@twingate/pulumi-twingate
Version:
A Pulumi package for creating and managing Twingate cloud resources.
801 lines (800 loc) • 27.3 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
export interface GetTwingateDNSFilteringProfileAllowedDomains {
/**
* A set of allowed domains.
*/
domains?: string[];
}
export interface GetTwingateDNSFilteringProfileAllowedDomainsArgs {
/**
* A set of allowed domains.
*/
domains?: pulumi.Input<pulumi.Input<string>[]>;
}
export interface GetTwingateDNSFilteringProfileContentCategories {
/**
* Whether to block adult content.
*/
blockAdultContent?: boolean;
/**
* Whether to block dating content.
*/
blockDating?: boolean;
/**
* Whether to block gambling content.
*/
blockGambling?: boolean;
/**
* Whether to block games.
*/
blockGames?: boolean;
/**
* Whether to block piracy sites.
*/
blockPiracy?: boolean;
/**
* Whether to block social media.
*/
blockSocialMedia?: boolean;
/**
* Whether to block streaming content.
*/
blockStreaming?: boolean;
/**
* Whether to force safe search.
*/
enableSafesearch?: boolean;
/**
* Whether to force YouTube to use restricted mode.
*/
enableYoutubeRestrictedMode?: boolean;
}
export interface GetTwingateDNSFilteringProfileContentCategoriesArgs {
/**
* Whether to block adult content.
*/
blockAdultContent?: pulumi.Input<boolean>;
/**
* Whether to block dating content.
*/
blockDating?: pulumi.Input<boolean>;
/**
* Whether to block gambling content.
*/
blockGambling?: pulumi.Input<boolean>;
/**
* Whether to block games.
*/
blockGames?: pulumi.Input<boolean>;
/**
* Whether to block piracy sites.
*/
blockPiracy?: pulumi.Input<boolean>;
/**
* Whether to block social media.
*/
blockSocialMedia?: pulumi.Input<boolean>;
/**
* Whether to block streaming content.
*/
blockStreaming?: pulumi.Input<boolean>;
/**
* Whether to force safe search.
*/
enableSafesearch?: pulumi.Input<boolean>;
/**
* Whether to force YouTube to use restricted mode.
*/
enableYoutubeRestrictedMode?: pulumi.Input<boolean>;
}
export interface GetTwingateDNSFilteringProfileDeniedDomains {
/**
* A set of denied domains.
*/
domains?: string[];
}
export interface GetTwingateDNSFilteringProfileDeniedDomainsArgs {
/**
* A set of denied domains.
*/
domains?: pulumi.Input<pulumi.Input<string>[]>;
}
export interface GetTwingateDNSFilteringProfilePrivacyCategories {
/**
* Whether to block ads and trackers.
*/
blockAdsAndTrackers?: boolean;
/**
* Whether to block affiliate links.
*/
blockAffiliateLinks?: boolean;
/**
* Whether to block disguised third party trackers.
*/
blockDisguisedTrackers?: boolean;
}
export interface GetTwingateDNSFilteringProfilePrivacyCategoriesArgs {
/**
* Whether to block ads and trackers.
*/
blockAdsAndTrackers?: pulumi.Input<boolean>;
/**
* Whether to block affiliate links.
*/
blockAffiliateLinks?: pulumi.Input<boolean>;
/**
* Whether to block disguised third party trackers.
*/
blockDisguisedTrackers?: pulumi.Input<boolean>;
}
export interface GetTwingateDNSFilteringProfileSecurityCategories {
/**
* Whether to block cryptojacking sites.
*/
blockCryptojacking?: boolean;
/**
* Blocks public DNS entries from returning private IP addresses.
*/
blockDnsRebinding?: boolean;
/**
* Blocks DGA domains.
*/
blockDomainGenerationAlgorithms?: boolean;
/**
* Whether to block homoglyph attacks.
*/
blockIdnHomoglyph?: boolean;
/**
* Blocks newly registered domains.
*/
blockNewlyRegisteredDomains?: boolean;
/**
* Block parked domains.
*/
blockParkedDomains?: boolean;
/**
* Blocks typosquatted domains.
