@pulumi/scm
Version:
A Pulumi package for managing resources on Strata Cloud Manager.. Based on terraform-provider-scm: version v0.2.1
477 lines (476 loc) • 14.7 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
/**
* AuthenticationRule resource
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as scm from "@pulumi/scm";
*
* const appAccessTag = new scm.Tag("app_access_tag", {
* folder: "All",
* name: "app-access-test_25",
* color: "Blue",
* });
* // -----------------------------------------------------------------------------
* // 2. ANCHOR RULE (Used for relative positioning by other rules)
* // -----------------------------------------------------------------------------
* const anchorRule = new scm.AuthenticationRule("anchor_rule", {
* name: "test_anchor_rule_251",
* description: "Base rule. Used to test 'before' and 'after' positioning",
* position: "pre",
* folder: "All",
* destinations: ["any"],
* froms: ["any"],
* tos: ["any"],
* sources: ["any"],
* services: [
* "service-http",
* "service-https",
* ],
* sourceUsers: ["any"],
* timeout: 1200,
* negateSource: false,
* negateDestination: false,
* tags: [appAccessTag.name],
* categories: ["any"],
* destinationHips: ["any"],
* logAuthenticationTimeout: false,
* disabled: false,
* });
* // # -----------------------------------------------------------------------------
* // # 3. ABSOLUTE POSITIONING Examples ("top" and "bottom")
* // # -----------------------------------------------------------------------------
* const ruleTopOfList = new scm.AuthenticationRule("rule_top_of_list", {
* name: "test_top_rule_25",
* description: "Placed at the very top of the 'pre' rulebase.",
* folder: "All",
* position: "pre",
* relativePosition: "top",
* destinations: ["any"],
* froms: ["untrust"],
* tos: ["trust"],
* sources: ["any"],
* services: ["any"],
* sourceUsers: ["any"],
* });
* const ruleBottomOfList = new scm.AuthenticationRule("rule_bottom_of_list", {
* name: "test_bottom_rule_25",
* description: "Placed at the very bottom of the 'pre' rulebase.",
* folder: "All",
* position: "pre",
* relativePosition: "bottom",
* destinations: ["any"],
* froms: ["any"],
* tos: ["any"],
* sources: ["any"],
* services: ["any"],
* sourceUsers: ["any"],
* });
* // -----------------------------------------------------------------------------
* // 4. RELATIVE POSITIONING Examples ("before" and "after")
* // -----------------------------------------------------------------------------
* const ruleBeforeAnchor = new scm.AuthenticationRule("rule_before_anchor", {
* name: "test_before_rule_25_updating",
* description: "Positioned immediately BEFORE the anchor_rule.",
* folder: "All",
* position: "pre",
* relativePosition: "before",
* targetRule: anchorRule.id,
* destinations: ["any"],
* froms: ["any"],
* tos: ["any"],
* sources: ["any"],
* services: ["any"],
* sourceUsers: ["any"],
* });
* const ruleAfterAnchor = new scm.AuthenticationRule("rule_after_anchor", {
* name: "test_after_rule_25",
* description: "Positioned immediately AFTER the anchor_rule.",
* folder: "All",
* position: "pre",
* relativePosition: "after",
* targetRule: anchorRule.id,
* destinations: ["any"],
* froms: ["any"],
* tos: ["any"],
* sources: ["any"],
* services: ["any"],
* sourceUsers: ["any"],
* });
* ```
*/
export declare class AuthenticationRule extends pulumi.CustomResource {
/**
* Get an existing AuthenticationRule resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuthenticationRuleState, opts?: pulumi.CustomResourceOptions): AuthenticationRule;
/**
* Returns true if the given object is an instance of AuthenticationRule. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is AuthenticationRule;
/**
* The authentication profile name
*/
readonly authenticationEnforcement: pulumi.Output<string | undefined>;
/**
* The destination URL categories
*/
readonly categories: pulumi.Output<string[] | undefined>;
/**
* The description of the authentication rule
*/
readonly description: pulumi.Output<string | undefined>;
/**
* The destination Host Integrity Profile (HIP)
*/
readonly destinationHips: pulumi.Output<string[] | undefined>;
/**
* The destination addresses
*/
readonly destinations: pulumi.Output<string[]>;
/**
* Device
*/
readonly device: pulumi.Output<string | undefined>;
/**
* Is the authentication rule disabled?
