@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
277 lines (276 loc) • 10.7 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* AuthorizationPolicy is a resource that specifies how a server should authorize incoming connections. This resource in itself does not change the configuration unless it's attached to a target https proxy or endpoint config selector resource.
*
* To get more information about AuthorizationPolicy, see:
*
* * [API documentation](https://cloud.google.com/traffic-director/docs/reference/network-security/rest/v1beta1/projects.locations.authorizationPolicies)
*
* ## Example Usage
*
* ### Network Security Authorization Policy Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const _default = new gcp.networksecurity.AuthorizationPolicy("default", {
* name: "my-authorization-policy",
* labels: {
* foo: "bar",
* },
* description: "my description",
* action: "ALLOW",
* rules: [{
* sources: [{
* principals: ["namespace/*"],
* ipBlocks: ["1.2.3.0/24"],
* }],
* }],
* });
* ```
* ### Network Security Authorization Policy Destinations
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const _default = new gcp.networksecurity.AuthorizationPolicy("default", {
* name: "my-authorization-policy",
* labels: {
* foo: "bar",
* },
* description: "my description",
* action: "ALLOW",
* rules: [{
* sources: [{
* principals: ["namespace/*"],
* ipBlocks: ["1.2.3.0/24"],
* }],
* destinations: [{
* hosts: ["mydomain.*"],
* ports: [8080],
* methods: ["GET"],
* httpHeaderMatch: {
* headerName: ":method",
* regexMatch: "GET",
* },
* }],
* }],
* });
* ```
*
* ## Import
*
* AuthorizationPolicy can be imported using any of these accepted formats:
*
* * `projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}}`
*
* * `{{project}}/{{location}}/{{name}}`
*
* * `{{location}}/{{name}}`
*
* When using the `pulumi import` command, AuthorizationPolicy can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:networksecurity/authorizationPolicy:AuthorizationPolicy default projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:networksecurity/authorizationPolicy:AuthorizationPolicy default {{project}}/{{location}}/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:networksecurity/authorizationPolicy:AuthorizationPolicy default {{location}}/{{name}}
* ```
*/
export declare class AuthorizationPolicy extends pulumi.CustomResource {
/**
* Get an existing AuthorizationPolicy resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuthorizationPolicyState, opts?: pulumi.CustomResourceOptions): AuthorizationPolicy;
/**
* Returns true if the given object is an instance of AuthorizationPolicy. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is AuthorizationPolicy;
/**
* The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
* Possible values are: `ALLOW`, `DENY`.
*/
readonly action: pulumi.Output<string>;
/**
* Time the AuthorizationPolicy was created in UTC.
*/
readonly createTime: pulumi.Output<string>;
/**
* A free-text description of the resource. Max length 1024 characters.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
readonly effectiveLabels: pulumi.Output<{
[key: string]: string;
}>;
/**
* Set of label tags associated with the AuthorizationPolicy resource.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
readonly labels: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* The location of the authorization policy.
* The default value is `global`.
*/
readonly location: pulumi.Output<string | undefined>;
/**
* Name of the AuthorizationPolicy resource.
*/
readonly name: pulumi.Output<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
readonly project: pulumi.Output<string>;
/**
* The combination of labels configured directly on the resource
* and default labels configured on the provider.
*/
readonly pulumiLabels: pulumi.Output<{
[key: string]: string;
}>;
/**
* List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken.
* A rule is a match if there is a matching source and destination. If left blank, the action specified in the action field will be applied on every request.
* Structure is documented below.
*/
readonly rules: pulumi.Output<outputs.networksecurity.AuthorizationPolicyRule[] | undefined>;
/**
* Time the AuthorizationPolicy was updated in UTC.
*/
readonly updateTime: pulumi.Output<string>;
/**
* Create a AuthorizationPolicy resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: AuthorizationPolicyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering AuthorizationPolicy resources.
*/
export interface AuthorizationPolicyState {
/**
* The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
* Possible values are: `ALLOW`, `DENY`.
*/
action?: pulumi.Input<string>;
/**
* Time the AuthorizationPolicy was created in UTC.
*/
createTime?: pulumi.Input<string>;
/**
* A free-text description of the resource. Max length 1024 characters.
*/
description?: pulumi.Input<string>;
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
effectiveLabels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Set of label tags associated with the AuthorizationPolicy resource.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
labels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The location of the authorization policy.
* The default value is `global`.
*/
location?: pulumi.Input<string>;
/**
* Name of the AuthorizationPolicy resource.
*/
name?: pulumi.Input<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string>;
/**
* The combination of labels configured directly on the resource
* and default labels configured on the provider.
*/
pulumiLabels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken.
* A rule is a match if there is a matching source and destination. If left blank, the action specified in the action field will be applied on every request.
* Structure is documented below.
*/
rules?: pulumi.Input<pulumi.Input<inputs.networksecurity.AuthorizationPolicyRule>[]>;
/**
* Time the AuthorizationPolicy was updated in UTC.
*/
updateTime?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a AuthorizationPolicy resource.
*/
export interface AuthorizationPolicyArgs {
/**
* The action to take when a rule match is found. Possible values are "ALLOW" or "DENY".
* Possible values are: `ALLOW`, `DENY`.
*/
action: pulumi.Input<string>;
/**
* A free-text description of the resource. Max length 1024 characters.
*/
description?: pulumi.Input<string>;
/**
* Set of label tags associated with the AuthorizationPolicy resource.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
labels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The location of the authorization policy.
* The default value is `global`.
*/
location?: pulumi.Input<string>;
/**
* Name of the AuthorizationPolicy resource.
*/
name?: pulumi.Input<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string>;
/**
* List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken.
* A rule is a match if there is a matching source and destination. If left blank, the action specified in the action field will be applied on every request.
* Structure is documented below.
*/
rules?: pulumi.Input<pulumi.Input<inputs.networksecurity.AuthorizationPolicyRule>[]>;
}