UNPKG

cdktf-crd

Version:

github.com/glacion/cdktf-typescript-crd

glacion/cdktf-typescript-crd

98 lines (97 loc) 6.79 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
import { Construct } from "constructs"; import { Manifest, type ManifestConfig } from "@cdktn/provider-kubernetes/lib/manifest"; export declare class NetworksecurityCnrmCloudGoogleComNetworkSecurityAuthorizationPolicyV1beta1 extends Manifest { constructor(scope: Construct, id: string, config: NetworksecurityCnrmCloudGoogleComNetworkSecurityAuthorizationPolicyV1beta1Config); } export interface NetworksecurityCnrmCloudGoogleComNetworkSecurityAuthorizationPolicyV1beta1Config extends ManifestConfig { manifest: { apiVersion: "networksecurity.cnrm.cloud.google.com/v1beta1"; kind: "NetworkSecurityAuthorizationPolicy"; metadata: { annotations?: { [key: string]: string; }; labels?: { [key: string]: string; }; name: string; namespace?: string; }; spec: { /** @description Required. The action to take when a rule match is found. Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, ALLOW, DENY */ action: string; /** @description Optional. Free-text description of the resource. */ description?: string; /** @description Immutable. The location for the resource */ location: string; /** @description Immutable. The Project that this resource belongs to. */ projectRef: { /** * @description The project for the resource * * Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). */ external?: string; /** @description Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names */ name?: string; /** @description Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ */ namespace?: string; } & (unknown | unknown); /** @description Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. */ resourceID?: string; /** @description Optional. List of rules to match. If not set, the action specified in the ‘action’ field will be applied without any additional rule checks. */ rules?: { /** @description Optional. List of attributes for the traffic destination. If not set, the action specified in the ‘action’ field will be applied without any rule checks for the destination. */ destinations?: { /** @description Required. List of host names to match. Matched against HOST header in http requests. Each host can be an exact match, or a prefix match (example, “mydomain.*”) or a suffix match (example, *.myorg.com”) or a presence(any) match “*”. */ hosts: string[]; /** @description Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. */ httpHeaderMatch?: { /** @description Required. The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method". */ headerName: string; /** @description Required. The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier. */ regexMatch: string; }; /** @description Optional. A list of HTTP methods to match. Should not be set for gRPC services. */ methods?: string[]; /** @description Required. List of destination ports to match. */ ports: number[]; }[]; /** @description Optional. List of attributes for the traffic source. If not set, the action specified in the ‘action’ field will be applied without any rule checks for the source. */ sources?: { /** @description Optional. List of CIDR ranges to match based on source IP address. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. */ ipBlocks?: string[]; /** @description Optional. List of peer identities to match for authorization. Each peer can be an exact match, or a prefix match (example, “namespace/*”) or a suffix match (example, *\/service-account”) or a presence match “*”. */ principals?: string[]; }[]; }[]; }; status?: { /** @description Conditions represent the latest available observation of the resource's current state. */ conditions?: { /** @description Last time the condition transitioned from one status to another. */ lastTransitionTime?: string; /** @description Human-readable message indicating details about last transition. */ message?: string; /** @description Unique, one-word, CamelCase reason for the condition's last transition. */ reason?: string; /** @description Status is the status of the condition. Can be True, False, Unknown. */ status?: string; /** @description Type is the type of the condition. */ type?: string; }[]; /** * Format: date-time * @description Output only. The timestamp when the resource was created. */ createTime?: string; /** @description ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. */ observedGeneration?: number; /** * Format: date-time * @description Output only. The timestamp when the resource was updated. */ updateTime?: string; }; }; }