@pulumi/juniper-mist
Version:
A Pulumi package for creating and managing Juniper Mist resources.
259 lines (258 loc) • 11.1 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
/**
* This resource manages NAC Tags (Auth Policy Labels).
*
* The NAC Tags can be used in the NAC Rules to define the matching criteria or the returned RADIUS Attributes
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as junipermist from "@pulumi/juniper-mist";
*
* const tagOne = new junipermist.org.Nactag("tag_one", {
* name: "tag_one",
* type: "match",
* match: "client_mac",
* orgId: terraformTest.id,
* values: ["5c5b35*"],
* });
* ```
*
* ## Import
*
* Using `pulumi import`, import `mist_org_nactag` with:
*
* NAC Tag can be imported by specifying the org_id and the nactag_id
*
* ```sh
* $ pulumi import junipermist:org/nactag:Nactag nactag_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
* ```
*/
export declare class Nactag extends pulumi.CustomResource {
/**
* Get an existing Nactag resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: NactagState, opts?: pulumi.CustomResourceOptions): Nactag;
/**
* Returns true if the given object is an instance of Nactag. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Nactag;
/**
* Can be set to true to allow the override by usermac result
*/
readonly allowUsermacOverride: pulumi.Output<boolean | undefined>;
/**
* If `type`==`egressVlanNames`, list of egress vlans to return
*/
readonly egressVlanNames: pulumi.Output<string[] | undefined>;
readonly gbpTag: pulumi.Output<string | undefined>;
/**
* if `type`==`match`. enum: `certCn`, `certEku`, `certIssuer`, `certSan`, `certSerial`, `certSub`, `certTemplate`, `clientMac`, `edrStatus`, `gbpTag`, `hostname`, `idpRole`, `ingressVlan`, `mdmStatus`, `nasIp`, `radiusGroup`, `realm`, `ssid`, `userName`, `usermacLabel`
*/
readonly match: pulumi.Output<string | undefined>;
/**
* This field is applicable only when `type`==`match`
* * `false`: means it is sufficient to match any of the values (i.e., match-any behavior)
* * `true`: means all values should be matched (i.e., match-all behavior)
*
*
* Currently it makes sense to set this field to `true` only if the `match`==`idpRole`, `match`==`usermacLabel` and `edrStatus`
*/
readonly matchAll: pulumi.Output<boolean | undefined>;
/**
* If `type`==`redirectNacportalId`, the ID of the NAC portal to redirect to
*/
readonly nacportalId: pulumi.Output<string | undefined>;
readonly name: pulumi.Output<string>;
readonly orgId: pulumi.Output<string>;
/**
* If `type`==`radiusAttrs`, user can specify a list of one or more standard attributes in the field "radiusAttrs".
* It is the responsibility of the user to provide a syntactically correct string, otherwise it may not work as expected.
* Note that it is allowed to have more than one radiusAttrs in the result of a given rule.
*/
readonly radiusAttrs: pulumi.Output<string[] | undefined>;
/**
* If `type`==`radiusGroup`
*/
readonly radiusGroup: pulumi.Output<string | undefined>;
/**
* If `type`==`radiusVendorAttrs`, user can specify a list of one or more vendor-specific attributes in the field "radiusVendorAttrs".
* It is the responsibility of the user to provide a syntactically correct string, otherwise it may not work as expected.
* Note that it is allowed to have more than one radiusVendorAttrs in the result of a given rule.
*/
readonly radiusVendorAttrs: pulumi.Output<string[] | undefined>;
/**
* If `type`==`session_timeout, in seconds
*/
readonly sessionTimeout: pulumi.Output<number | undefined>;
/**
* enum: `egressVlanNames`, `gbpTag`, `match`, `radiusAttrs`, `radiusGroup`, `radiusVendorAttrs`, `redirectNacportalId`, `sessionTimeout`, `usernameAttr`, `vlan`
*/
readonly type: pulumi.Output<string>;
/**
* enum: `automatic`, `cn`, `dns`, `email`, `upn`
*/
readonly usernameAttr: pulumi.Output<string | undefined>;
/**
* If `type`==`match`
*/
readonly values: pulumi.Output<string[] | undefined>;
/**
* If `type`==`vlan`
*/
readonly vlan: pulumi.Output<string | undefined>;
/**
* Create a Nactag resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: NactagArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Nactag resources.
