@cdktf/provider-google
Version:
Prebuilt google Provider for Terraform CDK (cdktf)
770 lines • 71.9 kB
TypeScript
/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: MPL-2.0
*/
import { Construct } from 'constructs';
import * as cdktf from 'cdktf';
export interface ComputeRegionSecurityPolicyRuleConfig extends cdktf.TerraformMetaArguments {
/**
* The Action to perform when the rule is matched. The following are the valid actions:
*
* * allow: allow access to target.
*
* * deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502.
*
* * rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set.
*
* * redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR.
*
* * throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#action ComputeRegionSecurityPolicyRule#action}
*/
readonly action: string;
/**
* An optional description of this resource. Provide this property when you create the resource.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#description ComputeRegionSecurityPolicyRule#description}
*/
readonly description?: string;
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#id ComputeRegionSecurityPolicyRule#id}
*
* Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2.
* If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.
*/
readonly id?: string;
/**
* If set to true, the specified action is not enforced.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#preview ComputeRegionSecurityPolicyRule#preview}
*/
readonly preview?: boolean | cdktf.IResolvable;
/**
* An integer indicating the priority of a rule in the list.
* The priority must be a positive value between 0 and 2147483647.
* Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#priority ComputeRegionSecurityPolicyRule#priority}
*/
readonly priority: number;
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#project ComputeRegionSecurityPolicyRule#project}
*/
readonly project?: string;
/**
* The Region in which the created Region Security Policy rule should reside.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#region ComputeRegionSecurityPolicyRule#region}
*/
readonly region: string;
/**
* The name of the security policy this rule belongs to.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#security_policy ComputeRegionSecurityPolicyRule#security_policy}
*/
readonly securityPolicy: string;
/**
* match block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#match ComputeRegionSecurityPolicyRule#match}
*/
readonly match?: ComputeRegionSecurityPolicyRuleMatch;
/**
* network_match block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#network_match ComputeRegionSecurityPolicyRule#network_match}
*/
readonly networkMatch?: ComputeRegionSecurityPolicyRuleNetworkMatch;
/**
* preconfigured_waf_config block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#preconfigured_waf_config ComputeRegionSecurityPolicyRule#preconfigured_waf_config}
*/
readonly preconfiguredWafConfig?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfig;
/**
* rate_limit_options block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#rate_limit_options ComputeRegionSecurityPolicyRule#rate_limit_options}
*/
readonly rateLimitOptions?: ComputeRegionSecurityPolicyRuleRateLimitOptions;
/**
* timeouts block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#timeouts ComputeRegionSecurityPolicyRule#timeouts}
*/
readonly timeouts?: ComputeRegionSecurityPolicyRuleTimeouts;
}
export interface ComputeRegionSecurityPolicyRuleMatchConfig {
/**
* CIDR IP address range. Maximum number of srcIpRanges allowed is 10.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#src_ip_ranges ComputeRegionSecurityPolicyRule#src_ip_ranges}
*/
readonly srcIpRanges?: string[];
}
export declare function computeRegionSecurityPolicyRuleMatchConfigToTerraform(struct?: ComputeRegionSecurityPolicyRuleMatchConfigOutputReference | ComputeRegionSecurityPolicyRuleMatchConfig): any;
export declare function computeRegionSecurityPolicyRuleMatchConfigToHclTerraform(struct?: ComputeRegionSecurityPolicyRuleMatchConfigOutputReference | ComputeRegionSecurityPolicyRuleMatchConfig): any;
export declare class ComputeRegionSecurityPolicyRuleMatchConfigOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): ComputeRegionSecurityPolicyRuleMatchConfig | undefined;
set internalValue(value: ComputeRegionSecurityPolicyRuleMatchConfig | undefined);
private _srcIpRanges?;
get srcIpRanges(): string[];
set srcIpRanges(value: string[]);
resetSrcIpRanges(): void;
get srcIpRangesInput(): string[] | undefined;
}
export interface ComputeRegionSecurityPolicyRuleMatchExpr {
/**
* Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#expression ComputeRegionSecurityPolicyRule#expression}
*/
readonly expression: string;
}
export declare function computeRegionSecurityPolicyRuleMatchExprToTerraform(struct?: ComputeRegionSecurityPolicyRuleMatchExprOutputReference | ComputeRegionSecurityPolicyRuleMatchExpr): any;
export declare function computeRegionSecurityPolicyRuleMatchExprToHclTerraform(struct?: ComputeRegionSecurityPolicyRuleMatchExprOutputReference | ComputeRegionSecurityPolicyRuleMatchExpr): any;
export declare class ComputeRegionSecurityPolicyRuleMatchExprOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): ComputeRegionSecurityPolicyRuleMatchExpr | undefined;
set internalValue(value: ComputeRegionSecurityPolicyRuleMatchExpr | undefined);
private _expression?;
get expression(): string;
set expression(value: string);
get expressionInput(): string | undefined;
}
export interface ComputeRegionSecurityPolicyRuleMatch {
/**
* Preconfigured versioned expression. If this field is specified, config must also be specified.
* Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding srcIpRange field in config. Possible values: ["SRC_IPS_V1"]
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#versioned_expr ComputeRegionSecurityPolicyRule#versioned_expr}
*/
readonly versionedExpr?: string;
/**
* config block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#config ComputeRegionSecurityPolicyRule#config}
*/
readonly config?: ComputeRegionSecurityPolicyRuleMatchConfig;
/**
* expr block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#expr ComputeRegionSecurityPolicyRule#expr}
*/
readonly expr?: ComputeRegionSecurityPolicyRuleMatchExpr;
}
export declare function computeRegionSecurityPolicyRuleMatchToTerraform(struct?: ComputeRegionSecurityPolicyRuleMatchOutputReference | ComputeRegionSecurityPolicyRuleMatch): any;
export declare function computeRegionSecurityPolicyRuleMatchToHclTerraform(struct?: ComputeRegionSecurityPolicyRuleMatchOutputReference | ComputeRegionSecurityPolicyRuleMatch): any;
export declare class ComputeRegionSecurityPolicyRuleMatchOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): ComputeRegionSecurityPolicyRuleMatch | undefined;
set internalValue(value: ComputeRegionSecurityPolicyRuleMatch | undefined);
private _versionedExpr?;
get versionedExpr(): string;
set versionedExpr(value: string);
resetVersionedExpr(): void;
get versionedExprInput(): string | undefined;
private _config;
get config(): ComputeRegionSecurityPolicyRuleMatchConfigOutputReference;
putConfig(value: ComputeRegionSecurityPolicyRuleMatchConfig): void;
resetConfig(): void;
get configInput(): ComputeRegionSecurityPolicyRuleMatchConfig | undefined;
private _expr;
get expr(): ComputeRegionSecurityPolicyRuleMatchExprOutputReference;
putExpr(value: ComputeRegionSecurityPolicyRuleMatchExpr): void;
resetExpr(): void;
get exprInput(): ComputeRegionSecurityPolicyRuleMatchExpr | undefined;
}
export interface ComputeRegionSecurityPolicyRuleNetworkMatchUserDefinedFields {
/**
* Name of the user-defined field, as given in the definition.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#name ComputeRegionSecurityPolicyRule#name}
*/
readonly name?: string;
/**
* Matching values of the field. Each element can be a 32-bit unsigned decimal or hexadecimal (starting with "0x") number (e.g. "64") or range (e.g. "0x400-0x7ff").
