:
- high-risk
sourceUsers:
- any
type:
sslForwardProxy: {}
ruleAfterAnchorDecryption:
type: scm:DecryptionRule
name: rule_after_anchor_decryption
properties:
name: after-anchor-decryption-rule_123
description: Positioned immediately AFTER the anchor-decryption-rule.
folder: All
position: pre
action: decrypt
relativePosition: after
targetRule: ${anchorDecryptionRule.id}
froms:
- any
tos:
- untrust
sources:
- any
destinations: # Specific destination host
- 192.168.1.10
services:
- service-https
categories:
- any
sourceUsers:
- any
type:
sslForwardProxy: {}
Create DecryptionRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DecryptionRule(name: string, args: DecryptionRuleArgs, opts?: CustomResourceOptions);@overload
def DecryptionRule(resource_name: str,
args: DecryptionRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DecryptionRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
froms: Optional[Sequence[str]] = None,
categories: Optional[Sequence[str]] = None,
tos: Optional[Sequence[str]] = None,
sources: Optional[Sequence[str]] = None,
destinations: Optional[Sequence[str]] = None,
source_users: Optional[Sequence[str]] = None,
action: Optional[str] = None,
services: Optional[Sequence[str]] = None,
disabled: Optional[bool] = None,
relative_position: Optional[str] = None,
log_setting: Optional[str] = None,
log_success: Optional[bool] = None,
name: Optional[str] = None,
negate_destination: Optional[bool] = None,
negate_source: Optional[bool] = None,
position: Optional[str] = None,
profile: Optional[str] = None,
log_fail: Optional[bool] = None,
folder: Optional[str] = None,
snippet: Optional[str] = None,
source_hips: Optional[Sequence[str]] = None,
device: Optional[str] = None,
destination_hips: Optional[Sequence[str]] = None,
tags: Optional[Sequence[str]] = None,
target_rule: Optional[str] = None,
description: Optional[str] = None,
type: Optional[DecryptionRuleTypeArgs] = None)func NewDecryptionRule(ctx *Context, name string, args DecryptionRuleArgs, opts ...ResourceOption) (*DecryptionRule, error)public DecryptionRule(string name, DecryptionRuleArgs args, CustomResourceOptions? opts = null)
public DecryptionRule(String name, DecryptionRuleArgs args)
public DecryptionRule(String name, DecryptionRuleArgs args, CustomResourceOptions options)
type: scm:DecryptionRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DecryptionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DecryptionRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DecryptionRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DecryptionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DecryptionRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var decryptionRuleResource = new Scm.DecryptionRule("decryptionRuleResource", new()
{
Froms = new[]
{
"string",
},
Categories = new[]
{
"string",
},
Tos = new[]
{
"string",
},
Sources = new[]
{
"string",
},
Destinations = new[]
{
"string",
},
SourceUsers = new[]
{
"string",
},
Action = "string",
Services = new[]
{
"string",
},
Disabled = false,
RelativePosition = "string",
LogSetting = "string",
LogSuccess = false,
Name = "string",
NegateDestination = false,
NegateSource = false,
Position = "string",
Profile = "string",
LogFail = false,
Folder = "string",
Snippet = "string",
SourceHips = new[]
{
"string",
},
Device = "string",
DestinationHips = new[]
{
"string",
},
Tags = new[]
{
"string",
},
TargetRule = "string",
Description = "string",
Type = new Scm.Inputs.DecryptionRuleTypeArgs
{
SslForwardProxy = null,
SslInboundInspection = "string",
},
});
example, err := scm.NewDecryptionRule(ctx, "decryptionRuleResource", &scm.DecryptionRuleArgs{
Froms: pulumi.StringArray{
pulumi.String("string"),
},
Categories: pulumi.StringArray{
pulumi.String("string"),
},
Tos: pulumi.StringArray{
pulumi.String("string"),
},
Sources: pulumi.StringArray{
pulumi.String("string"),
},
Destinations: pulumi.StringArray{
pulumi.String("string"),
},
SourceUsers: pulumi.StringArray{
pulumi.String("string"),
},
Action: pulumi.String("string"),
Services: pulumi.StringArray{
pulumi.String("string"),
},
Disabled: pulumi.Bool(false),
RelativePosition: pulumi.String("string"),
LogSetting: pulumi.String("string"),
LogSuccess: pulumi.Bool(false),
Name: pulumi.String("string"),
