@pulumiverse/fortios
Version:
A Pulumi package for creating and managing Fortios resources. Based on terraform-provider-fortios: version v1.16.0
385 lines (384 loc) • 18.4 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Configure user defined IPv4 local-in policies.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fortios from "@pulumiverse/fortios";
*
* const trname = new fortios.firewall.Localinpolicy("trname", {
* action: "accept",
* dstaddrs: [{
* name: "all",
* }],
* haMgmtIntfOnly: "disable",
* intf: "port4",
* policyid: 1,
* schedule: "always",
* services: [{
* name: "ALL",
* }],
* srcaddrs: [{
* name: "all",
* }],
* status: "enable",
* });
* ```
*
* ## Import
*
* Firewall LocalInPolicy can be imported using any of these accepted formats:
*
* ```sh
* $ pulumi import fortios:firewall/localinpolicy:Localinpolicy labelname {{policyid}}
* ```
*
* If you do not want to import arguments of block:
*
* $ export "FORTIOS_IMPORT_TABLE"="false"
*
* ```sh
* $ pulumi import fortios:firewall/localinpolicy:Localinpolicy labelname {{policyid}}
* ```
*
* $ unset "FORTIOS_IMPORT_TABLE"
*/
export declare class Localinpolicy extends pulumi.CustomResource {
/**
* Get an existing Localinpolicy resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LocalinpolicyState, opts?: pulumi.CustomResourceOptions): Localinpolicy;
/**
* Returns true if the given object is an instance of Localinpolicy. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Localinpolicy;
/**
* Action performed on traffic matching the policy (default = deny). Valid values: `accept`, `deny`.
*/
readonly action: pulumi.Output<string>;
/**
* Comment.
*/
readonly comments: pulumi.Output<string | undefined>;
/**
* When enabled dstaddr specifies what the destination address must NOT be. Valid values: `enable`, `disable`.
*/
readonly dstaddrNegate: pulumi.Output<string>;
/**
* Destination address object from available options. The structure of `dstaddr` block is documented below.
*/
readonly dstaddrs: pulumi.Output<outputs.firewall.LocalinpolicyDstaddr[]>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
readonly dynamicSortSubtable: pulumi.Output<string | undefined>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
readonly getAllTables: pulumi.Output<string | undefined>;
/**
* Enable/disable dedicating the HA management interface only for local-in policy. Valid values: `enable`, `disable`.
*/
readonly haMgmtIntfOnly: pulumi.Output<string>;
/**
* Enable/disable use of Internet Services in source for this local-in policy. If enabled, source address is not used. Valid values: `enable`, `disable`.
*/
readonly internetServiceSrc: pulumi.Output<string>;
/**
* Custom Internet Service source group name. The structure of `internetServiceSrcCustomGroup` block is documented below.
*/
readonly internetServiceSrcCustomGroups: pulumi.Output<outputs.firewall.LocalinpolicyInternetServiceSrcCustomGroup[] | undefined>;
/**
* Custom Internet Service source name. The structure of `internetServiceSrcCustom` block is documented below.
*/
readonly internetServiceSrcCustoms: pulumi.Output<outputs.firewall.LocalinpolicyInternetServiceSrcCustom[] | undefined>;
/**
* Internet Service source group name. The structure of `internetServiceSrcGroup` block is documented below.
*/
readonly internetServiceSrcGroups: pulumi.Output<outputs.firewall.LocalinpolicyInternetServiceSrcGroup[] | undefined>;
/**
* Internet Service source name. The structure of `internetServiceSrcName` block is documented below.
*/
readonly internetServiceSrcNames: pulumi.Output<outputs.firewall.LocalinpolicyInternetServiceSrcName[] | undefined>;
/**
* When enabled internet-service-src specifies what the service must NOT be. Valid values: `enable`, `disable`.
*/
readonly internetServiceSrcNegate: pulumi.Output<string>;
/**
* Incoming interface name from available options. *Due to the data type change of API, for other versions of FortiOS, please check variable `intfBlock`.*
*/
readonly intf: pulumi.Output<string>;
/**
* Incoming interface name from available options. *Due to the data type change of API, for other versions of FortiOS, please check variable `intf`.* The structure of `intfBlock` block is documented below.
