Docs Home
Oracle Cloud Infrastructure v2.33.0 published on Thursday, May 1, 2025 by Pulumi
oci.NetworkFirewall.NetworkFirewallPolicyDecryptionProfile
Explore with Pulumi AI
This resource provides the Network Firewall Policy Decryption Profile resource in Oracle Cloud Infrastructure Network Firewall service.
Creates a new Decryption Profile for the Network Firewall Policy.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testNetworkFirewallPolicyDecryptionProfile = new oci.networkfirewall.NetworkFirewallPolicyDecryptionProfile("test_network_firewall_policy_decryption_profile", {
name: networkFirewallPolicyDecryptionProfileName,
networkFirewallPolicyId: testNetworkFirewallPolicy.id,
type: networkFirewallPolicyDecryptionProfileType,
areCertificateExtensionsRestricted: networkFirewallPolicyDecryptionProfileAreCertificateExtensionsRestricted,
isAutoIncludeAltName: networkFirewallPolicyDecryptionProfileIsAutoIncludeAltName,
isExpiredCertificateBlocked: networkFirewallPolicyDecryptionProfileIsExpiredCertificateBlocked,
isOutOfCapacityBlocked: networkFirewallPolicyDecryptionProfileIsOutOfCapacityBlocked,
isRevocationStatusTimeoutBlocked: networkFirewallPolicyDecryptionProfileIsRevocationStatusTimeoutBlocked,
isUnknownRevocationStatusBlocked: networkFirewallPolicyDecryptionProfileIsUnknownRevocationStatusBlocked,
isUnsupportedCipherBlocked: networkFirewallPolicyDecryptionProfileIsUnsupportedCipherBlocked,
isUnsupportedVersionBlocked: networkFirewallPolicyDecryptionProfileIsUnsupportedVersionBlocked,
isUntrustedIssuerBlocked: networkFirewallPolicyDecryptionProfileIsUntrustedIssuerBlocked,
});
import pulumi
import pulumi_oci as oci
test_network_firewall_policy_decryption_profile = oci.network_firewall.NetworkFirewallPolicyDecryptionProfile("test_network_firewall_policy_decryption_profile",
name=network_firewall_policy_decryption_profile_name,
network_firewall_policy_id=test_network_firewall_policy["id"],
type=network_firewall_policy_decryption_profile_type,
are_certificate_extensions_restricted=network_firewall_policy_decryption_profile_are_certificate_extensions_restricted,
is_auto_include_alt_name=network_firewall_policy_decryption_profile_is_auto_include_alt_name,
is_expired_certificate_blocked=network_firewall_policy_decryption_profile_is_expired_certificate_blocked,
is_out_of_capacity_blocked=network_firewall_policy_decryption_profile_is_out_of_capacity_blocked,
is_revocation_status_timeout_blocked=network_firewall_policy_decryption_profile_is_revocation_status_timeout_blocked,
is_unknown_revocation_status_blocked=network_firewall_policy_decryption_profile_is_unknown_revocation_status_blocked,
is_unsupported_cipher_blocked=network_firewall_policy_decryption_profile_is_unsupported_cipher_blocked,
is_unsupported_version_blocked=network_firewall_policy_decryption_profile_is_unsupported_version_blocked,
is_untrusted_issuer_blocked=network_firewall_policy_decryption_profile_is_untrusted_issuer_blocked)
package main
import (
"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/networkfirewall"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networkfirewall.NewNetworkFirewallPolicyDecryptionProfile(ctx, "test_network_firewall_policy_decryption_profile", &networkfirewall.NetworkFirewallPolicyDecryptionProfileArgs{
Name: pulumi.Any(networkFirewallPolicyDecryptionProfileName),
NetworkFirewallPolicyId: pulumi.Any(testNetworkFirewallPolicy.Id),
Type: pulumi.Any(networkFirewallPolicyDecryptionProfileType),
AreCertificateExtensionsRestricted: pulumi.Any(networkFirewallPolicyDecryptionProfileAreCertificateExtensionsRestricted),
IsAutoIncludeAltName: pulumi.Any(networkFirewallPolicyDecryptionProfileIsAutoIncludeAltName),
IsExpiredCertificateBlocked: pulumi.Any(networkFirewallPolicyDecryptionProfileIsExpiredCertificateBlocked),