NegateDestination: pulumi.Bool(false),
NegateSource: pulumi.Bool(false),
Position: pulumi.String("string"),
Profile: pulumi.String("string"),
LogFail: pulumi.Bool(false),
Folder: pulumi.String("string"),
Snippet: pulumi.String("string"),
SourceHips: pulumi.StringArray{
pulumi.String("string"),
},
Device: pulumi.String("string"),
DestinationHips: pulumi.StringArray{
pulumi.String("string"),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
TargetRule: pulumi.String("string"),
Description: pulumi.String("string"),
Type: &scm.DecryptionRuleTypeArgs{
SslForwardProxy: &scm.DecryptionRuleTypeSslForwardProxyArgs{},
SslInboundInspection: pulumi.String("string"),
},
})
var decryptionRuleResource = new DecryptionRule("decryptionRuleResource", DecryptionRuleArgs.builder()
.froms("string")
.categories("string")
.tos("string")
.sources("string")
.destinations("string")
.sourceUsers("string")
.action("string")
.services("string")
.disabled(false)
.relativePosition("string")
.logSetting("string")
.logSuccess(false)
.name("string")
.negateDestination(false)
.negateSource(false)
.position("string")
.profile("string")
.logFail(false)
.folder("string")
.snippet("string")
.sourceHips("string")
.device("string")
.destinationHips("string")
.tags("string")
.targetRule("string")
.description("string")
.type(DecryptionRuleTypeArgs.builder()
.sslForwardProxy(DecryptionRuleTypeSslForwardProxyArgs.builder()
.build())
.sslInboundInspection("string")
.build())
.build());
decryption_rule_resource = scm.DecryptionRule("decryptionRuleResource",
froms=["string"],
categories=["string"],
tos=["string"],
sources=["string"],
destinations=["string"],
source_users=["string"],
action="string",
services=["string"],
disabled=False,
relative_position="string",
log_setting="string",
log_success=False,
name="string",
negate_destination=False,
negate_source=False,
position="string",
profile="string",
log_fail=False,
folder="string",
snippet="string",
source_hips=["string"],
device="string",
destination_hips=["string"],
tags=["string"],
target_rule="string",
description="string",
type={
"ssl_forward_proxy": {},
"ssl_inbound_inspection": "string",
})
const decryptionRuleResource = new scm.DecryptionRule("decryptionRuleResource", {
froms: ["string"],
categories: ["string"],
tos: ["string"],
sources: ["string"],
destinations: ["string"],
sourceUsers: ["string"],
action: "string",
services: ["string"],
disabled: false,
relativePosition: "string",
logSetting: "string",
logSuccess: false,
name: "string",
negateDestination: false,
negateSource: false,
position: "string",
profile: "string",
logFail: false,
folder: "string",
snippet: "string",
sourceHips: ["string"],
device: "string",
destinationHips: ["string"],
tags: ["string"],
targetRule: "string",
description: "string",
type: {
sslForwardProxy: {},
sslInboundInspection: "string",
},
});
type: scm:DecryptionRule
properties:
action: string
categories:
- string
description: string
destinationHips:
- string
destinations:
- string
device: string
disabled: false
folder: string
froms:
- string
logFail: false
logSetting: string
logSuccess: false
name: string
negateDestination: false
negateSource: false
position: string
profile: string
relativePosition: string
services:
- string
snippet: string
sourceHips:
- string
sourceUsers:
- string
sources:
- string
tags:
- string
targetRule: string
tos:
- string
type:
sslForwardProxy: {}
sslInboundInspection: string
DecryptionRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DecryptionRule resource accepts the following input properties:
- Action string
- The action to be taken
- Categories List<string>
- The destination URL category
- Destinations List<string>
- The destination addresses
- Froms List<string>
- The source security zone
- Services List<string>
- The destination services and/or service groups
- Source
Users List<string> - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - Sources List<string>
- The source addresses
- Tos List<string>
- The destination security zone
- Description string
- The description of the decryption rule
- Destination
Hips List<string> - The Host Integrity Profile of the destination host
- Device string
- The device in which the resource is defined
- Disabled bool
- Is the rule disabled?
