@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
218 lines • 9.41 kB
JavaScript
;
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.FirewallPolicyRule = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).
*
* To get more information about FirewallPolicyRule, see:
*
* * [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/firewallPolicies/addRule)
*
* ## Example Usage
*
* ### Firewall Policy Rule
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const basicGlobalNetworksecurityAddressGroup = new gcp.networksecurity.AddressGroup("basic_global_networksecurity_address_group", {
* name: "address-group",
* parent: "organizations/123456789",
* description: "Sample global networksecurity_address_group",
* location: "global",
* items: ["208.80.154.224/32"],
* type: "IPV4",
* capacity: 100,
* });
* const folder = new gcp.organizations.Folder("folder", {
* displayName: "folder",
* parent: "organizations/123456789",
* deletionProtection: false,
* });
* const _default = new gcp.compute.FirewallPolicy("default", {
* parent: folder.id,
* shortName: "fw-policy",
* description: "Resource created for Terraform acceptance testing",
* });
* const primary = new gcp.compute.FirewallPolicyRule("primary", {
* firewallPolicy: _default.name,
* description: "Resource created for Terraform acceptance testing",
* priority: 9000,
* enableLogging: true,
* action: "allow",
* direction: "EGRESS",
* disabled: false,
* targetServiceAccounts: ["my@service-account.com"],
* match: {
* destIpRanges: ["11.100.0.1/32"],
* destFqdns: [],
* destRegionCodes: ["US"],
* destThreatIntelligences: ["iplist-known-malicious-ips"],
* srcAddressGroups: [],
* destAddressGroups: [basicGlobalNetworksecurityAddressGroup.id],
* layer4Configs: [
* {
* ipProtocol: "tcp",
* ports: ["8080"],
* },
* {
* ipProtocol: "udp",
* ports: ["22"],
* },
* ],
* },
* });
* ```
* ### Firewall Policy Rule Network Scope
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const folder = new gcp.organizations.Folder("folder", {
* displayName: "folder",
* parent: "organizations/123456789",
* deletionProtection: false,
* });
* const _default = new gcp.compute.FirewallPolicy("default", {
* parent: folder.id,
* shortName: "fw-policy",
* description: "Firewall policy",
* });
* const network = new gcp.compute.Network("network", {
* name: "network",
* autoCreateSubnetworks: false,
* });
* const primary = new gcp.compute.FirewallPolicyRule("primary", {
* firewallPolicy: _default.name,
* description: "Firewall policy rule with network scope",
* priority: 9000,
* action: "allow",
* direction: "INGRESS",
* disabled: false,
* match: {
* srcIpRanges: ["11.100.0.1/32"],
* srcNetworkScope: "VPC_NETWORKS",
* srcNetworks: [network.id],
* layer4Configs: [
* {
* ipProtocol: "tcp",
* ports: ["8080"],
* },
* {
* ipProtocol: "udp",
* ports: ["22"],
* },
* ],
* },
* });
* ```
*
* ## Import
*
* FirewallPolicyRule can be imported using any of these accepted formats:
*
* * `locations/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}}`
*
* * `{{firewall_policy}}/{{priority}}`
*
* When using the `pulumi import` command, FirewallPolicyRule can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:compute/firewallPolicyRule:FirewallPolicyRule default locations/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}}
* ```
*
* ```sh
* $ pulumi import gcp:compute/firewallPolicyRule:FirewallPolicyRule default {{firewall_policy}}/{{priority}}
* ```
*/
class FirewallPolicyRule extends pulumi.CustomResource {
/**
* Get an existing FirewallPolicyRule resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new FirewallPolicyRule(name, state, Object.assign(Object.assign({}, opts), { id: id }));
}
/**
* Returns true if the given object is an instance of FirewallPolicyRule. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === FirewallPolicyRule.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["action"] = state ? state.action : undefined;
resourceInputs["creationTimestamp"] = state ? state.creationTimestamp : undefined;
resourceInputs["description"] = state ? state.description : undefined;
resourceInputs["direction"] = state ? state.direction : undefined;
resourceInputs["disabled"] = state ? state.disabled : undefined;
resourceInputs["enableLogging"] = state ? state.enableLogging : undefined;
resourceInputs["firewallPolicy"] = state ? state.firewallPolicy : undefined;
resourceInputs["kind"] = state ? state.kind : undefined;
resourceInputs["match"] = state ? state.match : undefined;
resourceInputs["priority"] = state ? state.priority : undefined;
resourceInputs["ruleTupleCount"] = state ? state.ruleTupleCount : undefined;
resourceInputs["securityProfileGroup"] = state ? state.securityProfileGroup : undefined;
resourceInputs["targetResources"] = state ? state.targetResources : undefined;
resourceInputs["targetServiceAccounts"] = state ? state.targetServiceAccounts : undefined;
resourceInputs["tlsInspect"] = state ? state.tlsInspect : undefined;
}
else {
const args = argsOrState;
if ((!args || args.action === undefined) && !opts.urn) {
throw new Error("Missing required property 'action'");
}
if ((!args || args.direction === undefined) && !opts.urn) {
throw new Error("Missing required property 'direction'");
}
if ((!args || args.firewallPolicy === undefined) && !opts.urn) {
throw new Error("Missing required property 'firewallPolicy'");
}
if ((!args || args.match === undefined) && !opts.urn) {
throw new Error("Missing required property 'match'");
}
if ((!args || args.priority === undefined) && !opts.urn) {
throw new Error("Missing required property 'priority'");
}
resourceInputs["action"] = args ? args.action : undefined;
resourceInputs["description"] = args ? args.description : undefined;
resourceInputs["direction"] = args ? args.direction : undefined;
resourceInputs["disabled"] = args ? args.disabled : undefined;
resourceInputs["enableLogging"] = args ? args.enableLogging : undefined;
resourceInputs["firewallPolicy"] = args ? args.firewallPolicy : undefined;
resourceInputs["match"] = args ? args.match : undefined;
resourceInputs["priority"] = args ? args.priority : undefined;
resourceInputs["securityProfileGroup"] = args ? args.securityProfileGroup : undefined;
resourceInputs["targetResources"] = args ? args.targetResources : undefined;
resourceInputs["targetServiceAccounts"] = args ? args.targetServiceAccounts : undefined;
resourceInputs["tlsInspect"] = args ? args.tlsInspect : undefined;
resourceInputs["creationTimestamp"] = undefined /*out*/;
resourceInputs["kind"] = undefined /*out*/;
resourceInputs["ruleTupleCount"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(FirewallPolicyRule.__pulumiType, name, resourceInputs, opts);
}
}
exports.FirewallPolicyRule = FirewallPolicyRule;
/** @internal */
FirewallPolicyRule.__pulumiType = 'gcp:compute/firewallPolicyRule:FirewallPolicyRule';
//# sourceMappingURL=firewallPolicyRule.js.map