*/
export interface NactagState {
/**
* Can be set to true to allow the override by usermac result
*/
allowUsermacOverride?: pulumi.Input<boolean>;
/**
* If `type`==`egressVlanNames`, list of egress vlans to return
*/
egressVlanNames?: pulumi.Input<pulumi.Input<string>[]>;
gbpTag?: pulumi.Input<string>;
/**
* if `type`==`match`. enum: `certCn`, `certEku`, `certIssuer`, `certSan`, `certSerial`, `certSub`, `certTemplate`, `clientMac`, `edrStatus`, `gbpTag`, `hostname`, `idpRole`, `ingressVlan`, `mdmStatus`, `nasIp`, `radiusGroup`, `realm`, `ssid`, `userName`, `usermacLabel`
*/
match?: pulumi.Input<string>;
/**
* This field is applicable only when `type`==`match`
* * `false`: means it is sufficient to match any of the values (i.e., match-any behavior)
* * `true`: means all values should be matched (i.e., match-all behavior)
*
*
* Currently it makes sense to set this field to `true` only if the `match`==`idpRole`, `match`==`usermacLabel` and `edrStatus`
*/
matchAll?: pulumi.Input<boolean>;
/**
* If `type`==`redirectNacportalId`, the ID of the NAC portal to redirect to
*/
nacportalId?: pulumi.Input<string>;
name?: pulumi.Input<string>;
orgId?: pulumi.Input<string>;
/**
* If `type`==`radiusAttrs`, user can specify a list of one or more standard attributes in the field "radiusAttrs".
* It is the responsibility of the user to provide a syntactically correct string, otherwise it may not work as expected.
* Note that it is allowed to have more than one radiusAttrs in the result of a given rule.
*/
radiusAttrs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* If `type`==`radiusGroup`
*/
radiusGroup?: pulumi.Input<string>;
/**
* If `type`==`radiusVendorAttrs`, user can specify a list of one or more vendor-specific attributes in the field "radiusVendorAttrs".
* It is the responsibility of the user to provide a syntactically correct string, otherwise it may not work as expected.
* Note that it is allowed to have more than one radiusVendorAttrs in the result of a given rule.
*/
radiusVendorAttrs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* If `type`==`session_timeout, in seconds
*/
sessionTimeout?: pulumi.Input<number>;
/**
* enum: `egressVlanNames`, `gbpTag`, `match`, `radiusAttrs`, `radiusGroup`, `radiusVendorAttrs`, `redirectNacportalId`, `sessionTimeout`, `usernameAttr`, `vlan`
*/
type?: pulumi.Input<string>;
/**
* enum: `automatic`, `cn`, `dns`, `email`, `upn`
*/
usernameAttr?: pulumi.Input<string>;
/**
* If `type`==`match`
*/
values?: pulumi.Input<pulumi.Input<string>[]>;
/**
* If `type`==`vlan`
*/
vlan?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a Nactag resource.
*/
export interface NactagArgs {
/**
* Can be set to true to allow the override by usermac result
*/
allowUsermacOverride?: pulumi.Input<boolean>;
/**
* If `type`==`egressVlanNames`, list of egress vlans to return
*/
egressVlanNames?: pulumi.Input<pulumi.Input<string>[]>;
gbpTag?: pulumi.Input<string>;
/**
* if `type`==`match`. enum: `certCn`, `certEku`, `certIssuer`, `certSan`, `certSerial`, `certSub`, `certTemplate`, `clientMac`, `edrStatus`, `gbpTag`, `hostname`, `idpRole`, `ingressVlan`, `mdmStatus`, `nasIp`, `radiusGroup`, `realm`, `ssid`, `userName`, `usermacLabel`
*/
match?: pulumi.Input<string>;
/**
* This field is applicable only when `type`==`match`
* * `false`: means it is sufficient to match any of the values (i.e., match-any behavior)
* * `true`: means all values should be matched (i.e., match-all behavior)
*
*
* Currently it makes sense to set this field to `true` only if the `match`==`idpRole`, `match`==`usermacLabel` and `edrStatus`
*/
matchAll?: pulumi.Input<boolean>;
/**
* If `type`==`redirectNacportalId`, the ID of the NAC portal to redirect to
*/
nacportalId?: pulumi.Input<string>;
name?: pulumi.Input<string>;
orgId: pulumi.Input<string>;
/**
* If `type`==`radiusAttrs`, user can specify a list of one or more standard attributes in the field "radiusAttrs".
* It is the responsibility of the user to provide a syntactically correct string, otherwise it may not work as expected.
* Note that it is allowed to have more than one radiusAttrs in the result of a given rule.
*/
radiusAttrs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* If `type`==`radiusGroup`
*/
radiusGroup?: pulumi.Input<string>;
/**
* If `type`==`radiusVendorAttrs`, user can specify a list of one or more vendor-specific attributes in the field "radiusVendorAttrs".
* It is the responsibility of the user to provide a syntactically correct string, otherwise it may not work as expected.
* Note that it is allowed to have more than one radiusVendorAttrs in the result of a given rule.
*/
radiusVendorAttrs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* If `type`==`session_timeout, in seconds
*/
sessionTimeout?: pulumi.Input<number>;
/**
* enum: `egressVlanNames`, `gbpTag`, `match`, `radiusAttrs`, `radiusGroup`, `radiusVendorAttrs`, `redirectNacportalId`, `sessionTimeout`, `usernameAttr`, `vlan`
*/
type: pulumi.Input<string>;
/**
* enum: `automatic`, `cn`, `dns`, `email`, `upn`
*/
usernameAttr?: pulumi.Input<string>;
/**
* If `type`==`match`
*/
values?: pulumi.Input<pulumi.Input<string>[]>;
/**
* If `type`==`vlan`
*/
vlan?: pulumi.Input<string>;
}