*/
readonly disabled: pulumi.Output<boolean>;
/**
* Folder
*
* > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`.
*/
readonly folder: pulumi.Output<string | undefined>;
/**
* The source security zones
*/
readonly froms: pulumi.Output<string[]>;
/**
* Group tag
*/
readonly groupTag: pulumi.Output<string | undefined>;
/**
* The source Host Integrity Profile (HIP)
*/
readonly hipProfiles: pulumi.Output<string[] | undefined>;
/**
* Log authentication timeouts?
*/
readonly logAuthenticationTimeout: pulumi.Output<boolean>;
/**
* The log forwarding profile name
*/
readonly logSetting: pulumi.Output<string | undefined>;
/**
* The name of the authentication rule
*/
readonly name: pulumi.Output<string>;
/**
* Are the destination addresses negated?
*/
readonly negateDestination: pulumi.Output<boolean>;
/**
* Are the source addresses negated?
*/
readonly negateSource: pulumi.Output<boolean>;
/**
* The relative position of the rule
*/
readonly position: pulumi.Output<string>;
/**
* Relative positioning rule. String must be one of these: `"before"`, `"after"`, `"top"`, `"bottom"`. If not specified, rule is created at the bottom of the ruleset.
*/
readonly relativePosition: pulumi.Output<string | undefined>;
/**
* The destination ports
*/
readonly services: pulumi.Output<string[]>;
/**
* Snippet
*
* > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`.
*/
readonly snippet: pulumi.Output<string | undefined>;
/**
* The source Host Integrity Profile (HIP)
*/
readonly sourceHips: pulumi.Output<string[] | undefined>;
/**
* The source users
*/
readonly sourceUsers: pulumi.Output<string[] | undefined>;
/**
* The source addresses
*/
readonly sources: pulumi.Output<string[]>;
/**
* The authentication rule tags
*/
readonly tags: pulumi.Output<string[] | undefined>;
/**
* The name or UUID of the rule to position this rule relative to. Required when `relativePosition` is `"before"` or `"after"`.
*/
readonly targetRule: pulumi.Output<string | undefined>;
readonly tfid: pulumi.Output<string>;
/**
* The authentication session timeout (seconds)
*/
readonly timeout: pulumi.Output<number | undefined>;
/**
* The destination security zones
*/
readonly tos: pulumi.Output<string[]>;
/**
* Create a AuthenticationRule resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: AuthenticationRuleArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering AuthenticationRule resources.
*/
export interface AuthenticationRuleState {
/**
* The authentication profile name
*/
authenticationEnforcement?: pulumi.Input<string>;
/**
* The destination URL categories
*/
categories?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The description of the authentication rule
*/
description?: pulumi.Input<string>;
/**
* The destination Host Integrity Profile (HIP)
*/
destinationHips?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The destination addresses
*/
destinations?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Device
*/
device?: pulumi.Input<string>;
/**
* Is the authentication rule disabled?
*/
disabled?: pulumi.Input<boolean>;
/**
* Folder
*
* > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`.
*/
folder?: pulumi.Input<string>;
/**
* The source security zones
*/
froms?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Group tag
*/
groupTag?: pulumi.Input<string>;
/**
* The source Host Integrity Profile (HIP)
*/
hipProfiles?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Log authentication timeouts?
*/
logAuthenticationTimeout?: pulumi.Input<boolean>;
/**
* The log forwarding profile name
*/
logSetting?: pulumi.Input<string>;
/**
* The name of the authentication rule
*/
name?: pulumi.Input<string>;
/**
* Are the destination addresses negated?
