@pulumi/gcp/firebase/appCheckResourcePolicy.d.ts

A Pulumi package for creating and managing Google Cloud Platform resources.

import * as pulumi from "@pulumi/pulumi";
/**
 * App Check enforcement policy for a specific resource of a Google service supported by App Check. Note that this policy will override the service-level configuration.
 *
 * To get more information about ResourcePolicy, see:
 *
 * * [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.services.resourcePolicies)
 * * How-to Guides
 *     * [Official Documentation](https://firebase.google.com/docs/app-check)
 *
 * ## Example Usage
 *
 * ### Firebase App Check Resource Policy Oauth2 Basic
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const firebaseappcheck = new gcp.projects.Service("firebaseappcheck", {
 *     project: "my-project-name",
 *     service: "firebaseappcheck.googleapis.com",
 * });
 * const _default = new gcp.firebase.AppCheckResourcePolicy("default", {
 *     project: "my-project-name",
 *     serviceId: "oauth2.googleapis.com",
 *     targetResource: "//oauth2.googleapis.com/projects/my-project-name/oauthClients/example-client-id",
 *     enforcementMode: "UNENFORCED",
 * }, {
 *     dependsOn: [firebaseappcheck],
 * });
 * ```
 *
 * ## Import
 *
 * ResourcePolicy can be imported using any of these accepted formats:
 *
 * * `projects/{{project}}/services/{{service_id}}/resourcePolicies/{{resource_policy_id}}`
 * * `{{project}}/{{service_id}}/{{resource_policy_id}}`
 * * `{{service_id}}/{{resource_policy_id}}`
 *
 * When using the `pulumi import` command, ResourcePolicy can be imported using one of the formats above. For example:
 *
 * ```sh
 * $ pulumi import gcp:firebase/appCheckResourcePolicy:AppCheckResourcePolicy default projects/{{project}}/services/{{service_id}}/resourcePolicies/{{resource_policy_id}}
 * $ pulumi import gcp:firebase/appCheckResourcePolicy:AppCheckResourcePolicy default {{project}}/{{service_id}}/{{resource_policy_id}}
 * $ pulumi import gcp:firebase/appCheckResourcePolicy:AppCheckResourcePolicy default {{service_id}}/{{resource_policy_id}}
 * ```
 */
export declare class AppCheckResourcePolicy extends pulumi.CustomResource {
    /**
     * Get an existing AppCheckResourcePolicy resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AppCheckResourcePolicyState, opts?: pulumi.CustomResourceOptions): AppCheckResourcePolicy;
    /**
     * Returns true if the given object is an instance of AppCheckResourcePolicy.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is AppCheckResourcePolicy;
    /**
     * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
     * When a 'terraform destroy' or 'pulumi up' would delete the resource,
     * the command will fail if this field is set to "PREVENT" in Terraform state.
     * When set to "ABANDON", the command will remove the resource from Terraform
     * management without updating or deleting the resource in the API.
     * When set to "DELETE", deleting the resource is allowed.
     */
    readonly deletionPolicy: pulumi.Output<string>;
    /**
     * The App Check enforcement mode for a service supported by App Check. This will override the EnforcementMode setting on the service.
     * Valid values are:
     * (Unset)
     * Firebase App Check is not enforced for the service, nor are App Check metrics collected.
     * Though the service is not protected by App Check in this mode, other applicable protections,
     * such as user authorization, are still enforced. An unconfigured service is in this mode by default.
     * This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
     * enforcement to OFF for this service.
     * UNENFORCED
     * Firebase App Check is not enforced for the service. App Check metrics are collected to help you
     * decide when to turn on enforcement for the service. Though the service is not protected by App Check
     * in this mode, other applicable protections, such as user authorization, are still enforced.
     * ENFORCED
     * Firebase App Check is enforced for the service. The service will reject any request that attempts to
     * access your project's resources if it does not have valid App Check token attached, with some exceptions
     * depending on the service; for example, some services will still allow requests bearing the developer's
     * privileged service account credentials without an App Check token. App Check metrics continue to be
     * collected to help you detect issues with your App Check integration and monitor the composition of your
     * callers. While the service is protected by App Check, other applicable protections, such as user
     * authorization, continue to be enforced at the same time.
     * Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
     * to an App Check capable version of your app, their apps will no longer be able to use your Firebase
     * services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
     * Check on your Firebase services.
     * If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
     * clients in use.
     * Possible values are: `UNENFORCED`, `ENFORCED`.
     */
    readonly enforcementMode: pulumi.Output<string | undefined>;
    /**
     * This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
     */
    readonly etag: pulumi.Output<string>;
    /**
     * The ID of the project in which the resource belongs.
     * If it is not provided, the provider project is used.
     */
    readonly project: pulumi.Output<string>;
    /**
     * The server-generated UID for the Resource Policy.
     */
    readonly resourcePolicyId: pulumi.Output<string>;
    /**
     * The identifier of the service to configure a Resource Policy for.
     * Currently, the following service IDs are supported:
     * * `oauth2.googleapis.com` (Google Identity for iOS)
     */
    readonly serviceId: pulumi.Output<string>;
    /**
     * Service specific name of the resource object to which this policy applies, in the format:
     * * iOS OAuth clients (Google Identity for iOS):
     * `//oauth2.googleapis.com/projects/{project_number}/oauthClients/{oauthClientId}`
     */
    readonly targetResource: pulumi.Output<string>;
    /**
     * Output only. Timestamp when this resource policy configuration object was most recently updated.
     */
    readonly updateTime: pulumi.Output<string>;
    /**
     * Create a AppCheckResourcePolicy resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: AppCheckResourcePolicyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering AppCheckResourcePolicy resources.
