oracle / oracle.oci / 4.21.0 / module / oci_network_firewall_policy Manage a NetworkFirewallPolicy resource in Oracle Cloud Infrastructure | "added in version" 2.9.0 of oracle.oci" Authors: Oracle (@oracle) preview | supported by communityoracle.oci.oci_network_firewall_policy (4.21.0) — module
Install with ansible-galaxy collection install oracle.oci:==4.21.0
collections: - name: oracle.oci version: 4.21.0
This module allows the user to create, update and delete a NetworkFirewallPolicy resource in Oracle Cloud Infrastructure
For I(state=present), creates a new Network Firewall Policy.
This resource has the following action operations in the M(oracle.oci.oci_network_firewall_policy_actions) module: change_compartment.
- name: Create network_firewall_policy oci_network_firewall_policy: # required compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx" # optional display_name: display_name_example mapped_secrets: # required source: OCI_VAULT type: SSL_INBOUND_INSPECTION vault_secret_id: "ocid1.vaultsecret.oc1..xxxxxxEXAMPLExxxxxx" version_number: 56 application_lists: null url_lists: null ip_address_lists: null security_rules: - # required name: name_example condition: # optional sources: [ "sources_example" ] destinations: [ "destinations_example" ] applications: [ "applications_example" ] urls: [ "urls_example" ] action: ALLOW - # optional inspection: INTRUSION_DETECTION decryption_rules: - # required name: name_example condition: # optional sources: [ "sources_example" ] destinations: [ "destinations_example" ] action: NO_DECRYPT - # optional decryption_profile: decryption_profile_example secret: secret_example decryption_profiles: # required type: SSL_INBOUND_INSPECTION is_unsupported_version_blocked: true is_unsupported_cipher_blocked: true is_out_of_capacity_blocked: true freeform_tags: {'Department': 'Finance'} defined_tags: {'Operations': {'CostCenter': 'US'}}
- name: Update network_firewall_policy oci_network_firewall_policy: # required network_firewall_policy_id: "ocid1.networkfirewallpolicy.oc1..xxxxxxEXAMPLExxxxxx" # optional display_name: display_name_example mapped_secrets: # required source: OCI_VAULT type: SSL_INBOUND_INSPECTION vault_secret_id: "ocid1.vaultsecret.oc1..xxxxxxEXAMPLExxxxxx" version_number: 56 application_lists: null url_lists: null ip_address_lists: null security_rules: - # required name: name_example condition: # optional sources: [ "sources_example" ] destinations: [ "destinations_example" ] applications: [ "applications_example" ] urls: [ "urls_example" ] action: ALLOW - # optional inspection: INTRUSION_DETECTION decryption_rules: - # required name: name_example condition: # optional sources: [ "sources_example" ] destinations: [ "destinations_example" ] action: NO_DECRYPT - # optional decryption_profile: decryption_profile_example secret: secret_example decryption_profiles: # required type: SSL_INBOUND_INSPECTION is_unsupported_version_blocked: true is_unsupported_cipher_blocked: true is_out_of_capacity_blocked: true freeform_tags: {'Department': 'Finance'} defined_tags: {'Operations': {'CostCenter': 'US'}}
- name: Update network_firewall_policy using name (when environment variable OCI_USE_NAME_AS_IDENTIFIER is set) oci_network_firewall_policy: # required compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx" display_name: display_name_example # optional mapped_secrets: # required source: OCI_VAULT type: SSL_INBOUND_INSPECTION vault_secret_id: "ocid1.vaultsecret.oc1..xxxxxxEXAMPLExxxxxx" version_number: 56 application_lists: null url_lists: null ip_address_lists: null security_rules: - # required name: name_example condition: # optional sources: [ "sources_example" ] destinations: [ "destinations_example" ] applications: [ "applications_example" ] urls: [ "urls_example" ] action: ALLOW - # optional inspection: INTRUSION_DETECTION decryption_rules: - # required name: name_example condition: # optional sources: [ "sources_example" ] destinations: [ "destinations_example" ] action: NO_DECRYPT - # optional decryption_profile: decryption_profile_example secret: secret_example decryption_profiles: # required type: SSL_INBOUND_INSPECTION is_unsupported_version_blocked: true is_unsupported_cipher_blocked: true is_out_of_capacity_blocked: true freeform_tags: {'Department': 'Finance'} defined_tags: {'Operations': {'CostCenter': 'US'}}
- name: Delete network_firewall_policy oci_network_firewall_policy: # required network_firewall_policy_id: "ocid1.networkfirewallpolicy.oc1..xxxxxxEXAMPLExxxxxx" state: absent
- name: Delete network_firewall_policy using name (when environment variable OCI_USE_NAME_AS_IDENTIFIER is set) oci_network_firewall_policy: # required compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx" display_name: display_name_example state: absent