IsOutOfCapacityBlocked: pulumi.Any(networkFirewallPolicyDecryptionProfileIsOutOfCapacityBlocked),
IsRevocationStatusTimeoutBlocked: pulumi.Any(networkFirewallPolicyDecryptionProfileIsRevocationStatusTimeoutBlocked),
IsUnknownRevocationStatusBlocked: pulumi.Any(networkFirewallPolicyDecryptionProfileIsUnknownRevocationStatusBlocked),
IsUnsupportedCipherBlocked: pulumi.Any(networkFirewallPolicyDecryptionProfileIsUnsupportedCipherBlocked),
IsUnsupportedVersionBlocked: pulumi.Any(networkFirewallPolicyDecryptionProfileIsUnsupportedVersionBlocked),
IsUntrustedIssuerBlocked: pulumi.Any(networkFirewallPolicyDecryptionProfileIsUntrustedIssuerBlocked),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() =>
{
var testNetworkFirewallPolicyDecryptionProfile = new Oci.NetworkFirewall.NetworkFirewallPolicyDecryptionProfile("test_network_firewall_policy_decryption_profile", new()
{
Name = networkFirewallPolicyDecryptionProfileName,
NetworkFirewallPolicyId = testNetworkFirewallPolicy.Id,
Type = networkFirewallPolicyDecryptionProfileType,
AreCertificateExtensionsRestricted = networkFirewallPolicyDecryptionProfileAreCertificateExtensionsRestricted,
IsAutoIncludeAltName = networkFirewallPolicyDecryptionProfileIsAutoIncludeAltName,
IsExpiredCertificateBlocked = networkFirewallPolicyDecryptionProfileIsExpiredCertificateBlocked,
IsOutOfCapacityBlocked = networkFirewallPolicyDecryptionProfileIsOutOfCapacityBlocked,
IsRevocationStatusTimeoutBlocked = networkFirewallPolicyDecryptionProfileIsRevocationStatusTimeoutBlocked,
IsUnknownRevocationStatusBlocked = networkFirewallPolicyDecryptionProfileIsUnknownRevocationStatusBlocked,
IsUnsupportedCipherBlocked = networkFirewallPolicyDecryptionProfileIsUnsupportedCipherBlocked,
IsUnsupportedVersionBlocked = networkFirewallPolicyDecryptionProfileIsUnsupportedVersionBlocked,
IsUntrustedIssuerBlocked = networkFirewallPolicyDecryptionProfileIsUntrustedIssuerBlocked,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.NetworkFirewall.NetworkFirewallPolicyDecryptionProfile;
import com.pulumi.oci.NetworkFirewall.NetworkFirewallPolicyDecryptionProfileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testNetworkFirewallPolicyDecryptionProfile = new NetworkFirewallPolicyDecryptionProfile("testNetworkFirewallPolicyDecryptionProfile", NetworkFirewallPolicyDecryptionProfileArgs.builder()
.name(networkFirewallPolicyDecryptionProfileName)
.networkFirewallPolicyId(testNetworkFirewallPolicy.id())
.type(networkFirewallPolicyDecryptionProfileType)
.areCertificateExtensionsRestricted(networkFirewallPolicyDecryptionProfileAreCertificateExtensionsRestricted)
.isAutoIncludeAltName(networkFirewallPolicyDecryptionProfileIsAutoIncludeAltName)
.isExpiredCertificateBlocked(networkFirewallPolicyDecryptionProfileIsExpiredCertificateBlocked)
.isOutOfCapacityBlocked(networkFirewallPolicyDecryptionProfileIsOutOfCapacityBlocked)
.isRevocationStatusTimeoutBlocked(networkFirewallPolicyDecryptionProfileIsRevocationStatusTimeoutBlocked)
.isUnknownRevocationStatusBlocked(networkFirewallPolicyDecryptionProfileIsUnknownRevocationStatusBlocked)
.isUnsupportedCipherBlocked(networkFirewallPolicyDecryptionProfileIsUnsupportedCipherBlocked)
.isUnsupportedVersionBlocked(networkFirewallPolicyDecryptionProfileIsUnsupportedVersionBlocked)
.isUntrustedIssuerBlocked(networkFirewallPolicyDecryptionProfileIsUntrustedIssuerBlocked)
.build());
}
}
resources:
testNetworkFirewallPolicyDecryptionProfile:
type: oci:NetworkFirewall:NetworkFirewallPolicyDecryptionProfile
name: test_network_firewall_policy_decryption_profile
properties:
name: ${networkFirewallPolicyDecryptionProfileName}
networkFirewallPolicyId: ${testNetworkFirewallPolicy.id}
type: ${networkFirewallPolicyDecryptionProfileType}
areCertificateExtensionsRestricted: ${networkFirewallPolicyDecryptionProfileAreCertificateExtensionsRestricted}
