@pulumi/openstack
Version:
A Pulumi package for creating and managing OpenStack cloud resources.
626 lines (625 loc) • 24.2 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
/**
* Manages a V2 listener resource within OpenStack.
*
* > **Note:** This resource has attributes that depend on octavia minor versions.
* Please ensure your Openstack cloud supports the required minor version.
*
* ## Example Usage
*
* ### Simple listener
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as openstack from "@pulumi/openstack";
*
* const listener1 = new openstack.loadbalancer.Listener("listener_1", {
* protocol: "HTTP",
* protocolPort: 8080,
* loadbalancerId: "d9415786-5f1a-428b-b35f-2f1523e146d2",
* insertHeaders: {
* "X-Forwarded-For": "true",
* },
* });
* ```
*
* ### Listener with TLS and client certificate authentication
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as openstack from "@pulumi/openstack";
* import * as std from "@pulumi/std";
*
* const certificate1 = new openstack.keymanager.SecretV1("certificate_1", {
* name: "certificate",
* payload: std.filebase64({
* input: "snakeoil.p12",
* }).then(invoke => invoke.result),
* payloadContentEncoding: "base64",
* payloadContentType: "application/octet-stream",
* });
* const caCertificate1 = new openstack.keymanager.SecretV1("ca_certificate_1", {
* name: "certificate",
* payload: std.file({
* input: "CA.pem",
* }).then(invoke => invoke.result),
* secretType: "certificate",
* payloadContentType: "text/plain",
* });
* const subnet1 = openstack.networking.getSubnet({
* name: "my-subnet",
* });
* const lb1 = new openstack.loadbalancer.LoadBalancer("lb_1", {
* name: "loadbalancer",
* vipSubnetId: subnet1.then(subnet1 => subnet1.id),
* });
* const listener1 = new openstack.loadbalancer.Listener("listener_1", {
* name: "https",
* protocol: "TERMINATED_HTTPS",
* protocolPort: 443,
* loadbalancerId: lb1.id,
* defaultTlsContainerRef: certificate1,
* clientAuthentication: "OPTIONAL",
* clientCaTlsContainerRef: caCertificate2.secretRef,
* });
* ```
*
* ## Import
*
* Load Balancer Listener can be imported using the Listener ID, e.g.:
*
* ```sh
* $ pulumi import openstack:loadbalancer/listener:Listener listener_1 b67ce64e-8b26-405d-afeb-4a078901f15a
* ```
*/
export declare class Listener extends pulumi.CustomResource {
/**
* Get an existing Listener resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ListenerState, opts?: pulumi.CustomResourceOptions): Listener;
/**
* Returns true if the given object is an instance of Listener. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Listener;
/**
* The administrative state of the Listener. A
* valid value is true (UP) or false (DOWN).
*/
readonly adminStateUp: pulumi.Output<boolean | undefined>;
/**
* A list of CIDR blocks that are permitted to
* connect to this listener, denying all other source addresses. If not present,
* defaults to allow all.
*/
readonly allowedCidrs: pulumi.Output<string[] | undefined>;
/**
* A list of ALPN protocols. Available protocols:
* `http/1.0`, `http/1.1`, `h2`. Supported only in **Octavia minor version >=
* 2.20**.
*/
readonly alpnProtocols: pulumi.Output<string[]>;
/**
* The TLS client authentication mode.
* Available options: `NONE`, `OPTIONAL` or `MANDATORY`. Requires
* `TERMINATED_HTTPS` listener protocol and the `clientCaTlsContainerRef`.
* Supported only in **Octavia minor version >= 2.8**.
*/
readonly clientAuthentication: pulumi.Output<string | undefined>;
/**
* The ref of the key manager service
* secret containing a PEM format client CA certificate bundle for
* `TERMINATED_HTTPS` listeners. Required if `clientAuthentication` is
* `OPTIONAL` or `MANDATORY`. Supported only in **Octavia minor version >=
* 2.8**.
