@pulumi/gcp

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * ## Example Usage * * ### Compute Firewall Policy With Rules Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = gcp.organizations.getProject({}); * const addressGroup1 = new gcp.networksecurity.AddressGroup("address_group_1", { * name: "address-group", * parent: "organizations/123456789", * description: "Global address group", * location: "global", * items: ["208.80.154.224/32"], * type: "IPV4", * capacity: 100, * }); * const securityProfile1 = new gcp.networksecurity.SecurityProfile("security_profile_1", { * name: "sp", * type: "THREAT_PREVENTION", * parent: "organizations/123456789", * location: "global", * }); * const securityProfileGroup1 = new gcp.networksecurity.SecurityProfileGroup("security_profile_group_1", { * name: "spg", * parent: "organizations/123456789", * description: "my description", * threatPreventionProfile: securityProfile1.id, * }); * const network = new gcp.compute.Network("network", { * name: "network", * autoCreateSubnetworks: false, * }); * const primary = new gcp.compute.FirewallPolicyWithRules("primary", { * shortName: "fw-policy", * description: "Terraform test", * parent: "organizations/123456789", * rules: [ * { * description: "tcp rule", * priority: 1000, * enableLogging: true, * action: "allow", * direction: "EGRESS", * targetResources: [project.then(project => `https://www.googleapis.com/compute/beta/projects/${project.name}/global/networks/default`)], * match: { * destIpRanges: ["11.100.0.1/32"], * destFqdns: [ * "www.yyy.com", * "www.zzz.com", * ], * destRegionCodes: [ * "HK", * "IN", * ], * destThreatIntelligences: [ * "iplist-search-engines-crawlers", * "iplist-tor-exit-nodes", * ], * destAddressGroups: [addressGroup1.id], * layer4Configs: [{ * ipProtocol: "tcp", * ports: [ * "8080", * "7070", * ], * }], * }, * }, * { * description: "udp rule", * priority: 2000, * enableLogging: false, * action: "deny", * direction: "INGRESS", * disabled: true, * match: { * srcIpRanges: ["0.0.0.0/0"], * srcFqdns: [ * "www.abc.com", * "www.def.com", * ], * srcRegionCodes: [ * "US", * "CA", * ], * srcThreatIntelligences: [ * "iplist-known-malicious-ips", * "iplist-public-clouds", * ], * srcAddressGroups: [addressGroup1.id], * layer4Configs: [{ * ipProtocol: "udp", * }], * }, * }, * { * description: "security profile group rule", * ruleName: "tcp rule", * priority: 3000, * enableLogging: false, * action: "apply_security_profile_group", * direction: "INGRESS", * targetServiceAccounts: ["test@google.com"], * securityProfileGroup: pulumi.interpolate`//networksecurity.googleapis.com/${securityProfileGroup1.id}`, * tlsInspect: true, * match: { * srcIpRanges: ["0.0.0.0/0"], * layer4Configs: [{ * ipProtocol: "tcp", * }], * }, * }, * { * description: "network scope rule 1", * ruleName: "network scope 1", * priority: 4000, * enableLogging: false, * action: "allow", * direction: "INGRESS", * match: { * srcIpRanges: ["11.100.0.1/32"], * srcNetworkScope: "VPC_NETWORKS", * srcNetworks: [network.id], * layer4Configs: [{ * ipProtocol: "tcp", * ports: ["8080"], * }], * }, * }, * { * description: "network scope rule 2", * ruleName: "network scope 2", * priority: 5000, * enableLogging: false, * action: "allow", * direction: "EGRESS", * match: { * destIpRanges: ["0.0.0.0/0"], * destNetworkScope: "INTERNET", * layer4Configs: [{ * ipProtocol: "tcp", * ports: ["8080"], * }], * }, * }, * ], * }); * ``` * * ## Import * * FirewallPolicyWithRules can be imported using any of these accepted formats: * * * `locations/global/firewallPolicies/{{policy_id}}` * * * `{{policy_id}}` * * When using the `pulumi import` command, FirewallPolicyWithRules can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default locations/global/firewallPolicies/{{policy_id}} * ``` * * ```sh * $ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default {{policy_id}} * ``` */ export declare class FirewallPolicyWithRules extends pulumi.CustomResource { /** * Get an existing FirewallPolicyWithRules resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FirewallPolicyWithRulesState, opts?: pulumi.CustomResourceOptions): FirewallPolicyWithRules; /** * Returns true if the given object is an instance of FirewallPolicyWithRules. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is FirewallPolicyWithRules; /** * Creation timestamp in RFC3339 text format. */ readonly creationTimestamp: pulumi.Output<string>; /** * (Output) * A description of the rule. */ readonly description: pulumi.Output<string | undefined>; /** * Fingerprint of the resource. This field is used internally during updates of this resource. */ readonly fingerprint: pulumi.Output<string>; /** * The parent of this FirewallPolicy in the Cloud Resource Hierarchy. * Format: organizations/{organization_id} or folders/{folder_id} */ readonly parent: pulumi.Output<string>; /** * The unique identifier for the resource. This identifier is defined by the server. */ readonly policyId: pulumi.Output<string>; /** * A list of pre-define firewall policy rules. * Structure is documented below. */ readonly predefinedRules: pulumi.Output<outputs.compute.FirewallPolicyWithRulesPredefinedRule[]>; /** * Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. */ readonly ruleTupleCount: pulumi.Output<number>; /** * A list of firewall policy rules. * Structure is documented below. */ readonly rules: pulumi.Output<outputs.compute.FirewallPolicyWithRulesRule[]>; /** * Server-defined URL for the resource. */ readonly selfLink: pulumi.Output<string>; /** * Server-defined URL for this resource with the resource id. */ readonly selfLinkWithId: pulumi.Output<string>; /** * A textual name of the security policy. */ readonly shortName: pulumi.Output<string>; /** * Create a FirewallPolicyWithRules resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FirewallPolicyWithRulesArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering FirewallPolicyWithRules resources. */ export interface FirewallPolicyWithRulesState { /** * Creation timestamp in RFC3339 text format. */ creationTimestamp?: pulumi.Input<string>; /** * (Output) * A description of the rule. */ description?: pulumi.Input<string>; /** * Fingerprint of the resource. This field is used internally during updates of this resource. */ fingerprint?: pulumi.Input<string>; /** * The parent of this FirewallPolicy in the Cloud Resource Hierarchy. * Format: organizations/{organization_id} or folders/{folder_id} */ parent?: pulumi.Input<string>; /** * The unique identifier for the resource. This identifier is defined by the server. */ policyId?: pulumi.Input<string>; /** * A list of pre-define firewall policy rules. * Structure is documented below. */ predefinedRules?: pulumi.Input<pulumi.Input<inputs.compute.FirewallPolicyWithRulesPredefinedRule>[]>; /** * Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. */ ruleTupleCount?: pulumi.Input<number>; /** * A list of firewall policy rules. * Structure is documented below. */ rules?: pulumi.Input<pulumi.Input<inputs.compute.FirewallPolicyWithRulesRule>[]>; /** * Server-defined URL for the resource. */ selfLink?: pulumi.Input<string>; /** * Server-defined URL for this resource with the resource id. */ selfLinkWithId?: pulumi.Input<string>; /** * A textual name of the security policy. */ shortName?: pulumi.Input<string>; } /** * The set of arguments for constructing a FirewallPolicyWithRules resource. */ export interface FirewallPolicyWithRulesArgs { /** * (Output) * A description of the rule. */ description?: pulumi.Input<string>; /** * The parent of this FirewallPolicy in the Cloud Resource Hierarchy. * Format: organizations/{organization_id} or folders/{folder_id} */ parent: pulumi.Input<string>; /** * A list of firewall policy rules. * Structure is documented below. */ rules: pulumi.Input<pulumi.Input<inputs.compute.FirewallPolicyWithRulesRule>[]>; /** * A textual name of the security policy. */ shortName: pulumi.Input<string>; }