isAutoIncludeAltName: ${networkFirewallPolicyDecryptionProfileIsAutoIncludeAltName}
isExpiredCertificateBlocked: ${networkFirewallPolicyDecryptionProfileIsExpiredCertificateBlocked}
isOutOfCapacityBlocked: ${networkFirewallPolicyDecryptionProfileIsOutOfCapacityBlocked}
isRevocationStatusTimeoutBlocked: ${networkFirewallPolicyDecryptionProfileIsRevocationStatusTimeoutBlocked}
isUnknownRevocationStatusBlocked: ${networkFirewallPolicyDecryptionProfileIsUnknownRevocationStatusBlocked}
isUnsupportedCipherBlocked: ${networkFirewallPolicyDecryptionProfileIsUnsupportedCipherBlocked}
isUnsupportedVersionBlocked: ${networkFirewallPolicyDecryptionProfileIsUnsupportedVersionBlocked}
isUntrustedIssuerBlocked: ${networkFirewallPolicyDecryptionProfileIsUntrustedIssuerBlocked}
Create NetworkFirewallPolicyDecryptionProfile Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NetworkFirewallPolicyDecryptionProfile(name: string, args: NetworkFirewallPolicyDecryptionProfileArgs, opts?: CustomResourceOptions);@overload
def NetworkFirewallPolicyDecryptionProfile(resource_name: str,
args: NetworkFirewallPolicyDecryptionProfileArgs,
opts: Optional[ResourceOptions] = None)
@overload
def NetworkFirewallPolicyDecryptionProfile(resource_name: str,
opts: Optional[ResourceOptions] = None,
network_firewall_policy_id: Optional[str] = None,
type: Optional[str] = None,
are_certificate_extensions_restricted: Optional[bool] = None,
is_auto_include_alt_name: Optional[bool] = None,
is_expired_certificate_blocked: Optional[bool] = None,
is_out_of_capacity_blocked: Optional[bool] = None,
is_revocation_status_timeout_blocked: Optional[bool] = None,
is_unknown_revocation_status_blocked: Optional[bool] = None,
is_unsupported_cipher_blocked: Optional[bool] = None,
is_unsupported_version_blocked: Optional[bool] = None,
is_untrusted_issuer_blocked: Optional[bool] = None,
name: Optional[str] = None)func NewNetworkFirewallPolicyDecryptionProfile(ctx *Context, name string, args NetworkFirewallPolicyDecryptionProfileArgs, opts ...ResourceOption) (*NetworkFirewallPolicyDecryptionProfile, error)public NetworkFirewallPolicyDecryptionProfile(string name, NetworkFirewallPolicyDecryptionProfileArgs args, CustomResourceOptions? opts = null)
public NetworkFirewallPolicyDecryptionProfile(String name, NetworkFirewallPolicyDecryptionProfileArgs args)
public NetworkFirewallPolicyDecryptionProfile(String name, NetworkFirewallPolicyDecryptionProfileArgs args, CustomResourceOptions options)
type: oci:NetworkFirewall:NetworkFirewallPolicyDecryptionProfile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NetworkFirewallPolicyDecryptionProfileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NetworkFirewallPolicyDecryptionProfileArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NetworkFirewallPolicyDecryptionProfileArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NetworkFirewallPolicyDecryptionProfileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NetworkFirewallPolicyDecryptionProfileArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var networkFirewallPolicyDecryptionProfileResource = new Oci.NetworkFirewall.NetworkFirewallPolicyDecryptionProfile("networkFirewallPolicyDecryptionProfileResource", new()
{
NetworkFirewallPolicyId = "string",
Type = "string",
AreCertificateExtensionsRestricted = false,
IsAutoIncludeAltName = false,
IsExpiredCertificateBlocked = false,
IsOutOfCapacityBlocked = false,
IsRevocationStatusTimeoutBlocked = false,
IsUnknownRevocationStatusBlocked = false,
IsUnsupportedCipherBlocked = false,
IsUnsupportedVersionBlocked = false,
IsUntrustedIssuerBlocked = false,
Name = "string",
});
example, err := networkfirewall.NewNetworkFirewallPolicyDecryptionProfile(ctx, "networkFirewallPolicyDecryptionProfileResource", &networkfirewall.NetworkFirewallPolicyDecryptionProfileArgs{
