Docs Home
Cisco Catalyst SD-WAN v0.3.0 published on Friday, Mar 28, 2025 by Pulumi
sdwan.TlsSslDecryptionPolicyDefinition
Explore with Pulumi AI
This resource can manage a TLS SSL Decryption Policy Definition .
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sdwan.TlsSslDecryptionPolicyDefinition;
import com.pulumi.sdwan.TlsSslDecryptionPolicyDefinitionArgs;
import com.pulumi.sdwan.inputs.TlsSslDecryptionPolicyDefinitionNetworkRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new TlsSslDecryptionPolicyDefinition("example", TlsSslDecryptionPolicyDefinitionArgs.builder()
.name("Example")
.description("My description")
.mode("security")
.defaultAction("noIntent")
.networkRules(TlsSslDecryptionPolicyDefinitionNetworkRuleArgs.builder()
.base_action("doNotDecrypt")
.rule_id(4)
.rule_name("Example")
.rule_type("sslDecryption")
.source_and_destination_configuration(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.build())
.sslDecryptionEnabled("true")
.expiredCertificate("drop")
.untrustedCertificate("drop")
.certificateRevocationStatus("none")
.unknownRevocationStatus("drop")
.unsupportedProtocolVersions("drop")
.unsupportedCipherSuites("drop")
.failureMode("close")
.rsaKeyPairModulus("2048")
.ecKeyType("P384")
.certificateLifetimeInDays(1)
.minimalTlsVersion("TLSv1.2")
.useDefaultCaCertBundle(true)
.build());
}
}
resources:
example:
type: sdwan:TlsSslDecryptionPolicyDefinition
properties:
name: Example
description: My description
mode: security
defaultAction: noIntent
networkRules:
- base_action: doNotDecrypt
rule_id: 4
rule_name: Example
rule_type: sslDecryption
source_and_destination_configuration:
- option: destinationIp
value: 10.0.0.0/12
sslDecryptionEnabled: 'true'
expiredCertificate: drop
untrustedCertificate: drop
certificateRevocationStatus: none
unknownRevocationStatus: drop
unsupportedProtocolVersions: drop
unsupportedCipherSuites: drop
failureMode: close
rsaKeyPairModulus: '2048'
ecKeyType: P384
certificateLifetimeInDays: 1
minimalTlsVersion: TLSv1.2
useDefaultCaCertBundle: true
Create TlsSslDecryptionPolicyDefinition Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new TlsSslDecryptionPolicyDefinition(name: string, args: TlsSslDecryptionPolicyDefinitionArgs, opts?: CustomResourceOptions);@overload
def TlsSslDecryptionPolicyDefinition(resource_name: str,
args: TlsSslDecryptionPolicyDefinitionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def TlsSslDecryptionPolicyDefinition(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
mode: Optional[str] = None,
certificate_revocation_status: Optional[str] = None,
network_rules: Optional[Sequence[TlsSslDecryptionPolicyDefinitionNetworkRuleArgs]] = None,
rsa_key_pair_modulus: Optional[str] = None,
expired_certificate: Optional[str] = None,
failure_mode: Optional[str] = None,
minimal_tls_version: Optional[str] = None,
certificate_lifetime_in_days: Optional[int] = None,
use_default_ca_cert_bundle: Optional[bool] = None,
default_action: Optional[str] = None,
ec_key_type: Optional[str] = None,
ssl_decryption_enabled: Optional[str] = None,
unknown_revocation_status: Optional[str] = None,
unsupported_cipher_suites: Optional[str] = None,
unsupported_protocol_versions: Optional[str] = None,
untrusted_certificate: Optional[str] = None,
url_rules: Optional[Sequence[TlsSslDecryptionPolicyDefinitionUrlRuleArgs]] = None,
name: Optional[str] = None)func NewTlsSslDecryptionPolicyDefinition(ctx *Context, name string, args TlsSslDecryptionPolicyDefinitionArgs, opts ...ResourceOption) (*TlsSslDecryptionPolicyDefinition, error)public TlsSslDecryptionPolicyDefinition(string name, TlsSslDecryptionPolicyDefinitionArgs args, CustomResourceOptions? opts = null)
public TlsSslDecryptionPolicyDefinition(String name, TlsSslDecryptionPolicyDefinitionArgs args)
public TlsSslDecryptionPolicyDefinition(String name, TlsSslDecryptionPolicyDefinitionArgs args, CustomResourceOptions options)
type: sdwan:TlsSslDecryptionPolicyDefinition
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TlsSslDecryptionPolicyDefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TlsSslDecryptionPolicyDefinitionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TlsSslDecryptionPolicyDefinitionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TlsSslDecryptionPolicyDefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TlsSslDecryptionPolicyDefinitionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var tlsSslDecryptionPolicyDefinitionResource = new Sdwan.TlsSslDecryptionPolicyDefinition("tlsSslDecryptionPolicyDefinitionResource", new()
