I want to create Security Policy in my Google Kubernetes such that there is Adaptive Protection enabled for the DDoS attacks, on my application layer.
Reading pulumi documents, this is what I came up with:
ddos_layer7_defense_policy_name = "ddos-layer7-defense-policy"
ddos_layer7_defense_policy = gcp.compute.SecurityPolicy(
resource_name=ddos_layer7_defense_policy_name,
description="Policy for enabling DDoS defence on L7",
name=ddos_layer7_defense_policy_name,
adaptive_protection_config=gcp.compute.SecurityPolicyAdaptiveProtectionConfigArgs(
layer7_ddos_defense_config=gcp.compute.SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigArgs(
enable=False, # enable DDoS defense
rule_visibility="STANDARD"
)
)
)
I read the official documents, and while they also denote enable=True as the first argument, my local Pulumi library (the one installed in the virtualenv) does not have that kwarg. However, when I look at the code, I can see the two flags being very much present.
Still, I get the invalid key error:
error: gcp:compute/securityPolicy:SecurityPolicy resource 'ddos-layer7-defense-policy' has a problem: Invalid or unknown key. Examine values at 'SecurityPolicy.AdaptiveProtectionConfig.Layer7DdosDefenseConfig'.
Reading at the source code is not helping either as the signature matches to what I am providing.
This problem is also unsolved by people working on pulumi, such as this.
