UNPKG

@pulumi/f5bigip

Version:

A Pulumi package for creating and managing F5 BigIP resources.

pulumi.io

pulumi/pulumi-f5bigip

448 lines (447 loc) 15.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
import * as pulumi from "@pulumi/pulumi"; /** * `f5bigip.NetIkePeer` Manages a ikePeer configuration */ export declare class NetIkePeer extends pulumi.CustomResource { /** * Get an existing NetIkePeer resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: NetIkePeerState, opts?: pulumi.CustomResourceOptions): NetIkePeer; /** * Returns true if the given object is an instance of NetIkePeer. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is NetIkePeer; /** * The application service that the object belongs to */ readonly appService: pulumi.Output<string | undefined>; /** * the trusted root and intermediate certificate authorities */ readonly caCertFile: pulumi.Output<string>; /** * Specifies the file name of the Certificate Revocation List. Only supported in IKEv1 */ readonly crlFile: pulumi.Output<string>; /** * User defined description */ readonly description: pulumi.Output<string>; /** * Specifies the number of seconds between Dead Peer Detection messages */ readonly dpdDelay: pulumi.Output<number>; /** * Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node */ readonly generatePolicy: pulumi.Output<string>; /** * Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations */ readonly lifetime: pulumi.Output<number>; /** * Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder */ readonly mode: pulumi.Output<string>; /** * Specifies the name of the certificate file object */ readonly myCertFile: pulumi.Output<string>; /** * Specifies the name of the certificate key file object */ readonly myCertKeyFile: pulumi.Output<string>; /** * Specifies the passphrase of the key used for my-cert-key-file */ readonly myCertKeyPassphrase: pulumi.Output<string>; /** * Specifies the identifier type sent to the remote host to use in the phase 1 negotiation */ readonly myIdType: pulumi.Output<string>; /** * Specifies the identifier value sent to the remote host in the phase 1 negotiation */ readonly myIdValue: pulumi.Output<string>; /** * Name of the ike_peer */ readonly name: pulumi.Output<string>; /** * Enables use of the NAT-Traversal IPsec extension */ readonly natTraversal: pulumi.Output<string>; /** * Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer */ readonly passive: pulumi.Output<string>; /** * Specifies the peer’s certificate for authentication */ readonly peersCertFile: pulumi.Output<string>; /** * Specifies that the only peers-cert-type supported is certfile */ readonly peersCertType: pulumi.Output<string>; /** * Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type */ readonly peersIdType: pulumi.Output<string>; /** * Specifies the peer’s identifier to be received */ readonly peersIdValue: pulumi.Output<string>; /** * Specifies the authentication method used for phase 1 negotiation */ readonly phase1AuthMethod: pulumi.Output<string>; /** * Specifies the encryption algorithm used for the isakmp phase 1 negotiation */ readonly phase1EncryptAlgorithm: pulumi.Output<string>; /** * Defines the hash algorithm used for the isakmp phase 1 negotiation */ readonly phase1HashAlgorithm: pulumi.Output<string>; /** * Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy */ readonly phase1PerfectForwardSecrecy: pulumi.Output<string>; /** * Specifies the preshared key for ISAKMP SAs */ readonly presharedKey: pulumi.Output<string | undefined>; /** * Display the encrypted preshared-key for the IKE remote node */ readonly presharedKeyEncrypted: pulumi.Output<string>; /** * Specifies the pseudo-random function used to derive keying material for all cryptographic operations */ readonly prf: pulumi.Output<string>; /** * If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs */ readonly proxySupport: pulumi.Output<string>; /** * Specifies the IP address of the IKE remote node */ readonly remoteAddress: pulumi.Output<string>; /** * Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node */ readonly replayWindowSize: pulumi.Output<number>; /** * Enables or disables this IKE remote node */ readonly state: pulumi.Output<string>; /** * Specifies the names of the traffic-selector objects associated with this ike-peer */ readonly trafficSelectors: pulumi.Output<string[]>; /** * Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file */ readonly verifyCert: pulumi.Output<string>; /** * Specifies which version of IKE to be used */ readonly versions: pulumi.Output<string[]>; /** * Create a NetIkePeer resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: NetIkePeerArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering NetIkePeer resources. */ export interface NetIkePeerState { /** * The application service that the object belongs to */ appService?: pulumi.Input<string>; /** * the trusted root and intermediate certificate authorities */ caCertFile?: pulumi.Input<string>; /** * Specifies the file name of the Certificate Revocation List. Only supported in IKEv1 */ crlFile?: pulumi.Input<string>; /** * User defined description */ description?: pulumi.Input<string>; /** * Specifies the number of seconds between Dead Peer Detection messages */ dpdDelay?: pulumi.Input<number>; /** * Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node */ generatePolicy?: pulumi.Input<string>; /** * Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations */ lifetime?: pulumi.Input<number>; /** * Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder */ mode?: pulumi.Input<string>; /** * Specifies the name of the certificate file object */ myCertFile?: pulumi.Input<string>; /** * Specifies the name of the certificate key file object */ myCertKeyFile?: pulumi.Input<string>; /** * Specifies the passphrase of the key used for my-cert-key-file */ myCertKeyPassphrase?: pulumi.Input<string>; /** * Specifies the identifier type sent to the remote host to use in the phase 1 negotiation */ myIdType?: pulumi.Input<string>; /** * Specifies