- Folder string
- The folder in which the resource is defined
- Log
Fail bool - Log failed decryption events?
- Log
Setting string - The log settings of the decryption rule
- Log
Success bool - Log successful decryption events?
- Name string
- The name of the decryption rule
- Negate
Destination bool - Negate the destination addresses?
- Negate
Source bool - Negate the source addresses?
- Position string
- The position of a security rule
- Profile string
- The decryption profile associated with the decryption rule
- Relative
Position string - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - Snippet string
- The snippet in which the resource is defined
- Source
Hips List<string> - Source hip
- List<string>
- The tags associated with the decryption rule
- Target
Rule string - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - Type
Decryption
Rule Type - The type of decryption
- Action string
- The action to be taken
- Categories []string
- The destination URL category
- Destinations []string
- The destination addresses
- Froms []string
- The source security zone
- Services []string
- The destination services and/or service groups
- Source
Users []string - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - Sources []string
- The source addresses
- Tos []string
- The destination security zone
- Description string
- The description of the decryption rule
- Destination
Hips []string - The Host Integrity Profile of the destination host
- Device string
- The device in which the resource is defined
- Disabled bool
- Is the rule disabled?
- Folder string
- The folder in which the resource is defined
- Log
Fail bool - Log failed decryption events?
- Log
Setting string - The log settings of the decryption rule
- Log
Success bool - Log successful decryption events?
- Name string
- The name of the decryption rule
- Negate
Destination bool - Negate the destination addresses?
- Negate
Source bool - Negate the source addresses?
- Position string
- The position of a security rule
- Profile string
- The decryption profile associated with the decryption rule
- Relative
Position string - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - Snippet string
- The snippet in which the resource is defined
- Source
Hips []string - Source hip
- []string
- The tags associated with the decryption rule
- Target
Rule string - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - Type
Decryption
Rule Type Args - The type of decryption
- action String
- The action to be taken
- categories List<String>
- The destination URL category
- destinations List<String>
- The destination addresses
- froms List<String>
- The source security zone
- services List<String>
- The destination services and/or service groups
- source
Users List<String> - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources List<String>
- The source addresses
- tos List<String>
- The destination security zone
- description String
- The description of the decryption rule
- destination
Hips List<String> - The Host Integrity Profile of the destination host
- device String
- The device in which the resource is defined
- disabled Boolean
- Is the rule disabled?
- folder String
- The folder in which the resource is defined
- log
Fail Boolean - Log failed decryption events?
- log
Setting String - The log settings of the decryption rule
- log
Success Boolean - Log successful decryption events?
- name String
- The name of the decryption rule
- negate
Destination Boolean - Negate the destination addresses?
- negate
Source Boolean - Negate the source addresses?
- position String
- The position of a security rule
- profile String
- The decryption profile associated with the decryption rule
- relative
Position String - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - snippet String
- The snippet in which the resource is defined
- source
Hips List<String> - Source hip
- List<String>
- The tags associated with the decryption rule
- target
Rule String - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - type
Decryption
Rule Type - The type of decryption
- action string
- The action to be taken
- categories string[]
- The destination URL category
- destinations string[]
- The destination addresses
- froms string[]
- The source security zone
- services string[]
- The destination services and/or service groups
- source
Users string[] - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources string[]
- The source addresses
- tos string[]
- The destination security zone
- description string
- The description of the decryption rule
- destination
Hips string[] - The Host Integrity Profile of the destination host
- device string
- The device in which the resource is defined
- disabled boolean
- Is the rule disabled?
- folder string
- The folder in which the resource is defined
- log
Fail boolean - Log failed decryption events?
- log
Setting string - The log settings of the decryption rule
- log
Success boolean - Log successful decryption events?
- name string
- The name of the decryption rule
- negate
Destination boolean - Negate the destination addresses?
- negate
Source boolean - Negate the source addresses?
