@pulumiverse/fortios
Version:
A Pulumi package for creating and managing Fortios resources. Based on terraform-provider-fortios: version v1.16.0
473 lines (472 loc) • 19.6 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fortios from "@pulumiverse/fortios";
*
* const trname = new fortios.system.Csf("trname", {
* configurationSync: "default",
* groupPassword: "tmp",
* managementIp: "0.0.0.0",
* managementPort: 33,
* status: "disable",
* upstreamIp: "0.0.0.0",
* upstreamPort: 8013,
* });
* ```
*
* ## Import
*
* System Csf can be imported using any of these accepted formats:
*
* ```sh
* $ pulumi import fortios:system/csf:Csf labelname SystemCsf
* ```
*
* If you do not want to import arguments of block:
*
* $ export "FORTIOS_IMPORT_TABLE"="false"
*
* ```sh
* $ pulumi import fortios:system/csf:Csf labelname SystemCsf
* ```
*
* $ unset "FORTIOS_IMPORT_TABLE"
*/
export declare class Csf extends pulumi.CustomResource {
/**
* Get an existing Csf resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CsfState, opts?: pulumi.CustomResourceOptions): Csf;
/**
* Returns true if the given object is an instance of Csf. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Csf;
/**
* Accept connections with unknown certificates and ask admin for approval. Valid values: `disable`, `enable`.
*/
readonly acceptAuthByCert: pulumi.Output<string>;
/**
* Authorization request type. Valid values: `serial`, `certificate`.
*/
readonly authorizationRequestType: pulumi.Output<string>;
/**
* Certificate.
*/
readonly certificate: pulumi.Output<string>;
/**
* Configuration sync mode. Valid values: `default`, `local`.
*/
readonly configurationSync: pulumi.Output<string>;
/**
* Enable/disable downstream device access to this device's configuration and data. Valid values: `enable`, `disable`.
*/
readonly downstreamAccess: pulumi.Output<string>;
/**
* Default access profile for requests from downstream devices.
*/
readonly downstreamAccprofile: pulumi.Output<string>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
readonly dynamicSortSubtable: pulumi.Output<string | undefined>;
/**
* Fabric connector configuration. The structure of `fabricConnector` block is documented below.
*/
readonly fabricConnectors: pulumi.Output<outputs.system.CsfFabricConnector[] | undefined>;
/**
* Fabric device configuration. The structure of `fabricDevice` block is documented below.
*/
readonly fabricDevices: pulumi.Output<outputs.system.CsfFabricDevice[] | undefined>;
/**
* Fabric CMDB Object Unification Valid values: `default`, `local`.
*/
readonly fabricObjectUnification: pulumi.Output<string>;
/**
* Number of worker processes for Security Fabric daemon.
*/
readonly fabricWorkers: pulumi.Output<number>;
/**
* Enable/disable Security Fabric daemon file management. Valid values: `enable`, `disable`.
*/
readonly fileMgmt: pulumi.Output<string>;
/**
* Maximum amount of memory that can be used by the daemon files (in bytes).
*/
readonly fileQuota: pulumi.Output<number>;
/**
* Warn when the set percentage of quota has been used.
*/
readonly fileQuotaWarning: pulumi.Output<number>;
/**
* Auto-generated fixed key used when this device is the root. (Will automatically be generated if not set.)
*/
readonly fixedKey: pulumi.Output<string | undefined>;
/**
* Fabric FortiCloud account unification. Valid values: `enable`, `disable`.
*/
readonly forticloudAccountEnforcement: pulumi.Output<string>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
readonly getAllTables: pulumi.Output<string | undefined>;
/**
* Security Fabric group name. All FortiGates in a Security Fabric must have the same group name.
*/
readonly groupName: pulumi.Output<string>;
/**
* Security Fabric group password. All FortiGates in a Security Fabric must have the same group password.
*/
readonly groupPassword: pulumi.Output<string | undefined>;
/**
* Enable/disable broadcast of discovery messages for log unification. Valid values: `disable`, `enable`.
*/
readonly logUnification: pulumi.Output<string>;
/**
* Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
*/
readonly managementIp: pulumi.Output<string>;
/**
* Overriding port for management connection (Overrides admin port).
*/
readonly managementPort: pulumi.Output<number>;
/**
* SAML setting configuration synchronization. Valid values: `default`, `local`.
*/
readonly samlConfigurationSync: pulumi.Output<string>;
/**
* Source IP address for communication with the upstream FortiGate.
*/
readonly sourceIp: pulumi.Output<string>;
/**
* Enable/disable Security Fabric. Valid values: `enable`, `disable`.
*/
readonly status: pulumi.Output<string>;
/**
* Pre-authorized and blocked security fabric nodes. The structure of `trustedList` block is documented below.