*/
readonly clientCaTlsContainerRef: pulumi.Output<string | undefined>;
/**
* The URI of the key manager service
* secret containing a PEM format CA revocation list file for `TERMINATED_HTTPS`
* listeners. Supported only in **Octavia minor version >= 2.8**.
*/
readonly clientCrlContainerRef: pulumi.Output<string | undefined>;
/**
* The maximum number of connections allowed for
* the Listener.
*/
readonly connectionLimit: pulumi.Output<number>;
/**
* The ID of the default pool with which the
* Listener is associated.
*/
readonly defaultPoolId: pulumi.Output<string>;
/**
* A reference to a Barbican Secrets
* container which stores TLS information. This is required if the protocol is
* `TERMINATED_HTTPS`. See
* [here](https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer)
* for more information.
*/
readonly defaultTlsContainerRef: pulumi.Output<string | undefined>;
/**
* Human-readable description for the Listener.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* Defines whether the
* **includeSubDomains** directive should be added to the
* Strict-Transport-Security HTTP response header. This requires setting the
* `hstsMaxAge` option as well in order to become effective. Requires
* `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia minor
* version >= 2.27**.
*/
readonly hstsIncludeSubdomains: pulumi.Output<boolean | undefined>;
/**
* The value of the **max_age** directive for the
* Strict-Transport-Security HTTP response header. Setting this enables HTTP
* Strict Transport Security (HSTS) for the TLS-terminated listener. Requires
* `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia minor
* version >= 2.27**.
*/
readonly hstsMaxAge: pulumi.Output<number | undefined>;
/**
* Defines whether the **preload** directive should
* be added to the Strict-Transport-Security HTTP response header. This requires
* setting the `hstsMaxAge` option as well in order to become effective.
* Requires `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia
* minor version >= 2.27**.
*/
readonly hstsPreload: pulumi.Output<boolean | undefined>;
/**
* The list of key value pairs representing
* headers to insert into the request before it is sent to the backend members.
* Changing this updates the headers of the existing listener.
*/
readonly insertHeaders: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* The load balancer on which to provision this
* Listener. Changing this creates a new Listener.
*/
readonly loadbalancerId: pulumi.Output<string>;
/**
* Human-readable name for the Listener. Does not have to be
* unique.
*/
readonly name: pulumi.Output<string>;
/**
* The protocol can be either `TCP`, `HTTP`, `HTTPS`,
* `TERMINATED_HTTPS`, `UDP`, `SCTP` (supported only in **Octavia minor version
* \>= 2.23**), or `PROMETHEUS` (supported only in **Octavia minor version >=
* 2.25**). Changing this creates a new Listener.
*/
readonly protocol: pulumi.Output<string>;
/**
* The port on which to listen for client traffic.
* * Changing this creates a new Listener.
*/
readonly protocolPort: pulumi.Output<number>;
/**
* The region in which to obtain the V2 Networking client.
* A Networking client is needed to create a listener. If omitted, the `region`
* argument of the provider is used. Changing this creates a new Listener.
*/
readonly region: pulumi.Output<string>;
/**
* A list of references to Barbican Secrets
* containers which store SNI information. See
* [here](https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer)
* for more information.
*/
readonly sniContainerRefs: pulumi.Output<string[] | undefined>;
/**
* A list of simple strings assigned to the pool. Available
* for Octavia **minor version 2.5 or later**.
*/
readonly tags: pulumi.Output<string[] | undefined>;
/**
* Required for admins. The UUID of the tenant who owns
* the Listener. Only administrative users can specify a tenant UUID other than
* their own. Changing this creates a new Listener.
*/
readonly tenantId: pulumi.Output<string>;
/**
* The client inactivity timeout in
* milliseconds.
*/
readonly timeoutClientData: pulumi.Output<number>;
/**
* The member connection timeout in
* milliseconds.
*/
readonly timeoutMemberConnect: pulumi.Output<number>;
/**
* The member inactivity timeout in
* milliseconds.