*/
blockTyposquatting?: boolean;
/**
* Whether to use Google Safe browsing lists to block content.
*/
enableGoogleSafeBrowsing?: boolean;
/**
* Whether to filter content using threat intelligence feeds.
*/
enableThreatIntelligenceFeeds?: boolean;
}
export interface GetTwingateDNSFilteringProfileSecurityCategoriesArgs {
/**
* Whether to block cryptojacking sites.
*/
blockCryptojacking?: pulumi.Input<boolean>;
/**
* Blocks public DNS entries from returning private IP addresses.
*/
blockDnsRebinding?: pulumi.Input<boolean>;
/**
* Blocks DGA domains.
*/
blockDomainGenerationAlgorithms?: pulumi.Input<boolean>;
/**
* Whether to block homoglyph attacks.
*/
blockIdnHomoglyph?: pulumi.Input<boolean>;
/**
* Blocks newly registered domains.
*/
blockNewlyRegisteredDomains?: pulumi.Input<boolean>;
/**
* Block parked domains.
*/
blockParkedDomains?: pulumi.Input<boolean>;
/**
* Blocks typosquatted domains.
*/
blockTyposquatting?: pulumi.Input<boolean>;
/**
* Whether to use Google Safe browsing lists to block content.
*/
enableGoogleSafeBrowsing?: pulumi.Input<boolean>;
/**
* Whether to filter content using threat intelligence feeds.
*/
enableThreatIntelligenceFeeds?: pulumi.Input<boolean>;
}
export interface GetTwingateResourceProtocols {
/**
* Whether to allow ICMP (ping) traffic
*/
allowIcmp?: boolean;
tcp?: inputs.GetTwingateResourceProtocolsTcp;
udp?: inputs.GetTwingateResourceProtocolsUdp;
}
export interface GetTwingateResourceProtocolsArgs {
/**
* Whether to allow ICMP (ping) traffic
*/
allowIcmp?: pulumi.Input<boolean>;
tcp?: pulumi.Input<inputs.GetTwingateResourceProtocolsTcpArgs>;
udp?: pulumi.Input<inputs.GetTwingateResourceProtocolsUdpArgs>;
}
export interface GetTwingateResourceProtocolsTcp {
/**
* Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
*/
policy?: string;
/**
* List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
*/
ports?: string[];
}
export interface GetTwingateResourceProtocolsTcpArgs {
/**
* Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
*/
policy?: pulumi.Input<string>;
/**
* List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
*/
ports?: pulumi.Input<pulumi.Input<string>[]>;
}
export interface GetTwingateResourceProtocolsUdp {
/**
* Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
*/
policy?: string;
/**
* List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
*/
ports?: string[];
}
export interface GetTwingateResourceProtocolsUdpArgs {
/**
* Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
*/
policy?: pulumi.Input<string>;
/**
* List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
*/
ports?: pulumi.Input<pulumi.Input<string>[]>;
}
export interface ProviderCache {
/**
* Specifies whether the provider should cache groups. The default value is `true`.
*/
groupsEnabled?: pulumi.Input<boolean>;
/**
* Specifies the filter for the groups to be cached.
*/
groupsFilter?: pulumi.Input<inputs.ProviderCacheGroupsFilter>;
/**
* Specifies whether the provider should cache resources. The default value is `true`.
*/
resourceEnabled?: pulumi.Input<boolean>;
/**
* Specifies the filter for the resources to be cached.
*/
resourcesFilter?: pulumi.Input<inputs.ProviderCacheResourcesFilter>;
}
export interface ProviderCacheGroupsFilter {
/**
* Returns only Groups matching the specified state.
*/
isActive?: pulumi.Input<boolean>;
/**
* Returns only groups that exactly match this name. If no options are passed it will return all resources. Only one option can be used at a time.
*/
name?: pulumi.Input<string>;
/**
* Match when the value exist in the name of the group.
*/
nameContains?: pulumi.Input<string>;
/**
* Match when the exact value does not exist in the name of the group.
*/
nameExclude?: pulumi.Input<string>;
/**
* The name of the group must start with the value.
