Strata Cloud Manager v0.4.3 published on Saturday, Nov 8, 2025 by Pulumi
scm.getDecryptionRule
Strata Cloud Manager v0.4.3 published on Saturday, Nov 8, 2025 by Pulumi
DecryptionRule data source
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as scm from "@pulumi/scm";
// 1. RESOURCE: Create a rule to ensure a predictable target for lookups
const testDecryptionRule = new scm.DecryptionRule("test_decryption_rule", {
name: "data-source-test-rule",
description: "Rule created specifically for data source testing.",
folder: "All",
position: "pre",
action: "decrypt",
froms: ["trust"],
tos: ["untrust"],
sources: ["any"],
destinations: ["any"],
services: ["service-https"],
categories: ["high-risk"],
sourceUsers: ["any"],
type: {
sslForwardProxy: {},
},
});
// We use the ID from the resource created above.
const singleRuleById = scm.getDecryptionRuleOutput({
id: testDecryptionRule.id,
});
export const singleDecryptionRuleName = singleRuleById;
import pulumi
import pulumi_scm as scm
# 1. RESOURCE: Create a rule to ensure a predictable target for lookups
test_decryption_rule = scm.DecryptionRule("test_decryption_rule",
name="data-source-test-rule",
description="Rule created specifically for data source testing.",
folder="All",
position="pre",
action="decrypt",
froms=["trust"],
tos=["untrust"],
sources=["any"],
destinations=["any"],
services=["service-https"],
categories=["high-risk"],
source_users=["any"],
type={
"ssl_forward_proxy": {},
})
# We use the ID from the resource created above.
single_rule_by_id = scm.get_decryption_rule_output(id=test_decryption_rule.id)
pulumi.export("singleDecryptionRuleName", single_rule_by_id)
package main
import (
"github.com/pulumi/pulumi-scm/sdk/go/scm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// 1. RESOURCE: Create a rule to ensure a predictable target for lookups
testDecryptionRule, err := scm.NewDecryptionRule(ctx, "test_decryption_rule", &scm.DecryptionRuleArgs{
Name: pulumi.String("data-source-test-rule"),
Description: pulumi.String("Rule created specifically for data source testing."),
Folder: pulumi.String("All"),
Position: pulumi.String("pre"),
Action: pulumi.String("decrypt"),
Froms: pulumi.StringArray{
pulumi.String("trust"),
},
Tos: pulumi.StringArray{
pulumi.String("untrust"),
},
Sources: pulumi.StringArray{
pulumi.String("any"),
},
Destinations: pulumi.StringArray{
pulumi.String("any"),
},
Services: pulumi.StringArray{
pulumi.String("service-https"),
},
Categories: pulumi.StringArray{
pulumi.String("high-risk"),
},
SourceUsers: pulumi.StringArray{
pulumi.String("any"),
},
Type: &scm.DecryptionRuleTypeArgs{
SslForwardProxy: &scm.DecryptionRuleTypeSslForwardProxyArgs{},
},
})
if err != nil {
return err
}
// We use the ID from the resource created above.
singleRuleById := scm.LookupDecryptionRuleOutput(ctx, scm.GetDecryptionRuleOutputArgs{
Id: testDecryptionRule.ID(),
}, nil)
ctx.Export("singleDecryptionRuleName", singleRuleById)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Scm = Pulumi.Scm;
return await Deployment.RunAsync(() =>
{
// 1. RESOURCE: Create a rule to ensure a predictable target for lookups
var testDecryptionRule = new Scm.DecryptionRule("test_decryption_rule", new()
{
Name = "data-source-test-rule",
Description = "Rule created specifically for data source testing.",
Folder = "All",
Position = "pre",
Action = "decrypt",
Froms = new[]
{
"trust",
},
Tos = new[]
{
"untrust",
},
Sources = new[]
{
"any",
},
Destinations = new[]
{
"any",
},
Services = new[]
{
"service-https",
},
Categories = new[]
{
"high-risk",
},
SourceUsers = new[]
{
"any",
},
Type = new Scm.Inputs.DecryptionRuleTypeArgs
{
SslForwardProxy = null,
},
});
// We use the ID from the resource created above.
