import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * The Compute FirewallPolicy with rules resource. It declaratively manges all * rules in the firewall policy. * * ## Example Usage * * ### Compute Firewall Policy With Rules Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = gcp.organizations.getProject({}); * const addressGroup1 = new gcp.networksecurity.AddressGroup("address_group_1", { * name: "address-group", * parent: "organizations/123456789", * description: "Global address group", * location: "global", * items: ["208.80.154.224/32"], * type: "IPV4", * capacity: 100, * }); * const securityProfile1 = new gcp.networksecurity.SecurityProfile("security_profile_1", { * name: "sp", * type: "THREAT_PREVENTION", * parent: "organizations/123456789", * location: "global", * }); * const securityProfileGroup1 = new gcp.networksecurity.SecurityProfileGroup("security_profile_group_1", { * name: "spg", * parent: "organizations/123456789", * description: "my description", * threatPreventionProfile: securityProfile1.id, * }); * const network = new gcp.compute.Network("network", { * name: "network", * autoCreateSubnetworks: false, * }); * const basicKey = new gcp.tags.TagKey("basic_key", { * description: "For keyname resources.", * parent: "organizations/123456789", * purpose: "GCE_FIREWALL", * shortName: "tag-key", * purposeData: { * organization: "auto", * }, * }); * const basicValue = new gcp.tags.TagValue("basic_value", { * description: "For valuename resources.", * parent: basicKey.id, * shortName: "tag-value", * }); * const primary = new gcp.compute.FirewallPolicyWithRules("primary", { * shortName: "fw-policy", * description: "Terraform test", * parent: "organizations/123456789", * rules: [ * { * description: "tcp rule", * priority: 1000, * enableLogging: true, * action: "allow", * direction: "EGRESS", * targetResources: [network.selfLink], * match: { * destIpRanges: ["11.100.0.1/32"], * destFqdns: [ * "www.yyy.com", * "www.zzz.com", * ], * destRegionCodes: [ * "HK", * "IN", * ], * destThreatIntelligences: [ * "iplist-search-engines-crawlers", * "iplist-tor-exit-nodes", * ], * destAddressGroups: [addressGroup1.id], * layer4Configs: [{ * ipProtocol: "tcp", * ports: [ * "8080", * "7070", * ], * }], * }, * }, * { * description: "udp rule", * priority: 2000, * enableLogging: false, * action: "deny", * direction: "INGRESS", * disabled: true, * match: { * srcIpRanges: ["0.0.0.0/0"], * srcFqdns: [ * "www.abc.com", * "www.def.com", * ], * srcRegionCodes: [ * "US", * "CA", * ], * srcThreatIntelligences: [ * "iplist-known-malicious-ips", * "iplist-public-clouds", * ], * srcAddressGroups: [addressGroup1.id], * layer4Configs: [{ * ipProtocol: "udp", * }], * }, * }, * { * description: "security profile group rule", * ruleName: "tcp rule", * priority: 3000, * enableLogging: false, * action: "apply_security_profile_group", * direction: "INGRESS", * targetServiceAccounts: ["test@google.com"], * securityProfileGroup: pulumi.interpolate`//networksecurity.googleapis.com/${securityProfileGroup1.id}`, * tlsInspect: true, * match: { * srcIpRanges: ["0.0.0.0/0"], * layer4Configs: [{ * ipProtocol: "tcp", * }], * }, * }, * { * description: "secure tags", * ruleName: "secure tags rule", * priority: 4000, * enableLogging: false, * action: "allow", * direction: "INGRESS", * targetSecureTags: [{ * name: basicValue.id, * }], * match: { * srcIpRanges: ["11.100.0.1/32"], * srcSecureTags: [{ * name: basicValue.id, * }], * layer4Configs: [{ * ipProtocol: "tcp", * ports: ["8080"], * }], * }, * }, * ], * }); * ``` * * ## Import * * FirewallPolicyWithRules can be imported using any of these accepted formats: * * * `locations/global/firewallPolicies/{{policy_id}}` * * * `{{policy_id}}` * * When using the `pulumi import` command, FirewallPolicyWithRules can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default locations/global/firewallPolicies/{{policy_id}} * ``` * * ```sh * $ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default {{policy_id}} * ``` */ export declare class FirewallPolicyWithRules extends pulumi.CustomResource { /** * Get an existing FirewallPolicyWithRules resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: FirewallPolicyWithRulesState, opts?: pulumi.CustomResourceOptions): FirewallPolicyWithRules; /** * Returns true if the given object is an instance of FirewallPolicyWithRules. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is FirewallPolicyWithRules; /** * Creation timestamp in RFC3339 text format. */ readonly creationTimestamp: pulumi.Output; /** * An optional description of this resource. */ readonly description: pulumi.Output; /** * Fingerprint of the resource. This field is used internally during updates of this resource. */ readonly fingerprint: pulumi.Output; /** * The parent of this FirewallPolicy in the Cloud Resource Hierarchy. * Format: organizations/{organization_id} or folders/{folder_id} */ readonly parent: pulumi.Output; /** * The unique identifier for the resource. This identifier is defined by the server. */ readonly policyId: pulumi.Output; /** * A list of pre-define firewall policy rules. * Structure is documented below. */ readonly predefinedRules: pulumi.Output; /** * Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. */ readonly ruleTupleCount: pulumi.Output; /** * A list of firewall policy rules. * Structure is documented below. */ readonly rules: pulumi.Output; /** * Server-defined URL for the resource. */ readonly selfLink: pulumi.Output; /** * Server-defined URL for this resource with the resource id. */ readonly selfLinkWithId: pulumi.Output; /** * A textual name of the security policy. */ readonly shortName: pulumi.Output; /** * Create a FirewallPolicyWithRules resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FirewallPolicyWithRulesArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering FirewallPolicyWithRules resources. */ export interface FirewallPolicyWithRulesState { /** * Creation timestamp in RFC3339 text format. */ creationTimestamp?: pulumi.Input; /** * An optional description of this resource. */ description?: pulumi.Input; /** * Fingerprint of the resource. This field is used internally during updates of this resource. */ fingerprint?: pulumi.Input; /** * The parent of this FirewallPolicy in the Cloud Resource Hierarchy. * Format: organizations/{organization_id} or folders/{folder_id} */ parent?: pulumi.Input; /** * The unique identifier for the resource. This identifier is defined by the server. */ policyId?: pulumi.Input; /** * A list of pre-define firewall policy rules. * Structure is documented below. */ predefinedRules?: pulumi.Input[]>; /** * Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. */ ruleTupleCount?: pulumi.Input; /** * A list of firewall policy rules. * Structure is documented below. */ rules?: pulumi.Input[]>; /** * Server-defined URL for the resource. */ selfLink?: pulumi.Input; /** * Server-defined URL for this resource with the resource id. */ selfLinkWithId?: pulumi.Input; /** * A textual name of the security policy. */ shortName?: pulumi.Input; } /** * The set of arguments for constructing a FirewallPolicyWithRules resource. */ export interface FirewallPolicyWithRulesArgs { /** * An optional description of this resource. */ description?: pulumi.Input; /** * The parent of this FirewallPolicy in the Cloud Resource Hierarchy. * Format: organizations/{organization_id} or folders/{folder_id} */ parent: pulumi.Input; /** * A list of firewall policy rules. * Structure is documented below. */ rules: pulumi.Input[]>; /** * A textual name of the security policy. */ shortName: pulumi.Input; }