*/
namePrefix?: pulumi.Input<string>;
/**
* The regular expression match of the name of the group.
*/
nameRegexp?: pulumi.Input<string>;
/**
* The name of the group must end with the value.
*/
nameSuffix?: pulumi.Input<string>;
/**
* Returns groups that match a list of types. valid types: `MANUAL`, `SYNCED`, `SYSTEM`.
*/
types?: pulumi.Input<pulumi.Input<string>[]>;
}
export interface ProviderCacheResourcesFilter {
/**
* Returns only resources that exactly match this name. If no options are passed it will return all resources. Only one option can be used at a time.
*/
name?: pulumi.Input<string>;
/**
* Match when the value exist in the name of the resource.
*/
nameContains?: pulumi.Input<string>;
/**
* Match when the exact value does not exist in the name of the resource.
*/
nameExclude?: pulumi.Input<string>;
/**
* The name of the resource must start with the value.
*/
namePrefix?: pulumi.Input<string>;
/**
* The regular expression match of the name of the resource.
*/
nameRegexp?: pulumi.Input<string>;
/**
* The name of the resource must end with the value.
*/
nameSuffix?: pulumi.Input<string>;
/**
* Returns only resources that exactly match the given tags.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
}
export interface ProviderDefaultTags {
/**
* A map of key-value pair tags to be set on all resources by default.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
}
export interface TwingateDNSFilteringProfileAllowedDomains {
/**
* A set of allowed domains. Defaults to an empty set.
*/
domains?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether Terraform should override changes made outside of Terraform. Defaults to true.
*/
isAuthoritative?: pulumi.Input<boolean>;
}
export interface TwingateDNSFilteringProfileContentCategories {
/**
* Whether to block adult content. Defaults to false.
*/
blockAdultContent?: pulumi.Input<boolean>;
/**
* Whether to block dating content. Defaults to false.
*/
blockDating?: pulumi.Input<boolean>;
/**
* Whether to block gambling content. Defaults to false.
*/
blockGambling?: pulumi.Input<boolean>;
/**
* Whether to block games. Defaults to false.
*/
blockGames?: pulumi.Input<boolean>;
/**
* Whether to block piracy sites. Defaults to false.
*/
blockPiracy?: pulumi.Input<boolean>;
/**
* Whether to block social media. Defaults to false.
*/
blockSocialMedia?: pulumi.Input<boolean>;
/**
* Whether to block streaming content. Defaults to false.
*/
blockStreaming?: pulumi.Input<boolean>;
/**
* Whether to force safe search. Defaults to false.
*/
enableSafesearch?: pulumi.Input<boolean>;
/**
* Whether to force YouTube to use restricted mode. Defaults to false.
*/
enableYoutubeRestrictedMode?: pulumi.Input<boolean>;
}
export interface TwingateDNSFilteringProfileDeniedDomains {
/**
* A set of denied domains. Defaults to an empty set.
*/
domains?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether Terraform should override changes made outside of Terraform. Defaults to true.
*/
isAuthoritative?: pulumi.Input<boolean>;
}
export interface TwingateDNSFilteringProfilePrivacyCategories {
/**
* Whether to block ads and trackers. Defaults to false.
*/
blockAdsAndTrackers?: pulumi.Input<boolean>;
/**
* Whether to block affiliate links. Defaults to false.
*/
blockAffiliateLinks?: pulumi.Input<boolean>;
/**
* Whether to block disguised third party trackers. Defaults to false.
*/
blockDisguisedTrackers?: pulumi.Input<boolean>;
}
export interface TwingateDNSFilteringProfileSecurityCategories {
/**
* Whether to block cryptojacking sites. Defaults to true.
*/
blockCryptojacking?: pulumi.Input<boolean>;
/**
* Blocks public DNS entries from returning private IP addresses. Defaults to true.
*/
blockDnsRebinding?: pulumi.Input<boolean>;
/**
* Blocks DGA domains. Defaults to true.
*/
blockDomainGenerationAlgorithms?: pulumi.Input<boolean>;
/**
* Whether to block homoglyph attacks. Defaults to true.
