import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manage a single EgressPolicy in the status (enforced) configuration for a service perimeter. * EgressPolicies match requests based on egressFrom and egressTo stanzas. * For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. * If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter * boundary. For example, an EgressPolicy can be used to allow VMs on networks * within the ServicePerimeter to access a defined set of projects outside the * perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket * or query against a BigQuery dataset). * * > **Note:** By default, updates to this resource will remove the EgressPolicy from the * from the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy * is added before the old one is removed, add a `lifecycle` block with `createBeforeDestroy = true` to this resource. * **Note:** If this resource is used alongside a `gcp.accesscontextmanager.ServicePerimeter` resource, * the service perimeter resource must have a `lifecycle` block with `ignoreChanges = [status[0].egress_policies]` so * they don't fight over which egress rules should be in the policy. * * To get more information about ServicePerimeterEgressPolicy, see: * * * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy) * * How-to Guides * * [Guide to Ingress and Egress Rules](https://cloud.google.com/vpc-service-controls/docs/ingress-egress-rules) * * ## Example Usage */ export declare class ServicePerimeterEgressPolicy extends pulumi.CustomResource { /** * Get an existing ServicePerimeterEgressPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ServicePerimeterEgressPolicyState, opts?: pulumi.CustomResourceOptions): ServicePerimeterEgressPolicy; /** * Returns true if the given object is an instance of ServicePerimeterEgressPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ServicePerimeterEgressPolicy; /** * The name of the Access Policy this resource belongs to. */ readonly accessPolicyId: pulumi.Output; /** * Defines conditions on the source of a request causing this `EgressPolicy` to apply. * Structure is documented below. */ readonly egressFrom: pulumi.Output; /** * Defines the conditions on the `ApiOperation` and destination resources that * cause this `EgressPolicy` to apply. * Structure is documented below. */ readonly egressTo: pulumi.Output; /** * The perimeter etag is internally used to prevent overwriting the list of policies on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of policies. The policy defined in this resource is added or removed from that list, and then this etag is sent with the PATCH call along with the updated policies. */ readonly etag: pulumi.Output; /** * The name of the Service Perimeter to add this resource to. */ readonly perimeter: pulumi.Output; /** * Human readable title. Must be unique within the perimeter. Does not affect behavior. */ readonly title: pulumi.Output; /** * Create a ServicePerimeterEgressPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ServicePerimeterEgressPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ServicePerimeterEgressPolicy resources. */ export interface ServicePerimeterEgressPolicyState { /** * The name of the Access Policy this resource belongs to. */ accessPolicyId?: pulumi.Input; /** * Defines conditions on the source of a request causing this `EgressPolicy` to apply. * Structure is documented below. */ egressFrom?: pulumi.Input; /** * Defines the conditions on the `ApiOperation` and destination resources that * cause this `EgressPolicy` to apply. * Structure is documented below. */ egressTo?: pulumi.Input; /** * The perimeter etag is internally used to prevent overwriting the list of policies on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of policies. The policy defined in this resource is added or removed from that list, and then this etag is sent with the PATCH call along with the updated policies. */ etag?: pulumi.Input; /** * The name of the Service Perimeter to add this resource to. */ perimeter?: pulumi.Input; /** * Human readable title. Must be unique within the perimeter. Does not affect behavior. */ title?: pulumi.Input; } /** * The set of arguments for constructing a ServicePerimeterEgressPolicy resource. */ export interface ServicePerimeterEgressPolicyArgs { /** * Defines conditions on the source of a request causing this `EgressPolicy` to apply. * Structure is documented below. */ egressFrom?: pulumi.Input; /** * Defines the conditions on the `ApiOperation` and destination resources that * cause this `EgressPolicy` to apply. * Structure is documented below. */ egressTo?: pulumi.Input; /** * The name of the Service Perimeter to add this resource to. */ perimeter: pulumi.Input; /** * Human readable title. Must be unique within the perimeter. Does not affect behavior. */ title?: pulumi.Input; }