@cdktf/provider-google

/** * Copyright (c) HashiCorp, Inc. * SPDX-License-Identifier: MPL-2.0 */ import { Construct } from 'constructs'; import * as cdktf from 'cdktf'; export interface ComputeSecurityPolicyRuleAConfig extends cdktf.TerraformMetaArguments { /** * The Action to perform when the rule is matched. The following are the valid actions: * * * allow: allow access to target. * * * deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. * * * rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set. * * * redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. * * * throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#action ComputeSecurityPolicyRuleA#action} */ readonly action: string; /** * An optional description of this resource. Provide this property when you create the resource. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#description ComputeSecurityPolicyRuleA#description} */ readonly description?: string; /** * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#id ComputeSecurityPolicyRuleA#id} * * Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. * If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable. */ readonly id?: string; /** * If set to true, the specified action is not enforced. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#preview ComputeSecurityPolicyRuleA#preview} */ readonly preview?: boolean | cdktf.IResolvable; /** * An integer indicating the priority of a rule in the list. * The priority must be a positive value between 0 and 2147483647. * Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#priority ComputeSecurityPolicyRuleA#priority} */ readonly priority: number; /** * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#project ComputeSecurityPolicyRuleA#project} */ readonly project?: string; /** * The name of the security policy this rule belongs to. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#security_policy ComputeSecurityPolicyRuleA#security_policy} */ readonly securityPolicy: string; /** * match block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#match ComputeSecurityPolicyRuleA#match} */ readonly match?: ComputeSecurityPolicyRuleMatchA; /** * preconfigured_waf_config block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#preconfigured_waf_config ComputeSecurityPolicyRuleA#preconfigured_waf_config} */ readonly preconfiguredWafConfig?: ComputeSecurityPolicyRulePreconfiguredWafConfig; /** * rate_limit_options block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#rate_limit_options ComputeSecurityPolicyRuleA#rate_limit_options} */ readonly rateLimitOptions?: ComputeSecurityPolicyRuleRateLimitOptionsA; /** * timeouts block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#timeouts ComputeSecurityPolicyRuleA#timeouts} */ readonly timeouts?: ComputeSecurityPolicyRuleTimeouts; } export interface ComputeSecurityPolicyRuleMatchConfigA { /** * CIDR IP address range. Maximum number of srcIpRanges allowed is 10. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#src_ip_ranges ComputeSecurityPolicyRuleA#src_ip_ranges} */ readonly srcIpRanges?: string[]; } export declare function computeSecurityPolicyRuleMatchConfigAToTerraform(struct?: ComputeSecurityPolicyRuleMatchConfigAOutputReference | ComputeSecurityPolicyRuleMatchConfigA): any; export declare function computeSecurityPolicyRuleMatchConfigAToHclTerraform(struct?: ComputeSecurityPolicyRuleMatchConfigAOutputReference | ComputeSecurityPolicyRuleMatchConfigA): any; export declare class ComputeSecurityPolicyRuleMatchConfigAOutputReference extends cdktf.ComplexObject { private isEmptyObject; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string); get internalValue(): ComputeSecurityPolicyRuleMatchConfigA | undefined; set internalValue(value: ComputeSecurityPolicyRuleMatchConfigA | undefined); private _srcIpRanges?; get srcIpRanges(): string[]; set srcIpRanges(value: string[]); resetSrcIpRanges(): void; get srcIpRangesInput(): string[] | undefined; } export interface ComputeSecurityPolicyRuleMatchExprA { /** * Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#expression ComputeSecurityPolicyRuleA#expression} */ readonly expression: string; } export declare function computeSecurityPolicyRuleMatchExprAToTerraform(struct?: ComputeSecurityPolicyRuleMatchExprAOutputReference | ComputeSecurityPolicyRuleMatchExprA): any; export declare function computeSecurityPolicyRuleMatchExprAToHclTerraform(struct?: ComputeSecurityPolicyRuleMatchExprAOutputReference | ComputeSecurityPolicyRuleMatchExprA): any; export declare class ComputeSecurityPolicyRuleMatchExprAOutputReference extends cdktf.ComplexObject { private isEmptyObject; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string); get internalValue(): ComputeSecurityPolicyRuleMatchExprA | undefined; set internalValue(value: ComputeSecurityPolicyRuleMatchExprA | undefined); private _expression?; get expression(): string; set expression(value: string); get expressionInput(): string | undefined; } export interface ComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsA { /** * A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#action_token_site_keys ComputeSecurityPolicyRuleA#action_token_site_keys} */ readonly actionTokenSiteKeys?: string[]; /** * A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#session_token_site_keys ComputeSecurityPolicyRuleA#session_token_site_keys} */ readonly sessionTokenSiteKeys?: string[]; } export declare function computeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsAToTerraform(struct?: ComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsAOutputReference | ComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsA): any; export declare function computeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsAToHclTerraform(struct?: ComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsAOutputReference | ComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsA): any; export declare class ComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsAOutputReference extends cdktf.ComplexObject { private isEmptyObject; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string); get internalValue(): ComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsA | undefined; set internalValue(value: ComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsA | undefined); private _actionTokenSiteKeys?; get actionTokenSiteKeys(): string[]; set actionTokenSiteKeys(value: string[]); resetActionTokenSiteKeys(): void; get actionTokenSiteKeysInput(): string[] | undefined; private _sessionTokenSiteKeys?; get sessionTokenSiteKeys(): string[]; set sessionTokenSiteKeys(value: string[]); resetSessionTokenSiteKeys(): void; get sessionTokenSiteKeysInput(): string[] | undefined; } export interface ComputeSecurityPolicyRuleMatchExprOptionsA { /** * recaptcha_options block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#recaptcha_options ComputeSecurityPolicyRuleA#recaptcha_options} */ readonly recaptchaOptions: ComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsA; } export declare function computeSecurityPolicyRuleMatchExprOptionsAToTerraform(struct?: ComputeSecurityPolicyRuleMatchExprOptionsAOutputReference | ComputeSecurityPolicyRuleMatchExprOptionsA): any; export declare function computeSecurityPolicyRuleMatchExprOptionsAToHclTerraform(struct?: ComputeSecurityPolicyRuleMatchExprOptionsAOutputReference | ComputeSecurityPolicyRuleMatchExprOptionsA): any; export declare class ComputeSecurityPolicyRuleMatchExprOptionsAOutputReference extends cdktf.ComplexObject { private isEmptyObject; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string); get internalValue(): ComputeSecurityPolicyRuleMatchExprOptionsA | undefined; set internalValue(value: ComputeSecurityPolicyRuleMatchExprOptionsA | undefined); private _recaptchaOptions; get recaptchaOptions(): ComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsAOutputReference; putRecaptchaOptions(value: ComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsA): void; get recaptchaOptionsInput(): ComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsA | undefined; } export interface ComputeSecurityPolicyRuleMatchA { /** * Preconfigured versioned expression. If this field is specified, config must also be specified. * Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding srcIpRange field in config. Possible values: ["SRC_IPS_V1"] * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#versioned_expr ComputeSecurityPolicyRuleA#versioned_expr} */ readonly versionedExpr?: string; /** * config block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#config ComputeSecurityPolicyRuleA#config} */ readonly config?: ComputeSecurityPolicyRuleMatchConfigA; /** * expr block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#expr ComputeSecurityPolicyRuleA#expr} */ readonly expr?: ComputeSecurityPolicyRuleMatchExprA; /** * expr_options block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#expr_options ComputeSecurityPolicyRuleA#expr_options} */ readonly exprOptions?: ComputeSecurityPolicyRuleMatchExprOptionsA; } export declare function computeSecurityPolicyRuleMatchAToTerraform(struct?: ComputeSecurityPolicyRuleMatchAOutputReference | ComputeSecurityPolicyRuleMatchA): any; export declare function computeSecurityPolicyRuleMatchAToHclTerraform(struct?: ComputeSecurityPolicyRuleMatchAOutputReference | ComputeSecurityPolicyRuleMatchA): any; export declare class ComputeSecurityPolicyRuleMatchAOutputReference extends cdktf.ComplexObject { private isEmptyObject; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string); get internalValue(): ComputeSecurityPolicyRuleMatchA | undefined; set internalValue(value: ComputeSecurityPolicyRuleMatchA | undefined); private _versionedExpr?; get versionedExpr(): string; set versionedExpr(value: string); resetVersionedExpr(): void; get versionedExprInput(): string | undefined; private _config; get config(): ComputeSecurityPolicyRuleMatchConfigAOutputReference; putConfig(value: ComputeSecurityPolicyRuleMatchConfigA): void; resetConfig(): void; get configInput(): ComputeSecurityPolicyRuleMatchConfigA | undefined; private _expr; get expr(): ComputeSecurityPolicyRuleMatchExprAOutputReference; putExpr(value: ComputeSecurityPolicyRuleMatchExprA): void; resetExpr(): void; get exprInput(): ComputeSecurityPolicyRuleMatchExprA | undefined; private _exprOptions; get exprOptions(): ComputeSecurityPolicyRuleMatchExprOptionsAOutputReference; putExprOptions(value: ComputeSecurityPolicyRuleMatchExprOptionsA): void; resetExprOptions(): void; get exprOptionsInput(): ComputeSecurityPolicyRuleMatchExprOptionsA | undefined; } export interface ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie { /** * You can specify an exact match or a partial match by using a field operator and a field value. * Available options: * EQUALS: The operator matches if the field value equals the specified value. * STARTS_WITH: The operator matches if the field value starts with the specified value. * ENDS_WITH: The operator matches if the field value ends with the specified value. * CONTAINS: The operator matches if the field value contains the specified value. * EQUALS_ANY: The operator matches if the field value is any value. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#operator ComputeSecurityPolicyRuleA#operator} */ readonly operator: string; /** * A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. * The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#value ComputeSecurityPolicyRuleA#value} */ readonly value?: string; } export declare function computeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookieToTerraform(struct?