import * as pulumi from "@pulumi/pulumi"; /** * The RuleDeployment resource represents the deployment state of a Rule. * * To get more information about RuleDeployment, see: * * * [API documentation](https://cloud.google.com/chronicle/docs/reference/rest/v1/RuleDeployment) * * How-to Guides * * [Google SecOps Guides](https://cloud.google.com/chronicle/docs/secops/secops-overview) * * ## Example Usage * * ### Chronicle Ruledeployment Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const my_rule = new gcp.chronicle.Rule("my-rule", { * location: "us", * instance: "00000000-0000-0000-0000-000000000000", * text: "rule test_rule { meta: events: $userid = $e.principal.user.userid match: $userid over 10m condition: $e }\n", * }); * const example = new gcp.chronicle.RuleDeployment("example", { * location: "us", * instance: "00000000-0000-0000-0000-000000000000", * rule: pulumi.all([std.split({ * separator: "/", * text: googleChronicleRule["my-rule"].name, * }), std.split({ * separator: "/", * text: googleChronicleRule["my-rule"].name, * }).then(invoke => invoke.result).length]).apply(([invoke, length]) => invoke.result[length - 1]), * enabled: true, * alerting: true, * archived: false, * runFrequency: "DAILY", * }); * ``` * ### Chronicle Ruledeployment Disabled * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const my_rule = new gcp.chronicle.Rule("my-rule", { * location: "us", * instance: "00000000-0000-0000-0000-000000000000", * text: "rule test_rule { meta: events: $userid = $e.principal.user.userid match: $userid over 10m condition: $e }\n", * }); * const example = new gcp.chronicle.RuleDeployment("example", { * location: "us", * instance: "00000000-0000-0000-0000-000000000000", * rule: pulumi.all([std.split({ * separator: "/", * text: googleChronicleRule["my-rule"].name, * }), std.split({ * separator: "/", * text: googleChronicleRule["my-rule"].name, * }).then(invoke => invoke.result).length]).apply(([invoke, length]) => invoke.result[length - 1]), * enabled: false, * runFrequency: "LIVE", * }); * ``` * ### Chronicle Ruledeployment Run Frequency Missing * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const my_rule = new gcp.chronicle.Rule("my-rule", { * location: "us", * instance: "00000000-0000-0000-0000-000000000000", * text: "rule test_rule { meta: events: $userid = $e.principal.user.userid match: $userid over 10m condition: $e }\n", * }); * const example = new gcp.chronicle.RuleDeployment("example", { * location: "us", * instance: "00000000-0000-0000-0000-000000000000", * rule: pulumi.all([std.split({ * separator: "/", * text: googleChronicleRule["my-rule"].name, * }), std.split({ * separator: "/", * text: googleChronicleRule["my-rule"].name, * }).then(invoke => invoke.result).length]).apply(([invoke, length]) => invoke.result[length - 1]), * enabled: true, * alerting: true, * archived: false, * }); * ``` * * ## Import * * RuleDeployment can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/instances/{{instance}}/rules/{{rule}}/deployment` * * `{{project}}/{{location}}/{{instance}}/{{rule}}` * * `{{location}}/{{instance}}/{{rule}}` * * When using the `pulumi import` command, RuleDeployment can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:chronicle/ruleDeployment:RuleDeployment default projects/{{project}}/locations/{{location}}/instances/{{instance}}/rules/{{rule}}/deployment * $ pulumi import gcp:chronicle/ruleDeployment:RuleDeployment default {{project}}/{{location}}/{{instance}}/{{rule}} * $ pulumi import gcp:chronicle/ruleDeployment:RuleDeployment default {{location}}/{{instance}}/{{rule}} * ``` */ export declare class RuleDeployment extends pulumi.CustomResource { /** * Get an existing RuleDeployment resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: RuleDeploymentState, opts?: pulumi.CustomResourceOptions): RuleDeployment; /** * Returns true if the given object is an instance of RuleDeployment. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is RuleDeployment; /** * Whether detections resulting from this deployment should be considered * alerts. */ readonly alerting: pulumi.Output; /** * Output only. The timestamp when the rule deployment archive state was last set to true. If the rule deployment's current archive state is not set to true, the field will be empty. */ readonly archiveTime: pulumi.Output; /** * The archive state of the rule deployment. * Cannot be set to true unless enabled is set to false i.e. * archiving requires a two-step process: first, disable the rule by * setting 'enabled' to false, then set 'archive' to true. * If set to true, alerting will automatically be set to false. * If currently set to true, enabled, alerting, and runFrequency cannot be * updated. */ readonly archived: pulumi.Output; /** * Output only. The names of the associated/chained consumer rules. Rules are considered * consumers of this rule if their rule text explicitly filters on this rule's ruleid. * Format: * projects/{project}/locations/{location}/instances/{instance}/rules/{rule} */ readonly consumerRules: pulumi.Output; /** * Whether the rule is currently deployed continuously against incoming data. */ readonly enabled: pulumi.Output; /** * The execution state of the rule deployment. * Possible values: * DEFAULT * LIMITED * PAUSED */ readonly executionState: pulumi.Output; /** * The unique identifier for the Chronicle instance, which is the same as the customer