@pulumiverse/fortios
Version:
A Pulumi package for creating and managing Fortios resources. Based on terraform-provider-fortios: version v1.16.0
491 lines (490 loc) • 19.3 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Configure access profiles for system administrators.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fortios from "@pulumiverse/fortios";
*
* const test12 = new fortios.system.Accprofile("test12", {
* admintimeout: 10,
* admintimeoutOverride: "disable",
* authgrp: "read-write",
* ftviewgrp: "read-write",
* fwgrp: "custom",
* fwgrpPermission: {
* address: "read-write",
* policy: "read-write",
* schedule: "none",
* service: "none",
* },
* loggrp: "read-write",
* loggrpPermission: {
* config: "none",
* dataAccess: "none",
* reportAccess: "none",
* threatWeight: "none",
* },
* netgrp: "read-write",
* netgrpPermission: {
* cfg: "none",
* packetCapture: "none",
* routeCfg: "none",
* },
* scope: "vdom",
* secfabgrp: "read-write",
* sysgrp: "read-write",
* sysgrpPermission: {
* admin: "none",
* cfg: "none",
* mnt: "none",
* upd: "none",
* },
* utmgrp: "custom",
* utmgrpPermission: {
* antivirus: "read-write",
* applicationControl: "none",
* dataLossPrevention: "none",
* dnsfilter: "none",
* endpointControl: "none",
* icap: "none",
* ips: "read-write",
* voip: "none",
* waf: "none",
* webfilter: "none",
* },
* vpngrp: "read-write",
* wanoptgrp: "read-write",
* wifi: "read-write",
* });
* ```
*
* ## Import
*
* System Accprofile can be imported using any of these accepted formats:
*
* ```sh
* $ pulumi import fortios:system/accprofile:Accprofile labelname {{name}}
* ```
*
* If you do not want to import arguments of block:
*
* $ export "FORTIOS_IMPORT_TABLE"="false"
*
* ```sh
* $ pulumi import fortios:system/accprofile:Accprofile labelname {{name}}
* ```
*
* $ unset "FORTIOS_IMPORT_TABLE"
*/
export declare class Accprofile extends pulumi.CustomResource {
/**
* Get an existing Accprofile resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccprofileState, opts?: pulumi.CustomResourceOptions): Accprofile;
/**
* Returns true if the given object is an instance of Accprofile. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Accprofile;
/**
* Administrator timeout for this access profile (0 - 480 min, default = 10, 0 means never timeout).
*/
readonly admintimeout: pulumi.Output<number>;
/**
* Enable/disable overriding the global administrator idle timeout. Valid values: `enable`, `disable`.
*/
readonly admintimeoutOverride: pulumi.Output<string>;
/**
* Administrator access to Users and Devices. Valid values: `none`, `read`, `read-write`.
*/
readonly authgrp: pulumi.Output<string>;
/**
* Enable/disable permission to run config commands. Valid values: `enable`, `disable`.
*/
readonly cliConfig: pulumi.Output<string>;
/**
* Enable/disable permission to run diagnostic commands. Valid values: `enable`, `disable`.
*/
readonly cliDiagnose: pulumi.Output<string>;
/**
* Enable/disable permission to run execute commands. Valid values: `enable`, `disable`.
*/
readonly cliExec: pulumi.Output<string>;
/**
* Enable/disable permission to run get commands. Valid values: `enable`, `disable`.
*/
readonly cliGet: pulumi.Output<string>;
/**
* Enable/disable permission to run show commands. Valid values: `enable`, `disable`.
*/
readonly cliShow: pulumi.Output<string>;
/**
* Comment.
*/
readonly comments: pulumi.Output<string | undefined>;
/**
* FortiView. Valid values: `none`, `read`, `read-write`.
*/
readonly ftviewgrp: pulumi.Output<string>;
/**
* Administrator access to the Firewall configuration. Valid values: `none`, `read`, `read-write`, `custom`.
*/
readonly fwgrp: pulumi.Output<string>;
/**
* Custom firewall permission. The structure of `fwgrpPermission` block is documented below.