*/
readonly timeoutMemberData: pulumi.Output<number>;
/**
* The time in milliseconds, to wait for
* additional TCP packets for content inspection.
*/
readonly timeoutTcpInspect: pulumi.Output<number>;
/**
* List of ciphers in OpenSSL format
* (colon-separated). See
* https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for more information.
* Supported only in **Octavia minor version >= 2.15**.
*/
readonly tlsCiphers: pulumi.Output<string>;
/**
* A list of TLS protocol versions. Available
* versions: `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. Supported only in
* **Octavia minor version >= 2.17**.
*/
readonly tlsVersions: pulumi.Output<string[]>;
/**
* Create a Listener resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: ListenerArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Listener resources.
*/
export interface ListenerState {
/**
* The administrative state of the Listener. A
* valid value is true (UP) or false (DOWN).
*/
adminStateUp?: pulumi.Input<boolean>;
/**
* A list of CIDR blocks that are permitted to
* connect to this listener, denying all other source addresses. If not present,
* defaults to allow all.
*/
allowedCidrs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* A list of ALPN protocols. Available protocols:
* `http/1.0`, `http/1.1`, `h2`. Supported only in **Octavia minor version >=
* 2.20**.
*/
alpnProtocols?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The TLS client authentication mode.
* Available options: `NONE`, `OPTIONAL` or `MANDATORY`. Requires
* `TERMINATED_HTTPS` listener protocol and the `clientCaTlsContainerRef`.
* Supported only in **Octavia minor version >= 2.8**.
*/
clientAuthentication?: pulumi.Input<string>;
/**
* The ref of the key manager service
* secret containing a PEM format client CA certificate bundle for
* `TERMINATED_HTTPS` listeners. Required if `clientAuthentication` is
* `OPTIONAL` or `MANDATORY`. Supported only in **Octavia minor version >=
* 2.8**.
*/
clientCaTlsContainerRef?: pulumi.Input<string>;
/**
* The URI of the key manager service
* secret containing a PEM format CA revocation list file for `TERMINATED_HTTPS`
* listeners. Supported only in **Octavia minor version >= 2.8**.
*/
clientCrlContainerRef?: pulumi.Input<string>;
/**
* The maximum number of connections allowed for
* the Listener.
*/
connectionLimit?: pulumi.Input<number>;
/**
* The ID of the default pool with which the
* Listener is associated.
*/
defaultPoolId?: pulumi.Input<string>;
/**
* A reference to a Barbican Secrets
* container which stores TLS information. This is required if the protocol is
* `TERMINATED_HTTPS`. See
* [here](https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer)
* for more information.
*/
defaultTlsContainerRef?: pulumi.Input<string>;
/**
* Human-readable description for the Listener.
*/
description?: pulumi.Input<string>;
/**
* Defines whether the
* **includeSubDomains** directive should be added to the
* Strict-Transport-Security HTTP response header. This requires setting the
* `hstsMaxAge` option as well in order to become effective. Requires
* `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia minor
* version >= 2.27**.
*/
hstsIncludeSubdomains?: pulumi.Input<boolean>;
/**
* The value of the **max_age** directive for the
* Strict-Transport-Security HTTP response header. Setting this enables HTTP
* Strict Transport Security (HSTS) for the TLS-terminated listener. Requires
* `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia minor
* version >= 2.27**.
*/
hstsMaxAge?: pulumi.Input<number>;
/**
* Defines whether the **preload** directive should
* be added to the Strict-Transport-Security HTTP response header. This requires
* setting the `hstsMaxAge` option as well in order to become effective.
* Requires `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia
* minor version >= 2.27**.
*/
hstsPreload?: pulumi.Input<boolean>;
/**
* The list of key value pairs representing
* headers to insert into the request before it is sent to the backend members.
* Changing this updates the headers of the existing listener.
*/
insertHeaders?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The load balancer on which to provision this
* Listener. Changing this creates a new Listener.