var singleRuleById = Scm.GetDecryptionRule.Invoke(new()
{
Id = testDecryptionRule.Id,
});
return new Dictionary<string, object?>
{
["singleDecryptionRuleName"] = singleRuleById,
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.scm.DecryptionRule;
import com.pulumi.scm.DecryptionRuleArgs;
import com.pulumi.scm.inputs.DecryptionRuleTypeArgs;
import com.pulumi.scm.inputs.DecryptionRuleTypeSslForwardProxyArgs;
import com.pulumi.scm.ScmFunctions;
import com.pulumi.scm.inputs.GetDecryptionRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// 1. RESOURCE: Create a rule to ensure a predictable target for lookups
var testDecryptionRule = new DecryptionRule("testDecryptionRule", DecryptionRuleArgs.builder()
.name("data-source-test-rule")
.description("Rule created specifically for data source testing.")
.folder("All")
.position("pre")
.action("decrypt")
.froms("trust")
.tos("untrust")
.sources("any")
.destinations("any")
.services("service-https")
.categories("high-risk")
.sourceUsers("any")
.type(DecryptionRuleTypeArgs.builder()
.sslForwardProxy(DecryptionRuleTypeSslForwardProxyArgs.builder()
.build())
.build())
.build());
// We use the ID from the resource created above.
final var singleRuleById = ScmFunctions.getDecryptionRule(GetDecryptionRuleArgs.builder()
.id(testDecryptionRule.id())
.build());
ctx.export("singleDecryptionRuleName", singleRuleById);
}
}
resources:
# 1. RESOURCE: Create a rule to ensure a predictable target for lookups
testDecryptionRule:
type: scm:DecryptionRule
name: test_decryption_rule
properties:
name: data-source-test-rule
description: Rule created specifically for data source testing.
folder: All
position: pre
action: decrypt
froms:
- trust
tos:
- untrust
sources:
- any
destinations:
- any
services:
- service-https
categories:
- high-risk
sourceUsers:
- any
type:
sslForwardProxy: {}
variables:
# We use the ID from the resource created above.
singleRuleById:
fn::invoke:
function: scm:getDecryptionRule
arguments:
id: ${testDecryptionRule.id}
outputs:
singleDecryptionRuleName: ${singleRuleById}
Using getDecryptionRule
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getDecryptionRule(args: GetDecryptionRuleArgs, opts?: InvokeOptions): Promise<GetDecryptionRuleResult>
function getDecryptionRuleOutput(args: GetDecryptionRuleOutputArgs, opts?: InvokeOptions): Output<GetDecryptionRuleResult>def get_decryption_rule(id: Optional[str] = None,
name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetDecryptionRuleResult
def get_decryption_rule_output(id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetDecryptionRuleResult]func LookupDecryptionRule(ctx *Context, args *LookupDecryptionRuleArgs, opts ...InvokeOption) (*LookupDecryptionRuleResult, error)
func LookupDecryptionRuleOutput(ctx *Context, args *LookupDecryptionRuleOutputArgs, opts ...InvokeOption) LookupDecryptionRuleResultOutput> Note: This function is named LookupDecryptionRule in the Go SDK.
public static class GetDecryptionRule
{
public static Task<GetDecryptionRuleResult> InvokeAsync(GetDecryptionRuleArgs args, InvokeOptions? opts = null)
public static Output<GetDecryptionRuleResult> Invoke(GetDecryptionRuleInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetDecryptionRuleResult> getDecryptionRule(GetDecryptionRuleArgs args, InvokeOptions options)
public static Output<GetDecryptionRuleResult> getDecryptionRule(GetDecryptionRuleArgs args, InvokeOptions options)
fn::invoke:
function: scm:index/getDecryptionRule:getDecryptionRule
arguments:
# arguments dictionaryThe following arguments are supported:
getDecryptionRule Result
The following output properties are available:
- Action string
- The action to be taken
- Categories List<string>
- The destination URL category
- Description string
- The description of the decryption rule
- Destination
Hips List<string> - The Host Integrity Profile of the destination host
- Destinations List<string>
- The destination addresses
- Device string
- The device in which the resource is defined
- Disabled bool
- Is the rule disabled?
- Folder string
- The folder in which the resource is defined
- Froms List<string>
- The source security zone
- Id string
- The UUID of the decryption rule
- Log
Fail bool - Log failed decryption events?
