import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Specifies application endpoint(s) to protect behind a Security Gateway. * * ## Example Usage * * ### Beyondcorp Security Gateway Application Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.beyondcorp.SecurityGateway("default", { * securityGatewayId: "default-sg", * displayName: "My Security Gateway resource", * hubs: [{ * region: "us-central1", * }], * }); * const example = new gcp.beyondcorp.SecurityGatewayApplication("example", { * securityGatewayId: _default.securityGatewayId, * applicationId: "google-sga", * endpointMatchers: [{ * hostname: "google.com", * ports: [ * 80, * 443, * ], * }], * }); * ``` * ### Beyondcorp Security Gateway Application Vpc * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = gcp.organizations.getProject({}); * const _default = new gcp.beyondcorp.SecurityGateway("default", { * securityGatewayId: "default-sg", * displayName: "My Security Gateway resource", * hubs: [{ * region: "us-central1", * }], * }); * const example = new gcp.beyondcorp.SecurityGatewayApplication("example", { * securityGatewayId: _default.securityGatewayId, * applicationId: "my-vm-service2", * endpointMatchers: [{ * hostname: "my-vm-service.com", * ports: [ * 80, * 443, * ], * }], * upstreams: [{ * egressPolicy: { * regions: ["us-central1"], * }, * network: { * name: project.then(project => `projects/${project.projectId}/global/networks/default`), * }, * }], * }); * ``` * ### Beyondcorp Security Gateway Application Spa Api * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.beyondcorp.SecurityGateway("default", { * securityGatewayId: "default-sg-spa-api", * displayName: "My SPA Security Gateway resource", * }); * const example_spa = new gcp.beyondcorp.SecurityGatewayApplication("example-spa", { * securityGatewayId: _default.securityGatewayId, * applicationId: "app-discovery", * upstreams: [{ * external: { * endpoints: [{ * hostname: "my.discovery.service.com", * port: 443, * }], * }, * proxyProtocol: { * allowedClientHeaders: ["header"], * }, * }], * schema: "API_GATEWAY", * }); * ``` * ### Beyondcorp Security Gateway Application Spa Proxy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.beyondcorp.SecurityGateway("default", { * securityGatewayId: "default-sg-spa-proxy", * displayName: "My SPA Security Gateway resource", * }); * const example_spa = new gcp.beyondcorp.SecurityGatewayApplication("example-spa", { * securityGatewayId: _default.securityGatewayId, * applicationId: "app-proxy", * endpointMatchers: [{ * hostname: "a.site.com", * ports: [443], * }], * upstreams: [{ * external: { * endpoints: [{ * hostname: "my.proxy.service.com", * port: 443, * }], * }, * proxyProtocol: { * allowedClientHeaders: [ * "header1", * "header2", * ], * contextualHeaders: { * userInfo: { * outputType: "PROTOBUF", * }, * groupInfo: { * outputType: "JSON", * }, * deviceInfo: { * outputType: "NONE", * }, * outputType: "JSON", * }, * metadataHeaders: { * "metadata-header1": "value1", * "metadata-header2": "value2", * }, * gatewayIdentity: "RESOURCE_NAME", * clientIp: true, * }, * }], * schema: "PROXY_GATEWAY", * }); * ``` * * ## Import * * SecurityGatewayApplication can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/global/securityGateways/{{security_gateway_id}}/applications/{{application_id}}` * * * `{{project}}/{{security_gateway_id}}/{{application_id}}` * * * `{{security_gateway_id}}/{{application_id}}` * * When using the `pulumi import` command, SecurityGatewayApplication can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:beyondcorp/securityGatewayApplication:SecurityGatewayApplication default projects/{{project}}/locations/global/securityGateways/{{security_gateway_id}}/applications/{{application_id}} * ``` * * ```sh * $ pulumi import gcp:beyondcorp/securityGatewayApplication:SecurityGatewayApplication default {{project}}/{{security_gateway_id}}/{{application_id}} * ``` * * ```sh * $ pulumi import gcp:beyondcorp/securityGatewayApplication:SecurityGatewayApplication default {{security_gateway_id}}/{{application_id}} * ``` */ export declare class SecurityGatewayApplication extends pulumi.CustomResource { /** * Get an existing SecurityGatewayApplication resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: SecurityGatewayApplicationState, opts?: pulumi.CustomResourceOptions): SecurityGatewayApplication; /** * Returns true if the given object is an instance of SecurityGatewayApplication. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is SecurityGatewayApplication; /** * User-settable Application resource ID. * * Must start with a letter. * * Must contain between 4-63 characters from `/a-z-/`. * * Must end with a number or letter. */ readonly applicationId: pulumi.Output; /** * Output only. Timestamp when the resource was created. */ readonly createTime: pulumi.Output; /** * Optional. An arbitrary user-provided name for the Application resource. * Cannot exceed 64 characters. */ readonly displayName: pulumi.Output; /** * Required. Endpoint matchers associated with an application. * A combination of hostname and ports as endpoint matcher is used to match * the application. * Match conditions for OR logic. * An array of match conditions to allow for multiple matching criteria. * The rule is considered a match if one the conditions are met. * The conditions can be one of the following combination * (Hostname), (Hostname & Ports) * EXAMPLES: * Hostname - ("*.abc.com"), ("xyz.abc.com") * Hostname and Ports - ("abc.com" and "22"), ("abc.com" and "22,33") etc * Structure is documented below. */ readonly endpointMatchers: pulumi.Output; /** * Identifier. Name of the resource. */ readonly name: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * Type of the external application. * Possible values are: `PROXY_GATEWAY`, `API_GATEWAY`. */ readonly schema: pulumi.Output; /** * ID of the Security Gateway resource this belongs to. */ readonly securityGatewayId: pulumi.Output; /** * Output only. Timestamp when the resource was last modified. */ readonly updateTime: pulumi.Output; /** * Optional. List of which upstream resource(s) to forward traffic to. * Structure is documented below. */ readonly upstreams: pulumi.Output; /** * Create a SecurityGatewayApplication resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SecurityGatewayApplicationArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering SecurityGatewayApplication resources. */ export interface SecurityGatewayApplicationState { /** * User-settable Application resource ID. * * Must start with a letter. * * Must contain between 4-63 characters from `/a-z-/`. * * Must end with a number or letter. */ applicationId?: pulumi.Input; /** * Output only. Timestamp when the resource was created. */ createTime?: pulumi.Input; /** * Optional. An arbitrary user-provided name for the Application resource. * Cannot exceed 64 characters. */ displayName?: pulumi.Input; /** * Required. Endpoint matchers associated with an application. * A combination of hostname and ports as endpoint matcher is used to match * the application. * Match conditions for OR logic. * An array of match conditions to allow for multiple matching criteria. * The rule is considered a match if one the conditions are met. * The conditions can be one of the following combination * (Hostname), (Hostname & Ports) * EXAMPLES: * Hostname - ("*.abc.com"), ("xyz.abc.com") * Hostname and Ports - ("abc.com" and "22"), ("abc.com" and "22,33") etc * Structure is documented below. */ endpointMatchers?: pulumi.Input[]>; /** * Identifier. Name of the resource. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Type of the external application. * Possible values are: `PROXY_GATEWAY`, `API_GATEWAY`. */ schema?: pulumi.Input; /** * ID of the Security Gateway resource this belongs to. */ securityGatewayId?: pulumi.Input; /** * Output only. Timestamp when the resource was last modified. */ updateTime?: pulumi.Input; /** * Optional. List of which upstream resource(s) to forward traffic to. * Structure is documented below. */ upstreams?: pulumi.Input[]>; } /** * The set of arguments for constructing a SecurityGatewayApplication resource. */ export interface SecurityGatewayApplicationArgs { /** * User-settable Application resource ID. * * Must start with a letter. * * Must contain between 4-63 characters from `/a-z-/`. * * Must end with a number or letter. */ applicationId: pulumi.Input; /** * Optional. An arbitrary user-provided name for the Application resource. * Cannot exceed 64 characters. */ displayName?: pulumi.Input; /** * Required. Endpoint matchers associated with an application. * A combination of hostname and ports as endpoint matcher is used to match * the application. * Match conditions for OR logic. * An array of match conditions to allow for multiple matching criteria. * The rule is considered a match if one the conditions are met. * The conditions can be one of the following combination * (Hostname), (Hostname & Ports) * EXAMPLES: * Hostname - ("*.abc.com"), ("xyz.abc.com") * Hostname and Ports - ("abc.com" and "22"), ("abc.com" and "22,33") etc * Structure is documented below. */ endpointMatchers?: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Type of the external application. * Possible values are: `PROXY_GATEWAY`, `API_GATEWAY`. */ schema?: pulumi.Input; /** * ID of the Security Gateway resource this belongs to. */ securityGatewayId: pulumi.Input; /** * Optional. List of which upstream resource(s) to forward traffic to. * Structure is documented below. */ upstreams?: pulumi.Input[]>; }