NetworkFirewallPolicyId: pulumi.String("string"),
Type: pulumi.String("string"),
AreCertificateExtensionsRestricted: pulumi.Bool(false),
IsAutoIncludeAltName: pulumi.Bool(false),
IsExpiredCertificateBlocked: pulumi.Bool(false),
IsOutOfCapacityBlocked: pulumi.Bool(false),
IsRevocationStatusTimeoutBlocked: pulumi.Bool(false),
IsUnknownRevocationStatusBlocked: pulumi.Bool(false),
IsUnsupportedCipherBlocked: pulumi.Bool(false),
IsUnsupportedVersionBlocked: pulumi.Bool(false),
IsUntrustedIssuerBlocked: pulumi.Bool(false),
Name: pulumi.String("string"),
})
var networkFirewallPolicyDecryptionProfileResource = new NetworkFirewallPolicyDecryptionProfile("networkFirewallPolicyDecryptionProfileResource", NetworkFirewallPolicyDecryptionProfileArgs.builder()
.networkFirewallPolicyId("string")
.type("string")
.areCertificateExtensionsRestricted(false)
.isAutoIncludeAltName(false)
.isExpiredCertificateBlocked(false)
.isOutOfCapacityBlocked(false)
.isRevocationStatusTimeoutBlocked(false)
.isUnknownRevocationStatusBlocked(false)
.isUnsupportedCipherBlocked(false)
.isUnsupportedVersionBlocked(false)
.isUntrustedIssuerBlocked(false)
.name("string")
.build());
network_firewall_policy_decryption_profile_resource = oci.network_firewall.NetworkFirewallPolicyDecryptionProfile("networkFirewallPolicyDecryptionProfileResource",
network_firewall_policy_id="string",
type="string",
are_certificate_extensions_restricted=False,
is_auto_include_alt_name=False,
is_expired_certificate_blocked=False,
is_out_of_capacity_blocked=False,
is_revocation_status_timeout_blocked=False,
is_unknown_revocation_status_blocked=False,
is_unsupported_cipher_blocked=False,
is_unsupported_version_blocked=False,
is_untrusted_issuer_blocked=False,
name="string")
const networkFirewallPolicyDecryptionProfileResource = new oci.networkfirewall.NetworkFirewallPolicyDecryptionProfile("networkFirewallPolicyDecryptionProfileResource", {
networkFirewallPolicyId: "string",
type: "string",
areCertificateExtensionsRestricted: false,
isAutoIncludeAltName: false,
isExpiredCertificateBlocked: false,
isOutOfCapacityBlocked: false,
isRevocationStatusTimeoutBlocked: false,
isUnknownRevocationStatusBlocked: false,
isUnsupportedCipherBlocked: false,
isUnsupportedVersionBlocked: false,
isUntrustedIssuerBlocked: false,
name: "string",
});
type: oci:NetworkFirewall:NetworkFirewallPolicyDecryptionProfile
properties:
areCertificateExtensionsRestricted: false
isAutoIncludeAltName: false
isExpiredCertificateBlocked: false
isOutOfCapacityBlocked: false
isRevocationStatusTimeoutBlocked: false
isUnknownRevocationStatusBlocked: false
isUnsupportedCipherBlocked: false
isUnsupportedVersionBlocked: false
isUntrustedIssuerBlocked: false
name: string
networkFirewallPolicyId: string
type: string
NetworkFirewallPolicyDecryptionProfile Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The NetworkFirewallPolicyDecryptionProfile resource accepts the following input properties:
- Network
Firewall stringPolicy Id Unique Network Firewall Policy identifier
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Type string
- Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
- Are
Certificate boolExtensions Restricted - (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- Is
Auto boolInclude Alt Name - (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- Is
Expired boolCertificate Blocked - (Updatable) Whether to block sessions if server's certificate is expired.
- Is
Out boolOf Capacity Blocked - (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- Is
Revocation boolStatus Timeout Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- Is
Unknown boolRevocation Status Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- Is
Unsupported boolCipher Blocked - (Updatable) Whether to block sessions if SSL cipher suite is not supported.
