import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * A SecurityAction is rule that can be enforced at an environment level. * The result is one of: - A denied API call - An explicitly allowed API call * - A flagged API call (HTTP headers added before the target receives it) * At least one condition is required to create a SecurityAction. * * To get more information about SecurityAction, see: * * * [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.securityActions/create) * * How-to Guides * * [Creating security actions](https://cloud.google.com/apigee/docs/api-security/security-actions-api#create-security-actions) * * ## Example Usage * * ### Apigee Security Action Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const current = gcp.organizations.getClientConfig({}); * const apigeeNetwork = new gcp.compute.Network("apigee_network", {name: "my-network"}); * const apigeeRange = new gcp.compute.GlobalAddress("apigee_range", { * name: "my-address", * purpose: "VPC_PEERING", * addressType: "INTERNAL", * prefixLength: 16, * network: apigeeNetwork.id, * }); * const apigeeVpcConnection = new gcp.servicenetworking.Connection("apigee_vpc_connection", { * network: apigeeNetwork.id, * service: "servicenetworking.googleapis.com", * reservedPeeringRanges: [apigeeRange.name], * }); * const apigeeOrg = new gcp.apigee.Organization("apigee_org", { * analyticsRegion: "us-central1", * projectId: current.then(current => current.project), * authorizedNetwork: apigeeNetwork.id, * }, { * dependsOn: [apigeeVpcConnection], * }); * const env = new gcp.apigee.Environment("env", { * name: "my-environment", * description: "Apigee Environment", * displayName: "environment-1", * orgId: apigeeOrg.id, * }); * const apigeeOrgSecurityAddonsConfig = new gcp.apigee.AddonsConfig("apigee_org_security_addons_config", { * org: apigeeOrg.name, * addonsConfig: { * apiSecurityConfig: { * enabled: true, * }, * }, * }); * const apigeeSecurityAction = new gcp.apigee.SecurityAction("apigee_security_action", { * securityActionId: "my-security-action", * orgId: apigeeOrg.name, * envId: env.name, * description: "Apigee Security Action", * state: "ENABLED", * conditionConfig: { * ipAddressRanges: [ * "100.0.220.1", * "200.0.0.1", * ], * botReasons: [ * "Flooder", * "Public Cloud Azure", * "Public Cloud AWS", * ], * }, * allow: {}, * expireTime: "2025-12-31T23:59:59Z", * }, { * dependsOn: [apigeeOrgSecurityAddonsConfig], * }); * ``` * * ## Import * * SecurityAction can be imported using any of these accepted formats: * * * `organizations/{{org_id}}/environments/{{env_id}}/securityActions/{{security_action_id}}` * * * `{{org_id}}/{{env_id}}/{{security_action_id}}` * * When using the `pulumi import` command, SecurityAction can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:apigee/securityAction:SecurityAction default organizations/{{org_id}}/environments/{{env_id}}/securityActions/{{security_action_id}} * ``` * * ```sh * $ pulumi import gcp:apigee/securityAction:SecurityAction default {{org_id}}/{{env_id}}/{{security_action_id}} * ``` */ export declare class SecurityAction extends pulumi.CustomResource { /** * Get an existing SecurityAction resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: SecurityActionState, opts?: pulumi.CustomResourceOptions): SecurityAction; /** * Returns true if the given object is an instance of SecurityAction. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is SecurityAction; /** * Allow a request through if it matches this SecurityAction. */ readonly allow: pulumi.Output; /** * If unset, this would apply to all proxies in the environment. * If set, this action is enforced only if at least one proxy in the repeated * list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. * There can be at most 100 enabled actions with proxies set in an env. * Several other restrictions apply on conditions and are detailed later. */ readonly apiProxies: pulumi.Output; /** * A valid SecurityAction must contain at least one condition. * Structure is documented below. */ readonly conditionConfig: pulumi.Output; /** * The create time for this SecurityAction. * Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. * Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30". */ readonly createTime: pulumi.Output; /** * Deny a request through if it matches this SecurityAction. * Structure is documented below. */ readonly deny: pulumi.Output; /** * An optional user provided description of the SecurityAction. */ readonly description: pulumi.Output; /** * The Apigee environment that this security action applies to. */ readonly envId: pulumi.Output; /** * The expiration for this SecurityAction. * Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 * fractional digits. Offsets other than "Z" are also accepted. * Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30". */ readonly expireTime: pulumi.Output; /** * Flag a request through if it matches this SecurityAction. * Structure is documented below. */ readonly flag: pulumi.Output; /** * The organization that this security action applies to. */ readonly orgId: pulumi.Output; /** * The ID to use for the SecurityAction, which will become the final component of the action's resource name. * This value should be 0-61 characters, and valid format is (^a-z?