{
Description = "string",
Mode = "string",
CertificateRevocationStatus = "string",
NetworkRules = new[]
{
new Sdwan.Inputs.TlsSslDecryptionPolicyDefinitionNetworkRuleArgs
{
BaseAction = "string",
RuleId = 0,
RuleName = "string",
RuleType = "string",
SourceAndDestinationConfigurations = new[]
{
new Sdwan.Inputs.TlsSslDecryptionPolicyDefinitionNetworkRuleSourceAndDestinationConfigurationArgs
{
Option = "string",
Value = "string",
},
},
},
},
RsaKeyPairModulus = "string",
ExpiredCertificate = "string",
FailureMode = "string",
MinimalTlsVersion = "string",
CertificateLifetimeInDays = 0,
UseDefaultCaCertBundle = false,
DefaultAction = "string",
EcKeyType = "string",
SslDecryptionEnabled = "string",
UnknownRevocationStatus = "string",
UnsupportedCipherSuites = "string",
UnsupportedProtocolVersions = "string",
UntrustedCertificate = "string",
UrlRules = new[]
{
new Sdwan.Inputs.TlsSslDecryptionPolicyDefinitionUrlRuleArgs
{
RuleName = "string",
TargetVpns = new[]
{
"string",
},
TlsSslProfilePolicyId = "string",
TlsSslProfileVersion = 0,
},
},
Name = "string",
});
example, err := sdwan.NewTlsSslDecryptionPolicyDefinition(ctx, "tlsSslDecryptionPolicyDefinitionResource", &sdwan.TlsSslDecryptionPolicyDefinitionArgs{
Description: pulumi.String("string"),
Mode: pulumi.String("string"),
CertificateRevocationStatus: pulumi.String("string"),
NetworkRules: sdwan.TlsSslDecryptionPolicyDefinitionNetworkRuleArray{
&sdwan.TlsSslDecryptionPolicyDefinitionNetworkRuleArgs{
BaseAction: pulumi.String("string"),
RuleId: pulumi.Int(0),
RuleName: pulumi.String("string"),
RuleType: pulumi.String("string"),
SourceAndDestinationConfigurations: sdwan.TlsSslDecryptionPolicyDefinitionNetworkRuleSourceAndDestinationConfigurationArray{
&sdwan.TlsSslDecryptionPolicyDefinitionNetworkRuleSourceAndDestinationConfigurationArgs{
Option: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
RsaKeyPairModulus: pulumi.String("string"),
ExpiredCertificate: pulumi.String("string"),
FailureMode: pulumi.String("string"),
MinimalTlsVersion: pulumi.String("string"),
CertificateLifetimeInDays: pulumi.Int(0),
UseDefaultCaCertBundle: pulumi.Bool(false),
DefaultAction: pulumi.String("string"),
EcKeyType: pulumi.String("string"),
SslDecryptionEnabled: pulumi.String("string"),
UnknownRevocationStatus: pulumi.String("string"),
UnsupportedCipherSuites: pulumi.String("string"),
UnsupportedProtocolVersions: pulumi.String("string"),
UntrustedCertificate: pulumi.String("string"),
UrlRules: sdwan.TlsSslDecryptionPolicyDefinitionUrlRuleArray{
&sdwan.TlsSslDecryptionPolicyDefinitionUrlRuleArgs{
RuleName: pulumi.String("string"),
TargetVpns: pulumi.StringArray{
pulumi.String("string"),
},
TlsSslProfilePolicyId: pulumi.String("string"),
TlsSslProfileVersion: pulumi.Int(0),
},
},
Name: pulumi.String("string"),
})
var tlsSslDecryptionPolicyDefinitionResource = new TlsSslDecryptionPolicyDefinition("tlsSslDecryptionPolicyDefinitionResource", TlsSslDecryptionPolicyDefinitionArgs.builder()
.description("string")
.mode("string")
.certificateRevocationStatus("string")
.networkRules(TlsSslDecryptionPolicyDefinitionNetworkRuleArgs.builder()
.baseAction("string")
.ruleId(0)
.ruleName("string")
.ruleType("string")
.sourceAndDestinationConfigurations(TlsSslDecryptionPolicyDefinitionNetworkRuleSourceAndDestinationConfigurationArgs.builder()
.option("string")
.value("string")
.build())
.build())
.rsaKeyPairModulus("string")
.expiredCertificate("string")
.failureMode("string")
.minimalTlsVersion("string")
.certificateLifetimeInDays(0)
.useDefaultCaCertBundle(false)
.defaultAction("string")
.ecKeyType("string")
.sslDecryptionEnabled("string")
.unknownRevocationStatus("string")
.unsupportedCipherSuites("string")
.unsupportedProtocolVersions("string")
.untrustedCertificate("string")
.urlRules(TlsSslDecryptionPolicyDefinitionUrlRuleArgs.builder()
.ruleName("string")
.targetVpns("string")
.tlsSslProfilePolicyId("string")
.tlsSslProfileVersion(0)
.build())
.name("string")
.build());
tls_ssl_decryption_policy_definition_resource = sdwan.TlsSslDecryptionPolicyDefinition("tlsSslDecryptionPolicyDefinitionResource",