wait: default: true description: Whether to wait for create or delete operation to complete. type: bool state: choices: - present - absent default: present description: - The state of the NetworkFirewallPolicy. - Use I(state=present) to create or update a NetworkFirewallPolicy. - Use I(state=absent) to delete a NetworkFirewallPolicy. required: false type: str key_by: description: The list of attributes of this resource which should be used to uniquely identify an instance of the resource. By default, all the attributes of a resource are used to uniquely identify a resource. elements: str type: list region: description: - The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See C(config_file_location)). Please refer to U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm) for more information on OCI regions. type: str tenancy: description: - OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See C(config_file_location)). To get the tenancy OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm) type: str api_user: description: - The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See C(config_file_location)). To get the user's OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). type: str auth_type: choices: - api_key - instance_principal - instance_obo_user - resource_principal default: api_key description: - The type of authentication to use for making API requests. By default C(auth_type="api_key") based authentication is performed and the API key (see I(api_user_key_file)) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use C(auth_type="instance_principal") to use instance principal based authentication when running ansible playbooks within an OCI compute instance. type: str url_lists: description: - Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced. - This parameter is updatable. type: dict cert_bundle: description: - The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used. type: str auth_purpose: choices: - service_principal description: - The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None. type: str defined_tags: description: - 'Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: `{"foo-namespace": {"bar-key": "value"}}`' - This parameter is updatable. type: dict display_name: aliases: - name description: - A user-friendly optional name for the firewall policy. Avoid entering confidential information. - Required for create, update, delete when environment variable C(OCI_USE_NAME_AS_IDENTIFIER) is set. - This parameter is updatable when C(OCI_USE_NAME_AS_IDENTIFIER) is not set. type: str force_create: default: false description: Whether to attempt non-idempotent creation of a resource. By default, create resource is an idempotent operation, and doesn't create the resource if it already exists. Setting this option to true, forcefully creates a copy of the resource, even if it already exists.This option is mutually exclusive with I(key_by). type: bool wait_timeout: description: Time, in seconds, to wait when I(wait=yes). Defaults to 1200 for most of the services but some services might have a longer wait timeout. type: int freeform_tags: description: - 'Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: `{"bar-key": "value"}`' - This parameter is updatable. type: dict compartment_id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment containing the NetworkFirewall Policy. - Required for create using I(state=present). - Required for update when environment variable C(OCI_USE_NAME_AS_IDENTIFIER) is set. - Required for delete when environment variable C(OCI_USE_NAME_AS_IDENTIFIER) is set. type: str mapped_secrets: description: - Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced. - This parameter is updatable. suboptions: source: choices: - OCI_VAULT description: - Source of the secrets, where the secrets are stored. required: true type: str type: choices: - SSL_INBOUND_INSPECTION - SSL_FORWARD_PROXY description: - Type of the secrets mapped based on the policy. - '* `SSL_INBOUND_INSPECTION`: For Inbound inspection of SSL traffic. * `SSL_FORWARD_PROXY`: For forward proxy certificates for SSL inspection.' required: true type: str vault_secret_id: description: - OCID for the Vault Secret to be used. required: true type: str version_number: description: - Version number of the secret to be used. required: true type: int type: dict security_rules: description: - List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic. - This parameter is updatable. elements: dict suboptions: action: choices: - ALLOW - DROP - REJECT - INSPECT description: - Types of Action on the Traffic flow. - ' * ALLOW - Allows the traffic. * DROP - Silently drops the traffic, e.g. without sending a TCP reset. * REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable. * INSPECT - Inspects traffic for vulnerability as specified in `inspection`, which may result in rejection.' required: true type: str condition: description: - '' required: true suboptions: applications: description: - An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters. elements: str type: list destinations: description: - An array of IP address list names to be evaluated against the traffic