import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * The zia_ssl_inspection_rules resource manages SSL inspection rules in the Zscaler Internet Access (ZIA) cloud service. SSL inspection rules determine whether to decrypt, not decrypt, or block SSL/TLS traffic based on criteria such as locations, departments, groups, users, URL categories, cloud applications, and platforms. * * For more information, see the [ZIA SSL Inspection documentation](https://help.zscaler.com/zia/about-ssl-inspection-policies). * * ## Example Usage * ### Basic SSL Inspection Rule * * ```typescript * import * as zia from "@bdzscaler/pulumi-zia"; * * const example = new zia.SslInspectionRule("example", { * name: "Example SSL Inspection Rule", * description: "Decrypt corporate traffic", * order: 1, * state: "ENABLED", * action: { * type: "DECRYPT", * showEun: false, * decryptSubActions: { * serverCertificates: "ALLOW", * ocspCheck: true, * http2Enabled: true, * }, * }, * urlCategories: ["ANY"], * }); * ``` * * ## Import * * An existing SSL Inspection Rule can be imported using its resource ID, e.g. * * ```sh * $ pulumi import zia:index:SslInspectionRule example 12345 * ``` */ export declare class SslInspectionRule extends pulumi.CustomResource { /** * Get an existing SslInspectionRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): SslInspectionRule; /** * Returns true if the given object is an instance of SslInspectionRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is SslInspectionRule; /** * The action configuration for the SSL inspection rule, including decrypt/do-not-decrypt sub-actions. */ readonly action: pulumi.Output; /** * List of cloud application names to which the rule applies. */ readonly cloudApplications: pulumi.Output; /** * IDs of departments to which the rule applies. */ readonly departments: pulumi.Output; /** * Additional information about the SSL inspection rule. */ readonly description: pulumi.Output; /** * IDs of destination IP address groups for the rule. */ readonly destIpGroups: pulumi.Output; /** * IDs of device groups to which the rule applies. */ readonly deviceGroups: pulumi.Output; /** * Device trust levels for the rule. Valid values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`. */ readonly deviceTrustLevels: pulumi.Output; /** * IDs of devices to which the rule applies. */ readonly devices: pulumi.Output; /** * IDs of groups to which the rule applies. */ readonly groups: pulumi.Output; /** * IDs of labels associated with the rule. */ readonly labels: pulumi.Output; /** * IDs of location groups to which the rule applies. */ readonly locationGroups: pulumi.Output; /** * IDs of locations to which the rule applies. */ readonly locations: pulumi.Output; /** * The name of the SSL inspection rule. Must be unique. */ readonly name: pulumi.Output; /** * The order of execution of the rule with respect to other SSL inspection rules. */ readonly order: pulumi.Output; /** * Platforms to which the rule applies (e.g., `SCAN_IOS`, `SCAN_ANDROID`, `SCAN_MACOS`, `SCAN_WINDOWS`, `SCAN_LINUX`). */ readonly platforms: pulumi.Output; /** * IDs of proxy gateway configurations for the rule. */ readonly proxyGateways: pulumi.Output; /** * Admin rank of the SSL inspection policy rule. Valid values: 0-7. Default: 7. */ readonly rank: pulumi.Output; /** * Indicates whether the rule applies to road warrior (remote) users using Kerberos authentication. */ readonly roadWarriorForKerberos: pulumi.Output; /** * The system-generated ID of the SSL inspection rule. */ readonly ruleId: pulumi.Output; /** * IDs of source IP address groups for the rule. */ readonly sourceIpGroups: pulumi.Output; /** * Rule state. Valid values: `ENABLED`, `DISABLED`. */ readonly state: pulumi.Output; /** * IDs of time intervals during which the rule must be enforced. */ readonly timeWindows: pulumi.Output; /** * List of URL categories to which the rule applies. */ readonly urlCategories: pulumi.Output; /** * User agent types the rule applies to. */ readonly userAgentTypes: pulumi.Output; /** * IDs of users to which the rule applies. */ readonly users: pulumi.Output; /** * List of preconfigured workload groups to which the policy must be applied. */ readonly workloadGroups: pulumi.Output; /** * Create a SslInspectionRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SslInspectionRuleArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a SslInspectionRule resource. */ export interface SslInspectionRuleArgs { /** * The action configuration for the SSL inspection rule, including decrypt/do-not-decrypt sub-actions. */ action: pulumi.Input; /** * List of cloud application names to which the rule applies. */ cloudApplications?: pulumi.Input[] | undefined>; /** * IDs of departments to which the rule applies. */ departments?: pulumi.Input[] | undefined>; /** * Additional information about the SSL inspection rule. */ description?: pulumi.Input; /** * IDs of destination IP address groups for the rule. */ destIpGroups?: pulumi.Input[] | undefined>; /** * IDs of device groups to which the rule applies. */ deviceGroups?: pulumi.Input[] | undefined>; /** * Device trust levels for the rule. Valid values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`. */ deviceTrustLevels?: pulumi.Input[] | undefined>; /** * IDs of devices to which the rule applies. */ devices?: pulumi.Input[] | undefined>; /** * IDs of groups to which the rule applies. */ groups?: pulumi.Input[] | undefined>; /** * IDs of labels associated with the rule. */ labels?: pulumi.Input[] | undefined>; /** * IDs of location groups to which the rule applies. */ locationGroups?: pulumi.Input[] | undefined>; /** * IDs of locations to which the rule applies. */ locations?: pulumi.Input[] | undefined>; /** * The name of the SSL inspection rule. Must be unique. */ name: pulumi.Input; /** * The order of execution of the rule with respect to other SSL inspection rules. */ order: pulumi.Input; /** * Platforms to which the rule applies (e.g., `SCAN_IOS`, `SCAN_ANDROID`, `SCAN_MACOS`, `SCAN_WINDOWS`, `SCAN_LINUX`). */ platforms?: pulumi.Input[] | undefined>; /** * IDs of proxy gateway configurations for the rule. */ proxyGateways?: pulumi.Input[] | undefined>; /** * Admin rank of the SSL inspection policy rule. Valid values: 0-7. Default: 7. */ rank?: pulumi.Input; /** * Indicates whether the rule applies to road warrior (remote) users using Kerberos authentication. */ roadWarriorForKerberos?: pulumi.Input; /** * IDs of source IP address groups for the rule. */ sourceIpGroups?: pulumi.Input[] | undefined>; /** * Rule state. Valid values: `ENABLED`, `DISABLED`. */ state?: pulumi.Input; /** * IDs of time intervals during which the rule must be enforced. */ timeWindows?: pulumi.Input[] | undefined>; /** * List of URL categories to which the rule applies. */ urlCategories?: pulumi.Input[] | undefined>; /** * User agent types the rule applies to. */ userAgentTypes?: pulumi.Input[] | undefined>; /** * IDs of users to which the rule applies. */ users?: pulumi.Input[] | undefined>; /** * List of preconfigured workload groups to which the policy must be applied. */ workloadGroups?: pulumi.Input[] | undefined>; } //# sourceMappingURL=sslInspectionRule.d.ts.map