import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manage a single IngressPolicy in the status (enforced) configuration for a service perimeter. * IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, * both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, * the request is allowed through the perimeter boundary from outside the perimeter. * For example, access from the internet can be allowed either based on an AccessLevel or, * for traffic hosted on Google Cloud, the project of the source network. * For access from private networks, using the project of the hosting network is required. * Individual ingress policies can be limited by restricting which services and/ * or actions they match using the ingressTo field. * * > **Note:** By default, updates to this resource will remove the IngressPolicy from the * from the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy * is added before the old one is removed, add a `lifecycle` block with `createBeforeDestroy = true` to this resource. * **Note:** If this resource is used alongside a `gcp.accesscontextmanager.ServicePerimeter` resource, * the service perimeter resource must have a `lifecycle` block with `ignoreChanges = [status[0].ingress_policies]` so * they don't fight over which ingress rules should be in the policy. * * To get more information about ServicePerimeterIngressPolicy, see: * * * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy) * * How-to Guides * * [Guide to Ingress and Egress Rules](https://cloud.google.com/vpc-service-controls/docs/ingress-egress-rules) * * ## Example Usage */ export declare class ServicePerimeterIngressPolicy extends pulumi.CustomResource { /** * Get an existing ServicePerimeterIngressPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ServicePerimeterIngressPolicyState, opts?: pulumi.CustomResourceOptions): ServicePerimeterIngressPolicy; /** * Returns true if the given object is an instance of ServicePerimeterIngressPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ServicePerimeterIngressPolicy; /** * The name of the Access Policy this resource belongs to. */ readonly accessPolicyId: pulumi.Output; /** * The perimeter etag is internally used to prevent overwriting the list of policies on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of policies. The policy defined in this resource is added or removed from that list, and then this etag is sent with the PATCH call along with the updated policies. */ readonly etag: pulumi.Output; /** * Defines the conditions on the source of a request causing this `IngressPolicy` * to apply. * Structure is documented below. */ readonly ingressFrom: pulumi.Output; /** * Defines the conditions on the `ApiOperation` and request destination that cause * this `IngressPolicy` to apply. * Structure is documented below. */ readonly ingressTo: pulumi.Output; /** * The name of the Service Perimeter to add this resource to. */ readonly perimeter: pulumi.Output; /** * Human readable title. Must be unique within the perimeter. Does not affect behavior. */ readonly title: pulumi.Output; /** * Create a ServicePerimeterIngressPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ServicePerimeterIngressPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ServicePerimeterIngressPolicy resources. */ export interface ServicePerimeterIngressPolicyState { /** * The name of the Access Policy this resource belongs to. */ accessPolicyId?: pulumi.Input; /** * The perimeter etag is internally used to prevent overwriting the list of policies on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of policies. The policy defined in this resource is added or removed from that list, and then this etag is sent with the PATCH call along with the updated policies. */ etag?: pulumi.Input; /** * Defines the conditions on the source of a request causing this `IngressPolicy` * to apply. * Structure is documented below. */ ingressFrom?: pulumi.Input; /** * Defines the conditions on the `ApiOperation` and request destination that cause * this `IngressPolicy` to apply. * Structure is documented below. */ ingressTo?: pulumi.Input; /** * The name of the Service Perimeter to add this resource to. */ perimeter?: pulumi.Input; /** * Human readable title. Must be unique within the perimeter. Does not affect behavior. */ title?: pulumi.Input; } /** * The set of arguments for constructing a ServicePerimeterIngressPolicy resource. */ export interface ServicePerimeterIngressPolicyArgs { /** * Defines the conditions on the source of a request causing this `IngressPolicy` * to apply. * Structure is documented below. */ ingressFrom?: pulumi.Input; /** * Defines the conditions on the `ApiOperation` and request destination that cause * this `IngressPolicy` to apply. * Structure is documented below. */ ingressTo?: pulumi.Input; /** * The name of the Service Perimeter to add this resource to. */ perimeter: pulumi.Input; /** * Human readable title. Must be unique within the perimeter. Does not affect behavior. */ title?: pulumi.Input; }