$). */ readonly securityActionId: pulumi.Output; /** * Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. * Possible values are: `ENABLED`, `DISABLED`. */ readonly state: pulumi.Output; /** * The TTL for this SecurityAction. * A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". */ readonly ttl: pulumi.Output; /** * The update time for this SecurityAction. This reflects when this SecurityAction changed states. * Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. * Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30". */ readonly updateTime: pulumi.Output; /** * Create a SecurityAction resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SecurityActionArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering SecurityAction resources. */ export interface SecurityActionState { /** * Allow a request through if it matches this SecurityAction. */ allow?: pulumi.Input; /** * If unset, this would apply to all proxies in the environment. * If set, this action is enforced only if at least one proxy in the repeated * list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. * There can be at most 100 enabled actions with proxies set in an env. * Several other restrictions apply on conditions and are detailed later. */ apiProxies?: pulumi.Input[]>; /** * A valid SecurityAction must contain at least one condition. * Structure is documented below. */ conditionConfig?: pulumi.Input; /** * The create time for this SecurityAction. * Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. * Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30". */ createTime?: pulumi.Input; /** * Deny a request through if it matches this SecurityAction. * Structure is documented below. */ deny?: pulumi.Input; /** * An optional user provided description of the SecurityAction. */ description?: pulumi.Input; /** * The Apigee environment that this security action applies to. */ envId?: pulumi.Input; /** * The expiration for this SecurityAction. * Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 * fractional digits. Offsets other than "Z" are also accepted. * Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30". */ expireTime?: pulumi.Input; /** * Flag a request through if it matches this SecurityAction. * Structure is documented below. */ flag?: pulumi.Input; /** * The organization that this security action applies to. */ orgId?: pulumi.Input; /** * The ID to use for the SecurityAction, which will become the final component of the action's resource name. * This value should be 0-61 characters, and valid format is (^a-z?$). */ securityActionId?: pulumi.Input; /** * Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. * Possible values are: `ENABLED`, `DISABLED`. */ state?: pulumi.Input; /** * The TTL for this SecurityAction. * A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". */ ttl?: pulumi.Input; /** * The update time for this SecurityAction. This reflects when this SecurityAction changed states. * Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. * Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30". */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a SecurityAction resource. */ export interface SecurityActionArgs { /** * Allow a request through if it matches this SecurityAction. */ allow?: pulumi.Input; /** * If unset, this would apply to all proxies in the environment. * If set, this action is enforced only if at least one proxy in the repeated * list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. * There can be at most 100 enabled actions with proxies set in an env. * Several other restrictions apply on conditions and are detailed later. */ apiProxies?: pulumi.Input[]>; /** * A valid SecurityAction must contain at least one condition. * Structure is documented below. */ conditionConfig: pulumi.Input; /** * Deny a request through if it matches this SecurityAction. * Structure is documented below. */ deny?: pulumi.Input; /** * An optional user provided description of the SecurityAction. */ description?: pulumi.Input; /** * The Apigee environment that this security action applies to. */ envId: pulumi.Input; /** * The expiration for this SecurityAction. * Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 * fractional digits. Offsets other than "Z" are also accepted. * Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30". */ expireTime?: pulumi.Input; /** * Flag a request through if it matches this SecurityAction. * Structure is documented below. */ flag?: pulumi.Input; /** * The organization that this security action applies to. */ orgId: pulumi.Input; /** * The ID to use for the SecurityAction, which will become the final component of the action's resource name. * This value should be 0-61 characters, and valid format is (^a-z?$). */ securityActionId: pulumi.Input; /** * Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. * Possible values are: `ENABLED`, `DISABLED`. */ state: pulumi.Input; /** * The TTL for this SecurityAction. * A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". */ ttl?: pulumi.Input; }