@pulumi/gcp/networksecurity/securityProfile.d.ts

A Pulumi package for creating and managing Google Cloud Platform resources.

import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
 * A security profile defines the behavior associated to a profile type.
 *
 * To get more information about SecurityProfile, see:
 *
 * * [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1/organizations.locations.securityProfiles)
 * * How-to Guides
 *     * [Create and manage security profiles](https://cloud.google.com/firewall/docs/configure-security-profiles)
 *
 * ## Example Usage
 *
 * ### Network Security Security Profile Basic
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const _default = new gcp.networksecurity.SecurityProfile("default", {
 *     name: "my-security-profile",
 *     parent: "organizations/123456789",
 *     description: "my description",
 *     type: "THREAT_PREVENTION",
 *     labels: {
 *         foo: "bar",
 *     },
 * });
 * ```
 * ### Network Security Security Profile Overrides
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const _default = new gcp.networksecurity.SecurityProfile("default", {
 *     name: "my-security-profile",
 *     parent: "organizations/123456789",
 *     description: "my description",
 *     type: "THREAT_PREVENTION",
 *     threatPreventionProfile: {
 *         severityOverrides: [
 *             {
 *                 action: "ALLOW",
 *                 severity: "INFORMATIONAL",
 *             },
 *             {
 *                 action: "DENY",
 *                 severity: "HIGH",
 *             },
 *         ],
 *         threatOverrides: [{
 *             action: "ALLOW",
 *             threatId: "280647",
 *         }],
 *         antivirusOverrides: [{
 *             protocol: "SMTP",
 *             action: "ALLOW",
 *         }],
 *     },
 * });
 * ```
 * ### Network Security Security Profile Mirroring
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const _default = new gcp.compute.Network("default", {
 *     name: "my-network",
 *     autoCreateSubnetworks: false,
 * });
 * const defaultMirroringDeploymentGroup = new gcp.networksecurity.MirroringDeploymentGroup("default", {
 *     mirroringDeploymentGroupId: "my-dg",
 *     location: "global",
 *     network: _default.id,
 * });
 * const defaultMirroringEndpointGroup = new gcp.networksecurity.MirroringEndpointGroup("default", {
 *     mirroringEndpointGroupId: "my-eg",
 *     location: "global",
 *     mirroringDeploymentGroup: defaultMirroringDeploymentGroup.id,
 * });
 * const defaultSecurityProfile = new gcp.networksecurity.SecurityProfile("default", {
 *     name: "my-security-profile",
 *     parent: "organizations/123456789",
 *     description: "my description",
 *     type: "CUSTOM_MIRRORING",
 *     customMirroringProfile: {
 *         mirroringEndpointGroup: defaultMirroringEndpointGroup.id,
 *     },
 * });
 * ```
 * ### Network Security Security Profile Intercept
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const _default = new gcp.compute.Network("default", {
 *     name: "my-network",
 *     autoCreateSubnetworks: false,
 * });
 * const defaultInterceptDeploymentGroup = new gcp.networksecurity.InterceptDeploymentGroup("default", {
 *     interceptDeploymentGroupId: "my-dg",
 *     location: "global",
 *     network: _default.id,
 * });
 * const defaultInterceptEndpointGroup = new gcp.networksecurity.InterceptEndpointGroup("default", {
 *     interceptEndpointGroupId: "my-eg",
 *     location: "global",
 *     interceptDeploymentGroup: defaultInterceptDeploymentGroup.id,
 * });
 * const defaultSecurityProfile = new gcp.networksecurity.SecurityProfile("default", {
 *     name: "my-security-profile",
 *     parent: "organizations/123456789",
 *     description: "my description",
 *     type: "CUSTOM_INTERCEPT",
 *     customInterceptProfile: {
 *         interceptEndpointGroup: defaultInterceptEndpointGroup.id,
 *     },
 * });
 * ```
 *
 * ## Import
 *
 * SecurityProfile can be imported using any of these accepted formats:
 *
 * * `{{parent}}/locations/{{location}}/securityProfiles/{{name}}`
 *
 * When using the `pulumi import` command, SecurityProfile can be imported using one of the formats above. For example:
 *
 * ```sh
 * $ pulumi import gcp:networksecurity/securityProfile:SecurityProfile default {{parent}}/locations/{{location}}/securityProfiles/{{name}}
 * ```
 */
export declare class SecurityProfile extends pulumi.CustomResource {
    /**
     * Get an existing SecurityProfile resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecurityProfileState, opts?: pulumi.CustomResourceOptions): SecurityProfile;
    /**
     * Returns true if the given object is an instance of SecurityProfile.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is SecurityProfile;
    /**
     * Time the security profile was created in UTC.
