@pulumi/scm
Version:
A Pulumi package for managing resources on Strata Cloud Manager.. Based on terraform-provider-scm: version v0.2.1
521 lines (520 loc) • 16 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
/**
* DecryptionRule resource
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as scm from "@pulumi/scm";
*
* // --- 1. TAG Resource ---
* const decryptionPositionTag = new scm.Tag("decryption_position_tag", {
* name: "decryption-position-tag",
* folder: "All",
* color: "Purple",
* });
* // --- 2. ANCHOR DECRYPTION RULE (Used for relative positioning) ---
* const anchorDecryptionRule = new scm.DecryptionRule("anchor_decryption_rule", {
* name: "anchor-decryption-rule",
* description: "Base rule for testing 'before' and 'after' positioning.",
* folder: "All",
* position: "pre",
* action: "decrypt",
* froms: ["trust"],
* tos: ["untrust"],
* sources: ["any"],
* destinations: ["any"],
* services: ["service-https"],
* categories: ["high-risk"],
* sourceUsers: ["any"],
* type: {
* sslForwardProxy: {},
* },
* destinationHips: ["any"],
* tags: [decryptionPositionTag.name],
* logSuccess: true,
* logFail: true,
* disabled: false,
* negateSource: false,
* negateDestination: false,
* });
* // --- 3. ABSOLUTE POSITIONING Examples ("top" and "bottom") ---
* const ruleTopDecryptionRule = new scm.DecryptionRule("rule_top_decryption_rule", {
* name: "top-absolute-decryption-rule",
* description: "Placed at the very TOP of the Decryption rulebase.",
* folder: "All",
* position: "pre",
* action: "no-decrypt",
* relativePosition: "top",
* froms: ["any"],
* tos: ["any"],
* sources: ["any"],
* destinations: ["any"],
* services: ["service-https"],
* categories: ["high-risk"],
* sourceUsers: ["any"],
* type: {
* sslForwardProxy: {},
* },
* });
* const ruleBottomDecryptionRule = new scm.DecryptionRule("rule_bottom_decryption_rule", {
* name: "bottom-absolute-decryption-rule",
* description: "Placed at the very BOTTOM of the Decryption rulebase.",
* folder: "All",
* position: "pre",
* action: "decrypt",
* relativePosition: "bottom",
* froms: ["any"],
* tos: ["any"],
* sources: ["any"],
* destinations: ["any"],
* services: ["service-https"],
* categories: ["high-risk"],
* sourceUsers: ["any"],
* type: {
* sslForwardProxy: {},
* },
* });
* // --- 4. RELATIVE POSITIONING Examples ("before" and "after") ---
* const ruleBeforeAnchorDecryption = new scm.DecryptionRule("rule_before_anchor_decryption", {
* name: "before-anchor-decryption-rule",
* description: "Positioned immediately BEFORE the anchor-decryption-rule. Updating",
* folder: "All",
* position: "pre",
* action: "decrypt",
* relativePosition: "before",
* targetRule: anchorDecryptionRule.id,
* froms: ["trust"],
* tos: ["untrust"],
* sources: ["10.1.1.0/24"],
* destinations: ["any"],
* services: ["service-https"],
* categories: ["high-risk"],
* sourceUsers: ["any"],
* type: {
* sslForwardProxy: {},
* },
* });
* const ruleAfterAnchorDecryption = new scm.DecryptionRule("rule_after_anchor_decryption", {
* name: "after-anchor-decryption-rule_123",
* description: "Positioned immediately AFTER the anchor-decryption-rule.",
* folder: "All",
* position: "pre",
* action: "decrypt",
* relativePosition: "after",
* targetRule: anchorDecryptionRule.id,
* froms: ["any"],
* tos: ["untrust"],
* sources: ["any"],
* destinations: ["192.168.1.10"],
* services: ["service-https"],
* categories: ["any"],
* sourceUsers: ["any"],
* type: {
* sslForwardProxy: {},
* },
* });
* ```
*
* ## Import
*
* The following command can be used to import a resource not managed by Terraform:
*
* bash
*
* ```sh
* $ pulumi import scm:index/decryptionRule:DecryptionRule example folder:::id
* ```
*
* or
*
* bash
*
* ```sh
* $ pulumi import scm:index/decryptionRule:DecryptionRule example :snippet::id
* ```
*
* or
*
* bash
*
* ```sh
* $ pulumi import scm:index/decryptionRule:DecryptionRule example ::device:id
* ```
*/
export declare class DecryptionRule extends pulumi.CustomResource {
/**
* Get an existing DecryptionRule resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DecryptionRuleState, opts?: pulumi.CustomResourceOptions): DecryptionRule;
/**
* Returns true if the given object is an instance of DecryptionRule. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is DecryptionRule;
/**
* The action to be taken
*/
readonly action: pulumi.Output<string>;
/**
* The destination URL category
*/
readonly categories: pulumi.Output<string[]>;
/**
* The description of the decryption rule
*/
readonly description: pulumi.Output<string | undefined>;
/**
* The Host Integrity Profile of the destination host
*/
readonly destinationHips: pulumi.Output<string[] | undefined>;
/**
* The destination addresses
*/
readonly destinations: pulumi.Output<string[]>;
/**
* The device in which the resource is defined
*/
readonly device: pulumi.Output<string | undefined>;
/**
* Is the rule disabled?