*/
readonly fwgrpPermission: pulumi.Output<outputs.system.AccprofileFwgrpPermission>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
readonly getAllTables: pulumi.Output<string | undefined>;
/**
* Administrator access to Logging and Reporting including viewing log messages. Valid values: `none`, `read`, `read-write`, `custom`.
*/
readonly loggrp: pulumi.Output<string>;
/**
* Custom Log & Report permission. The structure of `loggrpPermission` block is documented below.
*/
readonly loggrpPermission: pulumi.Output<outputs.system.AccprofileLoggrpPermission>;
/**
* Profile name.
*/
readonly name: pulumi.Output<string>;
/**
* Network Configuration. Valid values: `none`, `read`, `read-write`, `custom`.
*/
readonly netgrp: pulumi.Output<string>;
/**
* Custom network permission. The structure of `netgrpPermission` block is documented below.
*/
readonly netgrpPermission: pulumi.Output<outputs.system.AccprofileNetgrpPermission>;
/**
* Scope of admin access: global or specific VDOM(s). Valid values: `vdom`, `global`.
*/
readonly scope: pulumi.Output<string>;
/**
* Security Fabric. Valid values: `none`, `read`, `read-write`.
*/
readonly secfabgrp: pulumi.Output<string>;
/**
* System Configuration. Valid values: `none`, `read`, `read-write`, `custom`.
*/
readonly sysgrp: pulumi.Output<string>;
/**
* Custom system permission. The structure of `sysgrpPermission` block is documented below.
*/
readonly sysgrpPermission: pulumi.Output<outputs.system.AccprofileSysgrpPermission>;
/**
* Enable/disable permission to run system diagnostic commands. Valid values: `enable`, `disable`.
*/
readonly systemDiagnostics: pulumi.Output<string>;
/**
* Enable/disable permission to execute SSH commands. Valid values: `enable`, `disable`.
*/
readonly systemExecuteSsh: pulumi.Output<string>;
/**
* Enable/disable permission to execute TELNET commands. Valid values: `enable`, `disable`.
*/
readonly systemExecuteTelnet: pulumi.Output<string>;
/**
* Administrator access to Security Profiles. Valid values: `none`, `read`, `read-write`, `custom`.
*/
readonly utmgrp: pulumi.Output<string>;
/**
* Custom Security Profile permissions. The structure of `utmgrpPermission` block is documented below.
*/
readonly utmgrpPermission: pulumi.Output<outputs.system.AccprofileUtmgrpPermission>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
readonly vdomparam: pulumi.Output<string>;
/**
* Administrator access to IPsec, SSL, PPTP, and L2TP VPN. Valid values: `none`, `read`, `read-write`.
*/
readonly vpngrp: pulumi.Output<string>;
/**
* Administrator access to WAN Opt & Cache. Valid values: `none`, `read`, `read-write`.
*/
readonly wanoptgrp: pulumi.Output<string>;
/**
* Administrator access to the WiFi controller and Switch controller. Valid values: `none`, `read`, `read-write`.
*/
readonly wifi: pulumi.Output<string>;
/**
* Create a Accprofile resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args?: AccprofileArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Accprofile resources.
*/
export interface AccprofileState {
/**
* Administrator timeout for this access profile (0 - 480 min, default = 10, 0 means never timeout).
*/
admintimeout?: pulumi.Input<number>;
/**
* Enable/disable overriding the global administrator idle timeout. Valid values: `enable`, `disable`.
*/
admintimeoutOverride?: pulumi.Input<string>;
/**
* Administrator access to Users and Devices. Valid values: `none`, `read`, `read-write`.
*/
authgrp?: pulumi.Input<string>;
/**
* Enable/disable permission to run config commands. Valid values: `enable`, `disable`.
*/
cliConfig?: pulumi.Input<string>;
/**
* Enable/disable permission to run diagnostic commands. Valid values: `enable`, `disable`.
*/
cliDiagnose?: pulumi.Input<string>;
/**
* Enable/disable permission to run execute commands. Valid values: `enable`, `disable`.
*/
cliExec?: pulumi.Input<string>;
/**
* Enable/disable permission to run get commands. Valid values: `enable`, `disable`.
