@pulumi/gcp/compute/firewallPolicyWithRules.js

A Pulumi package for creating and managing Google Cloud Platform resources.

"use strict";
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.FirewallPolicyWithRules = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
 * The Compute FirewallPolicy with rules resource. It declaratively manges all
 * rules in the firewall policy.
 *
 * ## Example Usage
 *
 * ### Compute Firewall Policy With Rules Full
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const project = gcp.organizations.getProject({});
 * const addressGroup1 = new gcp.networksecurity.AddressGroup("address_group_1", {
 *     name: "address-group",
 *     parent: "organizations/123456789",
 *     description: "Global address group",
 *     location: "global",
 *     items: ["208.80.154.224/32"],
 *     type: "IPV4",
 *     capacity: 100,
 * });
 * const securityProfile1 = new gcp.networksecurity.SecurityProfile("security_profile_1", {
 *     name: "sp",
 *     type: "THREAT_PREVENTION",
 *     parent: "organizations/123456789",
 *     location: "global",
 * });
 * const securityProfileGroup1 = new gcp.networksecurity.SecurityProfileGroup("security_profile_group_1", {
 *     name: "spg",
 *     parent: "organizations/123456789",
 *     description: "my description",
 *     threatPreventionProfile: securityProfile1.id,
 * });
 * const network = new gcp.compute.Network("network", {
 *     name: "network",
 *     autoCreateSubnetworks: false,
 * });
 * const basicKey = new gcp.tags.TagKey("basic_key", {
 *     description: "For keyname resources.",
 *     parent: "organizations/123456789",
 *     purpose: "GCE_FIREWALL",
 *     shortName: "tag-key",
 *     purposeData: {
 *         organization: "auto",
 *     },
 * });
 * const basicValue = new gcp.tags.TagValue("basic_value", {
 *     description: "For valuename resources.",
 *     parent: basicKey.id,
 *     shortName: "tag-value",
 * });
 * const primary = new gcp.compute.FirewallPolicyWithRules("primary", {
 *     shortName: "fw-policy",
 *     description: "Terraform test",
 *     parent: "organizations/123456789",
 *     rules: [
 *         {
 *             description: "tcp rule",
 *             priority: 1000,
 *             enableLogging: true,
 *             action: "allow",
 *             direction: "EGRESS",
 *             targetResources: [network.selfLink],
 *             match: {
 *                 destIpRanges: ["11.100.0.1/32"],
 *                 destFqdns: [
 *                     "www.yyy.com",
 *                     "www.zzz.com",
 *                 ],
 *                 destRegionCodes: [
 *                     "HK",
 *                     "IN",
 *                 ],
 *                 destThreatIntelligences: [
 *                     "iplist-search-engines-crawlers",
 *                     "iplist-tor-exit-nodes",
 *                 ],
 *                 destAddressGroups: [addressGroup1.id],
 *                 layer4Configs: [{
 *                     ipProtocol: "tcp",
 *                     ports: [
 *                         "8080",
 *                         "7070",
 *                     ],
 *                 }],
 *             },
 *         },
 *         {
 *             description: "udp rule",
 *             priority: 2000,
 *             enableLogging: false,
 *             action: "deny",
 *             direction: "INGRESS",
 *             disabled: true,
 *             match: {
 *                 srcIpRanges: ["0.0.0.0/0"],
 *                 srcFqdns: [
 *                     "www.abc.com",
 *                     "www.def.com",
 *                 ],
 *                 srcRegionCodes: [
 *                     "US",
 *                     "CA",
 *                 ],
 *                 srcThreatIntelligences: [
 *                     "iplist-known-malicious-ips",
 *                     "iplist-public-clouds",
 *                 ],
 *                 srcAddressGroups: [addressGroup1.id],
 *                 layer4Configs: [{
 *                     ipProtocol: "udp",
 *                 }],
 *             },
 *         },
 *         {
 *             description: "security profile group rule",
 *             ruleName: "tcp rule",
 *             priority: 3000,
 *             enableLogging: false,
 *             action: "apply_security_profile_group",
 *             direction: "INGRESS",
 *             targetServiceAccounts: ["test@google.com"],
 *             securityProfileGroup: pulumi.interpolate`//networksecurity.googleapis.com/${securityProfileGroup1.id}`,