 */
export interface AppCheckResourcePolicyState {
    /**
     * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
     * When a 'terraform destroy' or 'pulumi up' would delete the resource,
     * the command will fail if this field is set to "PREVENT" in Terraform state.
     * When set to "ABANDON", the command will remove the resource from Terraform
     * management without updating or deleting the resource in the API.
     * When set to "DELETE", deleting the resource is allowed.
     */
    deletionPolicy?: pulumi.Input<string | undefined>;
    /**
     * The App Check enforcement mode for a service supported by App Check. This will override the EnforcementMode setting on the service.
     * Valid values are:
     * (Unset)
     * Firebase App Check is not enforced for the service, nor are App Check metrics collected.
     * Though the service is not protected by App Check in this mode, other applicable protections,
     * such as user authorization, are still enforced. An unconfigured service is in this mode by default.
     * This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
     * enforcement to OFF for this service.
     * UNENFORCED
     * Firebase App Check is not enforced for the service. App Check metrics are collected to help you
     * decide when to turn on enforcement for the service. Though the service is not protected by App Check
     * in this mode, other applicable protections, such as user authorization, are still enforced.
     * ENFORCED
     * Firebase App Check is enforced for the service. The service will reject any request that attempts to
     * access your project's resources if it does not have valid App Check token attached, with some exceptions
     * depending on the service; for example, some services will still allow requests bearing the developer's
     * privileged service account credentials without an App Check token. App Check metrics continue to be
     * collected to help you detect issues with your App Check integration and monitor the composition of your
     * callers. While the service is protected by App Check, other applicable protections, such as user
     * authorization, continue to be enforced at the same time.
     * Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
     * to an App Check capable version of your app, their apps will no longer be able to use your Firebase
     * services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
     * Check on your Firebase services.
     * If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
     * clients in use.
     * Possible values are: `UNENFORCED`, `ENFORCED`.
     */
    enforcementMode?: pulumi.Input<string | undefined>;
    /**
     * This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
     */
    etag?: pulumi.Input<string | undefined>;
    /**
     * The ID of the project in which the resource belongs.
     * If it is not provided, the provider project is used.
     */
    project?: pulumi.Input<string | undefined>;
    /**
     * The server-generated UID for the Resource Policy.
     */
    resourcePolicyId?: pulumi.Input<string | undefined>;
    /**
     * The identifier of the service to configure a Resource Policy for.
     * Currently, the following service IDs are supported:
     * * `oauth2.googleapis.com` (Google Identity for iOS)
     */
    serviceId?: pulumi.Input<string | undefined>;
    /**
     * Service specific name of the resource object to which this policy applies, in the format:
     * * iOS OAuth clients (Google Identity for iOS):
     * `//oauth2.googleapis.com/projects/{project_number}/oauthClients/{oauthClientId}`
     */
    targetResource?: pulumi.Input<string | undefined>;
    /**
     * Output only. Timestamp when this resource policy configuration object was most recently updated.
     */
    updateTime?: pulumi.Input<string | undefined>;
}
/**
 * The set of arguments for constructing a AppCheckResourcePolicy resource.
 */
export interface AppCheckResourcePolicyArgs {
    /**
     * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
     * When a 'terraform destroy' or 'pulumi up' would delete the resource,
     * the command will fail if this field is set to "PREVENT" in Terraform state.
     * When set to "ABANDON", the command will remove the resource from Terraform
     * management without updating or deleting the resource in the API.
     * When set to "DELETE", deleting the resource is allowed.
     */
    deletionPolicy?: pulumi.Input<string | undefined>;
    /**
     * The App Check enforcement mode for a service supported by App Check. This will override the EnforcementMode setting on the service.
     * Valid values are:
     * (Unset)
     * Firebase App Check is not enforced for the service, nor are App Check metrics collected.
     * Though the service is not protected by App Check in this mode, other applicable protections,
     * such as user authorization, are still enforced. An unconfigured service is in this mode by default.
     * This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
     * enforcement to OFF for this service.
     * UNENFORCED
     * Firebase App Check is not enforced for the service. App Check metrics are collected to help you
     * decide when to turn on enforcement for the service. Though the service is not protected by App Check
     * in this mode, other applicable protections, such as user authorization, are still enforced.
     * ENFORCED
     * Firebase App Check is enforced for the service. The service will reject any request that attempts to
     * access your project's resources if it does not have valid App Check token attached, with some exceptions
     * depending on the service; for example, some services will still allow requests bearing the developer's
     * privileged service account credentials without an App Check token. App Check metrics continue to be
     * collected to help you detect issues with your App Check integration and monitor the composition of your
     * callers. While the service is protected by App Check, other applicable protections, such as user
     * authorization, continue to be enforced at the same time.
     * Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
     * to an App Check capable version of your app, their apps will no longer be able to use your Firebase
     * services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
     * Check on your Firebase services.
     * If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
     * clients in use.
     * Possible values are: `UNENFORCED`, `ENFORCED`.
     */
    enforcementMode?: pulumi.Input<string | undefined>;
    /**
     * The ID of the project in which the resource belongs.
     * If it is not provided, the provider project is used.
     */
    project?: pulumi.Input<string | undefined>;
    /**
     * The identifier of the service to configure a Resource Policy for.
     * Currently, the following service IDs are supported:
     * * `oauth2.googleapis.com` (Google Identity for iOS)
     */
    serviceId: pulumi.Input<string>;
    /**
     * Service specific name of the resource object to which this policy applies, in the format:
     * * iOS OAuth clients (Google Identity for iOS):
     * `//oauth2.googleapis.com/projects/{project_number}/oauthClients/{oauthClientId}`
     */
    targetResource: pulumi.Input<string>;
}
//# sourceMappingURL=appCheckResourcePolicy.d.ts.map