*/
readonly intfBlocks: pulumi.Output<outputs.firewall.LocalinpolicyIntfBlock[] | undefined>;
/**
* User defined local in policy ID.
*/
readonly policyid: pulumi.Output<number>;
/**
* Schedule object from available options.
*/
readonly schedule: pulumi.Output<string>;
/**
* When enabled service specifies what the service must NOT be. Valid values: `enable`, `disable`.
*/
readonly serviceNegate: pulumi.Output<string>;
/**
* Service object from available options. The structure of `service` block is documented below.
*/
readonly services: pulumi.Output<outputs.firewall.LocalinpolicyService[] | undefined>;
/**
* When enabled srcaddr specifies what the source address must NOT be. Valid values: `enable`, `disable`.
*/
readonly srcaddrNegate: pulumi.Output<string>;
/**
* Source address object from available options. The structure of `srcaddr` block is documented below.
*/
readonly srcaddrs: pulumi.Output<outputs.firewall.LocalinpolicySrcaddr[]>;
/**
* Enable/disable this local-in policy. Valid values: `enable`, `disable`.
*/
readonly status: pulumi.Output<string>;
/**
* Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
*/
readonly uuid: pulumi.Output<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
readonly vdomparam: pulumi.Output<string>;
/**
* Enable/disable virtual patching. Valid values: `enable`, `disable`.
*/
readonly virtualPatch: pulumi.Output<string>;
/**
* Create a Localinpolicy resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: LocalinpolicyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Localinpolicy resources.
*/
export interface LocalinpolicyState {
/**
* Action performed on traffic matching the policy (default = deny). Valid values: `accept`, `deny`.
*/
action?: pulumi.Input<string>;
/**
* Comment.
*/
comments?: pulumi.Input<string>;
/**
* When enabled dstaddr specifies what the destination address must NOT be. Valid values: `enable`, `disable`.
*/
dstaddrNegate?: pulumi.Input<string>;
/**
* Destination address object from available options. The structure of `dstaddr` block is documented below.
*/
dstaddrs?: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicyDstaddr>[]>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
dynamicSortSubtable?: pulumi.Input<string>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
getAllTables?: pulumi.Input<string>;
/**
* Enable/disable dedicating the HA management interface only for local-in policy. Valid values: `enable`, `disable`.
*/
haMgmtIntfOnly?: pulumi.Input<string>;
/**
* Enable/disable use of Internet Services in source for this local-in policy. If enabled, source address is not used. Valid values: `enable`, `disable`.
*/
internetServiceSrc?: pulumi.Input<string>;
/**
* Custom Internet Service source group name. The structure of `internetServiceSrcCustomGroup` block is documented below.
*/
internetServiceSrcCustomGroups?: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicyInternetServiceSrcCustomGroup>[]>;
/**
* Custom Internet Service source name. The structure of `internetServiceSrcCustom` block is documented below.
*/
internetServiceSrcCustoms?: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicyInternetServiceSrcCustom>[]>;
/**
* Internet Service source group name. The structure of `internetServiceSrcGroup` block is documented below.
*/
internetServiceSrcGroups?: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicyInternetServiceSrcGroup>[]>;
/**
* Internet Service source name. The structure of `internetServiceSrcName` block is documented below.
*/
internetServiceSrcNames?: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicyInternetServiceSrcName>[]>;
/**
* When enabled internet-service-src specifies what the service must NOT be. Valid values: `enable`, `disable`.
*/
internetServiceSrcNegate?: pulumi.Input<string>;
/**
* Incoming interface name from available options. *Due to the data type change of API, for other versions of FortiOS, please check variable `intfBlock`.*
*/
intf?: pulumi.Input<string>;
/**
* Incoming interface name from available options. *Due to the data type change of API, for other versions of FortiOS, please check variable `intf`.* The structure of `intfBlock` block is documented below.
*/
intfBlocks?: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicyIntfBlock>[]>;
/**
* User defined local in policy ID.
*/
policyid?: pulumi.Input<number>;
/**
* Schedule object from available options.
*/
schedule?: pulumi.Input<string>;
/**
* When enabled service specifies what the service must NOT be. Valid values: `enable`, `disable`.
*/
serviceNegate?: pulumi.Input<string>;
/**
* Service object from available options. The structure of `service` block is documented below.
