{ "description": "Generator information:\n- Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/networkSecurityGroup.json\n- ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityGroups/{networkSecurityGroupName}/securityRules/{securityRuleName}", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "properties": { "access": { "description": "Access: The network traffic is allowed or denied.", "enum": [ "Allow", "Deny" ], "type": "string" }, "azureName": { "description": "AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it\ndoesn't have to be.", "type": "string" }, "description": { "description": "Description: A description for this rule. Restricted to 140 chars.", "type": "string" }, "destinationAddressPrefix": { "description": "DestinationAddressPrefix: The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to\nmatch all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.", "type": "string" }, "destinationAddressPrefixes": { "description": "DestinationAddressPrefixes: The destination address prefixes. CIDR or destination IP ranges.", "items": { "type": "string" }, "type": "array" }, "destinationApplicationSecurityGroups": { "description": "DestinationApplicationSecurityGroups: The application security group specified as destination.", "items": { "description": "An application security group in a resource group.", "properties": { "reference": { "description": "Reference: Resource ID.", "properties": { "armId": { "description": "ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.\nThe /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level\nARMID is mutually exclusive with Group, Kind, Namespace and Name.", "pattern": "(?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$)", "type": "string" }, "group": { "description": "Group is the Kubernetes group of the resource.", "type": "string" }, "kind": { "description": "Kind is the Kubernetes kind of the resource.", "type": "string" }, "name": { "description": "Name is the Kubernetes name of the resource.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "destinationPortRange": { "description": "DestinationPortRange: The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used\nto match all ports.", "type": "string" }, "destinationPortRanges": { "description": "DestinationPortRanges: The destination port ranges.", "items": { "type": "string" }, "type": "array" }, "direction": { "description": "Direction: The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic.", "enum": [ "Inbound", "Outbound" ], "type": "string" }, "operatorSpec": { "description": "OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not\npassed directly to Azure", "properties": { "configMapExpressions": { "description": "ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).", "items": { "description": "DestinationExpression is a CEL expression and a destination to store the result in. The destination may\nbe a secret or a configmap. The value of the expression is stored at the specified location in\nthe destination.", "properties": { "key": { "description": "Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string\nthis is required to identify what key to write to. If the CEL expression in Value returns a map[string]string\nKey must not be set, instead the keys written will be determined dynamically based on the keys of the resulting\nmap[string]string.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes configmap or secret to write to.\nThe configmap or secret will be created in the same namespace as the resource.", "type": "string" }, "value": { "description": "Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information\non CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/", "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "type": "array" }, "secretExpressions": { "description": "SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).", "items": { "description": "DestinationExpression is a CEL expression and a destination to store the result in. The destination may\nbe a secret or a configmap. The value of the expression is stored at the specified location in\nthe destination.", "properties": { "key": { "description": "Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string\nthis is required to identify what key to write to. If the CEL expression in Value returns a map[string]string\nKey must not be set, instead the keys written will be determined dynamically based on the keys of the resulting\nmap[string]string.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes configmap or secret to write to.\nThe configmap or secret will be created in the same namespace as the resource.", "type": "string" }, "value": { "description": "Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information\non CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/", "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "owner": { "description": "Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also\ncontrols the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a\nreference to a network.azure.com/NetworkSecurityGroup resource", "properties": { "armId": { "pattern": "(?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$)", "type": "string" }, "name": { "description": "This is the name of the Kubernetes resource to reference.", "type": "string" } }, "type": "object", "additionalProperties": false }, "priority": { "description": "Priority: The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each\nrule in the collection. The lower the priority number, the higher the priority of the rule.", "type": "integer" }, "protocol": { "description": "Protocol: Network protocol this rule applies to.", "enum": [ "Ah", "Esp", "Icmp", "*", "Tcp", "Udp" ], "type": "string" }, "sourceAddressPrefix": { "description": "SourceAddressPrefix: The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags\nsuch as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies\nwhere network traffic originates from.", "type": "string" }, "sourceAddressPrefixes": { "description": "SourceAddressPrefixes: The CIDR or source IP ranges.", "items": { "type": "string" }, "type": "array" }, "sourceApplicationSecurityGroups": { "description": "SourceApplicationSecurityGroups: The application security group specified as source.", "items": { "description": "An application security group in a resource group.", "properties": { "reference": { "description": "Reference: Resource ID.", "properties": { "armId": { "description": "ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.