- position string
- The position of a security rule
- profile string
- The decryption profile associated with the decryption rule
- relative
Position string - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - snippet string
- The snippet in which the resource is defined
- source
Hips string[] - Source hip
- string[]
- The tags associated with the decryption rule
- target
Rule string - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - type
Decryption
Rule Type - The type of decryption
- action str
- The action to be taken
- categories Sequence[str]
- The destination URL category
- destinations Sequence[str]
- The destination addresses
- froms Sequence[str]
- The source security zone
- services Sequence[str]
- The destination services and/or service groups
- source_
users Sequence[str] - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources Sequence[str]
- The source addresses
- tos Sequence[str]
- The destination security zone
- description str
- The description of the decryption rule
- destination_
hips Sequence[str] - The Host Integrity Profile of the destination host
- device str
- The device in which the resource is defined
- disabled bool
- Is the rule disabled?
- folder str
- The folder in which the resource is defined
- log_
fail bool - Log failed decryption events?
- log_
setting str - The log settings of the decryption rule
- log_
success bool - Log successful decryption events?
- name str
- The name of the decryption rule
- negate_
destination bool - Negate the destination addresses?
- negate_
source bool - Negate the source addresses?
- position str
- The position of a security rule
- profile str
- The decryption profile associated with the decryption rule
- relative_
position str - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - snippet str
- The snippet in which the resource is defined
- source_
hips Sequence[str] - Source hip
- Sequence[str]
- The tags associated with the decryption rule
- target_
rule str - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - type
Decryption
Rule Type Args - The type of decryption
- action String
- The action to be taken
- categories List<String>
- The destination URL category
- destinations List<String>
- The destination addresses
- froms List<String>
- The source security zone
- services List<String>
- The destination services and/or service groups
- source
Users List<String> - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources List<String>
- The source addresses
- tos List<String>
- The destination security zone
- description String
- The description of the decryption rule
- destination
Hips List<String> - The Host Integrity Profile of the destination host
- device String
- The device in which the resource is defined
- disabled Boolean
- Is the rule disabled?
- folder String
- The folder in which the resource is defined
- log
Fail Boolean - Log failed decryption events?
- log
Setting String - The log settings of the decryption rule
- log
Success Boolean - Log successful decryption events?
- name String
- The name of the decryption rule
- negate
Destination Boolean - Negate the destination addresses?
- negate
Source Boolean - Negate the source addresses?
- position String
- The position of a security rule
- profile String
- The decryption profile associated with the decryption rule
- relative
Position String - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - snippet String
- The snippet in which the resource is defined
- source
Hips List<String> - Source hip
- List<String>
- The tags associated with the decryption rule
- target
Rule String - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - type Property Map
- The type of decryption
Outputs
All input properties are implicitly available as output properties. Additionally, the DecryptionRule resource produces the following output properties:
Look up Existing DecryptionRule Resource
Get an existing DecryptionRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DecryptionRuleState, opts?: CustomResourceOptions): DecryptionRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
categories: Optional[Sequence[str]] = None,
description: Optional[str] = None,
destination_hips: Optional[Sequence[str]] = None,
destinations: Optional[Sequence[str]] = None,
device: Optional[str] = None,
disabled: Optional[bool] = None,
folder: Optional[str] = None,
froms: Optional[Sequence[str]] = None,
log_fail: Optional[bool] = None,
log_setting: Optional[str] = None,
log_success: Optional[bool] = None,
name: Optional[str] = None,
negate_destination: Optional[bool] = None,
negate_source: Optional[bool] = None,
position: Optional[str] = None,
profile: Optional[str] = None,
relative_position: Optional[str] = None,
services: Optional[Sequence[str]] = None,
snippet: Optional[str] = None,
source_hips: Optional[Sequence[str]] = None,
source_users: Optional[Sequence[str]] = None,
sources: Optional[Sequence[str]] = None,
tags: Optional[Sequence[str]] = None,
target_rule: Optional[str] = None,
tfid: Optional[str] = None,
tos: Optional[Sequence[str]] = None,
type: Optional[DecryptionRuleTypeArgs] = None) -> DecryptionRulefunc GetDecryptionRule(ctx *Context, name string, id IDInput, state *DecryptionRuleState, opts ...ResourceOption) (*DecryptionRule, error)public static DecryptionRule Get(string name, Input<string> id, DecryptionRuleState? state, CustomResourceOptions? opts = null)public static DecryptionRule get(String name, Output<String> id, DecryptionRuleState state, CustomResourceOptions options)resources: _: type: scm:DecryptionRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- The action to be taken
- Categories List<string>
- The destination URL category
- Description string
- The description of the decryption rule
- Destination
Hips List<string> - The Host Integrity Profile of the destination host
- Destinations List<string>
- The destination addresses
- Device string
- The device in which the resource is defined
- Disabled bool
- Is the rule disabled?