*/
readonly trustedLists: pulumi.Output<outputs.system.CsfTrustedList[] | undefined>;
/**
* Unique ID of the current CSF node
*/
readonly uid: pulumi.Output<string>;
/**
* IP/FQDN of the FortiGate upstream from this FortiGate in the Security Fabric.
*/
readonly upstream: pulumi.Output<string>;
/**
* Specify outgoing interface to reach server.
*/
readonly upstreamInterface: pulumi.Output<string>;
/**
* Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`.
*/
readonly upstreamInterfaceSelectMethod: pulumi.Output<string>;
/**
* IP address of the FortiGate upstream from this FortiGate in the Security Fabric.
*/
readonly upstreamIp: pulumi.Output<string>;
/**
* The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013).
*/
readonly upstreamPort: pulumi.Output<number>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
readonly vdomparam: pulumi.Output<string>;
/**
* Create a Csf resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: CsfArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Csf resources.
*/
export interface CsfState {
/**
* Accept connections with unknown certificates and ask admin for approval. Valid values: `disable`, `enable`.
*/
acceptAuthByCert?: pulumi.Input<string>;
/**
* Authorization request type. Valid values: `serial`, `certificate`.
*/
authorizationRequestType?: pulumi.Input<string>;
/**
* Certificate.
*/
certificate?: pulumi.Input<string>;
/**
* Configuration sync mode. Valid values: `default`, `local`.
*/
configurationSync?: pulumi.Input<string>;
/**
* Enable/disable downstream device access to this device's configuration and data. Valid values: `enable`, `disable`.
*/
downstreamAccess?: pulumi.Input<string>;
/**
* Default access profile for requests from downstream devices.
*/
downstreamAccprofile?: pulumi.Input<string>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
dynamicSortSubtable?: pulumi.Input<string>;
/**
* Fabric connector configuration. The structure of `fabricConnector` block is documented below.
*/
fabricConnectors?: pulumi.Input<pulumi.Input<inputs.system.CsfFabricConnector>[]>;
/**
* Fabric device configuration. The structure of `fabricDevice` block is documented below.
*/
fabricDevices?: pulumi.Input<pulumi.Input<inputs.system.CsfFabricDevice>[]>;
/**
* Fabric CMDB Object Unification Valid values: `default`, `local`.
*/
fabricObjectUnification?: pulumi.Input<string>;
/**
* Number of worker processes for Security Fabric daemon.
*/
fabricWorkers?: pulumi.Input<number>;
/**
* Enable/disable Security Fabric daemon file management. Valid values: `enable`, `disable`.
*/
fileMgmt?: pulumi.Input<string>;
/**
* Maximum amount of memory that can be used by the daemon files (in bytes).
*/
fileQuota?: pulumi.Input<number>;
/**
* Warn when the set percentage of quota has been used.
*/
fileQuotaWarning?: pulumi.Input<number>;
/**
* Auto-generated fixed key used when this device is the root. (Will automatically be generated if not set.)
*/
fixedKey?: pulumi.Input<string>;
/**
* Fabric FortiCloud account unification. Valid values: `enable`, `disable`.
*/
forticloudAccountEnforcement?: pulumi.Input<string>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
getAllTables?: pulumi.Input<string>;
/**
* Security Fabric group name. All FortiGates in a Security Fabric must have the same group name.
*/
groupName?: pulumi.Input<string>;
/**
* Security Fabric group password. All FortiGates in a Security Fabric must have the same group password.
*/
groupPassword?: pulumi.Input<string>;
/**
* Enable/disable broadcast of discovery messages for log unification. Valid values: `disable`, `enable`.
*/
logUnification?: pulumi.Input<string>;
/**
* Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
*/
managementIp?: pulumi.Input<string>;
/**
* Overriding port for management connection (Overrides admin port).
*/
managementPort?: pulumi.Input<number>;
/**
* SAML setting configuration synchronization. Valid values: `default`, `local`.
*/
samlConfigurationSync?: pulumi.Input<string>;
/**
* Source IP address for communication with the upstream FortiGate.
*/
sourceIp?: pulumi.Input<string>;
/**
* Enable/disable Security Fabric. Valid values: `enable`, `disable`.
*/
status?: pulumi.Input<string>;
/**
* Pre-authorized and blocked security fabric nodes. The structure of `trustedList` block is documented below.
*/
trustedLists?: pulumi.Input<pulumi.Input<inputs.system.CsfTrustedList>[]>;
/**
* Unique ID of the current CSF node
*/
uid?: pulumi.Input<string>;
/**
* IP/FQDN of the FortiGate upstream from this FortiGate in the Security Fabric.
