UNPKG

@bdzscaler/pulumi-zia

Version:

A Pulumi package for creating and managing zia cloud resources.

www.zscaler.com

zscaler/pulumi-zia

189 lines (188 loc) 9.49 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
import * as pulumi from "@pulumi/pulumi"; import * as outputs from "./types/output"; /** * * [Official documentation](https://help.zscaler.com/zia/ips-control-policy#/firewallIpsRules-get) * * [API documentation](https://help.zscaler.com/zia/configuring-ips-control-policy) * * Use the **zia_firewall_ips_rule** data source to get information about a cloud firewall IPS rule available in the Zscaler Internet Access. * * ## Example Usage */ export declare function getIPSFirewallRule(args?: GetIPSFirewallRuleArgs, opts?: pulumi.InvokeOptions): Promise<GetIPSFirewallRuleResult>; /** * A collection of arguments for invoking getIPSFirewallRule. */ export interface GetIPSFirewallRuleArgs { /** * Unique identifier for the Firewall Filtering policy rule */ id?: number; /** * Name of the Firewall Filtering policy rule */ name?: string; } /** * A collection of values returned by getIPSFirewallRule. */ export interface GetIPSFirewallRuleResult { /** * (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BYPASS_IPS` */ readonly action: string; /** * (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not */ readonly capturePcap: boolean; /** * (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not */ readonly defaultRule: boolean; /** * (List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments. */ readonly departments: outputs.GetIPSFirewallRuleDepartment[]; /** * (String) Enter additional notes or information. The description cannot exceed 10,240 characters. */ readonly description: string; /** * (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10). */ readonly destAddresses: string[]; /** * (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. * **NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``"US"``, ``"CA"`` */ readonly destCountries: string[]; /** * (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control. */ readonly destIpCategories: string[]; /** * ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule. */ readonly destIpGroups: outputs.GetIPSFirewallRuleDestIpGroup[]; readonly destIpv6Groups: outputs.GetIPSFirewallRuleDestIpv6Group[]; /** * (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation. */ readonly deviceGroups: outputs.GetIPSFirewallRuleDeviceGroup[]; /** * (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation. */ readonly devices: outputs.GetIPSFirewallRuleDevice[]; /** * (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled. */ readonly enableFullLogging: boolean; /** * (List of Objects) You can manually select up to `8` groups. When not used it implies `Any` to apply the rule to all groups. */ readonly groups: outputs.GetIPSFirewallRuleGroup[]; /** * (Integer) Identifier that uniquely identifies an entity */ readonly id: number; /** * (List of Objects) Labels that are applicable to the rule. */ readonly labels: outputs.GetIPSFirewallRuleLabel[]; readonly lastModifiedBies: outputs.GetIPSFirewallRuleLastModifiedBy[]; readonly lastModifiedTime: number; /** * (List of Objects)You can manually select up to `32` location groups. When not used it implies `Any` to apply the rule to all location groups. */ readonly locationGroups: outputs.GetIPSFirewallRuleLocationGroup[]; /** * (List of Objects) You can manually select up to `8` locations. When not used it implies `Any` to apply the rule to all groups. */ readonly locations: outputs.GetIPSFirewallRuleLocation[]; /** * (String) The configured name of the entity */ readonly name: string; /** * (List of Objects) Any number of predefined or custom network service groups to which the rule applies. */ readonly nwServiceGroups: outputs.GetIPSFirewallRuleNwServiceGroup[]; /** * (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to `1,024` additional custom services. */ readonly nwServices: outputs.GetIPSFirewallRuleNwService[]; /** * (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order. */ readonly order: number; /** * (Boolean) A Boolean field that indicates that the rule is predefined by using a true value */ readonly predefined: boolean; /** * (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is `7`. */ readonly rank: number; /** * (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category. */ readonly resCategories: string[]; /** * (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. * **NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``"US"``, ``"CA"`` */ readonly sourceCountries: string[]; /** * (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group. */ readonly srcIpGroups: outputs.GetIPSFirewallRuleSrcIpGroup[]; /** * (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10). */ readonly srcIps: string[]; /** * (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group. */ readonly srcIpv6Groups: outputs.GetIPSFirewallRuleSrcIpv6Group[]; /** * (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule. */ readonly state: string; /** * (List of Objects) Advanced threat categories to which the rule applies */ readonly threatCategories: outputs.GetIPSFirewallRuleThreatCategory[]; /** * (List of Objects) You can manually select up to `1` time intervals. When not used it implies `always` to apply the rule to all time intervals. */ readonly timeWindows: outputs.GetIPSFirewallRuleTimeWindow[]; /** * (List of Objects) You can manually select up to `4` general and/or special users. When not used it implies `Any` to apply the rule to all users. */ readonly users: outputs.GetIPSFirewallRuleUser[]; /** * (List of Objects) The ZPA application segments to which the rule applies */ readonly zpaAppSegments: outputs.GetIPSFirewallRuleZpaAppSegment[]; } /** * * [Official documentation](https://help.zscaler.com/zia/ips-control-policy#/firewallIpsRules-get) * * [API documentation](https://help.zscaler.com/zia/configuring-ips-control-policy) * * Use the **zia_firewall_ips_rule** data source to get information about a cloud firewall IPS rule available in the Zscaler Internet Access. * * ## Example Usage */ export declare function getIPSFirewallRuleOutput(args?: GetIPSFirewallRuleOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetIPSFirewallRuleResult>; /** * A collection of arguments for invoking getIPSFirewallRule. */ export interface GetIPSFirewallRuleOutputArgs { /** * Unique identifier for the Firewall Filtering policy rule */ id?: pulumi.Input<number>; /** * Name of the Firewall Filtering policy rule */ name?: pulumi.Input<string>; }