ID. */ readonly instance: pulumi.Output; /** * Output only. The timestamp when the rule deployment alert state was lastly changed. This is filled regardless of the current alert state.E.g. if the current alert status is false, this timestamp will be the timestamp when the alert status was changed to false. */ readonly lastAlertStatusChangeTime: pulumi.Output; /** * The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2". */ readonly location: pulumi.Output; /** * The resource name of the rule deployment. * Note that RuleDeployment is a child of the overall Rule, not any individual * revision, so the resource ID segment for the Rule resource must not * reference a specific revision. * Format: * projects/{project}/locations/{location}/instances/{instance}/rules/{rule}/deployment */ readonly name: pulumi.Output; /** * Output only. The names of the associated/chained producer rules. Rules are considered * producers for this rule if this rule explicitly filters on their ruleid. * Format: * projects/{project}/locations/{location}/instances/{instance}/rules/{rule} */ readonly producerRules: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The Rule ID of the rule. */ readonly rule: pulumi.Output; /** * The run frequency of the rule deployment. * Possible values: * LIVE * HOURLY * DAILY */ readonly runFrequency: pulumi.Output; /** * Create a RuleDeployment resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: RuleDeploymentArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering RuleDeployment resources. */ export interface RuleDeploymentState { /** * Whether detections resulting from this deployment should be considered * alerts. */ alerting?: pulumi.Input; /** * Output only. The timestamp when the rule deployment archive state was last set to true. If the rule deployment's current archive state is not set to true, the field will be empty. */ archiveTime?: pulumi.Input; /** * The archive state of the rule deployment. * Cannot be set to true unless enabled is set to false i.e. * archiving requires a two-step process: first, disable the rule by * setting 'enabled' to false, then set 'archive' to true. * If set to true, alerting will automatically be set to false. * If currently set to true, enabled, alerting, and runFrequency cannot be * updated. */ archived?: pulumi.Input; /** * Output only. The names of the associated/chained consumer rules. Rules are considered * consumers of this rule if their rule text explicitly filters on this rule's ruleid. * Format: * projects/{project}/locations/{location}/instances/{instance}/rules/{rule} */ consumerRules?: pulumi.Input[]>; /** * Whether the rule is currently deployed continuously against incoming data. */ enabled?: pulumi.Input; /** * The execution state of the rule deployment. * Possible values: * DEFAULT * LIMITED * PAUSED */ executionState?: pulumi.Input; /** * The unique identifier for the Chronicle instance, which is the same as the customer ID. */ instance?: pulumi.Input; /** * Output only. The timestamp when the rule deployment alert state was lastly changed. This is filled regardless of the current alert state.E.g. if the current alert status is false, this timestamp will be the timestamp when the alert status was changed to false. */ lastAlertStatusChangeTime?: pulumi.Input; /** * The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2". */ location?: pulumi.Input; /** * The resource name of the rule deployment. * Note that RuleDeployment is a child of the overall Rule, not any individual * revision, so the resource ID segment for the Rule resource must not * reference a specific revision. * Format: * projects/{project}/locations/{location}/instances/{instance}/rules/{rule}/deployment */ name?: pulumi.Input; /** * Output only. The names of the associated/chained producer rules. Rules are considered * producers for this rule if this rule explicitly filters on their ruleid. * Format: * projects/{project}/locations/{location}/instances/{instance}/rules/{rule} */ producerRules?: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The Rule ID of the rule. */ rule?: pulumi.Input; /** * The run frequency of the rule deployment. * Possible values: * LIVE * HOURLY * DAILY */ runFrequency?: pulumi.Input; } /** * The set of arguments for constructing a RuleDeployment resource. */ export interface RuleDeploymentArgs { /** * Whether detections resulting from this deployment should be considered * alerts. */ alerting?: pulumi.Input; /** * The archive state of the rule deployment. * Cannot be set to true unless enabled is set to false i.e. * archiving requires a two-step process: first, disable the rule by * setting 'enabled' to false, then set 'archive' to true. * If set to true, alerting will automatically be set to false. * If currently set to true, enabled, alerting, and runFrequency cannot be * updated. */ archived?: pulumi.Input; /** * Whether the rule is currently deployed continuously against incoming data. */ enabled?: pulumi.Input; /** * The unique identifier for the Chronicle instance, which is the same as the customer ID. */ instance: pulumi.Input; /** * The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2". */ location: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The Rule ID of the rule. */ rule: pulumi.Input; /** * The run frequency of the rule deployment. * Possible values: * LIVE * HOURLY * DAILY */ runFrequency?: pulumi.Input; }