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#values ComputeRegionSecurityPolicyRule#values}
*/
readonly values?: string[];
}
export declare function computeRegionSecurityPolicyRuleNetworkMatchUserDefinedFieldsToTerraform(struct?: ComputeRegionSecurityPolicyRuleNetworkMatchUserDefinedFields | cdktf.IResolvable): any;
export declare function computeRegionSecurityPolicyRuleNetworkMatchUserDefinedFieldsToHclTerraform(struct?: ComputeRegionSecurityPolicyRuleNetworkMatchUserDefinedFields | cdktf.IResolvable): any;
export declare class ComputeRegionSecurityPolicyRuleNetworkMatchUserDefinedFieldsOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
private resolvableValue?;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param complexObjectIndex the index of this item in the list
* @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean);
get internalValue(): ComputeRegionSecurityPolicyRuleNetworkMatchUserDefinedFields | cdktf.IResolvable | undefined;
set internalValue(value: ComputeRegionSecurityPolicyRuleNetworkMatchUserDefinedFields | cdktf.IResolvable | undefined);
private _name?;
get name(): string;
set name(value: string);
resetName(): void;
get nameInput(): string | undefined;
private _values?;
get values(): string[];
set values(value: string[]);
resetValues(): void;
get valuesInput(): string[] | undefined;
}
export declare class ComputeRegionSecurityPolicyRuleNetworkMatchUserDefinedFieldsList extends cdktf.ComplexList {
protected terraformResource: cdktf.IInterpolatingParent;
protected terraformAttribute: string;
protected wrapsSet: boolean;
internalValue?: ComputeRegionSecurityPolicyRuleNetworkMatchUserDefinedFields[] | cdktf.IResolvable;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean);
/**
* @param index the index of the item to return
*/
get(index: number): ComputeRegionSecurityPolicyRuleNetworkMatchUserDefinedFieldsOutputReference;
}
export interface ComputeRegionSecurityPolicyRuleNetworkMatch {
/**
* Destination IPv4/IPv6 addresses or CIDR prefixes, in standard text format.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#dest_ip_ranges ComputeRegionSecurityPolicyRule#dest_ip_ranges}
*/
readonly destIpRanges?: string[];
/**
* Destination port numbers for TCP/UDP/SCTP. Each element can be a 16-bit unsigned decimal number (e.g. "80") or range (e.g. "0-1023").
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#dest_ports ComputeRegionSecurityPolicyRule#dest_ports}
*/
readonly destPorts?: string[];
/**
* IPv4 protocol / IPv6 next header (after extension headers). Each element can be an 8-bit unsigned decimal number (e.g. "6"), range (e.g. "253-254"), or one of the following protocol names: "tcp", "udp", "icmp", "esp", "ah", "ipip", or "sctp".
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#ip_protocols ComputeRegionSecurityPolicyRule#ip_protocols}
*/
readonly ipProtocols?: string[];
/**
* BGP Autonomous System Number associated with the source IP address.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#src_asns ComputeRegionSecurityPolicyRule#src_asns}
*/
readonly srcAsns?: number[];
/**
* Source IPv4/IPv6 addresses or CIDR prefixes, in standard text format.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#src_ip_ranges ComputeRegionSecurityPolicyRule#src_ip_ranges}
*/
readonly srcIpRanges?: string[];
/**
* Source port numbers for TCP/UDP/SCTP. Each element can be a 16-bit unsigned decimal number (e.g. "80") or range (e.g. "0-1023").