description="string",
mode="string",
certificate_revocation_status="string",
network_rules=[{
"base_action": "string",
"rule_id": 0,
"rule_name": "string",
"rule_type": "string",
"source_and_destination_configurations": [{
"option": "string",
"value": "string",
}],
}],
rsa_key_pair_modulus="string",
expired_certificate="string",
failure_mode="string",
minimal_tls_version="string",
certificate_lifetime_in_days=0,
use_default_ca_cert_bundle=False,
default_action="string",
ec_key_type="string",
ssl_decryption_enabled="string",
unknown_revocation_status="string",
unsupported_cipher_suites="string",
unsupported_protocol_versions="string",
untrusted_certificate="string",
url_rules=[{
"rule_name": "string",
"target_vpns": ["string"],
"tls_ssl_profile_policy_id": "string",
"tls_ssl_profile_version": 0,
}],
name="string")
const tlsSslDecryptionPolicyDefinitionResource = new sdwan.TlsSslDecryptionPolicyDefinition("tlsSslDecryptionPolicyDefinitionResource", {
description: "string",
mode: "string",
certificateRevocationStatus: "string",
networkRules: [{
baseAction: "string",
ruleId: 0,
ruleName: "string",
ruleType: "string",
sourceAndDestinationConfigurations: [{
option: "string",
value: "string",
}],
}],
rsaKeyPairModulus: "string",
expiredCertificate: "string",
failureMode: "string",
minimalTlsVersion: "string",
certificateLifetimeInDays: 0,
useDefaultCaCertBundle: false,
defaultAction: "string",
ecKeyType: "string",
sslDecryptionEnabled: "string",
unknownRevocationStatus: "string",
unsupportedCipherSuites: "string",
unsupportedProtocolVersions: "string",
untrustedCertificate: "string",
urlRules: [{
ruleName: "string",
targetVpns: ["string"],
tlsSslProfilePolicyId: "string",
tlsSslProfileVersion: 0,
}],
name: "string",
});
type: sdwan:TlsSslDecryptionPolicyDefinition
properties:
certificateLifetimeInDays: 0
certificateRevocationStatus: string
defaultAction: string
description: string
ecKeyType: string
expiredCertificate: string
failureMode: string
minimalTlsVersion: string
mode: string
name: string
networkRules:
- baseAction: string
ruleId: 0
ruleName: string
ruleType: string
sourceAndDestinationConfigurations:
- option: string
value: string
rsaKeyPairModulus: string
sslDecryptionEnabled: string
unknownRevocationStatus: string
unsupportedCipherSuites: string
unsupportedProtocolVersions: string
untrustedCertificate: string
urlRules:
- ruleName: string
targetVpns:
- string
tlsSslProfilePolicyId: string
tlsSslProfileVersion: 0
useDefaultCaCertBundle: false
TlsSslDecryptionPolicyDefinition Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The TlsSslDecryptionPolicyDefinition resource accepts the following input properties:
- Description string
- The description of the policy definition.
- Certificate
Lifetime intIn Days - Certificate Lifetime(in Days)
- Certificate
Revocation stringStatus - Certificate revocation status - Choices:
ocsp,none - Default
Action string - Default action (applies when
modeset tosecurity) - Choices:noIntent,doNotDecrypt,decrypt - Ec
Key stringType - EC Key Type - Choices:
P256,P384,P521 - Expired
Certificate string - Expired certificate action - Choices:
drop,decrypt - Failure
Mode string - Failure mode - Choices:
open,close - Minimal
Tls stringVersion - Minimal TLS Version - Choices:
TLSv1.0,TLSv1.1,TLSv1.2 - Mode string
- The policy mode - Choices:
security,unified - Name string
- The name of the policy definition.
- Network
Rules List<TlsSsl Decryption Policy Definition Network Rule> - List of network rules (applies when
modeset tosecurity) - Rsa
Key stringPair Modulus - RSA key pair modules - Choices:
1024,2048,4096 - Ssl
Decryption stringEnabled - SSL decryption enabled
- Unknown
Revocation stringStatus - Unknown revocation status action - Choices:
drop,decrypt - Unsupported
Cipher stringSuites - Unsupported cipher suites action - Choices:
drop,no-decrypt - Unsupported
Protocol stringVersions - Unsupported protocol versions action - Choices:
drop,no-decrypt - Untrusted
Certificate string - Untrusted certificate action - Choices:
drop,decrypt - Url
Rules List<TlsSsl Decryption Policy Definition Url Rule> - List of url rules (applies when
modeset tosecurity) - Use
Default boolCa Cert Bundle - Use default CA certificate bundle
- Description string
- The description of the policy definition.