 *             tlsInspect: true,
 *             match: {
 *                 srcIpRanges: ["0.0.0.0/0"],
 *                 layer4Configs: [{
 *                     ipProtocol: "tcp",
 *                 }],
 *             },
 *         },
 *         {
 *             description: "secure tags",
 *             ruleName: "secure tags rule",
 *             priority: 4000,
 *             enableLogging: false,
 *             action: "allow",
 *             direction: "INGRESS",
 *             targetSecureTags: [{
 *                 name: basicValue.id,
 *             }],
 *             match: {
 *                 srcIpRanges: ["11.100.0.1/32"],
 *                 srcSecureTags: [{
 *                     name: basicValue.id,
 *                 }],
 *                 layer4Configs: [{
 *                     ipProtocol: "tcp",
 *                     ports: ["8080"],
 *                 }],
 *             },
 *         },
 *     ],
 * });
 * ```
 *
 * ## Import
 *
 * FirewallPolicyWithRules can be imported using any of these accepted formats:
 *
 * * `locations/global/firewallPolicies/{{policy_id}}`
 *
 * * `{{policy_id}}`
 *
 * When using the `pulumi import` command, FirewallPolicyWithRules can be imported using one of the formats above. For example:
 *
 * ```sh
 * $ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default locations/global/firewallPolicies/{{policy_id}}
 * ```
 *
 * ```sh
 * $ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default {{policy_id}}
 * ```
 */
class FirewallPolicyWithRules extends pulumi.CustomResource {
    /**
     * Get an existing FirewallPolicyWithRules resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name, id, state, opts) {
        return new FirewallPolicyWithRules(name, state, { ...opts, id: id });
    }
    /**
     * Returns true if the given object is an instance of FirewallPolicyWithRules.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj) {
        if (obj === undefined || obj === null) {
            return false;
        }
        return obj['__pulumiType'] === FirewallPolicyWithRules.__pulumiType;
    }
    constructor(name, argsOrState, opts) {
        let resourceInputs = {};
        opts = opts || {};
        if (opts.id) {
            const state = argsOrState;
            resourceInputs["creationTimestamp"] = state?.creationTimestamp;
            resourceInputs["description"] = state?.description;
            resourceInputs["fingerprint"] = state?.fingerprint;
            resourceInputs["parent"] = state?.parent;
            resourceInputs["policyId"] = state?.policyId;
            resourceInputs["predefinedRules"] = state?.predefinedRules;
            resourceInputs["ruleTupleCount"] = state?.ruleTupleCount;
            resourceInputs["rules"] = state?.rules;
            resourceInputs["selfLink"] = state?.selfLink;
            resourceInputs["selfLinkWithId"] = state?.selfLinkWithId;
            resourceInputs["shortName"] = state?.shortName;
        }
        else {
            const args = argsOrState;
            if (args?.parent === undefined && !opts.urn) {
                throw new Error("Missing required property 'parent'");
            }
            if (args?.rules === undefined && !opts.urn) {
                throw new Error("Missing required property 'rules'");
            }
            if (args?.shortName === undefined && !opts.urn) {
                throw new Error("Missing required property 'shortName'");
            }
            resourceInputs["description"] = args?.description;
            resourceInputs["parent"] = args?.parent;
            resourceInputs["rules"] = args?.rules;
            resourceInputs["shortName"] = args?.shortName;
            resourceInputs["creationTimestamp"] = undefined /*out*/;
            resourceInputs["fingerprint"] = undefined /*out*/;
            resourceInputs["policyId"] = undefined /*out*/;
            resourceInputs["predefinedRules"] = undefined /*out*/;
            resourceInputs["ruleTupleCount"] = undefined /*out*/;
            resourceInputs["selfLink"] = undefined /*out*/;
            resourceInputs["selfLinkWithId"] = undefined /*out*/;
        }
        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
        super(FirewallPolicyWithRules.__pulumiType, name, resourceInputs, opts);
    }
}
exports.FirewallPolicyWithRules = FirewallPolicyWithRules;
/** @internal */
FirewallPolicyWithRules.__pulumiType = 'gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules';
//# sourceMappingURL=firewallPolicyWithRules.js.map