*/
negateDestination?: pulumi.Input<boolean>;
/**
* Are the source addresses negated?
*/
negateSource?: pulumi.Input<boolean>;
/**
* The relative position of the rule
*/
position?: pulumi.Input<string>;
/**
* Relative positioning rule. String must be one of these: `"before"`, `"after"`, `"top"`, `"bottom"`. If not specified, rule is created at the bottom of the ruleset.
*/
relativePosition?: pulumi.Input<string>;
/**
* The destination ports
*/
services?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Snippet
*
* > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`.
*/
snippet?: pulumi.Input<string>;
/**
* The source Host Integrity Profile (HIP)
*/
sourceHips?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The source users
*/
sourceUsers?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The source addresses
*/
sources?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The authentication rule tags
*/
tags?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The name or UUID of the rule to position this rule relative to. Required when `relativePosition` is `"before"` or `"after"`.
*/
targetRule?: pulumi.Input<string>;
tfid?: pulumi.Input<string>;
/**
* The authentication session timeout (seconds)
*/
timeout?: pulumi.Input<number>;
/**
* The destination security zones
*/
tos?: pulumi.Input<pulumi.Input<string>[]>;
}
/**
* The set of arguments for constructing a AuthenticationRule resource.
*/
export interface AuthenticationRuleArgs {
/**
* The authentication profile name
*/
authenticationEnforcement?: pulumi.Input<string>;
/**
* The destination URL categories
*/
categories?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The description of the authentication rule
*/
description?: pulumi.Input<string>;
/**
* The destination Host Integrity Profile (HIP)
*/
destinationHips?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The destination addresses
*/
destinations: pulumi.Input<pulumi.Input<string>[]>;
/**
* Device
*/
device?: pulumi.Input<string>;
/**
* Is the authentication rule disabled?
*/
disabled?: pulumi.Input<boolean>;
/**
* Folder
*
* > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`.
*/
folder?: pulumi.Input<string>;
/**
* The source security zones
*/
froms: pulumi.Input<pulumi.Input<string>[]>;
/**
* Group tag
*/
groupTag?: pulumi.Input<string>;
/**
* The source Host Integrity Profile (HIP)
*/
hipProfiles?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Log authentication timeouts?
*/
logAuthenticationTimeout?: pulumi.Input<boolean>;
/**
* The log forwarding profile name
*/
logSetting?: pulumi.Input<string>;
/**
* The name of the authentication rule
*/
name?: pulumi.Input<string>;
/**
* Are the destination addresses negated?
*/
negateDestination?: pulumi.Input<boolean>;
/**
* Are the source addresses negated?
*/
negateSource?: pulumi.Input<boolean>;
/**
* The relative position of the rule
*/
position?: pulumi.Input<string>;
/**
* Relative positioning rule. String must be one of these: `"before"`, `"after"`, `"top"`, `"bottom"`. If not specified, rule is created at the bottom of the ruleset.
*/
relativePosition?: pulumi.Input<string>;
/**
* The destination ports
*/
services: pulumi.Input<pulumi.Input<string>[]>;
/**
* Snippet
*
* > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`.
*/
snippet?: pulumi.Input<string>;
/**
* The source Host Integrity Profile (HIP)
*/
sourceHips?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The source users
*/
sourceUsers?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The source addresses
*/
sources: pulumi.Input<pulumi.Input<string>[]>;
/**
* The authentication rule tags
*/
tags?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The name or UUID of the rule to position this rule relative to. Required when `relativePosition` is `"before"` or `"after"`.
*/
targetRule?: pulumi.Input<string>;
/**
* The authentication session timeout (seconds)
*/
timeout?: pulumi.Input<number>;
/**
* The destination security zones
*/
tos: pulumi.Input<pulumi.Input<string>[]>;
}