*/
blockIdnHomoglyph?: pulumi.Input<boolean>;
/**
* Blocks newly registered domains. Defaults to true.
*/
blockNewlyRegisteredDomains?: pulumi.Input<boolean>;
/**
* Block parked domains. Defaults to true.
*/
blockParkedDomains?: pulumi.Input<boolean>;
/**
* Blocks typosquatted domains. Defaults to true.
*/
blockTyposquatting?: pulumi.Input<boolean>;
/**
* Whether to use Google Safe browsing lists to block content. Defaults to true.
*/
enableGoogleSafeBrowsing?: pulumi.Input<boolean>;
/**
* Whether to filter content using threat intelligence feeds. Defaults to true.
*/
enableThreatIntelligenceFeeds?: pulumi.Input<boolean>;
}
export interface TwingateGatewayConfigKubernetes {
/**
* List of Kubernetes resources. Accepts full twingate*kubernetes*resource references.
*/
resources?: pulumi.Input<pulumi.Input<inputs.TwingateGatewayConfigKubernetesResource>[]>;
}
export interface TwingateGatewayConfigKubernetesResource {
address: pulumi.Input<string>;
inCluster: pulumi.Input<boolean>;
name: pulumi.Input<string>;
}
export interface TwingateGatewayConfigSsh {
/**
* SSH CA configuration. Specify either vault.address or private*key*file, not both.
*/
ca?: pulumi.Input<inputs.TwingateGatewayConfigSshCa>;
/**
* SSH gateway settings. All fields are optional and fall back to built-in defaults.
*/
gateway?: pulumi.Input<inputs.TwingateGatewayConfigSshGateway>;
/**
* List of SSH resources. Accepts full twingate*ssh*resource references.
*/
resources?: pulumi.Input<pulumi.Input<inputs.TwingateGatewayConfigSshResource>[]>;
}
export interface TwingateGatewayConfigSshCa {
/**
* Path to the SSH CA private key file. Can't be used together with vault.address.
*/
privateKeyFile?: pulumi.Input<string>;
/**
* Vault SSH CA configuration.
*/
vault?: pulumi.Input<inputs.TwingateGatewayConfigSshCaVault>;
}
export interface TwingateGatewayConfigSshCaVault {
/**
* Vault server address. Can't be used together with ca.private*key*file.
*/
address?: pulumi.Input<string>;
/**
* Vault authentication configuration.
*/
auth?: pulumi.Input<inputs.TwingateGatewayConfigSshCaVaultAuth>;
/**
* Path to the Vault CA bundle file. Default: "/etc/ssl/vault-ca.crt".
*/
caBundleFile?: pulumi.Input<string>;
/**
* Vault SSH secrets engine mount path. Default: "ssh".
*/
mount?: pulumi.Input<string>;
/**
* Vault role for signing certificates. Default: "gateway".
*/
role?: pulumi.Input<string>;
}
export interface TwingateGatewayConfigSshCaVaultAuth {
/**
* GCP authentication for Vault. Can't be used together with token.
*/
gcp?: pulumi.Input<inputs.TwingateGatewayConfigSshCaVaultAuthGcp>;
/**
* Vault token used for authentication. Can't be used together with gcp.
*/
token?: pulumi.Input<string>;
}
export interface TwingateGatewayConfigSshCaVaultAuthGcp {
/**
* Vault GCP auth mount path. Default: "gcp".
*/
mount?: pulumi.Input<string>;
/**
* GCP IAM role for Vault GCP authentication.
*/
role?: pulumi.Input<string>;
/**
* Service account email. Required when type is "iam".
*/
serviceAccountEmail?: pulumi.Input<string>;
/**
* GCP authentication type for Vault (e.g. "iam" or "gce"). When set to "iam", service*account*email is required.
*/
type?: pulumi.Input<string>;
}
export interface TwingateGatewayConfigSshGateway {
/**
* Host certificate TTL. Default: "24h".
*/
hostCertTtl?: pulumi.Input<string>;
/**
* SSH key type. Default: "ed25519".
*/
keyType?: pulumi.Input<string>;
/**
* User certificate TTL. Default: "5m".