     */
    readonly createTime: pulumi.Output<string>;
    /**
     * The configuration for defining the Intercept Endpoint Group used to
     * intercept traffic to third-party firewall appliances.
     * Structure is documented below.
     */
    readonly customInterceptProfile: pulumi.Output<outputs.networksecurity.SecurityProfileCustomInterceptProfile | undefined>;
    /**
     * The configuration for defining the Mirroring Endpoint Group used to
     * mirror traffic to third-party collectors.
     * Structure is documented below.
     */
    readonly customMirroringProfile: pulumi.Output<outputs.networksecurity.SecurityProfileCustomMirroringProfile | undefined>;
    /**
     * An optional description of the security profile. The Max length is 512 characters.
     */
    readonly description: pulumi.Output<string | undefined>;
    /**
     * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
     */
    readonly effectiveLabels: pulumi.Output<{
        [key: string]: string;
    }>;
    /**
     * This checksum is computed by the server based on the value of other fields,
     * and may be sent on update and delete requests to ensure the client has an up-to-date
     * value before proceeding.
     */
    readonly etag: pulumi.Output<string>;
    /**
     * A map of key/value label pairs to assign to the resource.
     *
     * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
     * Please refer to the field `effectiveLabels` for all of the labels present on the resource.
     */
    readonly labels: pulumi.Output<{
        [key: string]: string;
    } | undefined>;
    /**
     * The location of the security profile.
     * The default value is `global`.
     */
    readonly location: pulumi.Output<string | undefined>;
    /**
     * The name of the security profile resource.
     */
    readonly name: pulumi.Output<string>;
    /**
     * The name of the parent this security profile belongs to.
     * Format: organizations/{organization_id}.
     */
    readonly parent: pulumi.Output<string | undefined>;
    /**
     * The combination of labels configured directly on the resource
     * and default labels configured on the provider.
     */
    readonly pulumiLabels: pulumi.Output<{
        [key: string]: string;
    }>;
    /**
     * Server-defined URL of this resource.
     */
    readonly selfLink: pulumi.Output<string>;
    /**
     * The threat prevention configuration for the security profile.
     * Structure is documented below.
     */
    readonly threatPreventionProfile: pulumi.Output<outputs.networksecurity.SecurityProfileThreatPreventionProfile | undefined>;
    /**
     * The type of security profile.
     * Possible values are: `THREAT_PREVENTION`, `CUSTOM_MIRRORING`, `CUSTOM_INTERCEPT`.
     */
    readonly type: pulumi.Output<string>;
    /**
     * Time the security profile was updated in UTC.
     */
    readonly updateTime: pulumi.Output<string>;
    /**
     * Create a SecurityProfile resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: SecurityProfileArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering SecurityProfile resources.
 */
export interface SecurityProfileState {
    /**
     * Time the security profile was created in UTC.
     */
    createTime?: pulumi.Input<string>;
    /**
     * The configuration for defining the Intercept Endpoint Group used to
     * intercept traffic to third-party firewall appliances.
     * Structure is documented below.
     */
    customInterceptProfile?: pulumi.Input<inputs.networksecurity.SecurityProfileCustomInterceptProfile>;
    /**
     * The configuration for defining the Mirroring Endpoint Group used to
     * mirror traffic to third-party collectors.
