import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * Defines a set of Fastly ACL entries that can be used to populate a service ACL. This resource will populate an ACL with the entries and will track their state. * * > **Note:** By default the Terraform provider allows you to externally manage the entries via API or UI. * If you wish to apply your changes in the HCL, then you should explicitly set the `manageEntries` attribute. An example of this configuration is provided below. * * ## Example Usage * * ### Terraform >= 0.12.6) * * Basic usage: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as fastly from "@pulumi/fastly"; * * const config = new pulumi.Config(); * const myaclName = config.get("myaclName") || "My ACL"; * const myservice = new fastly.ServiceVcl("myservice", { * name: "demofastly", * domains: [{ * name: "demo.notexample.com", * comment: "demo", * }], * backends: [{ * address: "http-me.fastly.dev", * name: "Glitch Test Site", * port: 80, * }], * acls: [{ * name: myaclName, * }], * forceDestroy: true, * }); * const entries: fastly.ServiceACLEntries[] = []; * myservice.acls.apply(acls => { * const entries: fastly.ServiceACLEntries[] = []; * pulumi.all(.filter(d => d.name == myaclName).reduce((__obj, d) => ({ ...__obj, [d.name]: d }), {})).apply(rangeBody => { * for (const range of Object.entries(rangeBody).sort().map(([k, v]) => ({key: k, value: v}))) { * entries.push(new fastly.ServiceACLEntries(`entries-${range.key}`, { * serviceId: myservice.id, * aclId: range.value.aclId, * entries: [{ * ip: "127.0.0.1", * subnet: "24", * negated: false, * comment: "ACL Entry 1", * }], * })); * } * }); * }); * ``` * * Complex object usage: * * The following example demonstrates the use of dynamic nested blocks to create ACL entries. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as fastly from "@pulumi/fastly"; * * const aclName = "my_acl"; * const aclEntries = [ * { * ip: "1.2.3.4", * comment: "acl_entry_1", * }, * { * ip: "1.2.3.5", * comment: "acl_entry_2", * }, * { * ip: "1.2.3.6", * comment: "acl_entry_3", * }, * ]; * const myservice = new fastly.ServiceVcl("myservice", { * name: "demofastly", * domains: [{ * name: "demo.notexample.com", * comment: "demo", * }], * backends: [{ * address: "1.2.3.4", * name: "localhost", * port: 80, * }], * acls: [{ * name: aclName, * }], * forceDestroy: true, * }); * const entries: fastly.ServiceACLEntries[] = []; * myservice.acls.apply(acls => { * const entries: fastly.ServiceACLEntries[] = []; * pulumi.all(.filter(d => d.name == aclName).reduce((__obj, d) => ({ ...__obj, [d.name]: d }), {})).apply(rangeBody => { * for (const range of Object.entries(rangeBody).sort().map(([k, v]) => ({key: k, value: v}))) { * entries.push(new fastly.ServiceACLEntries(`entries-${range.key}`, { * entries: aclEntries.map(e => ({ * ip: e.ip, * comment: e.comment, * })).map(entry => ({ * ip: entry.ip, * subnet: "22", * comment: entry.comment, * negated: false, * })), * serviceId: myservice.id, * aclId: range.value.aclId, * })); * } * }); * }); * ``` * * ### Terraform >= 0.12.0 && < 0.12.6) * * `forEach` attributes were not available in Terraform before 0.12.6, however, users can still use `for` expressions to achieve * similar behaviour as seen in the example below. * * > **Warning:** Terraform might not properly calculate implicit dependencies on computed attributes when using `for` expressions * * For scenarios such as adding an ACL to a service and at the same time, creating the ACL entries (`fastly.ServiceACLEntries`) * resource, Terraform will not calculate implicit dependencies correctly on `for` expressions. This will result in index lookup * problems and the execution will fail. * * For those scenarios, it's recommended to split the changes into two distinct steps: * * 1. Add the `acl` block to the `fastly.ServiceVcl` and apply the changes * 2. Add the `fastly.ServiceACLEntries` resource with the `for` expressions to the HCL and apply the changes * * Usage: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as fastly from "@pulumi/fastly"; * * const config = new pulumi.Config(); * const myaclName = config.get("myaclName") || "My ACL"; * const myservice = new fastly.ServiceVcl("myservice", { * name: "demofastly", * domains: [{ * name: "demo.notexample.com", * comment: "demo", * }], * acls: [{ * name: myaclName, * }], * }); * const entries = new fastly.ServiceACLEntries("entries", { * serviceId: myservice.id, * aclId: myservice.acls.apply(acls => .reduce((__obj, d) => ({ ...