UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi/pulumi-gcp

360 lines • 13.7 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.RegionSecurityPolicyRule = void 0; const pulumi = __importStar(require("@pulumi/pulumi")); const utilities = __importStar(require("../utilities")); /** * A rule for the RegionSecurityPolicy. * * To get more information about RegionSecurityPolicyRule, see: * * * [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/regionSecurityPolicies/addRule) * * How-to Guides * * [Creating region security policy rules](https://cloud.google.com/armor/docs/configure-security-policies) * * ## Example Usage * * ### Region Security Policy Rule Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.RegionSecurityPolicy("default", { * region: "us-west2", * name: "policyruletest", * description: "basic region security policy", * type: "CLOUD_ARMOR", * }); * const policyRule = new gcp.compute.RegionSecurityPolicyRule("policy_rule", { * region: "us-west2", * securityPolicy: _default.name, * description: "new rule", * priority: 100, * match: { * versionedExpr: "SRC_IPS_V1", * config: { * srcIpRanges: ["10.10.0.0/16"], * }, * }, * action: "allow", * preview: true, * }); * ``` * ### Region Security Policy Rule Multiple Rules * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.RegionSecurityPolicy("default", { * region: "us-west2", * name: "policywithmultiplerules", * description: "basic region security policy", * type: "CLOUD_ARMOR", * }); * const policyRuleOne = new gcp.compute.RegionSecurityPolicyRule("policy_rule_one", { * region: "us-west2", * securityPolicy: _default.name, * description: "new rule one", * priority: 100, * match: { * versionedExpr: "SRC_IPS_V1", * config: { * srcIpRanges: ["10.10.0.0/16"], * }, * }, * action: "allow", * preview: true, * }); * const policyRuleTwo = new gcp.compute.RegionSecurityPolicyRule("policy_rule_two", { * region: "us-west2", * securityPolicy: _default.name, * description: "new rule two", * priority: 101, * match: { * versionedExpr: "SRC_IPS_V1", * config: { * srcIpRanges: [ * "192.168.0.0/16", * "10.0.0.0/8", * ], * }, * }, * action: "allow", * preview: true, * }); * ``` * ### Region Security Policy Rule Default Rule * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.RegionSecurityPolicy("default", { * region: "us-west2", * name: "policywithdefaultrule", * description: "basic region security policy", * type: "CLOUD_ARMOR", * }); * const defaultRule = new gcp.compute.RegionSecurityPolicyRule("default_rule", { * region: "us-west2", * securityPolicy: _default.name, * description: "new rule", * action: "deny", * priority: 2147483647, * match: { * versionedExpr: "SRC_IPS_V1", * config: { * srcIpRanges: ["*"], * }, * }, * }); * const policyRule = new gcp.compute.RegionSecurityPolicyRule("policy_rule", { * region: "us-west2", * securityPolicy: _default.name, * description: "new rule", * priority: 100, * match: { * versionedExpr: "SRC_IPS_V1", * config: { * srcIpRanges: ["10.10.0.0/16"], * }, * }, * action: "allow", * preview: true, * }); * ``` * ### Region Security Policy Rule With Preconfigured Waf Config * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.RegionSecurityPolicy("default", { * region: "asia-southeast1", * name: "policyruletest", * description: "basic region security policy", * type: "CLOUD_ARMOR", * }); * const policyRule = new gcp.compute.RegionSecurityPolicyRule("policy_rule", { * region: "asia-southeast1", * securityPolicy: _default.name, * description: "new rule", * priority: 100, * match: { * versionedExpr: "SRC_IPS_V1", * config: { * srcIpRanges: ["10.10.0.0/16"], * }, * }, * preconfiguredWafConfig: { * exclusions: [ * { * requestUris: [{ * operator: "STARTS_WITH", * value: "/admin", * }], * targetRuleSet: "rce-stable", * }, * { * requestQueryParams: [ * { * operator: "CONTAINS", * value: "password", * }, * { * operator: "STARTS_WITH", * value: "freeform", * }, * { * operator: "EQUALS", * value: "description", * }, * ], * targetRuleSet: "xss-stable", * targetRuleIds: [ * "owasp-crs-v030001-id941330-xss", * "owasp-crs-v030001-id941340-xss", * ], * }, * ], * }, * action: "allow", * preview: true, * }); * ``` * ### Region Security Policy Rule With Network Match * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * // First activate advanced network DDoS protection for the desired region * const policyddosprotection = new gcp.compute.RegionSecurityPolicy("policyddosprotection", { * region: "us-west2", * name: "policyddosprotection", * description: "policy for activating network DDoS protection for the desired region", * type: "CLOUD_ARMOR_NETWORK", * ddosProtectionConfig: { * ddosProtection: "ADVANCED_PREVIEW", * }, * }); * const edgeSecService = new gcp.compute.NetworkEdgeSecurityService("edge_sec_service", { * region: "us-west2", * name: "edgesecservice", * description: "linking policy to edge security service", * securityPolicy: policyddosprotection.selfLink, * }); * // Add the desired policy and custom rule. * const policynetworkmatch = new gcp.compute.RegionSecurityPolicy("policynetworkmatch", { * region: "us-west2", * name: "policyfornetworkmatch", * description: "region security policy for network match", * type: "CLOUD_ARMOR_NETWORK", * userDefinedFields: [{ * name: "SIG1_AT_0", * base: "TCP", * offset: 8, * size: 2, * mask: "0x8F00", * }], * }, { * dependsOn: [edgeSecService], * }); * const policyRuleNetworkMatch = new gcp.compute.RegionSecurityPolicyRule("policy_rule_network_match", { * region: "us-west2", * securityPolicy: policynetworkmatch.name, * description: "custom rule for network match", * priority: 100, * networkMatch: { * srcIpRanges: ["10.10.0.0/16"], * userDefinedFields: [{ * name: "SIG1_AT_0", * values: ["0x8F00"], * }], * }, * action: "allow", * preview: true, * }); * ``` * * ## Import * * RegionSecurityPolicyRule can be imported using any of these accepted formats: * * * `projects/{{project}}/regions/{{region}}/securityPolicies/{{security_policy}}/priority/{{priority}}` * * `{{project}}/{{region}}/{{security_policy}}/{{priority}}` * * `{{region}}/{{security_policy}}/{{priority}}` * * `{{security_policy}}/{{priority}}` * * When using the `pulumi import` command, RegionSecurityPolicyRule can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/regionSecurityPolicyRule:RegionSecurityPolicyRule default projects/{{project}}/regions/{{region}}/securityPolicies/{{security_policy}}/priority/{{priority}} * $ pulumi import gcp:compute/regionSecurityPolicyRule:RegionSecurityPolicyRule default {{project}}/{{region}}/{{security_policy}}/{{priority}} * $ pulumi import gcp:compute/regionSecurityPolicyRule:RegionSecurityPolicyRule default {{region}}/{{security_policy}}/{{priority}} * $ pulumi import gcp:compute/regionSecurityPolicyRule:RegionSecurityPolicyRule default {{security_policy}}/{{priority}} * ``` */ class RegionSecurityPolicyRule extends pulumi.CustomResource { /** * Get an existing RegionSecurityPolicyRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new RegionSecurityPolicyRule(name, state, { ...opts, id: id }); } /** @internal */ static __pulumiType = 'gcp:compute/regionSecurityPolicyRule:RegionSecurityPolicyRule'; /** * Returns true if the given object is an instance of RegionSecurityPolicyRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === RegionSecurityPolicyRule.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["action"] = state?.action; resourceInputs["deletionPolicy"] = state?.deletionPolicy; resourceInputs["description"] = state?.description; resourceInputs["match"] = state?.match; resourceInputs["networkMatch"] = state?.networkMatch; resourceInputs["preconfiguredWafConfig"] = state?.preconfiguredWafConfig; resourceInputs["preview"] = state?.preview; resourceInputs["priority"] = state?.priority; resourceInputs["project"] = state?.project; resourceInputs["rateLimitOptions"] = state?.rateLimitOptions; resourceInputs["region"] = state?.region; resourceInputs["securityPolicy"] = state?.securityPolicy; } else { const args = argsOrState; if (args?.action === undefined && !opts.urn) { throw new Error("Missing required property 'action'"); } if (args?.priority === undefined && !opts.urn) { throw new Error("Missing required property 'priority'"); } if (args?.region === undefined && !opts.urn) { throw new Error("Missing required property 'region'"); } if (args?.securityPolicy === undefined && !opts.urn) { throw new Error("Missing required property 'securityPolicy'"); } resourceInputs["action"] = args?.action; resourceInputs["deletionPolicy"] = args?.deletionPolicy; resourceInputs["description"] = args?.description; resourceInputs["match"] = args?.match; resourceInputs["networkMatch"] = args?.networkMatch; resourceInputs["preconfiguredWafConfig"] = args?.preconfiguredWafConfig; resourceInputs["preview"] = args?.preview; resourceInputs["priority"] = args?.priority; resourceInputs["project"] = args?.project; resourceInputs["rateLimitOptions"] = args?.rateLimitOptions; resourceInputs["region"] = args?.region; resourceInputs["securityPolicy"] = args?.securityPolicy; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(RegionSecurityPolicyRule.__pulumiType, name, resourceInputs, opts); } } exports.RegionSecurityPolicyRule = RegionSecurityPolicyRule; //# sourceMappingURL=regionSecurityPolicyRule.js.map