- Is
Unsupported boolVersion Blocked - (Updatable) Whether to block sessions if SSL version is not supported.
- Is
Untrusted boolIssuer Blocked - (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- Name string
- Name of the decryption profile.
- Network
Firewall stringPolicy Id Unique Network Firewall Policy identifier
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Type string
- Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
- Are
Certificate boolExtensions Restricted - (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- Is
Auto boolInclude Alt Name - (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- Is
Expired boolCertificate Blocked - (Updatable) Whether to block sessions if server's certificate is expired.
- Is
Out boolOf Capacity Blocked - (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- Is
Revocation boolStatus Timeout Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- Is
Unknown boolRevocation Status Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- Is
Unsupported boolCipher Blocked - (Updatable) Whether to block sessions if SSL cipher suite is not supported.
- Is
Unsupported boolVersion Blocked - (Updatable) Whether to block sessions if SSL version is not supported.
- Is
Untrusted boolIssuer Blocked - (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- Name string
- Name of the decryption profile.
- network
Firewall StringPolicy Id Unique Network Firewall Policy identifier
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- type String
- Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
- are
Certificate BooleanExtensions Restricted - (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- is
Auto BooleanInclude Alt Name - (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- is
Expired BooleanCertificate Blocked - (Updatable) Whether to block sessions if server's certificate is expired.
- is
Out BooleanOf Capacity Blocked - (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- is
Revocation BooleanStatus Timeout Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- is
Unknown BooleanRevocation Status Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- is
Unsupported BooleanCipher Blocked - (Updatable) Whether to block sessions if SSL cipher suite is not supported.
- is
Unsupported BooleanVersion Blocked - (Updatable) Whether to block sessions if SSL version is not supported.
- is
Untrusted BooleanIssuer Blocked - (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- name String
- Name of the decryption profile.
- network
Firewall stringPolicy Id Unique Network Firewall Policy identifier
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- type string
- Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
- are
Certificate booleanExtensions Restricted - (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- is
Auto booleanInclude Alt Name - (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- is
Expired booleanCertificate Blocked - (Updatable) Whether to block sessions if server's certificate is expired.
- is
Out booleanOf Capacity Blocked - (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- is
Revocation booleanStatus Timeout Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- is
Unknown booleanRevocation Status Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- is
Unsupported booleanCipher Blocked - (Updatable) Whether to block sessions if SSL cipher suite is not supported.
- is
Unsupported booleanVersion Blocked - (Updatable) Whether to block sessions if SSL version is not supported.
- is
Untrusted booleanIssuer Blocked - (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- name string
- Name of the decryption profile.
- network_
firewall_ strpolicy_ id Unique Network Firewall Policy identifier
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- type str
- Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
- are_
certificate_ boolextensions_ restricted - (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- is_
auto_ boolinclude_ alt_ name - (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- is_
expired_ boolcertificate_ blocked - (Updatable) Whether to block sessions if server's certificate is expired.
- is_
out_ boolof_ capacity_ blocked - (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- is_
revocation_ boolstatus_ timeout_ blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- is_
unknown_ boolrevocation_ status_ blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- is_
unsupported_ boolcipher_ blocked - (Updatable) Whether to block sessions if SSL cipher suite is not supported.
- is_
unsupported_ boolversion_ blocked - (Updatable) Whether to block sessions if SSL version is not supported.
- is_
untrusted_ boolissuer_ blocked - (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- name str
- Name of the decryption profile.
- network
Firewall StringPolicy Id Unique Network Firewall Policy identifier
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- type String
- Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
- are
Certificate BooleanExtensions Restricted - (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- is
Auto BooleanInclude Alt Name - (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- is
Expired BooleanCertificate Blocked - (Updatable) Whether to block sessions if server's certificate is expired.
- is
Out BooleanOf Capacity Blocked - (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- is
Revocation BooleanStatus Timeout Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- is
Unknown BooleanRevocation Status Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- is
Unsupported BooleanCipher Blocked - (Updatable) Whether to block sessions if SSL cipher suite is not supported.
- is
Unsupported BooleanVersion Blocked - (Updatable) Whether to block sessions if SSL version is not supported.
- is
Untrusted BooleanIssuer Blocked - (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- name String
- Name of the decryption profile.
Outputs
All input properties are implicitly available as output properties. Additionally, the NetworkFirewallPolicyDecryptionProfile resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Parent
Resource stringId - OCID of the Network Firewall Policy this decryption profile belongs to.