*/
services?: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicyService>[]>;
/**
* When enabled srcaddr specifies what the source address must NOT be. Valid values: `enable`, `disable`.
*/
srcaddrNegate?: pulumi.Input<string>;
/**
* Source address object from available options. The structure of `srcaddr` block is documented below.
*/
srcaddrs?: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicySrcaddr>[]>;
/**
* Enable/disable this local-in policy. Valid values: `enable`, `disable`.
*/
status?: pulumi.Input<string>;
/**
* Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
*/
uuid?: pulumi.Input<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
/**
* Enable/disable virtual patching. Valid values: `enable`, `disable`.
*/
virtualPatch?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a Localinpolicy resource.
*/
export interface LocalinpolicyArgs {
/**
* Action performed on traffic matching the policy (default = deny). Valid values: `accept`, `deny`.
*/
action?: pulumi.Input<string>;
/**
* Comment.
*/
comments?: pulumi.Input<string>;
/**
* When enabled dstaddr specifies what the destination address must NOT be. Valid values: `enable`, `disable`.
*/
dstaddrNegate?: pulumi.Input<string>;
/**
* Destination address object from available options. The structure of `dstaddr` block is documented below.
*/
dstaddrs: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicyDstaddr>[]>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
dynamicSortSubtable?: pulumi.Input<string>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
getAllTables?: pulumi.Input<string>;
/**
* Enable/disable dedicating the HA management interface only for local-in policy. Valid values: `enable`, `disable`.
*/
haMgmtIntfOnly?: pulumi.Input<string>;
/**
* Enable/disable use of Internet Services in source for this local-in policy. If enabled, source address is not used. Valid values: `enable`, `disable`.
*/
internetServiceSrc?: pulumi.Input<string>;
/**
* Custom Internet Service source group name. The structure of `internetServiceSrcCustomGroup` block is documented below.
*/
internetServiceSrcCustomGroups?: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicyInternetServiceSrcCustomGroup>[]>;
/**
* Custom Internet Service source name. The structure of `internetServiceSrcCustom` block is documented below.
*/
internetServiceSrcCustoms?: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicyInternetServiceSrcCustom>[]>;
/**
* Internet Service source group name. The structure of `internetServiceSrcGroup` block is documented below.
*/
internetServiceSrcGroups?: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicyInternetServiceSrcGroup>[]>;
/**
* Internet Service source name. The structure of `internetServiceSrcName` block is documented below.
*/
internetServiceSrcNames?: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicyInternetServiceSrcName>[]>;
/**
* When enabled internet-service-src specifies what the service must NOT be. Valid values: `enable`, `disable`.
*/
internetServiceSrcNegate?: pulumi.Input<string>;
/**
* Incoming interface name from available options. *Due to the data type change of API, for other versions of FortiOS, please check variable `intfBlock`.*
*/
intf?: pulumi.Input<string>;
/**
* Incoming interface name from available options. *Due to the data type change of API, for other versions of FortiOS, please check variable `intf`.* The structure of `intfBlock` block is documented below.
*/
intfBlocks?: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicyIntfBlock>[]>;
/**
* User defined local in policy ID.
*/
policyid?: pulumi.Input<number>;
/**
* Schedule object from available options.
*/
schedule: pulumi.Input<string>;
/**
* When enabled service specifies what the service must NOT be. Valid values: `enable`, `disable`.
*/
serviceNegate?: pulumi.Input<string>;
/**
* Service object from available options. The structure of `service` block is documented below.
*/
services?: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicyService>[]>;
/**
* When enabled srcaddr specifies what the source address must NOT be. Valid values: `enable`, `disable`.
*/
srcaddrNegate?: pulumi.Input<string>;
/**
* Source address object from available options. The structure of `srcaddr` block is documented below.
*/
srcaddrs: pulumi.Input<pulumi.Input<inputs.firewall.LocalinpolicySrcaddr>[]>;
/**
* Enable/disable this local-in policy. Valid values: `enable`, `disable`.
*/
status?: pulumi.Input<string>;
/**
* Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
*/
uuid?: pulumi.Input<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
/**
* Enable/disable virtual patching. Valid values: `enable`, `disable`.
*/
virtualPatch?: pulumi.Input<string>;
}