- Certificate
Lifetime intIn Days - Certificate Lifetime(in Days)
- Certificate
Revocation stringStatus - Certificate revocation status - Choices:
ocsp,none - Default
Action string - Default action (applies when
modeset tosecurity) - Choices:noIntent,doNotDecrypt,decrypt - Ec
Key stringType - EC Key Type - Choices:
P256,P384,P521 - Expired
Certificate string - Expired certificate action - Choices:
drop,decrypt - Failure
Mode string - Failure mode - Choices:
open,close - Minimal
Tls stringVersion - Minimal TLS Version - Choices:
TLSv1.0,TLSv1.1,TLSv1.2 - Mode string
- The policy mode - Choices:
security,unified - Name string
- The name of the policy definition.
- Network
Rules []TlsSsl Decryption Policy Definition Network Rule Args - List of network rules (applies when
modeset tosecurity) - Rsa
Key stringPair Modulus - RSA key pair modules - Choices:
1024,2048,4096 - Ssl
Decryption stringEnabled - SSL decryption enabled
- Unknown
Revocation stringStatus - Unknown revocation status action - Choices:
drop,decrypt - Unsupported
Cipher stringSuites - Unsupported cipher suites action - Choices:
drop,no-decrypt - Unsupported
Protocol stringVersions - Unsupported protocol versions action - Choices:
drop,no-decrypt - Untrusted
Certificate string - Untrusted certificate action - Choices:
drop,decrypt - Url
Rules []TlsSsl Decryption Policy Definition Url Rule Args - List of url rules (applies when
modeset tosecurity) - Use
Default boolCa Cert Bundle - Use default CA certificate bundle
- description String
- The description of the policy definition.
- certificate
Lifetime IntegerIn Days - Certificate Lifetime(in Days)
- certificate
Revocation StringStatus - Certificate revocation status - Choices:
ocsp,none - default
Action String - Default action (applies when
modeset tosecurity) - Choices:noIntent,doNotDecrypt,decrypt - ec
Key StringType - EC Key Type - Choices:
P256,P384,P521 - expired
Certificate String - Expired certificate action - Choices:
drop,decrypt - failure
Mode String - Failure mode - Choices:
open,close - minimal
Tls StringVersion - Minimal TLS Version - Choices:
TLSv1.0,TLSv1.1,TLSv1.2 - mode String
- The policy mode - Choices:
security,unified - name String
- The name of the policy definition.
- network
Rules List<TlsSsl Decryption Policy Definition Network Rule> - List of network rules (applies when
modeset tosecurity) - rsa
Key StringPair Modulus - RSA key pair modules - Choices:
1024,2048,4096 - ssl
Decryption StringEnabled - SSL decryption enabled
- unknown
Revocation StringStatus - Unknown revocation status action - Choices:
drop,decrypt - unsupported
Cipher StringSuites - Unsupported cipher suites action - Choices:
drop,no-decrypt - unsupported
Protocol StringVersions - Unsupported protocol versions action - Choices:
drop,no-decrypt - untrusted
Certificate String - Untrusted certificate action - Choices:
drop,decrypt - url
Rules List<TlsSsl Decryption Policy Definition Url Rule> - List of url rules (applies when
modeset tosecurity) - use
Default BooleanCa Cert Bundle - Use default CA certificate bundle
- description string
- The description of the policy definition.
- certificate
Lifetime numberIn Days - Certificate Lifetime(in Days)
- certificate
Revocation stringStatus - Certificate revocation status - Choices:
ocsp,none - default
Action string - Default action (applies when
modeset tosecurity) - Choices:noIntent,doNotDecrypt,decrypt - ec
Key stringType - EC Key Type - Choices:
P256,P384,P521 - expired
Certificate string - Expired certificate action - Choices:
drop,decrypt - failure
Mode string - Failure mode - Choices:
open,close - minimal
Tls stringVersion - Minimal TLS Version - Choices:
TLSv1.0,TLSv1.1,TLSv1.2 - mode string
- The policy mode - Choices:
security,unified - name string
- The name of the policy definition.
- network
Rules TlsSsl Decryption Policy Definition Network Rule[] - List of network rules (applies when
modeset tosecurity) - rsa
Key stringPair Modulus - RSA key pair modules - Choices:
1024,2048,4096 - ssl
Decryption stringEnabled - SSL decryption enabled
- unknown
Revocation stringStatus - Unknown revocation status action - Choices:
drop,decrypt - unsupported
Cipher stringSuites - Unsupported cipher suites action - Choices:
drop,no-decrypt - unsupported
Protocol stringVersions - Unsupported protocol versions action - Choices:
drop,no-decrypt - untrusted
Certificate string - Untrusted certificate action - Choices:
drop,decrypt - url
Rules TlsSsl Decryption Policy Definition Url Rule[] - List of url rules (applies when
modeset tosecurity) - use
Default booleanCa Cert Bundle - Use default CA certificate bundle
- description str
- The description of the policy definition.