*/
loadbalancerId?: pulumi.Input<string>;
/**
* Human-readable name for the Listener. Does not have to be
* unique.
*/
name?: pulumi.Input<string>;
/**
* The protocol can be either `TCP`, `HTTP`, `HTTPS`,
* `TERMINATED_HTTPS`, `UDP`, `SCTP` (supported only in **Octavia minor version
* \>= 2.23**), or `PROMETHEUS` (supported only in **Octavia minor version >=
* 2.25**). Changing this creates a new Listener.
*/
protocol?: pulumi.Input<string>;
/**
* The port on which to listen for client traffic.
* * Changing this creates a new Listener.
*/
protocolPort?: pulumi.Input<number>;
/**
* The region in which to obtain the V2 Networking client.
* A Networking client is needed to create a listener. If omitted, the `region`
* argument of the provider is used. Changing this creates a new Listener.
*/
region?: pulumi.Input<string>;
/**
* A list of references to Barbican Secrets
* containers which store SNI information. See
* [here](https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer)
* for more information.
*/
sniContainerRefs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* A list of simple strings assigned to the pool. Available
* for Octavia **minor version 2.5 or later**.
*/
tags?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Required for admins. The UUID of the tenant who owns
* the Listener. Only administrative users can specify a tenant UUID other than
* their own. Changing this creates a new Listener.
*/
tenantId?: pulumi.Input<string>;
/**
* The client inactivity timeout in
* milliseconds.
*/
timeoutClientData?: pulumi.Input<number>;
/**
* The member connection timeout in
* milliseconds.
*/
timeoutMemberConnect?: pulumi.Input<number>;
/**
* The member inactivity timeout in
* milliseconds.
*/
timeoutMemberData?: pulumi.Input<number>;
/**
* The time in milliseconds, to wait for
* additional TCP packets for content inspection.
*/
timeoutTcpInspect?: pulumi.Input<number>;
/**
* List of ciphers in OpenSSL format
* (colon-separated). See
* https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for more information.
* Supported only in **Octavia minor version >= 2.15**.
*/
tlsCiphers?: pulumi.Input<string>;
/**
* A list of TLS protocol versions. Available
* versions: `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. Supported only in
* **Octavia minor version >= 2.17**.
*/
tlsVersions?: pulumi.Input<pulumi.Input<string>[]>;
}
/**
* The set of arguments for constructing a Listener resource.
*/
export interface ListenerArgs {
/**
* The administrative state of the Listener. A
* valid value is true (UP) or false (DOWN).
*/
adminStateUp?: pulumi.Input<boolean>;
/**
* A list of CIDR blocks that are permitted to
* connect to this listener, denying all other source addresses. If not present,
* defaults to allow all.
*/
allowedCidrs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* A list of ALPN protocols. Available protocols:
* `http/1.0`, `http/1.1`, `h2`. Supported only in **Octavia minor version >=
* 2.20**.
*/
alpnProtocols?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The TLS client authentication mode.
* Available options: `NONE`, `OPTIONAL` or `MANDATORY`. Requires
* `TERMINATED_HTTPS` listener protocol and the `clientCaTlsContainerRef`.
* Supported only in **Octavia minor version >= 2.8**.
*/
clientAuthentication?: pulumi.Input<string>;
/**
* The ref of the key manager service
* secret containing a PEM format client CA certificate bundle for
* `TERMINATED_HTTPS` listeners. Required if `clientAuthentication` is
* `OPTIONAL` or `MANDATORY`. Supported only in **Octavia minor version >=
* 2.8**.
*/
clientCaTlsContainerRef?: pulumi.Input<string>;
/**
* The URI of the key manager service
* secret containing a PEM format CA revocation list file for `TERMINATED_HTTPS`
* listeners. Supported only in **Octavia minor version >= 2.8**.
*/
clientCrlContainerRef?: pulumi.Input<string>;
/**
* The maximum number of connections allowed for
* the Listener.