*/
readonly disabled: pulumi.Output<boolean | undefined>;
/**
* The folder in which the resource is defined
*
* > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`.
*/
readonly folder: pulumi.Output<string | undefined>;
/**
* The source security zone
*/
readonly froms: pulumi.Output<string[]>;
/**
* Log failed decryption events?
*/
readonly logFail: pulumi.Output<boolean | undefined>;
/**
* The log settings of the decryption rule
*/
readonly logSetting: pulumi.Output<string | undefined>;
/**
* Log successful decryption events?
*/
readonly logSuccess: pulumi.Output<boolean | undefined>;
/**
* The name of the decryption rule
*/
readonly name: pulumi.Output<string>;
/**
* Negate the destination addresses?
*/
readonly negateDestination: pulumi.Output<boolean | undefined>;
/**
* Negate the source addresses?
*/
readonly negateSource: pulumi.Output<boolean | undefined>;
/**
* The position of a security rule
*/
readonly position: pulumi.Output<string>;
/**
* The decryption profile associated with the decryption rule
*/
readonly profile: pulumi.Output<string | undefined>;
/**
* Relative positioning rule. String must be one of these: `"before"`, `"after"`, `"top"`, `"bottom"`. If not specified, rule is created at the bottom of the ruleset.
*/
readonly relativePosition: pulumi.Output<string | undefined>;
/**
* The destination services and/or service groups
*/
readonly services: pulumi.Output<string[]>;
/**
* The snippet in which the resource is defined
*
* > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`.
*/
readonly snippet: pulumi.Output<string | undefined>;
/**
* Source hip
*/
readonly sourceHips: pulumi.Output<string[] | undefined>;
/**
* List of source users and/or groups. Reserved words include `any`, `pre-login`, `known-user`, and `unknown`.
*/
readonly sourceUsers: pulumi.Output<string[]>;
/**
* The source addresses
*/
readonly sources: pulumi.Output<string[]>;
/**
* The tags associated with the decryption rule
*/
readonly tags: pulumi.Output<string[] | undefined>;
/**
* The name or UUID of the rule to position this rule relative to. Required when `relativePosition` is `"before"` or `"after"`.
*/
readonly targetRule: pulumi.Output<string | undefined>;
readonly tfid: pulumi.Output<string>;
/**
* The destination security zone
*/
readonly tos: pulumi.Output<string[]>;
/**
* The type of decryption
*/
readonly type: pulumi.Output<outputs.DecryptionRuleType | undefined>;
/**
* Create a DecryptionRule resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: DecryptionRuleArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering DecryptionRule resources.
*/
export interface DecryptionRuleState {
/**
* The action to be taken
*/
action?: pulumi.Input<string>;
/**
* The destination URL category
*/
categories?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The description of the decryption rule
*/
description?: pulumi.Input<string>;
/**
* The Host Integrity Profile of the destination host
*/
destinationHips?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The destination addresses
*/
destinations?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The device in which the resource is defined
*/
device?: pulumi.Input<string>;
/**
* Is the rule disabled?
*/
disabled?: pulumi.Input<boolean>;
/**
* The folder in which the resource is defined
*
* > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`.
*/
folder?: pulumi.Input<string>;
/**
* The source security zone
*/
froms?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Log failed decryption events?
*/
logFail?: pulumi.Input<boolean>;
/**
* The log settings of the decryption rule
*/
logSetting?: pulumi.Input<string>;
/**
* Log successful decryption events?