- Folder string
- The folder in which the resource is defined
- Froms List<string>
- The source security zone
- Log
Fail bool - Log failed decryption events?
- Log
Setting string - The log settings of the decryption rule
- Log
Success bool - Log successful decryption events?
- Name string
- The name of the decryption rule
- Negate
Destination bool - Negate the destination addresses?
- Negate
Source bool - Negate the source addresses?
- Position string
- The position of a security rule
- Profile string
- The decryption profile associated with the decryption rule
- Relative
Position string - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - Services List<string>
- The destination services and/or service groups
- Snippet string
- The snippet in which the resource is defined
- Source
Hips List<string> - Source hip
- Source
Users List<string> - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - Sources List<string>
- The source addresses
- List<string>
- The tags associated with the decryption rule
- Target
Rule string - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - Tfid string
- Tos List<string>
- The destination security zone
- Type
Decryption
Rule Type - The type of decryption
- Action string
- The action to be taken
- Categories []string
- The destination URL category
- Description string
- The description of the decryption rule
- Destination
Hips []string - The Host Integrity Profile of the destination host
- Destinations []string
- The destination addresses
- Device string
- The device in which the resource is defined
- Disabled bool
- Is the rule disabled?
- Folder string
- The folder in which the resource is defined
- Froms []string
- The source security zone
- Log
Fail bool - Log failed decryption events?
- Log
Setting string - The log settings of the decryption rule
- Log
Success bool - Log successful decryption events?
- Name string
- The name of the decryption rule
- Negate
Destination bool - Negate the destination addresses?
- Negate
Source bool - Negate the source addresses?
- Position string
- The position of a security rule
- Profile string
- The decryption profile associated with the decryption rule
- Relative
Position string - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - Services []string
- The destination services and/or service groups
- Snippet string
- The snippet in which the resource is defined
- Source
Hips []string - Source hip
- Source
Users []string - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - Sources []string
- The source addresses
- []string
- The tags associated with the decryption rule
- Target
Rule string - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - Tfid string
- Tos []string
- The destination security zone
- Type
Decryption
Rule Type Args - The type of decryption
- action String
- The action to be taken
- categories List<String>
- The destination URL category
- description String
- The description of the decryption rule
- destination
Hips List<String> - The Host Integrity Profile of the destination host
- destinations List<String>
- The destination addresses
- device String
- The device in which the resource is defined
- disabled Boolean
- Is the rule disabled?
- folder String
- The folder in which the resource is defined
- froms List<String>
- The source security zone
- log
Fail Boolean - Log failed decryption events?
- log
Setting String - The log settings of the decryption rule
- log
Success Boolean - Log successful decryption events?
- name String
- The name of the decryption rule
- negate
Destination Boolean - Negate the destination addresses?
- negate
Source Boolean - Negate the source addresses?
- position String
- The position of a security rule
- profile String
- The decryption profile associated with the decryption rule
- relative
Position String - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - services List<String>
- The destination services and/or service groups
- snippet String
- The snippet in which the resource is defined
- source
Hips List<String> - Source hip
- source
Users List<String> - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources List<String>
- The source addresses
- List<String>
- The tags associated with the decryption rule
- target
Rule String - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - tfid String
- tos List<String>
- The destination security zone
- type
Decryption
Rule Type - The type of decryption
- action string
- The action to be taken
- categories string[]
- The destination URL category
- description string
- The description of the decryption rule
- destination
Hips string[] - The Host Integrity Profile of the destination host
- destinations string[]
- The destination addresses
- device string
- The device in which the resource is defined
- disabled boolean
- Is the rule disabled?
- folder string
- The folder in which the resource is defined
- froms string[]
- The source security zone
- log
Fail boolean - Log failed decryption events?
- log
Setting string - The log settings of the decryption rule
- log
Success boolean - Log successful decryption events?
- name string
- The name of the decryption rule
- negate
Destination boolean - Negate the destination addresses?
- negate
Source boolean - Negate the source addresses?