*/
connectionLimit?: pulumi.Input<number>;
/**
* The ID of the default pool with which the
* Listener is associated.
*/
defaultPoolId?: pulumi.Input<string>;
/**
* A reference to a Barbican Secrets
* container which stores TLS information. This is required if the protocol is
* `TERMINATED_HTTPS`. See
* [here](https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer)
* for more information.
*/
defaultTlsContainerRef?: pulumi.Input<string>;
/**
* Human-readable description for the Listener.
*/
description?: pulumi.Input<string>;
/**
* Defines whether the
* **includeSubDomains** directive should be added to the
* Strict-Transport-Security HTTP response header. This requires setting the
* `hstsMaxAge` option as well in order to become effective. Requires
* `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia minor
* version >= 2.27**.
*/
hstsIncludeSubdomains?: pulumi.Input<boolean>;
/**
* The value of the **max_age** directive for the
* Strict-Transport-Security HTTP response header. Setting this enables HTTP
* Strict Transport Security (HSTS) for the TLS-terminated listener. Requires
* `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia minor
* version >= 2.27**.
*/
hstsMaxAge?: pulumi.Input<number>;
/**
* Defines whether the **preload** directive should
* be added to the Strict-Transport-Security HTTP response header. This requires
* setting the `hstsMaxAge` option as well in order to become effective.
* Requires `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia
* minor version >= 2.27**.
*/
hstsPreload?: pulumi.Input<boolean>;
/**
* The list of key value pairs representing
* headers to insert into the request before it is sent to the backend members.
* Changing this updates the headers of the existing listener.
*/
insertHeaders?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The load balancer on which to provision this
* Listener. Changing this creates a new Listener.
*/
loadbalancerId: pulumi.Input<string>;
/**
* Human-readable name for the Listener. Does not have to be
* unique.
*/
name?: pulumi.Input<string>;
/**
* The protocol can be either `TCP`, `HTTP`, `HTTPS`,
* `TERMINATED_HTTPS`, `UDP`, `SCTP` (supported only in **Octavia minor version
* \>= 2.23**), or `PROMETHEUS` (supported only in **Octavia minor version >=
* 2.25**). Changing this creates a new Listener.
*/
protocol: pulumi.Input<string>;
/**
* The port on which to listen for client traffic.
* * Changing this creates a new Listener.
*/
protocolPort: pulumi.Input<number>;
/**
* The region in which to obtain the V2 Networking client.
* A Networking client is needed to create a listener. If omitted, the `region`
* argument of the provider is used. Changing this creates a new Listener.
*/
region?: pulumi.Input<string>;
/**
* A list of references to Barbican Secrets
* containers which store SNI information. See
* [here](https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer)
* for more information.
*/
sniContainerRefs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* A list of simple strings assigned to the pool. Available
* for Octavia **minor version 2.5 or later**.
*/
tags?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Required for admins. The UUID of the tenant who owns
* the Listener. Only administrative users can specify a tenant UUID other than
* their own. Changing this creates a new Listener.
*/
tenantId?: pulumi.Input<string>;
/**
* The client inactivity timeout in
* milliseconds.
*/
timeoutClientData?: pulumi.Input<number>;
/**
* The member connection timeout in
* milliseconds.
*/
timeoutMemberConnect?: pulumi.Input<number>;
/**
* The member inactivity timeout in
* milliseconds.
*/
timeoutMemberData?: pulumi.Input<number>;
/**
* The time in milliseconds, to wait for
* additional TCP packets for content inspection.
*/
timeoutTcpInspect?: pulumi.Input<number>;
/**
* List of ciphers in OpenSSL format
* (colon-separated). See
* https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for more information.
* Supported only in **Octavia minor version >= 2.15**.
*/
tlsCiphers?: pulumi.Input<string>;
/**
* A list of TLS protocol versions. Available
* versions: `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. Supported only in
* **Octavia minor version >= 2.17**.
*/
tlsVersions?: pulumi.Input<pulumi.Input<string>[]>;
}