the identifier value sent to the remote host in the phase 1 negotiation */ myIdValue?: pulumi.Input<string>; /** * Name of the ike_peer */ name?: pulumi.Input<string>; /** * Enables use of the NAT-Traversal IPsec extension */ natTraversal?: pulumi.Input<string>; /** * Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer */ passive?: pulumi.Input<string>; /** * Specifies the peer’s certificate for authentication */ peersCertFile?: pulumi.Input<string>; /** * Specifies that the only peers-cert-type supported is certfile */ peersCertType?: pulumi.Input<string>; /** * Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type */ peersIdType?: pulumi.Input<string>; /** * Specifies the peer’s identifier to be received */ peersIdValue?: pulumi.Input<string>; /** * Specifies the authentication method used for phase 1 negotiation */ phase1AuthMethod?: pulumi.Input<string>; /** * Specifies the encryption algorithm used for the isakmp phase 1 negotiation */ phase1EncryptAlgorithm?: pulumi.Input<string>; /** * Defines the hash algorithm used for the isakmp phase 1 negotiation */ phase1HashAlgorithm?: pulumi.Input<string>; /** * Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy */ phase1PerfectForwardSecrecy?: pulumi.Input<string>; /** * Specifies the preshared key for ISAKMP SAs */ presharedKey?: pulumi.Input<string>; /** * Display the encrypted preshared-key for the IKE remote node */ presharedKeyEncrypted?: pulumi.Input<string>; /** * Specifies the pseudo-random function used to derive keying material for all cryptographic operations */ prf?: pulumi.Input<string>; /** * If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs */ proxySupport?: pulumi.Input<string>; /** * Specifies the IP address of the IKE remote node */ remoteAddress?: pulumi.Input<string>; /** * Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node */ replayWindowSize?: pulumi.Input<number>; /** * Enables or disables this IKE remote node */ state?: pulumi.Input<string>; /** * Specifies the names of the traffic-selector objects associated with this ike-peer */ trafficSelectors?: pulumi.Input<pulumi.Input<string>[]>; /** * Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file */ verifyCert?: pulumi.Input<string>; /** * Specifies which version of IKE to be used */ versions?: pulumi.Input<pulumi.Input<string>[]>; } /** * The set of arguments for constructing a NetIkePeer resource. */ export interface NetIkePeerArgs { /** * The application service that the object belongs to */ appService?: pulumi.Input<string>; /** * the trusted root and intermediate certificate authorities */ caCertFile?: pulumi.Input<string>; /** * Specifies the file name of the Certificate Revocation List. Only supported in IKEv1 */ crlFile?: pulumi.Input<string>; /** * User defined description */ description?: pulumi.Input<string>; /** * Specifies the number of seconds between Dead Peer Detection messages */ dpdDelay?: pulumi.Input<number>; /** * Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node */ generatePolicy?: pulumi.Input<string>; /** * Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations */ lifetime?: pulumi.Input<number>; /** * Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder */ mode?: pulumi.Input<string>; /** * Specifies the name of the certificate file object */ myCertFile?: pulumi.Input<string>; /** * Specifies the name of the certificate key file object */ myCertKeyFile?: pulumi.Input<string>; /** * Specifies the passphrase of the key used for my-cert-key-file */ myCertKeyPassphrase?: pulumi.Input<string>; /** * Specifies the identifier type sent to the remote host to use in the phase 1 negotiation */ myIdType?: pulumi.Input<string>; /** * Specifies the identifier value sent to the remote host in the phase 1 negotiation */ myIdValue?: pulumi.Input<string>; /** * Name of the ike_peer */ name: pulumi.Input<string>; /** * Enables use of the NAT-Traversal IPsec extension */ natTraversal?: pulumi.Input<string>; /** * Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer */ passive?: pulumi.Input<string>; /** * Specifies the peer’s certificate for authentication */ peersCertFile?: pulumi.Input<string>; /** * Specifies that the only peers-cert-type supported is certfile */ peersCertType?: pulumi.Input<string>; /** * Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type */ peersIdType?: pulumi.Input<string>; /** * Specifies the peer’s identifier to be received */ peersIdValue?: pulumi.Input<string>; /** * Specifies the authentication method used for phase 1 negotiation */ phase1AuthMethod?: pulumi.Input<string>; /** * Specifies the encryption algorithm used for the isakmp phase 1 negotiation */ phase1EncryptAlgorithm?: pulumi.Input<string>; /** * Defines the hash algorithm used for the isakmp phase 1 negotiation */ phase1HashAlgorithm?: pulumi.Input<string>; /** * Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy */ phase1PerfectForwardSecrecy?: pulumi.Input<string>; /** * Specifies the preshared key for ISAKMP SAs */ presharedKey?: pulumi.Input<string>; /** * Display the encrypted preshared-key for the IKE remote node */ presharedKeyEncrypted?: pulumi.Input<string>; /** * Specifies the pseudo-random function used to derive keying material for all cryptographic operations */ prf?: pulumi.Input<string>; /** * If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs */ proxySupport?: pulumi.Input<string>; /** * Specifies the IP address of the IKE remote node */ remoteAddress: pulumi.Input<string>; /** * Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node */ replayWindowSize?: pulumi.Input<number>; /** * Enables or disables this IKE remote node */ state?: pulumi.Input<string>; /** * Specifies the names of the traffic-selector objects associated with this ike-peer */ trafficSelectors?: pulumi.Input<pulumi.Input<string>[]>; /** * Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file */ verifyCert?: pulumi.Input<string>; /** * Specifies which version of IKE to be used */ versions?: pulumi.Input<pulumi.Input<string>[]>; }