@pulumi/f5bigip
Version:
A Pulumi package for creating and managing F5 BigIP resources.
435 lines (434 loc) • 20.9 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
/**
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as f5bigip from "@pulumi/f5bigip";
*
* const param1 = f5bigip.ssl.getWafEntityParameter({
* name: "Param1",
* type: "explicit",
* dataType: "alpha-numeric",
* performStaging: true,
* });
* const param2 = f5bigip.ssl.getWafEntityParameter({
* name: "Param2",
* type: "explicit",
* dataType: "alpha-numeric",
* performStaging: true,
* });
* const URL = f5bigip.ssl.getWafEntityUrl({
* name: "URL1",
* protocol: "http",
* });
* const URL2 = f5bigip.ssl.getWafEntityUrl({
* name: "URL2",
* });
* const test_awaf = new f5bigip.WafPolicy("test-awaf", {
* name: "testpolicyravi",
* partition: "Common",
* templateName: "POLICY_TEMPLATE_RAPID_DEPLOYMENT",
* applicationLanguage: "utf-8",
* enforcementMode: "blocking",
* serverTechnologies: [
* "MySQL",
* "Unix/Linux",
* "MongoDB",
* ],
* parameters: [
* param1.then(param1 => param1.json),
* param2.then(param2 => param2.json),
* ],
* urls: [
* URL.then(URL => URL.json),
* URL2.then(URL2 => URL2.json),
* ],
* });
* ```
*
* ## Import
*
* An existing WAF Policy or if the WAF Policy has been manually created or modified on the BIG-IP WebUI, it can be imported using its `id`.
*
* e.g:
*
* ```sh
* $ pulumi import f5bigip:index/wafPolicy:WafPolicy example <id>
* ```
*/
export declare class WafPolicy extends pulumi.CustomResource {
/**
* Get an existing WafPolicy resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WafPolicyState, opts?: pulumi.CustomResourceOptions): WafPolicy;
/**
* Returns true if the given object is an instance of WafPolicy. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is WafPolicy;
/**
* The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is `utf-8`
*/
readonly applicationLanguage: pulumi.Output<string | undefined>;
/**
* Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
*/
readonly caseInsensitive: pulumi.Output<boolean | undefined>;
/**
* Specifies the description of the policy.
*/
readonly description: pulumi.Output<string>;
/**
* Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
*/
readonly enablePassivemode: pulumi.Output<boolean | undefined>;
/**
* How the system processes a request that triggers a security policy violation
*/
readonly enforcementMode: pulumi.Output<string | undefined>;
/**
* `fileTypes` takes list of file-types options to be used for policy builder.
* See file types below for more details.
*/
readonly fileTypes: pulumi.Output<outputs.WafPolicyFileType[] | undefined>;
/**
* `graphqlProfiles` takes list of graphql profile options to be used for policy builder.
* See graphql profiles below for more details.
*/
readonly graphqlProfiles: pulumi.Output<outputs.WafPolicyGraphqlProfile[] | undefined>;
/**
* specify the list of host name that is used to access the application
*/
readonly hostNames: pulumi.Output<outputs.WafPolicyHostName[] | undefined>;
/**
* `ipExceptions` takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic.
* See IP Exceptions below for more details.
*/
readonly ipExceptions: pulumi.Output<outputs.WafPolicyIpException[] | undefined>;
/**
* the modifications section includes actions that modify the declarative policy as it is defined in the adjustments
* section. The modifications section is updated manually, with the changes generally driven by the learning suggestions
* provided by the BIG-IP.
*/
readonly modifications: pulumi.Output<string[] | undefined>;
/**
* The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
*/
readonly name: pulumi.Output<string>;
/**
* This section defines the Link for open api files on the policy.
*/
readonly openApiFiles: pulumi.Output<string[] | undefined>;
/**
* This section defines parameters that the security policy permits in requests.
*/
readonly parameters: pulumi.Output<string[] | undefined>;
/**
* Specifies the partition of the policy. Default is `Common`
*/
readonly partition: pulumi.Output<string | undefined>;
/**
* `policyBuilder` block will provide `learningMode` options to be used for policy builder.
* See policy builder below for more details.
