import * as pulumi from "@pulumi/pulumi";
/**
 * Manages a Deployment Safeguard for a Kubernetes Cluster.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azure from "@pulumi/azure";
 *
 * const example = new azure.core.ResourceGroup("example", {
 *     name: "example-resources",
 *     location: "West Europe",
 * });
 * const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", {
 *     name: "example-aks",
 *     location: example.location,
 *     resourceGroupName: example.name,
 *     dnsPrefix: "exampleaks",
 *     defaultNodePool: {
 *         name: "default",
 *         nodeCount: 1,
 *         vmSize: "Standard_DS2_v2",
 *         upgradeSettings: {
 *             maxSurge: "10%",
 *         },
 *     },
 *     identity: {
 *         type: "SystemAssigned",
 *     },
 *     azurePolicyEnabled: true,
 * });
 * const exampleClusterDeploymentSafeguard = new azure.containerservice.ClusterDeploymentSafeguard("example", {
 *     kubernetesClusterId: exampleKubernetesCluster.id,
 *     level: "Enforce",
 *     excludedNamespaces: [
 *         "my-app-namespace",
 *         "legacy-app",
 *     ],
 *     podSecurityStandardsLevel: "Restricted",
 * });
 * ```
 *
 * ## API Providers
 *
 * <!-- This section is generated, changes will be overwritten -->
 * This resource uses the following Azure API Providers:
 *
 * * `Microsoft.ContainerService` - 2025-07-01
 *
 * ## Import
 *
 * Deployment Safeguards can be imported using the `resource id`, e.g.
 *
 * ```sh
 * $ pulumi import azure:containerservice/clusterDeploymentSafeguard:ClusterDeploymentSafeguard example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.ContainerService/managedClusters/cluster1
 * ```
 */
export declare class ClusterDeploymentSafeguard extends pulumi.CustomResource {
    /**
     * Get an existing ClusterDeploymentSafeguard resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClusterDeploymentSafeguardState, opts?: pulumi.CustomResourceOptions): ClusterDeploymentSafeguard;
    /**
     * Returns true if the given object is an instance of ClusterDeploymentSafeguard.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is ClusterDeploymentSafeguard;
    /**
     * A list of Kubernetes namespace names that should be excluded from Deployment Safeguards enforcement. This allows certain namespaces to bypass the configured policies.
     */
    readonly excludedNamespaces: pulumi.Output<string[] | undefined>;
    /**
     * Specifies the Kubernetes Cluster ID for which Deployment Safeguards should be configured. Changing this forces a new resource to be created.
     */
    readonly kubernetesClusterId: pulumi.Output<string>;
    /**
     * The level of Deployment Safeguards enforcement. Possible values are `Warn` and `Enforce`.
     */
    readonly level: pulumi.Output<string>;
    /**
     * The Pod Security Standards level to enforce. Possible values are `Baseline`, `Privileged`, and `Restricted`. Defaults to `Privileged`.
     */
    readonly podSecurityStandardsLevel: pulumi.Output<string | undefined>;
    /**
     * Create a ClusterDeploymentSafeguard resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: ClusterDeploymentSafeguardArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering ClusterDeploymentSafeguard resources.
 */
export interface ClusterDeploymentSafeguardState {
    /**
     * A list of Kubernetes namespace names that should be excluded from Deployment Safeguards enforcement. This allows certain namespaces to bypass the configured policies.
     */
    excludedNamespaces?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * Specifies the Kubernetes Cluster ID for which Deployment Safeguards should be configured. Changing this forces a new resource to be created.
     */
    kubernetesClusterId?: pulumi.Input<string>;
    /**
     * The level of Deployment Safeguards enforcement. Possible values are `Warn` and `Enforce`.
     */
    level?: pulumi.Input<string>;
    /**
     * The Pod Security Standards level to enforce. Possible values are `Baseline`, `Privileged`, and `Restricted`. Defaults to `Privileged`.
     */
    podSecurityStandardsLevel?: pulumi.Input<string>;
}
/**
 * The set of arguments for constructing a ClusterDeploymentSafeguard resource.
 */
export interface ClusterDeploymentSafeguardArgs {
    /**
     * A list of Kubernetes namespace names that should be excluded from Deployment Safeguards enforcement. This allows certain namespaces to bypass the configured policies.
     */
    excludedNamespaces?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * Specifies the Kubernetes Cluster ID for which Deployment Safeguards should be configured. Changing this forces a new resource to be created.
     */
    kubernetesClusterId: pulumi.Input<string>;
    /**
     * The level of Deployment Safeguards enforcement. Possible values are `Warn` and `Enforce`.
     */
    level: pulumi.Input<string>;
    /**
     * The Pod Security Standards level to enforce. Possible values are `Baseline`, `Privileged`, and `Restricted`. Defaults to `Privileged`.
     */
    podSecurityStandardsLevel?: pulumi.Input<string>;
}