*/
userCertTtl?: pulumi.Input<string>;
/**
* SSH gateway username. Default: "gateway".
*/
username?: pulumi.Input<string>;
}
export interface TwingateGatewayConfigSshResource {
address: pulumi.Input<string>;
name: pulumi.Input<string>;
username: pulumi.Input<string>;
}
export interface TwingateGatewayConfigTls {
/**
* Path to the TLS certificate file. Default: "/etc/gateway/tls.crt".
*/
certificateFile?: pulumi.Input<string>;
/**
* Path to the TLS private key file. Default: "/etc/gateway/tls.key".
*/
privateKeyFile?: pulumi.Input<string>;
}
export interface TwingateKubernetesResourceAccessGroup {
/**
* Restrict access according to JIT access policy
*/
accessPolicies?: pulumi.Input<pulumi.Input<inputs.TwingateKubernetesResourceAccessGroupAccessPolicy>[]>;
/**
* Group ID that will have permission to access the Resource.
*/
groupId?: pulumi.Input<string>;
/**
* The ID of a `twingate.getTwingateSecurityPolicy` to use as the access policy for the group IDs in the access block. Default is 'Null' which points to `Default Policy` on Admin console.
*/
securityPolicyId?: pulumi.Input<string>;
}
export interface TwingateKubernetesResourceAccessGroupAccessPolicy {
/**
* This will set the approval model for the policy. The valid values are `AUTOMATIC` and `MANUAL`.
*/
approvalMode?: pulumi.Input<string>;
/**
* This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include `1h` and `2d`.
*/
duration?: pulumi.Input<string>;
/**
* This will set the accessPolicy mode for the policy. The valid values are `MANUAL`, `AUTO_LOCK` and `ACCESS_REQUEST`.
*/
mode?: pulumi.Input<string>;
}
export interface TwingateKubernetesResourceAccessPolicy {
/**
* This will set the approval model for the policy. The valid values are `AUTOMATIC` and `MANUAL`.
*/
approvalMode?: pulumi.Input<string>;
/**
* This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include `1h` and `2d`.
*/
duration?: pulumi.Input<string>;
/**
* This will set the accessPolicy mode for the policy. The valid values are `MANUAL`, `AUTO_LOCK` and `ACCESS_REQUEST`.
*/
mode?: pulumi.Input<string>;
}
export interface TwingateKubernetesResourceProtocols {
/**
* Whether to allow ICMP (ping) traffic
*/
allowIcmp?: pulumi.Input<boolean>;
tcp?: pulumi.Input<inputs.TwingateKubernetesResourceProtocolsTcp>;
udp?: pulumi.Input<inputs.TwingateKubernetesResourceProtocolsUdp>;
}
export interface TwingateKubernetesResourceProtocolsTcp {
/**
* Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
*/
policy?: pulumi.Input<string>;
/**
* List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
*/
ports?: pulumi.Input<pulumi.Input<string>[]>;
}
export interface TwingateKubernetesResourceProtocolsUdp {
/**
* Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
*/
policy?: pulumi.Input<string>;
/**
* List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
*/
ports?: pulumi.Input<pulumi.Input<string>[]>;
}
export interface TwingateResourceAccessGroup {
/**
* Restrict access according to JIT access policy
*/
accessPolicies?: pulumi.Input<pulumi.Input<inputs.TwingateResourceAccessGroupAccessPolicy>[]>;
/**
* Group ID that will have permission to access the Resource.
*/
groupId?: pulumi.Input<string>;
/**
* The ID of a `twingate.getTwingateSecurityPolicy` to use as the access policy for the group IDs in the access block. Default is 'Null' which points to `Default Policy` on Admin console.
*/
securityPolicyId?: pulumi.Input<string>;
}
export interface TwingateResourceAccessGroupAccessPolicy {
/**
* This will set the approval model for the policy. The valid values are `AUTOMATIC` and `MANUAL`.
*/
approvalMode?: pulumi.Input<string>;
/**
* This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include `1h` and `2d`.
