@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
248 lines • 10.1 kB
JavaScript
"use strict";
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.FirewallPolicyWithRules = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* ## Example Usage
*
* ### Compute Firewall Policy With Rules Full
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const project = gcp.organizations.getProject({});
* const addressGroup1 = new gcp.networksecurity.AddressGroup("address_group_1", {
* name: "address-group",
* parent: "organizations/123456789",
* description: "Global address group",
* location: "global",
* items: ["208.80.154.224/32"],
* type: "IPV4",
* capacity: 100,
* });
* const securityProfile1 = new gcp.networksecurity.SecurityProfile("security_profile_1", {
* name: "sp",
* type: "THREAT_PREVENTION",
* parent: "organizations/123456789",
* location: "global",
* });
* const securityProfileGroup1 = new gcp.networksecurity.SecurityProfileGroup("security_profile_group_1", {
* name: "spg",
* parent: "organizations/123456789",
* description: "my description",
* threatPreventionProfile: securityProfile1.id,
* });
* const network = new gcp.compute.Network("network", {
* name: "network",
* autoCreateSubnetworks: false,
* });
* const primary = new gcp.compute.FirewallPolicyWithRules("primary", {
* shortName: "fw-policy",
* description: "Terraform test",
* parent: "organizations/123456789",
* rules: [
* {
* description: "tcp rule",
* priority: 1000,
* enableLogging: true,
* action: "allow",
* direction: "EGRESS",
* targetResources: [project.then(project => `https://www.googleapis.com/compute/beta/projects/${project.name}/global/networks/default`)],
* match: {
* destIpRanges: ["11.100.0.1/32"],
* destFqdns: [
* "www.yyy.com",
* "www.zzz.com",
* ],
* destRegionCodes: [
* "HK",
* "IN",
* ],
* destThreatIntelligences: [
* "iplist-search-engines-crawlers",
* "iplist-tor-exit-nodes",
* ],
* destAddressGroups: [addressGroup1.id],
* layer4Configs: [{
* ipProtocol: "tcp",
* ports: [
* "8080",
* "7070",
* ],
* }],
* },
* },
* {
* description: "udp rule",
* priority: 2000,
* enableLogging: false,
* action: "deny",
* direction: "INGRESS",
* disabled: true,
* match: {
* srcIpRanges: ["0.0.0.0/0"],
* srcFqdns: [
* "www.abc.com",
* "www.def.com",
* ],
* srcRegionCodes: [
* "US",
* "CA",
* ],
* srcThreatIntelligences: [
* "iplist-known-malicious-ips",
* "iplist-public-clouds",
* ],
* srcAddressGroups: [addressGroup1.id],
* layer4Configs: [{
* ipProtocol: "udp",
* }],
* },
* },
* {
* description: "security profile group rule",
* ruleName: "tcp rule",
* priority: 3000,
* enableLogging: false,
* action: "apply_security_profile_group",
* direction: "INGRESS",
* targetServiceAccounts: ["test@google.com"],
* securityProfileGroup: pulumi.interpolate`//networksecurity.googleapis.com/${securityProfileGroup1.id}`,
* tlsInspect: true,
* match: {
* srcIpRanges: ["0.0.0.0/0"],
* layer4Configs: [{
* ipProtocol: "tcp",
* }],
* },
* },
* {
* description: "network scope rule 1",
* ruleName: "network scope 1",
* priority: 4000,
* enableLogging: false,
* action: "allow",
* direction: "INGRESS",
* match: {
* srcIpRanges: ["11.100.0.1/32"],
* srcNetworkScope: "VPC_NETWORKS",
* srcNetworks: [network.id],
* layer4Configs: [{
* ipProtocol: "tcp",
* ports: ["8080"],
* }],
* },
* },
* {
* description: "network scope rule 2",
* ruleName: "network scope 2",
* priority: 5000,
* enableLogging: false,
* action: "allow",
* direction: "EGRESS",
* match: {
* destIpRanges: ["0.0.0.0/0"],
* destNetworkScope: "INTERNET",
* layer4Configs: [{
* ipProtocol: "tcp",
* ports: ["8080"],
* }],
* },
* },
* ],
* });
* ```
*
* ## Import
*
* FirewallPolicyWithRules can be imported using any of these accepted formats:
*
* * `locations/global/firewallPolicies/{{policy_id}}`
*
* * `{{policy_id}}`
*
* When using the `pulumi import` command, FirewallPolicyWithRules can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default locations/global/firewallPolicies/{{policy_id}}
* ```
*
* ```sh
* $ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default {{policy_id}}
* ```
*/
class FirewallPolicyWithRules extends pulumi.CustomResource {
/**
* Get an existing FirewallPolicyWithRules resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new FirewallPolicyWithRules(name, state, Object.assign(Object.assign({}, opts), { id: id }));
}
/**
* Returns true if the given object is an instance of FirewallPolicyWithRules. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === FirewallPolicyWithRules.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["creationTimestamp"] = state ? state.creationTimestamp : undefined;
resourceInputs["description"] = state ? state.description : undefined;
resourceInputs["fingerprint"] = state ? state.fingerprint : undefined;
resourceInputs["parent"] = state ? state.parent : undefined;
resourceInputs["policyId"] = state ? state.policyId : undefined;
resourceInputs["predefinedRules"] = state ? state.predefinedRules : undefined;
resourceInputs["ruleTupleCount"] = state ? state.ruleTupleCount : undefined;
resourceInputs["rules"] = state ? state.rules : undefined;
resourceInputs["selfLink"] = state ? state.selfLink : undefined;
resourceInputs["selfLinkWithId"] = state ? state.selfLinkWithId : undefined;
resourceInputs["shortName"] = state ? state.shortName : undefined;
}
else {
const args = argsOrState;
if ((!args || args.parent === undefined) && !opts.urn) {
throw new Error("Missing required property 'parent'");
}
if ((!args || args.rules === undefined) && !opts.urn) {
throw new Error("Missing required property 'rules'");
}
if ((!args || args.shortName === undefined) && !opts.urn) {
throw new Error("Missing required property 'shortName'");
}
resourceInputs["description"] = args ? args.description : undefined;
resourceInputs["parent"] = args ? args.parent : undefined;
resourceInputs["rules"] = args ? args.rules : undefined;
resourceInputs["shortName"] = args ? args.shortName : undefined;
resourceInputs["creationTimestamp"] = undefined /*out*/;
resourceInputs["fingerprint"] = undefined /*out*/;
resourceInputs["policyId"] = undefined /*out*/;
resourceInputs["predefinedRules"] = undefined /*out*/;
resourceInputs["ruleTupleCount"] = undefined /*out*/;
resourceInputs["selfLink"] = undefined /*out*/;
resourceInputs["selfLinkWithId"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(FirewallPolicyWithRules.__pulumiType, name, resourceInputs, opts);
}
}
exports.FirewallPolicyWithRules = FirewallPolicyWithRules;
/** @internal */
FirewallPolicyWithRules.__pulumiType = 'gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules';
//# sourceMappingURL=firewallPolicyWithRules.js.map