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#src_ports ComputeRegionSecurityPolicyRule#src_ports}
*/
readonly srcPorts?: string[];
/**
* Two-letter ISO 3166-1 alpha-2 country code associated with the source IP address.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#src_region_codes ComputeRegionSecurityPolicyRule#src_region_codes}
*/
readonly srcRegionCodes?: string[];
/**
* user_defined_fields block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#user_defined_fields ComputeRegionSecurityPolicyRule#user_defined_fields}
*/
readonly userDefinedFields?: ComputeRegionSecurityPolicyRuleNetworkMatchUserDefinedFields[] | cdktf.IResolvable;
}
export declare function computeRegionSecurityPolicyRuleNetworkMatchToTerraform(struct?: ComputeRegionSecurityPolicyRuleNetworkMatchOutputReference | ComputeRegionSecurityPolicyRuleNetworkMatch): any;
export declare function computeRegionSecurityPolicyRuleNetworkMatchToHclTerraform(struct?: ComputeRegionSecurityPolicyRuleNetworkMatchOutputReference | ComputeRegionSecurityPolicyRuleNetworkMatch): any;
export declare class ComputeRegionSecurityPolicyRuleNetworkMatchOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): ComputeRegionSecurityPolicyRuleNetworkMatch | undefined;
set internalValue(value: ComputeRegionSecurityPolicyRuleNetworkMatch | undefined);
private _destIpRanges?;
get destIpRanges(): string[];
set destIpRanges(value: string[]);
resetDestIpRanges(): void;
get destIpRangesInput(): string[] | undefined;
private _destPorts?;
get destPorts(): string[];
set destPorts(value: string[]);
resetDestPorts(): void;
get destPortsInput(): string[] | undefined;
private _ipProtocols?;
get ipProtocols(): string[];
set ipProtocols(value: string[]);
resetIpProtocols(): void;
get ipProtocolsInput(): string[] | undefined;
private _srcAsns?;
get srcAsns(): number[];
set srcAsns(value: number[]);
resetSrcAsns(): void;
get srcAsnsInput(): number[] | undefined;
private _srcIpRanges?;
get srcIpRanges(): string[];
set srcIpRanges(value: string[]);
resetSrcIpRanges(): void;
get srcIpRangesInput(): string[] | undefined;
private _srcPorts?;
get srcPorts(): string[];
set srcPorts(value: string[]);
resetSrcPorts(): void;
get srcPortsInput(): string[] | undefined;
private _srcRegionCodes?;
get srcRegionCodes(): string[];
set srcRegionCodes(value: string[]);
resetSrcRegionCodes(): void;
get srcRegionCodesInput(): string[] | undefined;
private _userDefinedFields;
get userDefinedFields(): ComputeRegionSecurityPolicyRuleNetworkMatchUserDefinedFieldsList;
putUserDefinedFields(value: ComputeRegionSecurityPolicyRuleNetworkMatchUserDefinedFields[] | cdktf.IResolvable): void;
resetUserDefinedFields(): void;
get userDefinedFieldsInput(): cdktf.IResolvable | ComputeRegionSecurityPolicyRuleNetworkMatchUserDefinedFields[] | undefined;
}
export interface ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie {
/**
* You can specify an exact match or a partial match by using a field operator and a field value.
* Available options:
* EQUALS: The operator matches if the field value equals the specified value.
* STARTS_WITH: The operator matches if the field value starts with the specified value.
* ENDS_WITH: The operator matches if the field value ends with the specified value.
* CONTAINS: The operator matches if the field value contains the specified value.
* EQUALS_ANY: The operator matches if the field value is any value. Possible values: ["CONTAINS", "ENDS_WITH", "EQUALS", "EQUALS_ANY", "STARTS_WITH"]
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#operator ComputeRegionSecurityPolicyRule#operator}
*/
readonly operator: string;
/**
* A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.
* The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#value ComputeRegionSecurityPolicyRule#value}
*/
readonly value?: string;
}
export declare function computeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookieToTerraform(struct?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie | cdktf.IResolvable): any;
export declare function computeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookieToHclTerraform(struct?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie | cdktf.IResolvable): any;
export declare class ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookieOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
private resolvableValue?;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param complexObjectIndex the index of this item in the list
* @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean);
get internalValue(): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie | cdktf.IResolvable | undefined;
set internalValue(value: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie | cdktf.IResolvable | undefined);
private _operator?;
get operator(): string;
set operator(value: string);
get operatorInput(): string | undefined;
private _value?;
get value(): string;
set value(value: string);
resetValue(): void;
get valueInput(): string | undefined;
}
export declare class ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookieList extends cdktf.ComplexList {
protected terraformResource: cdktf.IInterpolatingParent;
protected terraformAttribute: string;
protected wrapsSet: boolean;
internalValue?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie[] | cdktf.IResolvable;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean);
/**
* @param index the index of the item to return
*/
get(index: number): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookieOutputReference;
}
export interface ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader {
/**
* You can specify an exact match or a partial match by using a field operator and a field value.