*/
cliGet?: pulumi.Input<string>;
/**
* Enable/disable permission to run show commands. Valid values: `enable`, `disable`.
*/
cliShow?: pulumi.Input<string>;
/**
* Comment.
*/
comments?: pulumi.Input<string>;
/**
* FortiView. Valid values: `none`, `read`, `read-write`.
*/
ftviewgrp?: pulumi.Input<string>;
/**
* Administrator access to the Firewall configuration. Valid values: `none`, `read`, `read-write`, `custom`.
*/
fwgrp?: pulumi.Input<string>;
/**
* Custom firewall permission. The structure of `fwgrpPermission` block is documented below.
*/
fwgrpPermission?: pulumi.Input<inputs.system.AccprofileFwgrpPermission>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
getAllTables?: pulumi.Input<string>;
/**
* Administrator access to Logging and Reporting including viewing log messages. Valid values: `none`, `read`, `read-write`, `custom`.
*/
loggrp?: pulumi.Input<string>;
/**
* Custom Log & Report permission. The structure of `loggrpPermission` block is documented below.
*/
loggrpPermission?: pulumi.Input<inputs.system.AccprofileLoggrpPermission>;
/**
* Profile name.
*/
name?: pulumi.Input<string>;
/**
* Network Configuration. Valid values: `none`, `read`, `read-write`, `custom`.
*/
netgrp?: pulumi.Input<string>;
/**
* Custom network permission. The structure of `netgrpPermission` block is documented below.
*/
netgrpPermission?: pulumi.Input<inputs.system.AccprofileNetgrpPermission>;
/**
* Scope of admin access: global or specific VDOM(s). Valid values: `vdom`, `global`.
*/
scope?: pulumi.Input<string>;
/**
* Security Fabric. Valid values: `none`, `read`, `read-write`.
*/
secfabgrp?: pulumi.Input<string>;
/**
* System Configuration. Valid values: `none`, `read`, `read-write`, `custom`.
*/
sysgrp?: pulumi.Input<string>;
/**
* Custom system permission. The structure of `sysgrpPermission` block is documented below.
*/
sysgrpPermission?: pulumi.Input<inputs.system.AccprofileSysgrpPermission>;
/**
* Enable/disable permission to run system diagnostic commands. Valid values: `enable`, `disable`.
*/
systemDiagnostics?: pulumi.Input<string>;
/**
* Enable/disable permission to execute SSH commands. Valid values: `enable`, `disable`.
*/
systemExecuteSsh?: pulumi.Input<string>;
/**
* Enable/disable permission to execute TELNET commands. Valid values: `enable`, `disable`.
*/
systemExecuteTelnet?: pulumi.Input<string>;
/**
* Administrator access to Security Profiles. Valid values: `none`, `read`, `read-write`, `custom`.
*/
utmgrp?: pulumi.Input<string>;
/**
* Custom Security Profile permissions. The structure of `utmgrpPermission` block is documented below.
*/
utmgrpPermission?: pulumi.Input<inputs.system.AccprofileUtmgrpPermission>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
/**
* Administrator access to IPsec, SSL, PPTP, and L2TP VPN. Valid values: `none`, `read`, `read-write`.
*/
vpngrp?: pulumi.Input<string>;
/**
* Administrator access to WAN Opt & Cache. Valid values: `none`, `read`, `read-write`.
*/
wanoptgrp?: pulumi.Input<string>;
/**
* Administrator access to the WiFi controller and Switch controller. Valid values: `none`, `read`, `read-write`.
*/
wifi?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a Accprofile resource.
*/
export interface AccprofileArgs {
/**
* Administrator timeout for this access profile (0 - 480 min, default = 10, 0 means never timeout).
*/
admintimeout?: pulumi.Input<number>;
/**
* Enable/disable overriding the global administrator idle timeout. Valid values: `enable`, `disable`.
*/
admintimeoutOverride?: pulumi.Input<string>;
/**
* Administrator access to Users and Devices. Valid values: `none`, `read`, `read-write`.