destination address. elements: str type: list sources: description: - An array of IP address list names to be evaluated against the traffic source address. elements: str type: list urls: description: - An array of URL pattern list names to be evaluated against the HTTP(S) request target. elements: str type: list type: dict inspection: choices: - INTRUSION_DETECTION - INTRUSION_PREVENTION description: - Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT. - ' * INTRUSION_DETECTION - Intrusion Detection. * INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in `type`.' type: str name: description: - Name for the Security rule, must be unique within the policy. required: true type: str type: list decryption_rules: description: - List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic. - This parameter is updatable. elements: dict suboptions: action: choices: - NO_DECRYPT - DECRYPT description: - 'Action:' - '* NO_DECRYPT - Matching traffic is not decrypted. * DECRYPT - Matching traffic is decrypted with the specified `secret` according to the specified `decryptionProfile`.' required: true type: str condition: description: - '' required: true suboptions: destinations: description: - An array of IP address list names to be evaluated against the traffic destination address. elements: str type: list sources: description: - An array of IP address list names to be evaluated against the traffic source address. elements: str type: list type: dict decryption_profile: description: - The name of the decryption profile to use. type: str name: description: - Name for the decryption rule, must be unique within the policy. required: true type: str secret: description: - The name of a mapped secret. Its `type` must match that of the specified decryption profile. type: str type: list ip_address_lists: description: - Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced. - This parameter is updatable. type: dict api_user_key_file: description: - Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See C(config_file_location)). If the key is encrypted with a pass-phrase, the C(api_user_key_pass_phrase) option must also be provided. type: str application_lists: description: - Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced. - This parameter is updatable. type: dict config_profile_name: description: - The profile to load from the config file referenced by C(config_file_location). If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in C(config_file_location). type: str decryption_profiles: description: - Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced. - This parameter is updatable. suboptions: are_certificate_extensions_restricted: description: - Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage. - Required when type is 'SSL_FORWARD_PROXY' type: bool is_auto_include_alt_name: description: - Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN. - Required when type is 'SSL_FORWARD_PROXY' type: bool is_expired_certificate_blocked: description: - Whether to block sessions if server's certificate is expired. - Required when type is 'SSL_FORWARD_PROXY' type: bool is_out_of_capacity_blocked: description: - Whether to block sessions if the firewall is temporarily unable to decrypt their traffic. required: true type: bool is_revocation_status_timeout_blocked: description: - Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds). - Required when type is 'SSL_FORWARD_PROXY' type: bool is_unknown_revocation_status_blocked: description: - Whether to block sessions if the revocation status check for server's certificate results in "unknown". - Required when type is 'SSL_FORWARD_PROXY' type: bool is_unsupported_cipher_blocked: description: - Whether to block sessions if SSL cipher suite is not supported. required: true type: bool is_unsupported_version_blocked: description: - Whether to block sessions if SSL version is not supported. required: true type: bool is_untrusted_issuer_blocked: description: - Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA). - Required when type is 'SSL_FORWARD_PROXY' type: bool type: choices: - SSL_INBOUND_INSPECTION - SSL_FORWARD_PROXY description: - Describes the type of Decryption Profile SslForwardProxy or SslInboundInspection. required: true type: str type: dict api_user_fingerprint: description: - Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See C(config_file_location)). To get the key pair's fingerprint value please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). type: str config_file_location: description: - Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config. type: str api_user_key_pass_phrase: description: - Passphrase used by the key referenced in C(api_user_key_file), if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See C(config_file_location)). type: str network_firewall_policy_id: aliases: - id description: - Unique Network Firewall Policy identifier - Required for update using I(state=present) when environment variable C(OCI_USE_NAME_AS_IDENTIFIER) is not set. - Required for delete using I(state=absent) when environment variable C(OCI_USE_NAME_AS_IDENTIFIER) is not set. type: str realm_specific_endpoint_template_enabled: description: - Enable/Disable realm specific endpoint template for service client. By Default, realm specific endpoint template is disabled. If not set, then the value of the OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED variable, if any, is used. type: bool