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie | cdktf.IResolvable): any; export declare function computeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookieToHclTerraform(struct?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie | cdktf.IResolvable): any; export declare class ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookieOutputReference extends cdktf.ComplexObject { private isEmptyObject; private resolvableValue?; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param complexObjectIndex the index of this item in the list * @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean); get internalValue(): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie | cdktf.IResolvable | undefined; set internalValue(value: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie | cdktf.IResolvable | undefined); private _operator?; get operator(): string; set operator(value: string); get operatorInput(): string | undefined; private _value?; get value(): string; set value(value: string); resetValue(): void; get valueInput(): string | undefined; } export declare class ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookieList extends cdktf.ComplexList { protected terraformResource: cdktf.IInterpolatingParent; protected terraformAttribute: string; protected wrapsSet: boolean; internalValue?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie[] | cdktf.IResolvable; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean); /** * @param index the index of the item to return */ get(index: number): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookieOutputReference; } export interface ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader { /** * You can specify an exact match or a partial match by using a field operator and a field value. * Available options: * EQUALS: The operator matches if the field value equals the specified value. * STARTS_WITH: The operator matches if the field value starts with the specified value. * ENDS_WITH: The operator matches if the field value ends with the specified value. * CONTAINS: The operator matches if the field value contains the specified value. * EQUALS_ANY: The operator matches if the field value is any value. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#operator ComputeSecurityPolicyRuleA#operator} */ readonly operator: string; /** * A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. * The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#value ComputeSecurityPolicyRuleA#value} */ readonly value?: string; } export declare function computeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderToTerraform(struct?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader | cdktf.IResolvable): any; export declare function computeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderToHclTerraform(struct?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader | cdktf.IResolvable): any; export declare class ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderOutputReference extends cdktf.ComplexObject { private isEmptyObject; private resolvableValue?; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param complexObjectIndex the index of this item in the list * @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean); get internalValue(): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader | cdktf.IResolvable | undefined; set internalValue(value: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader | cdktf.IResolvable | undefined); private _operator?; get operator(): string; set operator(value: string); get operatorInput(): string | undefined; private _value?; get value(): string; set value(value: string); resetValue(): void; get valueInput(): string | undefined; } export declare class ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderList extends cdktf.ComplexList { protected terraformResource: cdktf.IInterpolatingParent; protected terraformAttribute: string; protected wrapsSet: boolean; internalValue?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader[] | cdktf.IResolvable; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean); /** * @param index the index of the item to return */ get(index: number): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderOutputReference; } export interface ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam { /** * You can specify an exact match or a partial match by using a field operator and a field value. * Available options: * EQUALS: The operator matches if the field value equals the specified value. * STARTS_WITH: The operator matches if the field value starts with the specified value. * ENDS_WITH: The operator matches if the field value ends with the specified value. * CONTAINS: The operator matches if the field value contains the specified value. * EQUALS_ANY: The operator matches if the field value is any value. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#operator ComputeSecurityPolicyRuleA#operator} */ readonly operator: string; /** * A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. * The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#value ComputeSecurityPolicyRuleA#value} */ readonly value?: string; } export declare function computeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamToTerraform(struct?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam | cdktf.IResolvable): any; export declare function computeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamToHclTerraform(struct?