*/
authgrp?: pulumi.Input<string>;
/**
* Enable/disable permission to run config commands. Valid values: `enable`, `disable`.
*/
cliConfig?: pulumi.Input<string>;
/**
* Enable/disable permission to run diagnostic commands. Valid values: `enable`, `disable`.
*/
cliDiagnose?: pulumi.Input<string>;
/**
* Enable/disable permission to run execute commands. Valid values: `enable`, `disable`.
*/
cliExec?: pulumi.Input<string>;
/**
* Enable/disable permission to run get commands. Valid values: `enable`, `disable`.
*/
cliGet?: pulumi.Input<string>;
/**
* Enable/disable permission to run show commands. Valid values: `enable`, `disable`.
*/
cliShow?: pulumi.Input<string>;
/**
* Comment.
*/
comments?: pulumi.Input<string>;
/**
* FortiView. Valid values: `none`, `read`, `read-write`.
*/
ftviewgrp?: pulumi.Input<string>;
/**
* Administrator access to the Firewall configuration. Valid values: `none`, `read`, `read-write`, `custom`.
*/
fwgrp?: pulumi.Input<string>;
/**
* Custom firewall permission. The structure of `fwgrpPermission` block is documented below.
*/
fwgrpPermission?: pulumi.Input<inputs.system.AccprofileFwgrpPermission>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
getAllTables?: pulumi.Input<string>;
/**
* Administrator access to Logging and Reporting including viewing log messages. Valid values: `none`, `read`, `read-write`, `custom`.
*/
loggrp?: pulumi.Input<string>;
/**
* Custom Log & Report permission. The structure of `loggrpPermission` block is documented below.
*/
loggrpPermission?: pulumi.Input<inputs.system.AccprofileLoggrpPermission>;
/**
* Profile name.
*/
name?: pulumi.Input<string>;
/**
* Network Configuration. Valid values: `none`, `read`, `read-write`, `custom`.
*/
netgrp?: pulumi.Input<string>;
/**
* Custom network permission. The structure of `netgrpPermission` block is documented below.
*/
netgrpPermission?: pulumi.Input<inputs.system.AccprofileNetgrpPermission>;
/**
* Scope of admin access: global or specific VDOM(s). Valid values: `vdom`, `global`.
*/
scope?: pulumi.Input<string>;
/**
* Security Fabric. Valid values: `none`, `read`, `read-write`.
*/
secfabgrp?: pulumi.Input<string>;
/**
* System Configuration. Valid values: `none`, `read`, `read-write`, `custom`.
*/
sysgrp?: pulumi.Input<string>;
/**
* Custom system permission. The structure of `sysgrpPermission` block is documented below.
*/
sysgrpPermission?: pulumi.Input<inputs.system.AccprofileSysgrpPermission>;
/**
* Enable/disable permission to run system diagnostic commands. Valid values: `enable`, `disable`.
*/
systemDiagnostics?: pulumi.Input<string>;
/**
* Enable/disable permission to execute SSH commands. Valid values: `enable`, `disable`.
*/
systemExecuteSsh?: pulumi.Input<string>;
/**
* Enable/disable permission to execute TELNET commands. Valid values: `enable`, `disable`.
*/
systemExecuteTelnet?: pulumi.Input<string>;
/**
* Administrator access to Security Profiles. Valid values: `none`, `read`, `read-write`, `custom`.
*/
utmgrp?: pulumi.Input<string>;
/**
* Custom Security Profile permissions. The structure of `utmgrpPermission` block is documented below.
*/
utmgrpPermission?: pulumi.Input<inputs.system.AccprofileUtmgrpPermission>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
/**
* Administrator access to IPsec, SSL, PPTP, and L2TP VPN. Valid values: `none`, `read`, `read-write`.
*/
vpngrp?: pulumi.Input<string>;
/**
* Administrator access to WAN Opt & Cache. Valid values: `none`, `read`, `read-write`.
*/
wanoptgrp?: pulumi.Input<string>;
/**
* Administrator access to the WiFi controller and Switch controller. Valid values: `none`, `read`, `read-write`.
*/
wifi?: pulumi.Input<string>;
}