*/
upstream?: pulumi.Input<string>;
/**
* Specify outgoing interface to reach server.
*/
upstreamInterface?: pulumi.Input<string>;
/**
* Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`.
*/
upstreamInterfaceSelectMethod?: pulumi.Input<string>;
/**
* IP address of the FortiGate upstream from this FortiGate in the Security Fabric.
*/
upstreamIp?: pulumi.Input<string>;
/**
* The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013).
*/
upstreamPort?: pulumi.Input<number>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a Csf resource.
*/
export interface CsfArgs {
/**
* Accept connections with unknown certificates and ask admin for approval. Valid values: `disable`, `enable`.
*/
acceptAuthByCert?: pulumi.Input<string>;
/**
* Authorization request type. Valid values: `serial`, `certificate`.
*/
authorizationRequestType?: pulumi.Input<string>;
/**
* Certificate.
*/
certificate?: pulumi.Input<string>;
/**
* Configuration sync mode. Valid values: `default`, `local`.
*/
configurationSync?: pulumi.Input<string>;
/**
* Enable/disable downstream device access to this device's configuration and data. Valid values: `enable`, `disable`.
*/
downstreamAccess?: pulumi.Input<string>;
/**
* Default access profile for requests from downstream devices.
*/
downstreamAccprofile?: pulumi.Input<string>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
dynamicSortSubtable?: pulumi.Input<string>;
/**
* Fabric connector configuration. The structure of `fabricConnector` block is documented below.
*/
fabricConnectors?: pulumi.Input<pulumi.Input<inputs.system.CsfFabricConnector>[]>;
/**
* Fabric device configuration. The structure of `fabricDevice` block is documented below.
*/
fabricDevices?: pulumi.Input<pulumi.Input<inputs.system.CsfFabricDevice>[]>;
/**
* Fabric CMDB Object Unification Valid values: `default`, `local`.
*/
fabricObjectUnification?: pulumi.Input<string>;
/**
* Number of worker processes for Security Fabric daemon.
*/
fabricWorkers?: pulumi.Input<number>;
/**
* Enable/disable Security Fabric daemon file management. Valid values: `enable`, `disable`.
*/
fileMgmt?: pulumi.Input<string>;
/**
* Maximum amount of memory that can be used by the daemon files (in bytes).
*/
fileQuota?: pulumi.Input<number>;
/**
* Warn when the set percentage of quota has been used.
*/
fileQuotaWarning?: pulumi.Input<number>;
/**
* Auto-generated fixed key used when this device is the root. (Will automatically be generated if not set.)
*/
fixedKey?: pulumi.Input<string>;
/**
* Fabric FortiCloud account unification. Valid values: `enable`, `disable`.
*/
forticloudAccountEnforcement?: pulumi.Input<string>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
getAllTables?: pulumi.Input<string>;
/**
* Security Fabric group name. All FortiGates in a Security Fabric must have the same group name.
*/
groupName?: pulumi.Input<string>;
/**
* Security Fabric group password. All FortiGates in a Security Fabric must have the same group password.
*/
groupPassword?: pulumi.Input<string>;
/**
* Enable/disable broadcast of discovery messages for log unification. Valid values: `disable`, `enable`.
*/
logUnification?: pulumi.Input<string>;
/**
* Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
*/
managementIp?: pulumi.Input<string>;
/**
* Overriding port for management connection (Overrides admin port).
*/
managementPort?: pulumi.Input<number>;
/**
* SAML setting configuration synchronization. Valid values: `default`, `local`.
*/
samlConfigurationSync?: pulumi.Input<string>;
/**
* Source IP address for communication with the upstream FortiGate.
*/
sourceIp?: pulumi.Input<string>;
/**
* Enable/disable Security Fabric. Valid values: `enable`, `disable`.
*/
status: pulumi.Input<string>;
/**
* Pre-authorized and blocked security fabric nodes. The structure of `trustedList` block is documented below.
*/
trustedLists?: pulumi.Input<pulumi.Input<inputs.system.CsfTrustedList>[]>;
/**
* Unique ID of the current CSF node
*/
uid?: pulumi.Input<string>;
/**
* IP/FQDN of the FortiGate upstream from this FortiGate in the Security Fabric.
*/
upstream?: pulumi.Input<string>;
/**
* Specify outgoing interface to reach server.
*/
upstreamInterface?: pulumi.Input<string>;
/**
* Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`.
*/
upstreamInterfaceSelectMethod?: pulumi.Input<string>;
/**
* IP address of the FortiGate upstream from this FortiGate in the Security Fabric.
*/
upstreamIp?: pulumi.Input<string>;
/**
* The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013).
*/
upstreamPort?: pulumi.Input<number>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
}