- Log
Setting string - The log settings of the decryption rule
- Log
Success bool - Log successful decryption events?
- Name string
- The name of the decryption rule
- Negate
Destination bool - Negate the destination addresses?
- Negate
Source bool - Negate the source addresses?
- Position string
- The position of a security rule
- Profile string
- The decryption profile associated with the decryption rule
- Relative
Position string - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - Services List<string>
- The destination services and/or service groups
- Snippet string
- The snippet in which the resource is defined
- Source
Hips List<string> - Source hip
- Source
Users List<string> - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - Sources List<string>
- The source addresses
- List<string>
- The tags associated with the decryption rule
- Target
Rule string - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - Tfid string
- Tos List<string>
- The destination security zone
- Type
Get
Decryption Rule Type - The type of decryption
- Action string
- The action to be taken
- Categories []string
- The destination URL category
- Description string
- The description of the decryption rule
- Destination
Hips []string - The Host Integrity Profile of the destination host
- Destinations []string
- The destination addresses
- Device string
- The device in which the resource is defined
- Disabled bool
- Is the rule disabled?
- Folder string
- The folder in which the resource is defined
- Froms []string
- The source security zone
- Id string
- The UUID of the decryption rule
- Log
Fail bool - Log failed decryption events?
- Log
Setting string - The log settings of the decryption rule
- Log
Success bool - Log successful decryption events?
- Name string
- The name of the decryption rule
- Negate
Destination bool - Negate the destination addresses?
- Negate
Source bool - Negate the source addresses?
- Position string
- The position of a security rule
- Profile string
- The decryption profile associated with the decryption rule
- Relative
Position string - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - Services []string
- The destination services and/or service groups
- Snippet string
- The snippet in which the resource is defined
- Source
Hips []string - Source hip
- Source
Users []string - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - Sources []string
- The source addresses
- []string
- The tags associated with the decryption rule
- Target
Rule string - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - Tfid string
- Tos []string
- The destination security zone
- Type
Get
Decryption Rule Type - The type of decryption
- action String
- The action to be taken
- categories List<String>
- The destination URL category
- description String
- The description of the decryption rule
- destination
Hips List<String> - The Host Integrity Profile of the destination host
- destinations List<String>
- The destination addresses
- device String
- The device in which the resource is defined
- disabled Boolean
- Is the rule disabled?
- folder String
- The folder in which the resource is defined
- froms List<String>
- The source security zone
- id String
- The UUID of the decryption rule
- log
Fail Boolean - Log failed decryption events?
- log
Setting String - The log settings of the decryption rule
- log
Success Boolean - Log successful decryption events?
- name String
- The name of the decryption rule
- negate
Destination Boolean - Negate the destination addresses?
- negate
Source Boolean - Negate the source addresses?
- position String
- The position of a security rule
- profile String
- The decryption profile associated with the decryption rule
- relative
Position String - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - services List<String>
- The destination services and/or service groups
- snippet String
- The snippet in which the resource is defined
- source
Hips List<String> - Source hip
- source
Users List<String> - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources List<String>
- The source addresses
- List<String>
- The tags associated with the decryption rule
- target
Rule String - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - tfid String
- tos List<String>
- The destination security zone
- type
Get
Decryption Rule Type - The type of decryption
- action string
- The action to be taken
- categories string[]
- The destination URL category
- description string
- The description of the decryption rule
- destination
Hips string[] - The Host Integrity Profile of the destination host
- destinations string[]
- The destination addresses
- device string
- The device in which the resource is defined
- disabled boolean
- Is the rule disabled?
- folder string
- The folder in which the resource is defined
- froms string[]
- The source security zone
- id string
- The UUID of the decryption rule
- log
Fail boolean - Log failed decryption events?
- log
Setting string - The log settings of the decryption rule
- log
Success boolean - Log successful decryption events?
- name string
- The name of the decryption rule
- negate
Destination boolean - Negate the destination addresses?
- negate
Source boolean - Negate the source addresses?