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam | cdktf.IResolvable): any; export declare class ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamOutputReference extends cdktf.ComplexObject { private isEmptyObject; private resolvableValue?; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param complexObjectIndex the index of this item in the list * @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean); get internalValue(): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam | cdktf.IResolvable | undefined; set internalValue(value: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam | cdktf.IResolvable | undefined); private _operator?; get operator(): string; set operator(value: string); get operatorInput(): string | undefined; private _value?; get value(): string; set value(value: string); resetValue(): void; get valueInput(): string | undefined; } export declare class ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamList extends cdktf.ComplexList { protected terraformResource: cdktf.IInterpolatingParent; protected terraformAttribute: string; protected wrapsSet: boolean; internalValue?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam[] | cdktf.IResolvable; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean); /** * @param index the index of the item to return */ get(index: number): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamOutputReference; } export interface ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri { /** * You can specify an exact match or a partial match by using a field operator and a field value. * Available options: * EQUALS: The operator matches if the field value equals the specified value. * STARTS_WITH: The operator matches if the field value starts with the specified value. * ENDS_WITH: The operator matches if the field value ends with the specified value. * CONTAINS: The operator matches if the field value contains the specified value. * EQUALS_ANY: The operator matches if the field value is any value. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#operator ComputeSecurityPolicyRuleA#operator} */ readonly operator: string; /** * A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. * The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#value ComputeSecurityPolicyRuleA#value} */ readonly value?: string; } export declare function computeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriToTerraform(struct?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri | cdktf.IResolvable): any; export declare function computeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriToHclTerraform(struct?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri | cdktf.IResolvable): any; export declare class ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriOutputReference extends cdktf.ComplexObject { private isEmptyObject; private resolvableValue?; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param complexObjectIndex the index of this item in the list * @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean); get internalValue(): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri | cdktf.IResolvable | undefined; set internalValue(value: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri | cdktf.IResolvable | undefined); private _operator?; get operator(): string; set operator(value: string); get operatorInput(): string | undefined; private _value?; get value(): string; set value(value: string); resetValue(): void; get valueInput(): string | undefined; } export declare class ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriList extends cdktf.ComplexList { protected terraformResource: cdktf.IInterpolatingParent; protected terraformAttribute: string; protected wrapsSet: boolean; internalValue?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri[] | cdktf.IResolvable; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean); /** * @param index the index of the item to return */ get(index: number): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriOutputReference; } export interface ComputeSecurityPolicyRulePreconfiguredWafConfigExclusion { /** * A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. * If omitted, it refers to all the rule IDs under the WAF rule set. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#target_rule_ids ComputeSecurityPolicyRuleA#target_rule_ids} */ readonly targetRuleIds?: string[]; /** * Target WAF rule set to apply the preconfigured WAF exclusion. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#target_rule_set ComputeSecurityPolicyRuleA#target_rule_set} */ readonly targetRuleSet: string; /** * request_cookie block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#request_cookie ComputeSecurityPolicyRuleA#request_cookie} */ readonly requestCookie?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie[] | cdktf.IResolvable; /** * request_header block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#request_header ComputeSecurityPolicyRuleA#request_header} */ readonly requestHeader?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader[] | cdktf.IResolvable; /** * request_query_param block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#request_query_param ComputeSecurityPolicyRuleA#request_query_param} */ readonly requestQueryParam?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam[] | cdktf.IResolvable; /** * request_uri block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#request_uri ComputeSecurityPolicyRuleA#request_uri} */ readonly requestUri?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri[] | cdktf.IResolvable; } export declare function computeSecurityPolicyRulePreconfiguredWafConfigExclusionToTerraform(struct?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusion | cdktf.IResolvable): any; export declare function computeSecurityPolicyRulePreconfiguredWafConfigExclusionToHclTerraform(struct?