- Id string
- The provider-assigned unique ID for this managed resource.
- Parent
Resource stringId - OCID of the Network Firewall Policy this decryption profile belongs to.
- id String
- The provider-assigned unique ID for this managed resource.
- parent
Resource StringId - OCID of the Network Firewall Policy this decryption profile belongs to.
- id string
- The provider-assigned unique ID for this managed resource.
- parent
Resource stringId - OCID of the Network Firewall Policy this decryption profile belongs to.
- id str
- The provider-assigned unique ID for this managed resource.
- parent_
resource_ strid - OCID of the Network Firewall Policy this decryption profile belongs to.
- id String
- The provider-assigned unique ID for this managed resource.
- parent
Resource StringId - OCID of the Network Firewall Policy this decryption profile belongs to.
Look up Existing NetworkFirewallPolicyDecryptionProfile Resource
Get an existing NetworkFirewallPolicyDecryptionProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NetworkFirewallPolicyDecryptionProfileState, opts?: CustomResourceOptions): NetworkFirewallPolicyDecryptionProfile@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
are_certificate_extensions_restricted: Optional[bool] = None,
is_auto_include_alt_name: Optional[bool] = None,
is_expired_certificate_blocked: Optional[bool] = None,
is_out_of_capacity_blocked: Optional[bool] = None,
is_revocation_status_timeout_blocked: Optional[bool] = None,
is_unknown_revocation_status_blocked: Optional[bool] = None,
is_unsupported_cipher_blocked: Optional[bool] = None,
is_unsupported_version_blocked: Optional[bool] = None,
is_untrusted_issuer_blocked: Optional[bool] = None,
name: Optional[str] = None,
network_firewall_policy_id: Optional[str] = None,
parent_resource_id: Optional[str] = None,
type: Optional[str] = None) -> NetworkFirewallPolicyDecryptionProfilefunc GetNetworkFirewallPolicyDecryptionProfile(ctx *Context, name string, id IDInput, state *NetworkFirewallPolicyDecryptionProfileState, opts ...ResourceOption) (*NetworkFirewallPolicyDecryptionProfile, error)public static NetworkFirewallPolicyDecryptionProfile Get(string name, Input<string> id, NetworkFirewallPolicyDecryptionProfileState? state, CustomResourceOptions? opts = null)public static NetworkFirewallPolicyDecryptionProfile get(String name, Output<String> id, NetworkFirewallPolicyDecryptionProfileState state, CustomResourceOptions options)resources: _: type: oci:NetworkFirewall:NetworkFirewallPolicyDecryptionProfile get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Are
Certificate boolExtensions Restricted - (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- Is
Auto boolInclude Alt Name - (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- Is
Expired boolCertificate Blocked - (Updatable) Whether to block sessions if server's certificate is expired.
- Is
Out boolOf Capacity Blocked - (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- Is
Revocation boolStatus Timeout Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- Is
Unknown boolRevocation Status Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- Is
Unsupported boolCipher Blocked - (Updatable) Whether to block sessions if SSL cipher suite is not supported.
- Is
Unsupported boolVersion Blocked - (Updatable) Whether to block sessions if SSL version is not supported.
- Is
Untrusted boolIssuer Blocked - (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- Name string
- Name of the decryption profile.
- Network
Firewall stringPolicy Id Unique Network Firewall Policy identifier
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Parent
Resource stringId - OCID of the Network Firewall Policy this decryption profile belongs to.
- Type string
- Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
- Are
Certificate boolExtensions Restricted - (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- Is
Auto boolInclude Alt Name - (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- Is
Expired boolCertificate Blocked - (Updatable) Whether to block sessions if server's certificate is expired.
- Is
Out boolOf Capacity Blocked - (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- Is
Revocation boolStatus Timeout Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- Is
Unknown boolRevocation Status Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- Is
Unsupported boolCipher Blocked - (Updatable) Whether to block sessions if SSL cipher suite is not supported.
- Is
Unsupported boolVersion Blocked - (Updatable) Whether to block sessions if SSL version is not supported.
- Is
Untrusted boolIssuer Blocked - (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- Name string
- Name of the decryption profile.
- Network
Firewall stringPolicy Id Unique Network Firewall Policy identifier
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Parent
Resource stringId - OCID of the Network Firewall Policy this decryption profile belongs to.