- certificate_
lifetime_ intin_ days - Certificate Lifetime(in Days)
- certificate_
revocation_ strstatus - Certificate revocation status - Choices:
ocsp,none - default_
action str - Default action (applies when
modeset tosecurity) - Choices:noIntent,doNotDecrypt,decrypt - ec_
key_ strtype - EC Key Type - Choices:
P256,P384,P521 - expired_
certificate str - Expired certificate action - Choices:
drop,decrypt - failure_
mode str - Failure mode - Choices:
open,close - minimal_
tls_ strversion - Minimal TLS Version - Choices:
TLSv1.0,TLSv1.1,TLSv1.2 - mode str
- The policy mode - Choices:
security,unified - name str
- The name of the policy definition.
- network_
rules Sequence[TlsSsl Decryption Policy Definition Network Rule Args] - List of network rules (applies when
modeset tosecurity) - rsa_
key_ strpair_ modulus - RSA key pair modules - Choices:
1024,2048,4096 - ssl_
decryption_ strenabled - SSL decryption enabled
- unknown_
revocation_ strstatus - Unknown revocation status action - Choices:
drop,decrypt - unsupported_
cipher_ strsuites - Unsupported cipher suites action - Choices:
drop,no-decrypt - unsupported_
protocol_ strversions - Unsupported protocol versions action - Choices:
drop,no-decrypt - untrusted_
certificate str - Untrusted certificate action - Choices:
drop,decrypt - url_
rules Sequence[TlsSsl Decryption Policy Definition Url Rule Args] - List of url rules (applies when
modeset tosecurity) - use_
default_ boolca_ cert_ bundle - Use default CA certificate bundle
- description String
- The description of the policy definition.
- certificate
Lifetime NumberIn Days - Certificate Lifetime(in Days)
- certificate
Revocation StringStatus - Certificate revocation status - Choices:
ocsp,none - default
Action String - Default action (applies when
modeset tosecurity) - Choices:noIntent,doNotDecrypt,decrypt - ec
Key StringType - EC Key Type - Choices:
P256,P384,P521 - expired
Certificate String - Expired certificate action - Choices:
drop,decrypt - failure
Mode String - Failure mode - Choices:
open,close - minimal
Tls StringVersion - Minimal TLS Version - Choices:
TLSv1.0,TLSv1.1,TLSv1.2 - mode String
- The policy mode - Choices:
security,unified - name String
- The name of the policy definition.
- network
Rules List<Property Map> - List of network rules (applies when
modeset tosecurity) - rsa
Key StringPair Modulus - RSA key pair modules - Choices:
1024,2048,4096 - ssl
Decryption StringEnabled - SSL decryption enabled
- unknown
Revocation StringStatus - Unknown revocation status action - Choices:
drop,decrypt - unsupported
Cipher StringSuites - Unsupported cipher suites action - Choices:
drop,no-decrypt - unsupported
Protocol StringVersions - Unsupported protocol versions action - Choices:
drop,no-decrypt - untrusted
Certificate String - Untrusted certificate action - Choices:
drop,decrypt - url
Rules List<Property Map> - List of url rules (applies when
modeset tosecurity) - use
Default BooleanCa Cert Bundle - Use default CA certificate bundle
Outputs
All input properties are implicitly available as output properties. Additionally, the TlsSslDecryptionPolicyDefinition resource produces the following output properties:
Look up Existing TlsSslDecryptionPolicyDefinition Resource
Get an existing TlsSslDecryptionPolicyDefinition resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: TlsSslDecryptionPolicyDefinitionState, opts?: CustomResourceOptions): TlsSslDecryptionPolicyDefinition@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
certificate_lifetime_in_days: Optional[int] = None,
certificate_revocation_status: Optional[str] = None,
default_action: Optional[str] = None,
description: Optional[str] = None,
ec_key_type: Optional[str] = None,
expired_certificate: Optional[str] = None,
failure_mode: Optional[str] = None,
minimal_tls_version: Optional[str] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
network_rules: Optional[Sequence[TlsSslDecryptionPolicyDefinitionNetworkRuleArgs]] = None,
rsa_key_pair_modulus: Optional[str] = None,
ssl_decryption_enabled: Optional[str] = None,
unknown_revocation_status: Optional[str] = None,
unsupported_cipher_suites: Optional[str] = None,
unsupported_protocol_versions: Optional[str] = None,
untrusted_certificate: Optional[str] = None,
url_rules: Optional[Sequence[TlsSslDecryptionPolicyDefinitionUrlRuleArgs]] = None,
use_default_ca_cert_bundle: Optional[bool] = None,
version: Optional[int] = None) -> TlsSslDecryptionPolicyDefinitionfunc GetTlsSslDecryptionPolicyDefinition(ctx *Context, name string, id IDInput, state *TlsSslDecryptionPolicyDefinitionState, opts ...ResourceOption) (*TlsSslDecryptionPolicyDefinition, error)public static TlsSslDecryptionPolicyDefinition Get(string name, Input<string> id, TlsSslDecryptionPolicyDefinitionState? state, CustomResourceOptions? opts = null)public static TlsSslDecryptionPolicyDefinition get(String name, Output<String> id, TlsSslDecryptionPolicyDefinitionState state, CustomResourceOptions options)resources: _: type: sdwan:TlsSslDecryptionPolicyDefinition get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Certificate
Lifetime intIn Days - Certificate Lifetime(in Days)
- Certificate
Revocation stringStatus - Certificate revocation status - Choices:
ocsp,none - Default
Action string - Default action (applies when
modeset tosecurity) - Choices:noIntent,doNotDecrypt,decrypt - Description string
- The description of the policy definition.