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusion | cdktf.IResolvable): any; export declare class ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionOutputReference extends cdktf.ComplexObject { private isEmptyObject; private resolvableValue?; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param complexObjectIndex the index of this item in the list * @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean); get internalValue(): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusion | cdktf.IResolvable | undefined; set internalValue(value: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusion | cdktf.IResolvable | undefined); private _targetRuleIds?; get targetRuleIds(): string[]; set targetRuleIds(value: string[]); resetTargetRuleIds(): void; get targetRuleIdsInput(): string[] | undefined; private _targetRuleSet?; get targetRuleSet(): string; set targetRuleSet(value: string); get targetRuleSetInput(): string | undefined; private _requestCookie; get requestCookie(): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookieList; putRequestCookie(value: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie[] | cdktf.IResolvable): void; resetRequestCookie(): void; get requestCookieInput(): cdktf.IResolvable | ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie[] | undefined; private _requestHeader; get requestHeader(): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderList; putRequestHeader(value: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader[] | cdktf.IResolvable): void; resetRequestHeader(): void; get requestHeaderInput(): cdktf.IResolvable | ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader[] | undefined; private _requestQueryParam; get requestQueryParam(): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamList; putRequestQueryParam(value: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam[] | cdktf.IResolvable): void; resetRequestQueryParam(): void; get requestQueryParamInput(): cdktf.IResolvable | ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam[] | undefined; private _requestUri; get requestUri(): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriList; putRequestUri(value: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri[] | cdktf.IResolvable): void; resetRequestUri(): void; get requestUriInput(): cdktf.IResolvable | ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri[] | undefined; } export declare class ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionList extends cdktf.ComplexList { protected terraformResource: cdktf.IInterpolatingParent; protected terraformAttribute: string; protected wrapsSet: boolean; internalValue?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusion[] | cdktf.IResolvable; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean); /** * @param index the index of the item to return */ get(index: number): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionOutputReference; } export interface ComputeSecurityPolicyRulePreconfiguredWafConfig { /** * exclusion block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#exclusion ComputeSecurityPolicyRuleA#exclusion} */ readonly exclusion?: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusion[] | cdktf.IResolvable; } export declare function computeSecurityPolicyRulePreconfiguredWafConfigToTerraform(struct?: ComputeSecurityPolicyRulePreconfiguredWafConfigOutputReference | ComputeSecurityPolicyRulePreconfiguredWafConfig): any; export declare function computeSecurityPolicyRulePreconfiguredWafConfigToHclTerraform(struct?: ComputeSecurityPolicyRulePreconfiguredWafConfigOutputReference | ComputeSecurityPolicyRulePreconfiguredWafConfig): any; export declare class ComputeSecurityPolicyRulePreconfiguredWafConfigOutputReference extends cdktf.ComplexObject { private isEmptyObject; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string); get internalValue(): ComputeSecurityPolicyRulePreconfiguredWafConfig | undefined; set internalValue(value: ComputeSecurityPolicyRulePreconfiguredWafConfig | undefined); private _exclusion; get exclusion(): ComputeSecurityPolicyRulePreconfiguredWafConfigExclusionList; putExclusion(value: ComputeSecurityPolicyRulePreconfiguredWafConfigExclusion[] | cdktf.IResolvable): void; resetExclusion(): void; get exclusionInput(): cdktf.IResolvable | ComputeSecurityPolicyRulePreconfiguredWafConfigExclusion[] | undefined; } export interface ComputeSecurityPolicyRuleRateLimitOptionsBanThresholdA { /** * Number of HTTP(S) requests for calculating the threshold. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#count ComputeSecurityPolicyRuleA#count} */ readonly count?: number; /** * Interval over which the threshold is computed. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#interval_sec ComputeSecurityPolicyRuleA#interval_sec} */ readonly intervalSec?: number; } export declare function computeSecurityPolicyRuleRateLimitOptionsBanThresholdAToTerraform(struct?: ComputeSecurityPolicyRuleRateLimitOptionsBanThresholdAOutputReference | ComputeSecurityPolicyRuleRateLimitOptionsBanThresholdA): any; export declare function computeSecurityPolicyRuleRateLimitOptionsBanThresholdAToHclTerraform(struct?: ComputeSecurityPolicyRuleRateLimitOptionsBanThresholdAOutputReference | ComputeSecurityPolicyRuleRateLimitOptionsBanThresholdA): any; export declare class ComputeSecurityPolicyRuleRateLimitOptionsBanThresholdAOutputReference extends cdktf.ComplexObject { private isEmptyObject; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string); get internalValue(): ComputeSecurityPolicyRuleRateLimitOptionsBanThresholdA | undefined; set internalValue(value: ComputeSecurityPolicyRuleRateLimitOptionsBanThresholdA | undefined); private _count?; get count(): number; set count(value: number); resetCount(): void; get countInput(): number | undefined; private _intervalSec?; get intervalSec(): number; set intervalSec(value: number); resetIntervalSec(): void; get intervalSecInput(): number | undefined; } export interface ComputeSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigs { /** * Rate limit key name applicable only for the following key types: * HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. * HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#enforce_on_key_name ComputeSecurityPolicyRuleA#enforce_on_key_name} */ readonly enforceOnKeyName?: string; /** * Determines the key to enforce the rateLimitThreshold on. Possible values are: * * ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if "enforceOnKeyConfigs" is not configured. * * IP: The source IP address of the request is the key. Each IP has this limit enforced separately. * * HTTP_HEADER: The value of the HTTP header whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. * * XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. * * HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. * * HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. * * SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. * * REGION_CODE: The country/region from which the request originates. * * TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL. * * USER_IP: The IP address of the originating client, which is resolved based on "userIpRequestHeaders" configured with the security policy. If there is no "userIpRequestHeaders" configuration or an IP address cannot be resolved from it, the key type defaults to IP. Possible values: ["ALL", "IP", "HTTP_HEADER", "XFF_IP", "HTTP_COOKIE", "HTTP_PATH", "SNI", "REGION_CODE", "TLS_JA3_FINGERPRINT", "USER_IP"] * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#enforce_on_key_type ComputeSecurityPolicyRuleA#enforce_on_key_type} */ readonly enforceOnKeyType?: string; } export declare function computeSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigsToTerraform(struct?: ComputeSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigs | cdktf.IResolvable): any; export declare function computeSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigsToHclTerraform(struct?: ComputeSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigs | cdktf.IResolvable): any; export declare class ComputeSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigsOutputReference extends cdktf.ComplexObject { private isEmptyObject; private resolvableValue?; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param complexObjectIndex the index of this item in the list * @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean); get internalValue(): ComputeSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigs | cdktf.IResolvable | undefined; set internalValue(value: ComputeSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigs | cdktf.IResolvable | undefined); private _enforceOnKeyName?; get enforceOnKeyName(): string; set enforceOnKeyName(value: string); resetEnforceOnKeyName(): void; get enforceOnKeyNameInput(): string | undefined; private _enforceOnKeyType?; get enforceOnKeyType(): string; set enforceOnKeyType(value: string); resetEnforceOnKeyType(): void; get enforceOnKeyTypeInput(): string | undefined; } export declare class ComputeSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigsList extends cdktf.ComplexList { protected terraformResource: cdktf.IInterpolatingParent; protected terraformAttribute: string; protected wrapsSet: boolean; internalValue?: ComputeSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigs[] | cdktf.IResolvable; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean); /** * @param index the index of the item to return */ get(index: number): ComputeSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigsOutputReference; } export interface ComputeSecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsA { /** * Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#target ComputeSecurityPolicyRuleA#target} */ readonly target?: string; /** * Type of the redirect action. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.4.0/docs/resources/compute_security_policy_rule#type ComputeSecurityPolicyRuleA#type} */ readonly type?: string; } export declare function computeSecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsAToTerraform(struct?: ComputeSecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsAOutputReference | ComputeSecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsA): any; export declare function computeSecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsAToHclTerraform(struct?: ComputeSecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsAOutputReference | ComputeSecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsA): any; export declare class ComputeSecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsAOutputReference extends cdktf.ComplexObject { private isEmptyObject; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string); get internalValue(): ComputeSecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsA | undefined; set internalValue(value: ComputeSecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsA | undefined); private _target?; get target(): string; set target(value: string); resetTarget(): void; get targetInput(): string | undefined; private _type?; get type(): string; set type(value: string); resetType(): void; get typeInput(): string | undefined; } export interface ComputeSecurityPolicyRuleRateLimitOptionsRateLimitThresholdA { /** * Number of HTTP(S) requests for calculating the threshold. * *