@cdktf/provider-google
Version:
Prebuilt google Provider for Terraform CDK (cdktf)
210 lines (209 loc) • 12.7 kB
TypeScript
/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: MPL-2.0
*/
import { Construct } from 'constructs';
import * as cdktf from 'cdktf';
export interface NetworkSecurityTlsInspectionPolicyConfig extends cdktf.TerraformMetaArguments {
/**
* A CA pool resource used to issue interception certificates.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#ca_pool NetworkSecurityTlsInspectionPolicy#ca_pool}
*/
readonly caPool: string;
/**
* List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The compute.SslPoliciesService.ListAvailableFeatures method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#custom_tls_features NetworkSecurityTlsInspectionPolicy#custom_tls_features}
*/
readonly customTlsFeatures?: string[];
/**
* Free-text description of the resource.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#description NetworkSecurityTlsInspectionPolicy#description}
*/
readonly description?: string;
/**
* If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trustConfig. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trustConfig will be accepted.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#exclude_public_ca_set NetworkSecurityTlsInspectionPolicy#exclude_public_ca_set}
*/
readonly excludePublicCaSet?: boolean | cdktf.IResolvable;
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#id NetworkSecurityTlsInspectionPolicy#id}
*
* Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2.
* If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.
*/
readonly id?: string;
/**
* The location of the tls inspection policy.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#location NetworkSecurityTlsInspectionPolicy#location}
*/
readonly location?: string;
/**
* Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field. Possible values: ["TLS_VERSION_UNSPECIFIED", "TLS_1_0", "TLS_1_1", "TLS_1_2", "TLS_1_3"]
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#min_tls_version NetworkSecurityTlsInspectionPolicy#min_tls_version}
*/
readonly minTlsVersion?: string;
/**
* Short name of the TlsInspectionPolicy resource to be created.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#name NetworkSecurityTlsInspectionPolicy#name}
*/
readonly name: string;
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#project NetworkSecurityTlsInspectionPolicy#project}
*/
readonly project?: string;
/**
* The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers (\"PROFILE_COMPATIBLE\"). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field. Possible values: ["PROFILE_UNSPECIFIED", "PROFILE_COMPATIBLE", "PROFILE_MODERN", "PROFILE_RESTRICTED", "PROFILE_CUSTOM"]
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#tls_feature_profile NetworkSecurityTlsInspectionPolicy#tls_feature_profile}
*/
readonly tlsFeatureProfile?: string;
/**
* A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form \"projects/{project}/locations/{location}/trustConfigs/{trust_config}\". This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Trust config and the TLS inspection policy must be in the same region. Note that Secure Web Proxy does not yet honor this field.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#trust_config NetworkSecurityTlsInspectionPolicy#trust_config}
*/
readonly trustConfig?: string;
/**
* timeouts block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#timeouts NetworkSecurityTlsInspectionPolicy#timeouts}
*/
readonly timeouts?: NetworkSecurityTlsInspectionPolicyTimeouts;
}
export interface NetworkSecurityTlsInspectionPolicyTimeouts {
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#create NetworkSecurityTlsInspectionPolicy#create}
*/
readonly create?: string;
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#delete NetworkSecurityTlsInspectionPolicy#delete}
*/
readonly delete?: string;
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#update NetworkSecurityTlsInspectionPolicy#update}
*/
readonly update?: string;
}
export declare function networkSecurityTlsInspectionPolicyTimeoutsToTerraform(struct?: NetworkSecurityTlsInspectionPolicyTimeouts | cdktf.IResolvable): any;
export declare function networkSecurityTlsInspectionPolicyTimeoutsToHclTerraform(struct?: NetworkSecurityTlsInspectionPolicyTimeouts | cdktf.IResolvable): any;
export declare class NetworkSecurityTlsInspectionPolicyTimeoutsOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