- Ec
Key stringType - EC Key Type - Choices:
P256,P384,P521 - Expired
Certificate string - Expired certificate action - Choices:
drop,decrypt - Failure
Mode string - Failure mode - Choices:
open,close - Minimal
Tls stringVersion - Minimal TLS Version - Choices:
TLSv1.0,TLSv1.1,TLSv1.2 - Mode string
- The policy mode - Choices:
security,unified - Name string
- The name of the policy definition.
- Network
Rules List<TlsSsl Decryption Policy Definition Network Rule> - List of network rules (applies when
modeset tosecurity) - Rsa
Key stringPair Modulus - RSA key pair modules - Choices:
1024,2048,4096 - Ssl
Decryption stringEnabled - SSL decryption enabled
- Unknown
Revocation stringStatus - Unknown revocation status action - Choices:
drop,decrypt - Unsupported
Cipher stringSuites - Unsupported cipher suites action - Choices:
drop,no-decrypt - Unsupported
Protocol stringVersions - Unsupported protocol versions action - Choices:
drop,no-decrypt - Untrusted
Certificate string - Untrusted certificate action - Choices:
drop,decrypt - Url
Rules List<TlsSsl Decryption Policy Definition Url Rule> - List of url rules (applies when
modeset tosecurity) - Use
Default boolCa Cert Bundle - Use default CA certificate bundle
- Version int
- The version of the object
- Certificate
Lifetime intIn Days - Certificate Lifetime(in Days)
- Certificate
Revocation stringStatus - Certificate revocation status - Choices:
ocsp,none - Default
Action string - Default action (applies when
modeset tosecurity) - Choices:noIntent,doNotDecrypt,decrypt - Description string
- The description of the policy definition.
- Ec
Key stringType - EC Key Type - Choices:
P256,P384,P521 - Expired
Certificate string - Expired certificate action - Choices:
drop,decrypt - Failure
Mode string - Failure mode - Choices:
open,close - Minimal
Tls stringVersion - Minimal TLS Version - Choices:
TLSv1.0,TLSv1.1,TLSv1.2 - Mode string
- The policy mode - Choices:
security,unified - Name string
- The name of the policy definition.
- Network
Rules []TlsSsl Decryption Policy Definition Network Rule Args - List of network rules (applies when
modeset tosecurity) - Rsa
Key stringPair Modulus - RSA key pair modules - Choices:
1024,2048,4096 - Ssl
Decryption stringEnabled - SSL decryption enabled
- Unknown
Revocation stringStatus - Unknown revocation status action - Choices:
drop,decrypt - Unsupported
Cipher stringSuites - Unsupported cipher suites action - Choices:
drop,no-decrypt - Unsupported
Protocol stringVersions - Unsupported protocol versions action - Choices:
drop,no-decrypt - Untrusted
Certificate string - Untrusted certificate action - Choices:
drop,decrypt - Url
Rules []TlsSsl Decryption Policy Definition Url Rule Args - List of url rules (applies when
modeset tosecurity) - Use
Default boolCa Cert Bundle - Use default CA certificate bundle
- Version int
- The version of the object
- certificate
Lifetime IntegerIn Days - Certificate Lifetime(in Days)
- certificate
Revocation StringStatus - Certificate revocation status - Choices:
ocsp,none - default
Action String - Default action (applies when
modeset tosecurity) - Choices:noIntent,doNotDecrypt,decrypt - description String
- The description of the policy definition.
- ec
Key StringType - EC Key Type - Choices:
P256,P384,P521 - expired
Certificate String - Expired certificate action - Choices:
drop,decrypt - failure
Mode String - Failure mode - Choices:
open,close - minimal
Tls StringVersion - Minimal TLS Version - Choices:
TLSv1.0,TLSv1.1,TLSv1.2 - mode String
- The policy mode - Choices:
security,unified - name String
- The name of the policy definition.
