I want to attach a rate-based throttling rule to a security policy, all via Pulumi, in Google Cloud Armor, on Google Cloud Platform.
I am facing an error:
Diagnostics:
gcp:compute:SecurityPolicy (ddos-layer7-defense-policy):
error: gcp:compute/securityPolicy:SecurityPolicy resource 'ddos-layer7-defense-policy' has a problem: Attribute must be a list. Examine values at 'ddos-layer7-defense-policy.rules'.
In my code, I am providing a list of one variable. That variable is of type gcp.compute.SecurityPolicyRuleArgs. Yet, I face an issue of not providing coherent type input.
Definition of the rule:
rate_based_throttling_rule = gcp.compute.SecurityPolicyRuleArgs(
action="throttle",
match=gcp.compute.SecurityPolicyRuleMatchArgs(
config=gcp.compute.SecurityPolicyRuleMatchConfigArgs(
src_ip_ranges='*'
)
),
priority=110,
description='Rate based throttling for security policies. Currently, in preview mode.',
preview=True,
rate_limit_options=gcp.compute.SecurityPolicyRuleRateLimitOptionsArgs(
conform_action="allow",
exceed_action="deny(429)",
rate_limit_threshold=gcp.compute.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs(
count=100,
interval_sec=60
)
)
)
Definition of the policy:
ddos_layer7_defense_policy_name = "ddos-layer7-defense-policy"
layer7_ddos_defense_config_var = gcp.compute.SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigArgs(
enable=True
)
adaptive_protection_args_var = gcp.compute.SecurityPolicyAdaptiveProtectionConfigArgs(
layer7_ddos_defense_config=layer7_ddos_defense_config_var
)
ddos_layer7_defense_policy = gcp.compute.SecurityPolicy(
ddos_layer7_defense_policy_name,
project=gcp_project,
description="Policy for enabling DDoS defence on L7",
name="{}-{}".format(ddos_layer7_defense_policy_name, gcp_subdomain),
adaptive_protection_config=adaptive_protection_args_var,
rules=[rate_based_throttling_rule]
)
The documentation for the rules parameter in SecurityPolicy is:
rules: Input[Sequence[Input[InputType[SecurityPolicyRuleArgs]]]] | None = None,