network_firewall_policy: contains: application_lists: description: - Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol- specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced. returned: on success sample: {} type: dict compartment_id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment containing the NetworkFirewall Policy. returned: on success sample: ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx type: str decryption_profiles: contains: are_certificate_extensions_restricted: description: - Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage. returned: on success sample: true type: bool is_auto_include_alt_name: description: - Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN. returned: on success sample: true type: bool is_expired_certificate_blocked: description: - Whether to block sessions if server's certificate is expired. returned: on success sample: true type: bool is_out_of_capacity_blocked: description: - Whether to block sessions if the firewall is temporarily unable to decrypt their traffic. returned: on success sample: true type: bool is_revocation_status_timeout_blocked: description: - Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds). returned: on success sample: true type: bool is_unknown_revocation_status_blocked: description: - Whether to block sessions if the revocation status check for server's certificate results in "unknown". returned: on success sample: true type: bool is_unsupported_cipher_blocked: description: - Whether to block sessions if SSL cipher suite is not supported. returned: on success sample: true type: bool is_unsupported_version_blocked: description: - Whether to block sessions if SSL version is not supported. returned: on success sample: true type: bool is_untrusted_issuer_blocked: description: - Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA). returned: on success sample: true type: bool type: description: - Describes the type of Decryption Profile SslForwardProxy or SslInboundInspection. returned: on success sample: SSL_INBOUND_INSPECTION type: str description: - Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced. returned: on success type: complex decryption_rules: contains: action: description: - 'Action:' - '* NO_DECRYPT - Matching traffic is not decrypted. * DECRYPT - Matching traffic is decrypted with the specified `secret` according to the specified `decryptionProfile`.' returned: on success sample: NO_DECRYPT type: str condition: contains: destinations: description: - An array of IP address list names to be evaluated against the traffic destination address. returned: on success sample: [] type: list sources: description: - An array of IP address list names to be evaluated against the traffic source address. returned: on success sample: [] type: list description: - '' returned: on success type: complex decryption_profile: description: - The name of the decryption profile to use. returned: on success sample: decryption_profile_example type: str name: description: - Name for the decryption rule, must be unique within the policy. returned: on success sample: name_example type: str secret: description: - The name of a mapped secret. Its `type` must match that of the specified decryption profile. returned: on success sample: secret_example type: str description: - List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic. returned: on success type: complex defined_tags: description: - 'Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: `{"foo-namespace": {"bar-key": "value"}}`' returned: on success sample: Operations: CostCenter: US type: dict display_name: description: - A user-friendly optional name for the firewall policy. Avoid entering confidential information. returned: on success sample: display_name_example type: str freeform_tags: description: - 'Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: `{"bar-key": "value"}`' returned: on success sample: Department: Finance type: dict id: description: - The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the resource - Network Firewall Policy. returned: on success sample: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx type: str ip_address_lists: description: - Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced. returned: on success sample: {} type: dict is_firewall_attached: description: - To determine if any Network Firewall is associated with this Network Firewall Policy. returned: on success sample: true type: bool lifecycle_details: description: - A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state. returned: on success sample: lifecycle_details_example type: str lifecycle_state: description: - The current state of the Network Firewall Policy. returned: on success sample: CREATING type: str mapped_secrets: contains: source: description: - Source of the secrets, where the secrets are stored. returned: on success sample: OCI_VAULT type: str type: description: - Type of the secrets mapped based on the policy. - '* `SSL_INBOUND_INSPECTION`: For Inbound inspection of SSL traffic. * `SSL_FORWARD_PROXY`: For forward proxy certificates for SSL inspection.' returned: on success sample: SSL_INBOUND_INSPECTION type: str vault_secret_id: description: - OCID for the Vault Secret to be used. returned: on success sample: ocid1.vaultsecret.oc1..xxxxxxEXAMPLExxxxxx type: str version_number: description: - Version number of the secret to be used. returned: on success sample: 56 type: int description: - Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced. returned: on success type: complex security_rules: contains: action: description: - Types of Action on the Traffic flow. - ' * ALLOW - Allows the traffic. * DROP - Silently drops the traffic, e.g. without sending a TCP reset. * REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable. * INSPECT - Inspects traffic for vulnerability as specified in `inspection`, which may result in rejection.' returned: on success sample: ALLOW type: str condition: contains: applications: description: - An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters. returned: on success sample: [] type: list destinations: description: - An array of IP address list names to be evaluated against the traffic destination address. returned: on success sample: [] type: list sources: description: - An array of IP address list names to be evaluated against the traffic source address. returned: on success sample: [] type: list urls: description: - An array of URL pattern list names to be evaluated against the HTTP(S) request target. returned: on success sample: [] type: list description: - '' returned: on success type: complex inspection: description: - Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT. - ' * INTRUSION_DETECTION - Intrusion Detection. * INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in `type`.' returned: on success sample: INTRUSION_DETECTION type: str name: description: - Name for the Security rule, must be unique within the policy. returned: on success sample: name_example type: str description: - List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic. returned: on success type: complex system_tags: description: - 'Usage of system tag keys. These predefined keys are scoped to namespaces. Example: `{"orcl-cloud": {"free-tier-retained": "true"}}`' returned: on success sample: {} type: dict time_created: description: - 'The time instant at which the Network Firewall Policy was created in the format defined by L(RFC3339,https://tools.ietf.org/html/rfc3339). Example: `2016-08-25T21:10:29.600Z`' returned: on success sample: '2013-10-20T19:20:30+01:00' type: str time_updated: description: - 'The time instant at which the Network Firewall Policy was updated in the format defined by L(RFC3339,https://tools.ietf.org/html/rfc3339). Example: `2016-08-25T21:10:29.600Z`' returned: on success sample: '2013-10-20T19:20:30+01:00' type: str url_lists: description: - Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced. returned: on success sample: {} type: dict description: - Details of the NetworkFirewallPolicy resource acted upon by the current operation returned: on success sample: application_lists: {} compartment_id: ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx decryption_profiles: are_certificate_extensions_restricted: true is_auto_include_alt_name: true is_expired_certificate_blocked: true is_out_of_capacity_blocked: true is_revocation_status_timeout_blocked: true is_unknown_revocation_status_blocked: true is_unsupported_cipher_blocked: true is_unsupported_version_blocked: true is_untrusted_issuer_blocked: true type: SSL_INBOUND_INSPECTION decryption_rules: - action: NO_DECRYPT condition: destinations: [] sources: [] decryption_profile: decryption_profile_example name: name_example secret: secret_example defined_tags: Operations: CostCenter: US display_name: display_name_example freeform_tags: Department: Finance id: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx ip_address_lists: {} is_firewall_attached: true lifecycle_details: lifecycle_details_example lifecycle_state: CREATING mapped_secrets: source: OCI_VAULT type: SSL_INBOUND_INSPECTION vault_secret_id: ocid1.vaultsecret.oc1..xxxxxxEXAMPLExxxxxx version_number: 56 security_rules: - action: ALLOW condition: applications: [] destinations: [] sources: [] urls: [] inspection: INTRUSION_DETECTION name: name_example system_tags: {} time_created: '2013-10-20T19:20:30+01:00' time_updated: '2013-10-20T19:20:30+01:00' url_lists: {} type: complex