\nThe /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level\nARMID is mutually exclusive with Group, Kind, Namespace and Name.", "pattern": "(?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$)", "type": "string" }, "group": { "description": "Group is the Kubernetes group of the resource.", "type": "string" }, "kind": { "description": "Kind is the Kubernetes kind of the resource.", "type": "string" }, "name": { "description": "Name is the Kubernetes name of the resource.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "sourcePortRange": { "description": "SourcePortRange: The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match\nall ports.", "type": "string" }, "sourcePortRanges": { "description": "SourcePortRanges: The source port ranges.", "items": { "type": "string" }, "type": "array" } }, "required": [ "access", "direction", "owner", "protocol" ], "type": "object", "additionalProperties": false }, "status": { "properties": { "access": { "description": "Access: The network traffic is allowed or denied.", "type": "string" }, "conditions": { "description": "Conditions: The observed state of the resource", "items": { "description": "Condition defines an extension to status (an observation) of a resource", "properties": { "lastTransitionTime": { "description": "LastTransitionTime is the last time the condition transitioned from one status to another.", "format": "date-time", "type": "string" }, "message": { "description": "Message is a human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if\n.metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "type": "integer" }, "reason": { "description": "Reason for the condition's last transition.\nReasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty.", "type": "string" }, "severity": { "description": "Severity with which to treat failures of this type of condition.\nFor conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True\nFor conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False.\nThis is omitted in all cases when Status == Unknown", "type": "string" }, "status": { "description": "Status of the condition, one of True, False, or Unknown.", "type": "string" }, "type": { "description": "Type of condition.", "type": "string" } }, "required": [ "lastTransitionTime", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "description": { "description": "Description: A description for this rule. Restricted to 140 chars.", "type": "string" }, "destinationAddressPrefix": { "description": "DestinationAddressPrefix: The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to\nmatch all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.", "type": "string" }, "destinationAddressPrefixes": { "description": "DestinationAddressPrefixes: The destination address prefixes. CIDR or destination IP ranges.", "items": { "type": "string" }, "type": "array" }, "destinationApplicationSecurityGroups": { "description": "DestinationApplicationSecurityGroups: The application security group specified as destination.", "items": { "description": "An application security group in a resource group.", "properties": { "id": { "description": "Id: Resource ID.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "destinationPortRange": { "description": "DestinationPortRange: The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used\nto match all ports.", "type": "string" }, "destinationPortRanges": { "description": "DestinationPortRanges: The destination port ranges.", "items": { "type": "string" }, "type": "array" }, "direction": { "description": "Direction: The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic.", "type": "string" }, "etag": { "description": "Etag: A unique read-only string that changes whenever the resource is updated.", "type": "string" }, "id": { "description": "Id: Resource ID.", "type": "string" }, "name": { "description": "Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.", "type": "string" }, "priority": { "description": "Priority: The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each\nrule in the collection. The lower the priority number, the higher the priority of the rule.", "type": "integer" }, "protocol": { "description": "Protocol: Network protocol this rule applies to.", "type": "string" }, "provisioningState": { "description": "ProvisioningState: The provisioning state of the security rule resource.", "type": "string" }, "sourceAddressPrefix": { "description": "SourceAddressPrefix: The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags\nsuch as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies\nwhere network traffic originates from.", "type": "string" }, "sourceAddressPrefixes": { "description": "SourceAddressPrefixes: The CIDR or source IP ranges.", "items": { "type": "string" }, "type": "array" }, "sourceApplicationSecurityGroups": { "description": "SourceApplicationSecurityGroups: The application security group specified as source.", "items": { "description": "An application security group in a resource group.", "properties": { "id": { "description": "Id: Resource ID.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "sourcePortRange": { "description": "SourcePortRange: The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match\nall ports.", "type": "string" }, "sourcePortRanges": { "description": "SourcePortRanges: The source port ranges.", "items": { "type": "string" }, "type": "array" }, "type": { "description": "Type: The type of the resource.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object" }