- network
Rules List<TlsSsl Decryption Policy Definition Network Rule> - List of network rules (applies when
modeset tosecurity) - rsa
Key StringPair Modulus - RSA key pair modules - Choices:
1024,2048,4096 - ssl
Decryption StringEnabled - SSL decryption enabled
- unknown
Revocation StringStatus - Unknown revocation status action - Choices:
drop,decrypt - unsupported
Cipher StringSuites - Unsupported cipher suites action - Choices:
drop,no-decrypt - unsupported
Protocol StringVersions - Unsupported protocol versions action - Choices:
drop,no-decrypt - untrusted
Certificate String - Untrusted certificate action - Choices:
drop,decrypt - url
Rules List<TlsSsl Decryption Policy Definition Url Rule> - List of url rules (applies when
modeset tosecurity) - use
Default BooleanCa Cert Bundle - Use default CA certificate bundle
- version Integer
- The version of the object
- certificate
Lifetime numberIn Days - Certificate Lifetime(in Days)
- certificate
Revocation stringStatus - Certificate revocation status - Choices:
ocsp,none - default
Action string - Default action (applies when
modeset tosecurity) - Choices:noIntent,doNotDecrypt,decrypt - description string
- The description of the policy definition.
- ec
Key stringType - EC Key Type - Choices:
P256,P384,P521 - expired
Certificate string - Expired certificate action - Choices:
drop,decrypt - failure
Mode string - Failure mode - Choices:
open,close - minimal
Tls stringVersion - Minimal TLS Version - Choices:
TLSv1.0,TLSv1.1,TLSv1.2 - mode string
- The policy mode - Choices:
security,unified - name string
- The name of the policy definition.
- network
Rules TlsSsl Decryption Policy Definition Network Rule[] - List of network rules (applies when
modeset tosecurity) - rsa
Key stringPair Modulus - RSA key pair modules - Choices:
1024,2048,4096 - ssl
Decryption stringEnabled - SSL decryption enabled
- unknown
Revocation stringStatus - Unknown revocation status action - Choices:
drop,decrypt - unsupported
Cipher stringSuites - Unsupported cipher suites action - Choices:
drop,no-decrypt - unsupported
Protocol stringVersions - Unsupported protocol versions action - Choices:
drop,no-decrypt - untrusted
Certificate string - Untrusted certificate action - Choices:
drop,decrypt - url
Rules TlsSsl Decryption Policy Definition Url Rule[] - List of url rules (applies when
modeset tosecurity) - use
Default booleanCa Cert Bundle - Use default CA certificate bundle
- version number
- The version of the object
- certificate_
lifetime_ intin_ days - Certificate Lifetime(in Days)
- certificate_
revocation_ strstatus - Certificate revocation status - Choices:
ocsp,none - default_
action str - Default action (applies when
modeset tosecurity) - Choices:noIntent,doNotDecrypt,decrypt - description str
- The description of the policy definition.
- ec_
key_ strtype - EC Key Type - Choices:
P256,P384,P521 - expired_
certificate str - Expired certificate action - Choices:
drop,decrypt - failure_
mode str - Failure mode - Choices:
open,close - minimal_
tls_ strversion - Minimal TLS Version - Choices:
TLSv1.0,TLSv1.1,TLSv1.2 - mode str
- The policy mode - Choices:
security,unified - name str
- The name of the policy definition.
- network_
rules Sequence[TlsSsl Decryption Policy Definition Network Rule Args] - List of network rules (applies when
modeset tosecurity) - rsa_
key_ strpair_ modulus - RSA key pair modules - Choices:
1024,2048,4096 - ssl_
decryption_ strenabled - SSL decryption enabled
- unknown_
revocation_ strstatus - Unknown revocation status action - Choices:
drop,decrypt - unsupported_
cipher_ strsuites - Unsupported cipher suites action - Choices:
drop,no-decrypt - unsupported_
protocol_ strversions - Unsupported protocol versions action - Choices:
drop,no-decrypt - untrusted_
certificate str - Untrusted certificate action - Choices:
drop,decrypt - url_
rules Sequence[TlsSsl Decryption Policy Definition Url Rule Args] - List of url rules (applies when
modeset tosecurity) - use_
default_ boolca_ cert_ bundle - Use default CA certificate bundle
- version int
- The version of the object
- certificate
Lifetime NumberIn Days - Certificate Lifetime(in Days)
- certificate
Revocation StringStatus - Certificate revocation status - Choices:
ocsp,none - default
Action String - Default action (applies when
modeset tosecurity) - Choices:noIntent,doNotDecrypt,decrypt - description String
- The description of the policy definition.
- ec
Key StringType - EC Key Type - Choices:
P256,P384,P521 - expired
Certificate String - Expired certificate action - Choices:
drop,decrypt - failure
Mode String - Failure mode - Choices:
open,close - minimal
Tls StringVersion - Minimal TLS Version - Choices:
TLSv1.0,TLSv1.1,TLSv1.2 - mode String
- The policy mode - Choices:
security,unified - name String
- The name of the policy definition.