*/
duration?: pulumi.Input<string>;
/**
* This will set the accessPolicy mode for the policy. The valid values are `MANUAL`, `AUTO_LOCK` and `ACCESS_REQUEST`.
*/
mode?: pulumi.Input<string>;
}
export interface TwingateResourceAccessPolicy {
/**
* This will set the approval model for the policy. The valid values are `AUTOMATIC` and `MANUAL`.
*/
approvalMode?: pulumi.Input<string>;
/**
* This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include `1h` and `2d`.
*/
duration?: pulumi.Input<string>;
/**
* This will set the accessPolicy mode for the policy. The valid values are `MANUAL`, `AUTO_LOCK` and `ACCESS_REQUEST`.
*/
mode?: pulumi.Input<string>;
}
export interface TwingateResourceAccessService {
/**
* The ID of the service account that should have access to this Resource.
*/
serviceAccountId?: pulumi.Input<string>;
}
export interface TwingateResourceProtocols {
/**
* Whether to allow ICMP (ping) traffic
*/
allowIcmp?: pulumi.Input<boolean>;
tcp?: pulumi.Input<inputs.TwingateResourceProtocolsTcp>;
udp?: pulumi.Input<inputs.TwingateResourceProtocolsUdp>;
}
export interface TwingateResourceProtocolsTcp {
/**
* Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
*/
policy?: pulumi.Input<string>;
/**
* List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
*/
ports?: pulumi.Input<pulumi.Input<string>[]>;
}
export interface TwingateResourceProtocolsUdp {
/**
* Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
*/
policy?: pulumi.Input<string>;
/**
* List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
*/
ports?: pulumi.Input<pulumi.Input<string>[]>;
}
export interface TwingateSSHResourceAccessGroup {
/**
* Restrict access according to JIT access policy
*/
accessPolicies?: pulumi.Input<pulumi.Input<inputs.TwingateSSHResourceAccessGroupAccessPolicy>[]>;
/**
* Group ID that will have permission to access the Resource.
*/
groupId?: pulumi.Input<string>;
/**
* The ID of a `twingate.getTwingateSecurityPolicy` to use as the access policy for the group IDs in the access block. Default is 'Null' which points to `Default Policy` on Admin console.
*/
securityPolicyId?: pulumi.Input<string>;
}
export interface TwingateSSHResourceAccessGroupAccessPolicy {
/**
* This will set the approval model for the policy. The valid values are `AUTOMATIC` and `MANUAL`.
*/
approvalMode?: pulumi.Input<string>;
/**
* This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include `1h` and `2d`.
*/
duration?: pulumi.Input<string>;
/**
* This will set the accessPolicy mode for the policy. The valid values are `MANUAL`, `AUTO_LOCK` and `ACCESS_REQUEST`.
*/
mode?: pulumi.Input<string>;
}
export interface TwingateSSHResourceAccessPolicy {
/**
* This will set the approval model for the policy. The valid values are `AUTOMATIC` and `MANUAL`.
*/
approvalMode?: pulumi.Input<string>;
/**
* This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include `1h` and `2d`.
*/
duration?: pulumi.Input<string>;
/**
* This will set the accessPolicy mode for the policy. The valid values are `MANUAL`, `AUTO_LOCK` and `ACCESS_REQUEST`.
*/
mode?: pulumi.Input<string>;
}
export interface TwingateSSHResourceProtocols {
/**
* Whether to allow ICMP (ping) traffic
*/
allowIcmp?: pulumi.Input<boolean>;
tcp?: pulumi.Input<inputs.TwingateSSHResourceProtocolsTcp>;
udp?: pulumi.Input<inputs.TwingateSSHResourceProtocolsUdp>;
}
export interface TwingateSSHResourceProtocolsTcp {
/**
* Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
*/
policy?: pulumi.Input<string>;
/**
* List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
*/
ports?: pulumi.Input<pulumi.Input<string>[]>;
}
export interface TwingateSSHResourceProtocolsUdp {
/**
* Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL`
*/
policy?: pulumi.Input<string>;
/**
* List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port
*/
ports?: pulumi.Input<pulumi.Input<string>[]>;
}
export declare namespace config {
}