- Type string
- Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
- are
Certificate BooleanExtensions Restricted - (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- is
Auto BooleanInclude Alt Name - (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- is
Expired BooleanCertificate Blocked - (Updatable) Whether to block sessions if server's certificate is expired.
- is
Out BooleanOf Capacity Blocked - (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- is
Revocation BooleanStatus Timeout Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- is
Unknown BooleanRevocation Status Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- is
Unsupported BooleanCipher Blocked - (Updatable) Whether to block sessions if SSL cipher suite is not supported.
- is
Unsupported BooleanVersion Blocked - (Updatable) Whether to block sessions if SSL version is not supported.
- is
Untrusted BooleanIssuer Blocked - (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- name String
- Name of the decryption profile.
- network
Firewall StringPolicy Id Unique Network Firewall Policy identifier
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- parent
Resource StringId - OCID of the Network Firewall Policy this decryption profile belongs to.
- type String
- Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
- are
Certificate booleanExtensions Restricted - (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- is
Auto booleanInclude Alt Name - (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- is
Expired booleanCertificate Blocked - (Updatable) Whether to block sessions if server's certificate is expired.
- is
Out booleanOf Capacity Blocked - (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- is
Revocation booleanStatus Timeout Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- is
Unknown booleanRevocation Status Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- is
Unsupported booleanCipher Blocked - (Updatable) Whether to block sessions if SSL cipher suite is not supported.
- is
Unsupported booleanVersion Blocked - (Updatable) Whether to block sessions if SSL version is not supported.
- is
Untrusted booleanIssuer Blocked - (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- name string
- Name of the decryption profile.
- network
Firewall stringPolicy Id Unique Network Firewall Policy identifier
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- parent
Resource stringId - OCID of the Network Firewall Policy this decryption profile belongs to.
- type string
- Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
- are_
certificate_ boolextensions_ restricted - (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- is_
auto_ boolinclude_ alt_ name - (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- is_
expired_ boolcertificate_ blocked - (Updatable) Whether to block sessions if server's certificate is expired.
- is_
out_ boolof_ capacity_ blocked - (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- is_
revocation_ boolstatus_ timeout_ blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- is_
unknown_ boolrevocation_ status_ blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- is_
unsupported_ boolcipher_ blocked - (Updatable) Whether to block sessions if SSL cipher suite is not supported.
- is_
unsupported_ boolversion_ blocked - (Updatable) Whether to block sessions if SSL version is not supported.
- is_
untrusted_ boolissuer_ blocked - (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- name str
- Name of the decryption profile.
- network_
firewall_ strpolicy_ id Unique Network Firewall Policy identifier
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- parent_
resource_ strid - OCID of the Network Firewall Policy this decryption profile belongs to.
- type str
- Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
- are
Certificate BooleanExtensions Restricted - (Updatable) Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
- is
Auto BooleanInclude Alt Name - (Updatable) Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
- is
Expired BooleanCertificate Blocked - (Updatable) Whether to block sessions if server's certificate is expired.
- is
Out BooleanOf Capacity Blocked - (Updatable) Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
- is
Revocation BooleanStatus Timeout Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
- is
Unknown BooleanRevocation Status Blocked - (Updatable) Whether to block sessions if the revocation status check for server's certificate results in "unknown".
- is
Unsupported BooleanCipher Blocked - (Updatable) Whether to block sessions if SSL cipher suite is not supported.
- is
Unsupported BooleanVersion Blocked - (Updatable) Whether to block sessions if SSL version is not supported.
- is
Untrusted BooleanIssuer Blocked - (Updatable) Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
- name String
- Name of the decryption profile.
- network
Firewall StringPolicy Id Unique Network Firewall Policy identifier
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- parent
Resource StringId - OCID of the Network Firewall Policy this decryption profile belongs to.
- type String
- Describes the type of decryption profile. The accepted values are - * SSL_FORWARD_PROXY * SSL_INBOUND_INSPECTION
Import
NetworkFirewallPolicyDecryptionProfiles can be imported using the name, e.g.
$ pulumi import oci:NetworkFirewall/networkFirewallPolicyDecryptionProfile:NetworkFirewallPolicyDecryptionProfile test_network_firewall_policy_decryption_profile "networkFirewallPolicies/{networkFirewallPolicyId}/decryptionProfiles/{decryptionProfileName}"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
ociTerraform Provider.