__obj, [d.name]: d.aclId }), {})[myaclName]), * entries: [{ * ip: "127.0.0.1", * subnet: "24", * negated: false, * comment: "ACL Entry 1", * }], * }); * ``` * * ### Reapplying original entries with `manageEntries` if the state of the entries drifts * * By default the user is opted out from reapplying the original changes if the entries are managed externally. * The following example demonstrates how the `manageEntries` field can be used to reapply the changes defined in the HCL if the state of the entries drifts. * When the value is explicitly set to 'true', Terraform will keep the original changes and discard any other changes made under this resource outside of Terraform. * * > **Warning:** You will lose externally managed entries if `manage_entries=true`. * * > **Note:** The `ignoreChanges` built-in meta-argument takes precedence over `manageEntries` regardless of its value. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as fastly from "@pulumi/fastly"; * * //... * const entries: fastly.ServiceACLEntries[] = []; * for (const range of Object.entries(.filter(d => d.name == myaclName).reduce((__obj, d) => ({ ...__obj, [d.name]: d }), {})).sort().map(([k, v]) => ({key: k, value: v}))) { * entries.push(new fastly.ServiceACLEntries(`entries-${range.key}`, { * serviceId: myservice.id, * aclId: range.value.aclId, * manageEntries: true, * entries: [{ * ip: "127.0.0.1", * subnet: "24", * negated: false, * comment: "ACL Entry 1", * }], * })); * } * ``` * * ## Import * * This is an example of the import command being applied to the resource named `fastly_service_acl_entries.entries` * The resource ID is a combined value of the `serviceId` and `aclId` separated by a forward slash. * * ```sh * $ pulumi import fastly:index/serviceACLEntries:ServiceACLEntries entries xxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx * ``` * * If Terraform is already managing remote acl entries against a resource being imported then the user will be asked to remove it from the existing Terraform state. * The following is an example of the Terraform state command to remove the resource named `fastly_service_acl_entries.entries` from the Terraform state file. * * ```sh * $ terraform state rm fastly_service_acl_entries.entries * ``` */ export declare class ServiceACLEntries extends pulumi.CustomResource { /** * Get an existing ServiceACLEntries resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ServiceACLEntriesState, opts?: pulumi.CustomResourceOptions): ServiceACLEntries; /** * Returns true if the given object is an instance of ServiceACLEntries. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ServiceACLEntries; /** * The ID of the ACL that the items belong to */ readonly aclId: pulumi.Output; /** * ACL Entries */ readonly entries: pulumi.Output; /** * Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally */ readonly manageEntries: pulumi.Output; /** * The ID of the Service that the ACL belongs to */ readonly serviceId: pulumi.Output; /** * Create a ServiceACLEntries resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ServiceACLEntriesArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ServiceACLEntries resources. */ export interface ServiceACLEntriesState { /** * The ID of the ACL that the items belong to */ aclId?: pulumi.Input; /** * ACL Entries */ entries?: pulumi.Input[] | undefined>; /** * Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally */ manageEntries?: pulumi.Input; /** * The ID of the Service that the ACL belongs to */ serviceId?: pulumi.Input; } /** * The set of arguments for constructing a ServiceACLEntries resource. */ export interface ServiceACLEntriesArgs { /** * The ID of the ACL that the items belong to */ aclId: pulumi.Input; /** * ACL Entries */ entries?: pulumi.Input[] | undefined>; /** * Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally */ manageEntries?: pulumi.Input; /** * The ID of the Service that the ACL belongs to */ serviceId: pulumi.Input; } //# sourceMappingURL=serviceACLEntries.d.ts.map