*/
readonly policyBuilders: pulumi.Output<outputs.WafPolicyPolicyBuilder[] | undefined>;
/**
* Exported WAF policy deployed on BIGIP.
*/
readonly policyExportJson: pulumi.Output<string>;
/**
* The id of the A.WAF Policy as it would be calculated on the BIG-IP.
*/
readonly policyId: pulumi.Output<string>;
/**
* The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
*/
readonly policyImportJson: pulumi.Output<string | undefined>;
/**
* When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
*/
readonly protocolIndependent: pulumi.Output<boolean | undefined>;
/**
* The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
*/
readonly serverTechnologies: pulumi.Output<string[] | undefined>;
/**
* Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
*/
readonly signatureSets: pulumi.Output<string[] | undefined>;
/**
* This section defines the properties of a signature on the policy.
*/
readonly signatures: pulumi.Output<string[] | undefined>;
/**
* bulk signature setting
*/
readonly signaturesSettings: pulumi.Output<outputs.WafPolicySignaturesSetting[] | undefined>;
/**
* Specifies the Link of the template used for the policy creation.
*/
readonly templateLink: pulumi.Output<string | undefined>;
/**
* Specifies the name of the template used for the policy creation.
*/
readonly templateName: pulumi.Output<string>;
/**
* The type of policy you want to create. The default policy type is `security`.
*/
readonly type: pulumi.Output<string | undefined>;
/**
* In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
*/
readonly urls: pulumi.Output<string[] | undefined>;
/**
* Create a WafPolicy resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: WafPolicyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering WafPolicy resources.
*/
export interface WafPolicyState {
/**
* The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is `utf-8`
*/
applicationLanguage?: pulumi.Input<string>;
/**
* Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
*/
caseInsensitive?: pulumi.Input<boolean>;
/**
* Specifies the description of the policy.
*/
description?: pulumi.Input<string>;
/**
* Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
*/
enablePassivemode?: pulumi.Input<boolean>;
/**
* How the system processes a request that triggers a security policy violation
*/
enforcementMode?: pulumi.Input<string>;
/**
* `fileTypes` takes list of file-types options to be used for policy builder.
* See file types below for more details.
*/
fileTypes?: pulumi.Input<pulumi.Input<inputs.WafPolicyFileType>[]>;
/**
* `graphqlProfiles` takes list of graphql profile options to be used for policy builder.
* See graphql profiles below for more details.
*/
graphqlProfiles?: pulumi.Input<pulumi.Input<inputs.WafPolicyGraphqlProfile>[]>;
/**
* specify the list of host name that is used to access the application
*/
hostNames?: pulumi.Input<pulumi.Input<inputs.WafPolicyHostName>[]>;
/**
* `ipExceptions` takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic.
* See IP Exceptions below for more details.
*/
ipExceptions?: pulumi.Input<pulumi.Input<inputs.WafPolicyIpException>[]>;
/**
* the modifications section includes actions that modify the declarative policy as it is defined in the adjustments
* section. The modifications section is updated manually, with the changes generally driven by the learning suggestions
* provided by the BIG-IP.
*/
modifications?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
*/
name?: pulumi.Input<string>;
/**
* This section defines the Link for open api files on the policy.
*/
openApiFiles?: pulumi.Input<pulumi.Input<string>[]>;
/**
* This section defines parameters that the security policy permits in requests.
*/
parameters?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Specifies the partition of the policy. Default is `Common`
*/
partition?: pulumi.Input<string>;
/**
* `policyBuilder` block will provide `learningMode` options to be used for policy builder.
* See policy builder below for more details.
*/
policyBuilders?: pulumi.Input<pulumi.Input<inputs.WafPolicyPolicyBuilder>[]>;
/**
* Exported WAF policy deployed on BIGIP.
*/
policyExportJson?: pulumi.Input<string>;
/**
* The id of the A.WAF Policy as it would be calculated on the BIG-IP.
*/
policyId?: pulumi.Input<string>;
/**
* The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
*/
policyImportJson?: pulumi.Input<string>;
/**
* When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
*/
protocolIndependent?: pulumi.Input<boolean>;
/**
* The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
*/
serverTechnologies?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
*/
signatureSets?: pulumi.Input<pulumi.Input<string>[]>;
/**
* This section defines the properties of a signature on the policy.