- position string
- The position of a security rule
- profile string
- The decryption profile associated with the decryption rule
- relative
Position string - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - services string[]
- The destination services and/or service groups
- snippet string
- The snippet in which the resource is defined
- source
Hips string[] - Source hip
- source
Users string[] - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources string[]
- The source addresses
- string[]
- The tags associated with the decryption rule
- target
Rule string - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - tfid string
- tos string[]
- The destination security zone
- type
Decryption
Rule Type - The type of decryption
- action str
- The action to be taken
- categories Sequence[str]
- The destination URL category
- description str
- The description of the decryption rule
- destination_
hips Sequence[str] - The Host Integrity Profile of the destination host
- destinations Sequence[str]
- The destination addresses
- device str
- The device in which the resource is defined
- disabled bool
- Is the rule disabled?
- folder str
- The folder in which the resource is defined
- froms Sequence[str]
- The source security zone
- log_
fail bool - Log failed decryption events?
- log_
setting str - The log settings of the decryption rule
- log_
success bool - Log successful decryption events?
- name str
- The name of the decryption rule
- negate_
destination bool - Negate the destination addresses?
- negate_
source bool - Negate the source addresses?
- position str
- The position of a security rule
- profile str
- The decryption profile associated with the decryption rule
- relative_
position str - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - services Sequence[str]
- The destination services and/or service groups
- snippet str
- The snippet in which the resource is defined
- source_
hips Sequence[str] - Source hip
- source_
users Sequence[str] - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources Sequence[str]
- The source addresses
- Sequence[str]
- The tags associated with the decryption rule
- target_
rule str - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - tfid str
- tos Sequence[str]
- The destination security zone
- type
Decryption
Rule Type Args - The type of decryption
- action String
- The action to be taken
- categories List<String>
- The destination URL category
- description String
- The description of the decryption rule
- destination
Hips List<String> - The Host Integrity Profile of the destination host
- destinations List<String>
- The destination addresses
- device String
- The device in which the resource is defined
- disabled Boolean
- Is the rule disabled?
- folder String
- The folder in which the resource is defined
- froms List<String>
- The source security zone
- log
Fail Boolean - Log failed decryption events?
- log
Setting String - The log settings of the decryption rule
- log
Success Boolean - Log successful decryption events?
- name String
- The name of the decryption rule
- negate
Destination Boolean - Negate the destination addresses?
- negate
Source Boolean - Negate the source addresses?
- position String
- The position of a security rule
- profile String
- The decryption profile associated with the decryption rule
- relative
Position String - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - services List<String>
- The destination services and/or service groups
- snippet String
- The snippet in which the resource is defined
- source
Hips List<String> - Source hip
- source
Users List<String> - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources List<String>
- The source addresses
- List<String>
- The tags associated with the decryption rule
- target
Rule String - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - tfid String
- tos List<String>
- The destination security zone
- type Property Map
- The type of decryption
Supporting Types
DecryptionRuleType, DecryptionRuleTypeArgs
- Ssl
Forward DecryptionProxy Rule Type Ssl Forward Proxy - Ssl forward proxy
- Ssl
Inbound stringInspection - add the certificate name for SSL inbound inspection
- Ssl
Forward DecryptionProxy Rule Type Ssl Forward Proxy - Ssl forward proxy
- Ssl
Inbound stringInspection - add the certificate name for SSL inbound inspection
- ssl
Forward DecryptionProxy Rule Type Ssl Forward Proxy - Ssl forward proxy
- ssl
Inbound StringInspection - add the certificate name for SSL inbound inspection
- ssl
Forward DecryptionProxy Rule Type Ssl Forward Proxy - Ssl forward proxy
- ssl
Inbound stringInspection - add the certificate name for SSL inbound inspection
- ssl_
forward_ Decryptionproxy Rule Type Ssl Forward Proxy - Ssl forward proxy
- ssl_
inbound_ strinspection - add the certificate name for SSL inbound inspection
- ssl
Forward Property MapProxy - Ssl forward proxy
- ssl
Inbound StringInspection - add the certificate name for SSL inbound inspection
Package Details
- Repository
- scm pulumi/pulumi-scm
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
scmTerraform Provider.
Strata Cloud Manager v0.4.3 published on Saturday, Nov 8, 2025 by Pulumi