* Available options:
* EQUALS: The operator matches if the field value equals the specified value.
* STARTS_WITH: The operator matches if the field value starts with the specified value.
* ENDS_WITH: The operator matches if the field value ends with the specified value.
* CONTAINS: The operator matches if the field value contains the specified value.
* EQUALS_ANY: The operator matches if the field value is any value. Possible values: ["CONTAINS", "ENDS_WITH", "EQUALS", "EQUALS_ANY", "STARTS_WITH"]
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#operator ComputeRegionSecurityPolicyRule#operator}
*/
readonly operator: string;
/**
* A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.
* The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#value ComputeRegionSecurityPolicyRule#value}
*/
readonly value?: string;
}
export declare function computeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderToTerraform(struct?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader | cdktf.IResolvable): any;
export declare function computeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderToHclTerraform(struct?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader | cdktf.IResolvable): any;
export declare class ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
private resolvableValue?;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param complexObjectIndex the index of this item in the list
* @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean);
get internalValue(): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader | cdktf.IResolvable | undefined;
set internalValue(value: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader | cdktf.IResolvable | undefined);
private _operator?;
get operator(): string;
set operator(value: string);
get operatorInput(): string | undefined;
private _value?;
get value(): string;
set value(value: string);
resetValue(): void;
get valueInput(): string | undefined;
}
export declare class ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderList extends cdktf.ComplexList {
protected terraformResource: cdktf.IInterpolatingParent;
protected terraformAttribute: string;
protected wrapsSet: boolean;
internalValue?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader[] | cdktf.IResolvable;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean);
/**
* @param index the index of the item to return
*/
get(index: number): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderOutputReference;
}
export interface ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam {
/**
* You can specify an exact match or a partial match by using a field operator and a field value.
* Available options:
* EQUALS: The operator matches if the field value equals the specified value.
* STARTS_WITH: The operator matches if the field value starts with the specified value.
* ENDS_WITH: The operator matches if the field value ends with the specified value.
* CONTAINS: The operator matches if the field value contains the specified value.
* EQUALS_ANY: The operator matches if the field value is any value. Possible values: ["CONTAINS", "ENDS_WITH", "EQUALS", "EQUALS_ANY", "STARTS_WITH"]
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#operator ComputeRegionSecurityPolicyRule#operator}
*/
readonly operator: string;
/**
* A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.
* The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#value ComputeRegionSecurityPolicyRule#value}
*/
readonly value?: string;
}
export declare function computeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamToTerraform(struct?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam | cdktf.IResolvable): any;
export declare function computeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamToHclTerraform(struct?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam | cdktf.IResolvable): any;
export declare class ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
private resolvableValue?;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param complexObjectIndex the index of this item in the list
* @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean);
get internalValue(): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam | cdktf.IResolvable | undefined;
set internalValue(value: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam | cdktf.IResolvable | undefined);
private _operator?;
get operator(): string;
set operator(value: string);
get operatorInput(): string | undefined;
private _value?;
get value(): string;
set value(value: string);
resetValue(): void;
get valueInput(): string | undefined;
}
export declare class ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamList extends cdktf.ComplexList {
protected terraformResource: cdktf.IInterpolatingParent;
protected terraformAttribute: string;
protected wrapsSet: boolean;
internalValue?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam[] | cdktf.IResolvable;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean);
/**
* @param index the index of the item to return
*/
get(index: number): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamOutputReference;
}
export interface ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri {
/**
* You can specify an exact match or a partial match by using a field operator and a field value.
* Available options:
* EQUALS: The operator matches if the field value equals the specified value.
* STARTS_WITH: The operator matches if the field value starts with the specified value.
* ENDS_WITH: The operator matches if the field value ends with the specified value.
* CONTAINS: The operator matches if the field value contains the specified value.
* EQUALS_ANY: The operator matches if the field value is any value. Possible values: ["CONTAINS", "ENDS_WITH", "EQUALS", "EQUALS_ANY", "STARTS_WITH"]
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#operator ComputeRegionSecurityPolicyRule#operator}
*/
readonly operator: string;
/**
* A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.
