UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi/pulumi-gcp

293 lines • 11.2 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.FirewallPolicyRule = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny). * * To get more information about FirewallPolicyRule, see: * * * [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/firewallPolicies/addRule) * * ## Example Usage * * ### Firewall Policy Rule * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const basicGlobalNetworksecurityAddressGroup = new gcp.networksecurity.AddressGroup("basic_global_networksecurity_address_group", { * name: "address-group", * parent: "organizations/123456789", * description: "Sample global networksecurity_address_group", * location: "global", * items: ["208.80.154.224/32"], * type: "IPV4", * capacity: 100, * }); * const folder = new gcp.organizations.Folder("folder", { * displayName: "folder", * parent: "organizations/123456789", * deletionProtection: false, * }); * const _default = new gcp.compute.FirewallPolicy("default", { * parent: folder.id, * shortName: "fw-policy", * description: "Resource created for Terraform acceptance testing", * }); * const primary = new gcp.compute.FirewallPolicyRule("primary", { * firewallPolicy: _default.name, * description: "Resource created for Terraform acceptance testing", * priority: 9000, * enableLogging: true, * action: "allow", * direction: "EGRESS", * disabled: false, * targetServiceAccounts: ["my@service-account.com"], * match: { * destIpRanges: ["11.100.0.1/32"], * destFqdns: [], * destRegionCodes: ["US"], * destThreatIntelligences: ["iplist-known-malicious-ips"], * srcAddressGroups: [], * destAddressGroups: [basicGlobalNetworksecurityAddressGroup.id], * layer4Configs: [ * { * ipProtocol: "tcp", * ports: ["8080"], * }, * { * ipProtocol: "udp", * ports: ["22"], * }, * ], * }, * }); * const basicKey = new gcp.tags.TagKey("basic_key", { * description: "For keyname resources.", * parent: "organizations/123456789", * purpose: "GCE_FIREWALL", * shortName: "tag-key", * purposeData: { * organization: "auto", * }, * }); * const basicValue = new gcp.tags.TagValue("basic_value", { * description: "For valuename resources.", * parent: basicKey.id, * shortName: "tag-value", * }); * ``` * ### Firewall Policy Rule Network Scope * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const folder = new gcp.organizations.Folder("folder", { * displayName: "folder", * parent: "organizations/123456789", * deletionProtection: false, * }); * const _default = new gcp.compute.FirewallPolicy("default", { * parent: folder.id, * shortName: "fw-policy", * description: "Firewall policy", * }); * const network = new gcp.compute.Network("network", { * name: "network", * autoCreateSubnetworks: false, * }); * const primary = new gcp.compute.FirewallPolicyRule("primary", { * firewallPolicy: _default.name, * description: "Firewall policy rule with network scope", * priority: 9000, * action: "allow", * direction: "INGRESS", * disabled: false, * match: { * srcIpRanges: ["11.100.0.1/32"], * srcNetworkScope: "VPC_NETWORKS", * srcNetworks: [network.id], * layer4Configs: [ * { * ipProtocol: "tcp", * ports: ["8080"], * }, * { * ipProtocol: "udp", * ports: ["22"], * }, * ], * }, * }); * ``` * ### Firewall Policy Rule Secure Tags * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const folder = new gcp.organizations.Folder("folder", { * displayName: "folder", * parent: "organizations/123456789", * deletionProtection: false, * }); * const _default = new gcp.compute.FirewallPolicy("default", { * parent: folder.id, * shortName: "fw-policy", * description: "Resource created for Terraform acceptance testing", * }); * const basicKey = new gcp.tags.TagKey("basic_key", { * description: "For keyname resources.", * parent: "organizations/123456789", * purpose: "GCE_FIREWALL", * shortName: "tag-key", * purposeData: { * organization: "auto", * }, * }); * const basicValue = new gcp.tags.TagValue("basic_value", { * description: "For valuename resources.", * parent: basicKey.id, * shortName: "tag-value", * }); * const primary = new gcp.compute.FirewallPolicyRule("primary", { * firewallPolicy: _default.name, * description: "Resource created for Terraform acceptance testing", * priority: 9000, * enableLogging: true, * action: "allow", * direction: "INGRESS", * disabled: false, * targetSecureTags: [{ * name: basicValue.id, * }], * match: { * srcIpRanges: ["11.100.0.1/32"], * srcSecureTags: [{ * name: basicValue.id, * }], * layer4Configs: [ * { * ipProtocol: "tcp", * ports: ["8080"], * }, * { * ipProtocol: "udp", * ports: ["22"], * }, * ], * }, * }); * ``` * * ## Import * * FirewallPolicyRule can be imported using any of these accepted formats: * * * `locations/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}}` * * * `{{firewall_policy}}/{{priority}}` * * When using the `pulumi import` command, FirewallPolicyRule can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/firewallPolicyRule:FirewallPolicyRule default locations/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}} * ``` * * ```sh * $ pulumi import gcp:compute/firewallPolicyRule:FirewallPolicyRule default {{firewall_policy}}/{{priority}} * ``` */ class FirewallPolicyRule extends pulumi.CustomResource { /** * Get an existing FirewallPolicyRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new FirewallPolicyRule(name, state, { ...opts, id: id }); } /** * Returns true if the given object is an instance of FirewallPolicyRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === FirewallPolicyRule.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["action"] = state?.action; resourceInputs["creationTimestamp"] = state?.creationTimestamp; resourceInputs["description"] = state?.description; resourceInputs["direction"] = state?.direction; resourceInputs["disabled"] = state?.disabled; resourceInputs["enableLogging"] = state?.enableLogging; resourceInputs["firewallPolicy"] = state?.firewallPolicy; resourceInputs["kind"] = state?.kind; resourceInputs["match"] = state?.match; resourceInputs["priority"] = state?.priority; resourceInputs["ruleTupleCount"] = state?.ruleTupleCount; resourceInputs["securityProfileGroup"] = state?.securityProfileGroup; resourceInputs["targetResources"] = state?.targetResources; resourceInputs["targetSecureTags"] = state?.targetSecureTags; resourceInputs["targetServiceAccounts"] = state?.targetServiceAccounts; resourceInputs["tlsInspect"] = state?.tlsInspect; } else { const args = argsOrState; if (args?.action === undefined && !opts.urn) { throw new Error("Missing required property 'action'"); } if (args?.direction === undefined && !opts.urn) { throw new Error("Missing required property 'direction'"); } if (args?.firewallPolicy === undefined && !opts.urn) { throw new Error("Missing required property 'firewallPolicy'"); } if (args?.match === undefined && !opts.urn) { throw new Error("Missing required property 'match'"); } if (args?.priority === undefined && !opts.urn) { throw new Error("Missing required property 'priority'"); } resourceInputs["action"] = args?.action; resourceInputs["description"] = args?.description; resourceInputs["direction"] = args?.direction; resourceInputs["disabled"] = args?.disabled; resourceInputs["enableLogging"] = args?.enableLogging; resourceInputs["firewallPolicy"] = args?.firewallPolicy; resourceInputs["match"] = args?.match; resourceInputs["priority"] = args?.priority; resourceInputs["securityProfileGroup"] = args?.securityProfileGroup; resourceInputs["targetResources"] = args?.targetResources; resourceInputs["targetSecureTags"] = args?.targetSecureTags; resourceInputs["targetServiceAccounts"] = args?.targetServiceAccounts; resourceInputs["tlsInspect"] = args?.tlsInspect; resourceInputs["creationTimestamp"] = undefined /*out*/; resourceInputs["kind"] = undefined /*out*/; resourceInputs["ruleTupleCount"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(FirewallPolicyRule.__pulumiType, name, resourceInputs, opts); } } exports.FirewallPolicyRule = FirewallPolicyRule; /** @internal */ FirewallPolicyRule.__pulumiType = 'gcp:compute/firewallPolicyRule:FirewallPolicyRule'; //# sourceMappingURL=firewallPolicyRule.js.map