- position string
- The position of a security rule
- profile string
- The decryption profile associated with the decryption rule
- relative
Position string - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - services string[]
- The destination services and/or service groups
- snippet string
- The snippet in which the resource is defined
- source
Hips string[] - Source hip
- source
Users string[] - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources string[]
- The source addresses
- string[]
- The tags associated with the decryption rule
- target
Rule string - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - tfid string
- tos string[]
- The destination security zone
- type
Get
Decryption Rule Type - The type of decryption
- action str
- The action to be taken
- categories Sequence[str]
- The destination URL category
- description str
- The description of the decryption rule
- destination_
hips Sequence[str] - The Host Integrity Profile of the destination host
- destinations Sequence[str]
- The destination addresses
- device str
- The device in which the resource is defined
- disabled bool
- Is the rule disabled?
- folder str
- The folder in which the resource is defined
- froms Sequence[str]
- The source security zone
- id str
- The UUID of the decryption rule
- log_
fail bool - Log failed decryption events?
- log_
setting str - The log settings of the decryption rule
- log_
success bool - Log successful decryption events?
- name str
- The name of the decryption rule
- negate_
destination bool - Negate the destination addresses?
- negate_
source bool - Negate the source addresses?
- position str
- The position of a security rule
- profile str
- The decryption profile associated with the decryption rule
- relative_
position str - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - services Sequence[str]
- The destination services and/or service groups
- snippet str
- The snippet in which the resource is defined
- source_
hips Sequence[str] - Source hip
- source_
users Sequence[str] - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources Sequence[str]
- The source addresses
- Sequence[str]
- The tags associated with the decryption rule
- target_
rule str - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - tfid str
- tos Sequence[str]
- The destination security zone
- type
Get
Decryption Rule Type - The type of decryption
- action String
- The action to be taken
- categories List<String>
- The destination URL category
- description String
- The description of the decryption rule
- destination
Hips List<String> - The Host Integrity Profile of the destination host
- destinations List<String>
- The destination addresses
- device String
- The device in which the resource is defined
- disabled Boolean
- Is the rule disabled?
- folder String
- The folder in which the resource is defined
- froms List<String>
- The source security zone
- id String
- The UUID of the decryption rule
- log
Fail Boolean - Log failed decryption events?
- log
Setting String - The log settings of the decryption rule
- log
Success Boolean - Log successful decryption events?
- name String
- The name of the decryption rule
- negate
Destination Boolean - Negate the destination addresses?
- negate
Source Boolean - Negate the source addresses?
- position String
- The position of a security rule
- profile String
- The decryption profile associated with the decryption rule
- relative
Position String - Relative positioning rule. String must be one of these:
"before","after","top","bottom". If not specified, rule is created at the bottom of the ruleset. - services List<String>
- The destination services and/or service groups
- snippet String
- The snippet in which the resource is defined
- source
Hips List<String> - Source hip
- source
Users List<String> - List of source users and/or groups. Reserved words include
any,pre-login,known-user, andunknown. - sources List<String>
- The source addresses
- List<String>
- The tags associated with the decryption rule
- target
Rule String - The name or UUID of the rule to position this rule relative to. Required when
relative_positionis"before"or"after". - tfid String
- tos List<String>
- The destination security zone
- type Property Map
- The type of decryption
Supporting Types
GetDecryptionRuleType
- Ssl
Forward GetProxy Decryption Rule Type Ssl Forward Proxy - Ssl forward proxy
- Ssl
Inbound stringInspection - add the certificate name for SSL inbound inspection
- Ssl
Forward GetProxy Decryption Rule Type Ssl Forward Proxy - Ssl forward proxy
- Ssl
Inbound stringInspection - add the certificate name for SSL inbound inspection
- ssl
Forward GetProxy Decryption Rule Type Ssl Forward Proxy - Ssl forward proxy
- ssl
Inbound StringInspection - add the certificate name for SSL inbound inspection
- ssl
Forward GetProxy Decryption Rule Type Ssl Forward Proxy - Ssl forward proxy
- ssl
Inbound stringInspection - add the certificate name for SSL inbound inspection
- ssl_
forward_ Getproxy Decryption Rule Type Ssl Forward Proxy - Ssl forward proxy
- ssl_
inbound_ strinspection - add the certificate name for SSL inbound inspection
- ssl
Forward Property MapProxy - Ssl forward proxy
- ssl
Inbound StringInspection - add the certificate name for SSL inbound inspection
Package Details
- Repository
- scm pulumi/pulumi-scm
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
scmTerraform Provider.
Strata Cloud Manager v0.4.3 published on Saturday, Nov 8, 2025 by Pulumi