private resolvableValue?;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): NetworkSecurityTlsInspectionPolicyTimeouts | cdktf.IResolvable | undefined;
set internalValue(value: NetworkSecurityTlsInspectionPolicyTimeouts | cdktf.IResolvable | undefined);
private _create?;
get create(): string;
set create(value: string);
resetCreate(): void;
get createInput(): string | undefined;
private _delete?;
get delete(): string;
set delete(value: string);
resetDelete(): void;
get deleteInput(): string | undefined;
private _update?;
get update(): string;
set update(value: string);
resetUpdate(): void;
get updateInput(): string | undefined;
}
/**
* Represents a {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy google_network_security_tls_inspection_policy}
*/
export declare class NetworkSecurityTlsInspectionPolicy extends cdktf.TerraformResource {
static readonly tfResourceType = "google_network_security_tls_inspection_policy";
/**
* Generates CDKTF code for importing a NetworkSecurityTlsInspectionPolicy resource upon running "cdktf plan <stack-name>"
* @param scope The scope in which to define this construct
* @param importToId The construct id used in the generated config for the NetworkSecurityTlsInspectionPolicy to import
* @param importFromId The id of the existing NetworkSecurityTlsInspectionPolicy that should be imported. Refer to the {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy#import import section} in the documentation of this resource for the id to use
* @param provider? Optional instance of the provider where the NetworkSecurityTlsInspectionPolicy to import is found
*/
static generateConfigForImport(scope: Construct, importToId: string, importFromId: string, provider?: cdktf.TerraformProvider): cdktf.ImportableResource;
/**
* Create a new {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/network_security_tls_inspection_policy google_network_security_tls_inspection_policy} Resource
*
* @param scope The scope in which to define this construct
* @param id The scoped construct ID. Must be unique amongst siblings in the same scope
* @param options NetworkSecurityTlsInspectionPolicyConfig
*/
constructor(scope: Construct, id: string, config: NetworkSecurityTlsInspectionPolicyConfig);
private _caPool?;
get caPool(): string;
set caPool(value: string);
get caPoolInput(): string | undefined;
get createTime(): string;
private _customTlsFeatures?;
get customTlsFeatures(): string[];
set customTlsFeatures(value: string[]);
resetCustomTlsFeatures(): void;
get customTlsFeaturesInput(): string[] | undefined;
private _description?;
get description(): string;
set description(value: string);
resetDescription(): void;
get descriptionInput(): string | undefined;
private _excludePublicCaSet?;
get excludePublicCaSet(): boolean | cdktf.IResolvable;
set excludePublicCaSet(value: boolean | cdktf.IResolvable);
resetExcludePublicCaSet(): void;
get excludePublicCaSetInput(): boolean | cdktf.IResolvable | undefined;
private _id?;
get id(): string;
set id(value: string);
resetId(): void;
get idInput(): string | undefined;
private _location?;
get location(): string;
set location(value: string);
resetLocation(): void;
get locationInput(): string | undefined;
private _minTlsVersion?;
get minTlsVersion(): string;
set minTlsVersion(value: string);
resetMinTlsVersion(): void;
get minTlsVersionInput(): string | undefined;
private _name?;
get name(): string;
set name(value: string);
get nameInput(): string | undefined;
private _project?;
get project(): string;
set project(value: string);
resetProject(): void;
get projectInput(): string | undefined;
private _tlsFeatureProfile?;
get tlsFeatureProfile(): string;
set tlsFeatureProfile(value: string);
resetTlsFeatureProfile(): void;
get tlsFeatureProfileInput(): string | undefined;
private _trustConfig?;
get trustConfig(): string;
set trustConfig(value: string);
resetTrustConfig(): void;
get trustConfigInput(): string | undefined;
get updateTime(): string;
private _timeouts;
get timeouts(): NetworkSecurityTlsInspectionPolicyTimeoutsOutputReference;
putTimeouts(value: NetworkSecurityTlsInspectionPolicyTimeouts): void;
resetTimeouts(): void;
get timeoutsInput(): cdktf.IResolvable | NetworkSecurityTlsInspectionPolicyTimeouts | undefined;
protected synthesizeAttributes(): {
[name: string]: any;
};
protected synthesizeHclAttributes(): {
[name: string]: any;
};
}