* The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#value ComputeRegionSecurityPolicyRule#value}
*/
readonly value?: string;
}
export declare function computeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriToTerraform(struct?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri | cdktf.IResolvable): any;
export declare function computeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriToHclTerraform(struct?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri | cdktf.IResolvable): any;
export declare class ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
private resolvableValue?;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param complexObjectIndex the index of this item in the list
* @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean);
get internalValue(): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri | cdktf.IResolvable | undefined;
set internalValue(value: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri | cdktf.IResolvable | undefined);
private _operator?;
get operator(): string;
set operator(value: string);
get operatorInput(): string | undefined;
private _value?;
get value(): string;
set value(value: string);
resetValue(): void;
get valueInput(): string | undefined;
}
export declare class ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriList extends cdktf.ComplexList {
protected terraformResource: cdktf.IInterpolatingParent;
protected terraformAttribute: string;
protected wrapsSet: boolean;
internalValue?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri[] | cdktf.IResolvable;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean);
/**
* @param index the index of the item to return
*/
get(index: number): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriOutputReference;
}
export interface ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusion {
/**
* A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion.
* If omitted, it refers to all the rule IDs under the WAF rule set.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#target_rule_ids ComputeRegionSecurityPolicyRule#target_rule_ids}
*/
readonly targetRuleIds?: string[];
/**
* Target WAF rule set to apply the preconfigured WAF exclusion.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#target_rule_set ComputeRegionSecurityPolicyRule#target_rule_set}
*/
readonly targetRuleSet: string;
/**
* request_cookie block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#request_cookie ComputeRegionSecurityPolicyRule#request_cookie}
*/
readonly requestCookie?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie[] | cdktf.IResolvable;
/**
* request_header block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#request_header ComputeRegionSecurityPolicyRule#request_header}
*/
readonly requestHeader?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader[] | cdktf.IResolvable;
/**
* request_query_param block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#request_query_param ComputeRegionSecurityPolicyRule#request_query_param}
*/
readonly requestQueryParam?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam[] | cdktf.IResolvable;
/**
* request_uri block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#request_uri ComputeRegionSecurityPolicyRule#request_uri}
*/
readonly requestUri?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri[] | cdktf.IResolvable;
}
export declare function computeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionToTerraform(struct?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusion | cdktf.IResolvable): any;
export declare function computeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionToHclTerraform(struct?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusion | cdktf.IResolvable): any;
export declare class ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
private resolvableValue?;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param complexObjectIndex the index of this item in the list
* @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean);
get internalValue(): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusion | cdktf.IResolvable | undefined;
set internalValue(value: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusion | cdktf.IResolvable | undefined);
private _targetRuleIds?;
get targetRuleIds(): string[];
set targetRuleIds(value: string[]);
resetTargetRuleIds(): void;
get targetRuleIdsInput(): string[] | undefined;
private _targetRuleSet?;
get targetRuleSet(): string;
set targetRuleSet(value: string);
get targetRuleSetInput(): string | undefined;
private _requestCookie;
get requestCookie(): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookieList;
putRequestCookie(value: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie[] | cdktf.IResolvable): void;
resetRequestCookie(): void;
get requestCookieInput(): cdktf.IResolvable | ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookie[] | undefined;
private _requestHeader;
get requestHeader(): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderList;
putRequestHeader(value: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader[] | cdktf.IResolvable): void;
resetRequestHeader(): void;