*/
logSuccess?: pulumi.Input<boolean>;
/**
* The name of the decryption rule
*/
name?: pulumi.Input<string>;
/**
* Negate the destination addresses?
*/
negateDestination?: pulumi.Input<boolean>;
/**
* Negate the source addresses?
*/
negateSource?: pulumi.Input<boolean>;
/**
* The position of a security rule
*/
position?: pulumi.Input<string>;
/**
* The decryption profile associated with the decryption rule
*/
profile?: pulumi.Input<string>;
/**
* Relative positioning rule. String must be one of these: `"before"`, `"after"`, `"top"`, `"bottom"`. If not specified, rule is created at the bottom of the ruleset.
*/
relativePosition?: pulumi.Input<string>;
/**
* The destination services and/or service groups
*/
services?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The snippet in which the resource is defined
*
* > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`.
*/
snippet?: pulumi.Input<string>;
/**
* Source hip
*/
sourceHips?: pulumi.Input<pulumi.Input<string>[]>;
/**
* List of source users and/or groups. Reserved words include `any`, `pre-login`, `known-user`, and `unknown`.
*/
sourceUsers?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The source addresses
*/
sources?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The tags associated with the decryption rule
*/
tags?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The name or UUID of the rule to position this rule relative to. Required when `relativePosition` is `"before"` or `"after"`.
*/
targetRule?: pulumi.Input<string>;
tfid?: pulumi.Input<string>;
/**
* The destination security zone
*/
tos?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The type of decryption
*/
type?: pulumi.Input<inputs.DecryptionRuleType>;
}
/**
* The set of arguments for constructing a DecryptionRule resource.
*/
export interface DecryptionRuleArgs {
/**
* The action to be taken
*/
action: pulumi.Input<string>;
/**
* The destination URL category
*/
categories: pulumi.Input<pulumi.Input<string>[]>;
/**
* The description of the decryption rule
*/
description?: pulumi.Input<string>;
/**
* The Host Integrity Profile of the destination host
*/
destinationHips?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The destination addresses
*/
destinations: pulumi.Input<pulumi.Input<string>[]>;
/**
* The device in which the resource is defined
*/
device?: pulumi.Input<string>;
/**
* Is the rule disabled?
*/
disabled?: pulumi.Input<boolean>;
/**
* The folder in which the resource is defined
*
* > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`.
*/
folder?: pulumi.Input<string>;
/**
* The source security zone
*/
froms: pulumi.Input<pulumi.Input<string>[]>;
/**
* Log failed decryption events?
*/
logFail?: pulumi.Input<boolean>;
/**
* The log settings of the decryption rule
*/
logSetting?: pulumi.Input<string>;
/**
* Log successful decryption events?
*/
logSuccess?: pulumi.Input<boolean>;
/**
* The name of the decryption rule
*/
name?: pulumi.Input<string>;
/**
* Negate the destination addresses?
*/
negateDestination?: pulumi.Input<boolean>;
/**
* Negate the source addresses?
*/
negateSource?: pulumi.Input<boolean>;
/**
* The position of a security rule
*/
position?: pulumi.Input<string>;
/**
* The decryption profile associated with the decryption rule
*/
profile?: pulumi.Input<string>;
/**
* Relative positioning rule. String must be one of these: `"before"`, `"after"`, `"top"`, `"bottom"`. If not specified, rule is created at the bottom of the ruleset.
*/
relativePosition?: pulumi.Input<string>;
/**
* The destination services and/or service groups
*/
services: pulumi.Input<pulumi.Input<string>[]>;
/**
* The snippet in which the resource is defined
*
* > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`.
*/
snippet?: pulumi.Input<string>;
/**
* Source hip
*/
sourceHips?: pulumi.Input<pulumi.Input<string>[]>;
/**
* List of source users and/or groups. Reserved words include `any`, `pre-login`, `known-user`, and `unknown`.
*/
sourceUsers: pulumi.Input<pulumi.Input<string>[]>;
/**
* The source addresses
*/
sources: pulumi.Input<pulumi.Input<string>[]>;
/**
* The tags associated with the decryption rule
*/
tags?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The name or UUID of the rule to position this rule relative to. Required when `relativePosition` is `"before"` or `"after"`.
*/
targetRule?: pulumi.Input<string>;
/**
* The destination security zone
*/
tos: pulumi.Input<pulumi.Input<string>[]>;
/**
* The type of decryption
*/
type?: pulumi.Input<inputs.DecryptionRuleType>;
}