     * Structure is documented below.
     */
    customMirroringProfile?: pulumi.Input<inputs.networksecurity.SecurityProfileCustomMirroringProfile>;
    /**
     * An optional description of the security profile. The Max length is 512 characters.
     */
    description?: pulumi.Input<string>;
    /**
     * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
     */
    effectiveLabels?: pulumi.Input<{
        [key: string]: pulumi.Input<string>;
    }>;
    /**
     * This checksum is computed by the server based on the value of other fields,
     * and may be sent on update and delete requests to ensure the client has an up-to-date
     * value before proceeding.
     */
    etag?: pulumi.Input<string>;
    /**
     * A map of key/value label pairs to assign to the resource.
     *
     * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
     * Please refer to the field `effectiveLabels` for all of the labels present on the resource.
     */
    labels?: pulumi.Input<{
        [key: string]: pulumi.Input<string>;
    }>;
    /**
     * The location of the security profile.
     * The default value is `global`.
     */
    location?: pulumi.Input<string>;
    /**
     * The name of the security profile resource.
     */
    name?: pulumi.Input<string>;
    /**
     * The name of the parent this security profile belongs to.
     * Format: organizations/{organization_id}.
     */
    parent?: pulumi.Input<string>;
    /**
     * The combination of labels configured directly on the resource
     * and default labels configured on the provider.
     */
    pulumiLabels?: pulumi.Input<{
        [key: string]: pulumi.Input<string>;
    }>;
    /**
     * Server-defined URL of this resource.
     */
    selfLink?: pulumi.Input<string>;
    /**
     * The threat prevention configuration for the security profile.
     * Structure is documented below.
     */
    threatPreventionProfile?: pulumi.Input<inputs.networksecurity.SecurityProfileThreatPreventionProfile>;
    /**
     * The type of security profile.
     * Possible values are: `THREAT_PREVENTION`, `CUSTOM_MIRRORING`, `CUSTOM_INTERCEPT`.
     */
    type?: pulumi.Input<string>;
    /**
     * Time the security profile was updated in UTC.
     */
    updateTime?: pulumi.Input<string>;
}
/**
 * The set of arguments for constructing a SecurityProfile resource.
 */
export interface SecurityProfileArgs {
    /**
     * The configuration for defining the Intercept Endpoint Group used to
     * intercept traffic to third-party firewall appliances.
     * Structure is documented below.
     */
    customInterceptProfile?: pulumi.Input<inputs.networksecurity.SecurityProfileCustomInterceptProfile>;
    /**
     * The configuration for defining the Mirroring Endpoint Group used to
     * mirror traffic to third-party collectors.
     * Structure is documented below.
     */
    customMirroringProfile?: pulumi.Input<inputs.networksecurity.SecurityProfileCustomMirroringProfile>;
    /**
     * An optional description of the security profile. The Max length is 512 characters.
     */
    description?: pulumi.Input<string>;
    /**
     * A map of key/value label pairs to assign to the resource.
     *
     * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
     * Please refer to the field `effectiveLabels` for all of the labels present on the resource.
     */
    labels?: pulumi.Input<{
        [key: string]: pulumi.Input<string>;
    }>;
    /**
     * The location of the security profile.
     * The default value is `global`.
     */
    location?: pulumi.Input<string>;
    /**
     * The name of the security profile resource.
     */
    name?: pulumi.Input<string>;
    /**
     * The name of the parent this security profile belongs to.
     * Format: organizations/{organization_id}.
     */
    parent?: pulumi.Input<string>;
    /**
     * The threat prevention configuration for the security profile.
     * Structure is documented below.
     */
    threatPreventionProfile?: pulumi.Input<inputs.networksecurity.SecurityProfileThreatPreventionProfile>;
    /**
     * The type of security profile.
     * Possible values are: `THREAT_PREVENTION`, `CUSTOM_MIRRORING`, `CUSTOM_INTERCEPT`.
     */
    type: pulumi.Input<string>;
}