get requestHeaderInput(): cdktf.IResolvable | ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader[] | undefined;
private _requestQueryParam;
get requestQueryParam(): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamList;
putRequestQueryParam(value: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam[] | cdktf.IResolvable): void;
resetRequestQueryParam(): void;
get requestQueryParamInput(): cdktf.IResolvable | ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam[] | undefined;
private _requestUri;
get requestUri(): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriList;
putRequestUri(value: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri[] | cdktf.IResolvable): void;
resetRequestUri(): void;
get requestUriInput(): cdktf.IResolvable | ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri[] | undefined;
}
export declare class ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionList extends cdktf.ComplexList {
protected terraformResource: cdktf.IInterpolatingParent;
protected terraformAttribute: string;
protected wrapsSet: boolean;
internalValue?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusion[] | cdktf.IResolvable;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean);
/**
* @param index the index of the item to return
*/
get(index: number): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionOutputReference;
}
export interface ComputeRegionSecurityPolicyRulePreconfiguredWafConfig {
/**
* exclusion block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#exclusion ComputeRegionSecurityPolicyRule#exclusion}
*/
readonly exclusion?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusion[] | cdktf.IResolvable;
}
export declare function computeRegionSecurityPolicyRulePreconfiguredWafConfigToTerraform(struct?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigOutputReference | ComputeRegionSecurityPolicyRulePreconfiguredWafConfig): any;
export declare function computeRegionSecurityPolicyRulePreconfiguredWafConfigToHclTerraform(struct?: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigOutputReference | ComputeRegionSecurityPolicyRulePreconfiguredWafConfig): any;
export declare class ComputeRegionSecurityPolicyRulePreconfiguredWafConfigOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): ComputeRegionSecurityPolicyRulePreconfiguredWafConfig | undefined;
set internalValue(value: ComputeRegionSecurityPolicyRulePreconfiguredWafConfig | undefined);
private _exclusion;
get exclusion(): ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusionList;
putExclusion(value: ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusion[] | cdktf.IResolvable): void;
resetExclusion(): void;
get exclusionInput(): cdktf.IResolvable | ComputeRegionSecurityPolicyRulePreconfiguredWafConfigExclusion[] | undefined;
}
export interface ComputeRegionSecurityPolicyRuleRateLimitOptionsBanThreshold {
/**
* Number of HTTP(S) requests for calculating the threshold.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#count ComputeRegionSecurityPolicyRule#count}
*/
readonly count?: number;
/**
* Interval over which the threshold is computed.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#interval_sec ComputeRegionSecurityPolicyRule#interval_sec}
*/
readonly intervalSec?: number;
}
export declare function computeRegionSecurityPolicyRuleRateLimitOptionsBanThresholdToTerraform(struct?: ComputeRegionSecurityPolicyRuleRateLimitOptionsBanThresholdOutputReference | ComputeRegionSecurityPolicyRuleRateLimitOptionsBanThreshold): any;
export declare function computeRegionSecurityPolicyRuleRateLimitOptionsBanThresholdToHclTerraform(struct?: ComputeRegionSecurityPolicyRuleRateLimitOptionsBanThresholdOutputReference | ComputeRegionSecurityPolicyRuleRateLimitOptionsBanThreshold): any;
export declare class ComputeRegionSecurityPolicyRuleRateLimitOptionsBanThresholdOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): ComputeRegionSecurityPolicyRuleRateLimitOptionsBanThreshold | undefined;
set internalValue(value: ComputeRegionSecurityPolicyRuleRateLimitOptionsBanThreshold | undefined);
private _count?;
get count(): number;
set count(value: number);
resetCount(): void;
get countInput(): number | undefined;
private _intervalSec?;
get intervalSec(): number;
set intervalSec(value: number);
resetIntervalSec(): void;
get intervalSecInput(): number | undefined;
}
export interface ComputeRegionSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigs {
/**
* Rate limit key name applicable only for the following key types:
* HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value.
* HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/compute_region_security_policy_rule#enforce_on_key_name ComputeRegionSecurityPolicyRule#enforce_on_key_name}
*/
readonly enforceOnKeyName?: string;
/**
* Determines the key to enforce the rateLimitThreshold on. Possible values are:
* * ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if "enforceOnKeyConfigs" is not configured.
* * IP: The source IP address of the request is the key. Each IP has this limit enforced separately.
* * HTTP_HEADER: The value of the HTTP header whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL.
* * XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the sou