@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
282 lines (281 loc) • 12.7 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* AuthzPolicy is a resource that allows to forward traffic to a callout backend designed to scan the traffic for security purposes.
*
* To get more information about AuthzPolicy, see:
*
* * [API documentation](https://cloud.google.com/load-balancing/docs/reference/network-security/rest/v1beta1/projects.locations.authzPolicies)
*
* ## Example Usage
*
* ## Import
*
* AuthzPolicy can be imported using any of these accepted formats:
*
* * `projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}`
*
* * `{{project}}/{{location}}/{{name}}`
*
* * `{{location}}/{{name}}`
*
* * `{{name}}`
*
* When using the `pulumi import` command, AuthzPolicy can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{project}}/{{location}}/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{location}}/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{name}}
* ```
*/
export declare class AuthzPolicy extends pulumi.CustomResource {
/**
* Get an existing AuthzPolicy resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuthzPolicyState, opts?: pulumi.CustomResourceOptions): AuthzPolicy;
/**
* Returns true if the given object is an instance of AuthzPolicy. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is AuthzPolicy;
/**
* When the action is CUSTOM, customProvider must be specified.
* When the action is ALLOW, only requests matching the policy will be allowed.
* When the action is DENY, only requests matching the policy will be denied.
* When a request arrives, the policies are evaluated in the following order:
* 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
* 2. If there are any DENY policies that match the request, the request is denied.
* 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
* 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request.
* Possible values are: `ALLOW`, `DENY`, `CUSTOM`.
*/
readonly action: pulumi.Output<string>;
/**
* The timestamp when the resource was created.
*/
readonly createTime: pulumi.Output<string>;
/**
* Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
* Structure is documented below.
*/
readonly customProvider: pulumi.Output<outputs.networksecurity.AuthzPolicyCustomProvider | undefined>;
/**
* A human-readable description of the resource.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
readonly effectiveLabels: pulumi.Output<{
[key: string]: string;
}>;
/**
* A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action.
* Limited to 5 rules.
* Structure is documented below.
*/
readonly httpRules: pulumi.Output<outputs.networksecurity.AuthzPolicyHttpRule[] | undefined>;
/**
* Set of labels associated with the AuthzExtension resource.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
readonly labels: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* The location of the resource.
*/
readonly location: pulumi.Output<string>;
/**
* Identifier. Name of the AuthzPolicy resource.
*/
readonly name: pulumi.Output<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
readonly project: pulumi.Output<string>;
/**
* The combination of labels configured directly on the resource
* and default labels configured on the provider.
*/
readonly pulumiLabels: pulumi.Output<{
[key: string]: string;
}>;
/**
* Specifies the set of resources to which this policy should be applied to.
* Structure is documented below.
*/
readonly target: pulumi.Output<outputs.networksecurity.AuthzPolicyTarget>;
/**
* The timestamp when the resource was updated.
*/
readonly updateTime: pulumi.Output<string>;
/**
* Create a AuthzPolicy resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: AuthzPolicyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering AuthzPolicy resources.
*/
export interface AuthzPolicyState {
/**
* When the action is CUSTOM, customProvider must be specified.
* When the action is ALLOW, only requests matching the policy will be allowed.
* When the action is DENY, only requests matching the policy will be denied.
* When a request arrives, the policies are evaluated in the following order:
* 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
* 2. If there are any DENY policies that match the request, the request is denied.
* 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
* 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request.
* Possible values are: `ALLOW`, `DENY`, `CUSTOM`.
*/
action?: pulumi.Input<string>;
/**
* The timestamp when the resource was created.
*/
createTime?: pulumi.Input<string>;
/**
* Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
* Structure is documented below.
*/
customProvider?: pulumi.Input<inputs.networksecurity.AuthzPolicyCustomProvider>;
/**
* A human-readable description of the resource.
*/
description?: pulumi.Input<string>;
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
effectiveLabels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action.
* Limited to 5 rules.
* Structure is documented below.
*/
httpRules?: pulumi.Input<pulumi.Input<inputs.networksecurity.AuthzPolicyHttpRule>[]>;
/**
* Set of labels associated with the AuthzExtension resource.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
labels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The location of the resource.
*/
location?: pulumi.Input<string>;
/**
* Identifier. Name of the AuthzPolicy resource.
*/
name?: pulumi.Input<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string>;
/**
* The combination of labels configured directly on the resource
* and default labels configured on the provider.
*/
pulumiLabels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Specifies the set of resources to which this policy should be applied to.
* Structure is documented below.
*/
target?: pulumi.Input<inputs.networksecurity.AuthzPolicyTarget>;
/**
* The timestamp when the resource was updated.
*/
updateTime?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a AuthzPolicy resource.
*/
export interface AuthzPolicyArgs {
/**
* When the action is CUSTOM, customProvider must be specified.
* When the action is ALLOW, only requests matching the policy will be allowed.
* When the action is DENY, only requests matching the policy will be denied.
* When a request arrives, the policies are evaluated in the following order:
* 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.
* 2. If there are any DENY policies that match the request, the request is denied.
* 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.
* 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request.
* Possible values are: `ALLOW`, `DENY`, `CUSTOM`.
*/
action: pulumi.Input<string>;
/**
* Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.
* Structure is documented below.
*/
customProvider?: pulumi.Input<inputs.networksecurity.AuthzPolicyCustomProvider>;
/**
* A human-readable description of the resource.
*/
description?: pulumi.Input<string>;
/**
* A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action.
* Limited to 5 rules.
* Structure is documented below.
*/
httpRules?: pulumi.Input<pulumi.Input<inputs.networksecurity.AuthzPolicyHttpRule>[]>;
/**
* Set of labels associated with the AuthzExtension resource.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
labels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The location of the resource.
*/
location: pulumi.Input<string>;
/**
* Identifier. Name of the AuthzPolicy resource.
*/
name?: pulumi.Input<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string>;
/**
* Specifies the set of resources to which this policy should be applied to.
* Structure is documented below.
*/
target: pulumi.Input<inputs.networksecurity.AuthzPolicyTarget>;
}