*/
signatures?: pulumi.Input<pulumi.Input<string>[]>;
/**
* bulk signature setting
*/
signaturesSettings?: pulumi.Input<pulumi.Input<inputs.WafPolicySignaturesSetting>[]>;
/**
* Specifies the Link of the template used for the policy creation.
*/
templateLink?: pulumi.Input<string>;
/**
* Specifies the name of the template used for the policy creation.
*/
templateName?: pulumi.Input<string>;
/**
* The type of policy you want to create. The default policy type is `security`.
*/
type?: pulumi.Input<string>;
/**
* In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
*/
urls?: pulumi.Input<pulumi.Input<string>[]>;
}
/**
* The set of arguments for constructing a WafPolicy resource.
*/
export interface WafPolicyArgs {
/**
* The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is `utf-8`
*/
applicationLanguage?: pulumi.Input<string>;
/**
* Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
*/
caseInsensitive?: pulumi.Input<boolean>;
/**
* Specifies the description of the policy.
*/
description?: pulumi.Input<string>;
/**
* Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
*/
enablePassivemode?: pulumi.Input<boolean>;
/**
* How the system processes a request that triggers a security policy violation
*/
enforcementMode?: pulumi.Input<string>;
/**
* `fileTypes` takes list of file-types options to be used for policy builder.
* See file types below for more details.
*/
fileTypes?: pulumi.Input<pulumi.Input<inputs.WafPolicyFileType>[]>;
/**
* `graphqlProfiles` takes list of graphql profile options to be used for policy builder.
* See graphql profiles below for more details.
*/
graphqlProfiles?: pulumi.Input<pulumi.Input<inputs.WafPolicyGraphqlProfile>[]>;
/**
* specify the list of host name that is used to access the application
*/
hostNames?: pulumi.Input<pulumi.Input<inputs.WafPolicyHostName>[]>;
/**
* `ipExceptions` takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic.
* See IP Exceptions below for more details.
*/
ipExceptions?: pulumi.Input<pulumi.Input<inputs.WafPolicyIpException>[]>;
/**
* the modifications section includes actions that modify the declarative policy as it is defined in the adjustments
* section. The modifications section is updated manually, with the changes generally driven by the learning suggestions
* provided by the BIG-IP.
*/
modifications?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
*/
name: pulumi.Input<string>;
/**
* This section defines the Link for open api files on the policy.
*/
openApiFiles?: pulumi.Input<pulumi.Input<string>[]>;
/**
* This section defines parameters that the security policy permits in requests.
*/
parameters?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Specifies the partition of the policy. Default is `Common`
*/
partition?: pulumi.Input<string>;
/**
* `policyBuilder` block will provide `learningMode` options to be used for policy builder.
* See policy builder below for more details.
*/
policyBuilders?: pulumi.Input<pulumi.Input<inputs.WafPolicyPolicyBuilder>[]>;
/**
* The id of the A.WAF Policy as it would be calculated on the BIG-IP.
*/
policyId?: pulumi.Input<string>;
/**
* The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
*/
policyImportJson?: pulumi.Input<string>;
/**
* When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
*/
protocolIndependent?: pulumi.Input<boolean>;
/**
* The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
*/
serverTechnologies?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
*/
signatureSets?: pulumi.Input<pulumi.Input<string>[]>;
/**
* This section defines the properties of a signature on the policy.
*/
signatures?: pulumi.Input<pulumi.Input<string>[]>;
/**
* bulk signature setting
*/
signaturesSettings?: pulumi.Input<pulumi.Input<inputs.WafPolicySignaturesSetting>[]>;
/**
* Specifies the Link of the template used for the policy creation.
*/
templateLink?: pulumi.Input<string>;
/**
* Specifies the name of the template used for the policy creation.
*/
templateName: pulumi.Input<string>;
/**
* The type of policy you want to create. The default policy type is `security`.
*/
type?: pulumi.Input<string>;
/**
* In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
*/
urls?: pulumi.Input<pulumi.Input<string>[]>;
}