- network
Rules List<Property Map> - List of network rules (applies when
modeset tosecurity) - rsa
Key StringPair Modulus - RSA key pair modules - Choices:
1024,2048,4096 - ssl
Decryption StringEnabled - SSL decryption enabled
- unknown
Revocation StringStatus - Unknown revocation status action - Choices:
drop,decrypt - unsupported
Cipher StringSuites - Unsupported cipher suites action - Choices:
drop,no-decrypt - unsupported
Protocol StringVersions - Unsupported protocol versions action - Choices:
drop,no-decrypt - untrusted
Certificate String - Untrusted certificate action - Choices:
drop,decrypt - url
Rules List<Property Map> - List of url rules (applies when
modeset tosecurity) - use
Default BooleanCa Cert Bundle - Use default CA certificate bundle
- version Number
- The version of the object
Supporting Types
TlsSslDecryptionPolicyDefinitionNetworkRule, TlsSslDecryptionPolicyDefinitionNetworkRuleArgs
- Base
Action string - Rule base action
- Choices:
noIntent,doNotDecrypt,decrypt
- Choices:
- Rule
Id int - Rule ID
- Rule
Name string - Rule name
- Rule
Type string - Rule type
- Source
And List<TlsDestination Configurations Ssl Decryption Policy Definition Network Rule Source And Destination Configuration> - List of network source / destination configuration
- Base
Action string - Rule base action
- Choices:
noIntent,doNotDecrypt,decrypt
- Choices:
- Rule
Id int - Rule ID
- Rule
Name string - Rule name
- Rule
Type string - Rule type
- Source
And []TlsDestination Configurations Ssl Decryption Policy Definition Network Rule Source And Destination Configuration - List of network source / destination configuration
- base
Action String - Rule base action
- Choices:
noIntent,doNotDecrypt,decrypt
- Choices:
- rule
Id Integer - Rule ID
- rule
Name String - Rule name
- rule
Type String - Rule type
- source
And List<TlsDestination Configurations Ssl Decryption Policy Definition Network Rule Source And Destination Configuration> - List of network source / destination configuration
- base
Action string - Rule base action
- Choices:
noIntent,doNotDecrypt,decrypt
- Choices:
- rule
Id number - Rule ID
- rule
Name string - Rule name
- rule
Type string - Rule type
- source
And TlsDestination Configurations Ssl Decryption Policy Definition Network Rule Source And Destination Configuration[] - List of network source / destination configuration
- base_
action str - Rule base action
- Choices:
noIntent,doNotDecrypt,decrypt
- Choices:
- rule_
id int - Rule ID
- rule_
name str - Rule name
- rule_
type str - Rule type
- source_
and_ Sequence[Tlsdestination_ configurations Ssl Decryption Policy Definition Network Rule Source And Destination Configuration] - List of network source / destination configuration
- base
Action String - Rule base action
- Choices:
noIntent,doNotDecrypt,decrypt
- Choices:
- rule
Id Number - Rule ID
- rule
Name String - Rule name
- rule
Type String - Rule type
- source
And List<Property Map>Destination Configurations - List of network source / destination configuration
TlsSslDecryptionPolicyDefinitionNetworkRuleSourceAndDestinationConfiguration, TlsSslDecryptionPolicyDefinitionNetworkRuleSourceAndDestinationConfigurationArgs
TlsSslDecryptionPolicyDefinitionUrlRule, TlsSslDecryptionPolicyDefinitionUrlRuleArgs
- Rule
Name string - Country
- Target
Vpns List<string> - List of VPN IDs
- Tls
Ssl stringProfile Policy Id - TLS SSL Profile Policy ID
- Tls
Ssl intProfile Version - TLS SSL Profile Policy version
- Rule
Name string - Country
- Target
Vpns []string - List of VPN IDs
- Tls
Ssl stringProfile Policy Id - TLS SSL Profile Policy ID
- Tls
Ssl intProfile Version - TLS SSL Profile Policy version
- rule
Name String - Country
- target
Vpns List<String> - List of VPN IDs
- tls
Ssl StringProfile Policy Id - TLS SSL Profile Policy ID
- tls
Ssl IntegerProfile Version - TLS SSL Profile Policy version
- rule
Name string - Country
- target
Vpns string[] - List of VPN IDs
- tls
Ssl stringProfile Policy Id - TLS SSL Profile Policy ID
- tls
Ssl numberProfile Version - TLS SSL Profile Policy version
- rule_
name str - Country
- target_
vpns Sequence[str] - List of VPN IDs
- tls_
ssl_ strprofile_ policy_ id - TLS SSL Profile Policy ID
- tls_
ssl_ intprofile_ version - TLS SSL Profile Policy version
- rule
Name String - Country
- target
Vpns List<String> - List of VPN IDs
- tls
Ssl StringProfile Policy Id - TLS SSL Profile Policy ID
- tls
Ssl NumberProfile Version - TLS SSL Profile Policy version
Import
$ pulumi import sdwan:index/tlsSslDecryptionPolicyDefinition:TlsSslDecryptionPolicyDefinition example "f6b2c44c-693c-4763-b010-895aa3d236bd"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- sdwan pulumi/pulumi-sdwan
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
sdwanTerraform Provider.