import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
 * A rule for the OrganizationSecurityPolicy.
 *
 * To get more information about OrganizationSecurityPolicyRule, see:
 *
 * * [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/organizationSecurityPolicies/addRule)
 * * How-to Guides
 *     * [Creating firewall rules](https://cloud.google.com/vpc/docs/using-firewall-policies#create-rules)
 *
 * ## Example Usage
 *
 * ### Organization Security Policy Rule Basic
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
 *     displayName: "tf-test",
 *     parent: "organizations/123456789",
 * });
 * const policyOrganizationSecurityPolicyRule = new gcp.compute.OrganizationSecurityPolicyRule("policy", {
 *     policyId: policy.id,
 *     action: "allow",
 *     direction: "INGRESS",
 *     enableLogging: true,
 *     match: {
 *         config: {
 *             srcIpRanges: [
 *                 "192.168.0.0/16",
 *                 "10.0.0.0/8",
 *             ],
 *             layer4Configs: [
 *                 {
 *                     ipProtocol: "tcp",
 *                     ports: ["22"],
 *                 },
 *                 {
 *                     ipProtocol: "icmp",
 *                 },
 *             ],
 *         },
 *     },
 *     priority: 100,
 * });
 * ```
 *
 * ## Import
 *
 * OrganizationSecurityPolicyRule can be imported using any of these accepted formats:
 *
 * * `{{policy_id}}/priority/{{priority}}`
 *
 * When using the `pulumi import` command, OrganizationSecurityPolicyRule can be imported using one of the formats above. For example:
 *
 * ```sh
 * $ pulumi import gcp:compute/organizationSecurityPolicyRule:OrganizationSecurityPolicyRule default {{policy_id}}/priority/{{priority}}
 * ```
 */
export declare class OrganizationSecurityPolicyRule extends pulumi.CustomResource {
    /**
     * Get an existing OrganizationSecurityPolicyRule resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OrganizationSecurityPolicyRuleState, opts?: pulumi.CustomResourceOptions): OrganizationSecurityPolicyRule;
    /**
     * Returns true if the given object is an instance of OrganizationSecurityPolicyRule.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is OrganizationSecurityPolicyRule;
    /**
     * The Action to perform when the client connection triggers the rule. Can currently be either
     * "allow", "deny" or "gotoNext".
     */
    readonly action: pulumi.Output<string>;
    /**
     * A description of the rule.
     */
    readonly description: pulumi.Output<string | undefined>;
    /**
     * The direction in which this rule applies. If unspecified an INGRESS rule is created.
     * Possible values are: `INGRESS`, `EGRESS`.
     */
    readonly direction: pulumi.Output<string | undefined>;
    /**
     * Denotes whether to enable logging for a particular rule.
     * If logging is enabled, logs will be exported to the
     * configured export destination in Stackdriver.
     */
    readonly enableLogging: pulumi.Output<boolean | undefined>;
    /**
     * A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
     * Structure is documented below.
     */
    readonly match: pulumi.Output<outputs.compute.OrganizationSecurityPolicyRuleMatch>;
    /**
     * The ID of the OrganizationSecurityPolicy this rule applies to.
     */
    readonly policyId: pulumi.Output<string>;
    /**
     * If set to true, the specified action is not enforced.
     */
    readonly preview: pulumi.Output<boolean | undefined>;
    /**
     * An integer indicating the priority of a rule in the list. The priority must be a value
     * between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
     * highest priority and 2147483647 is the lowest prority.
     */
    readonly priority: pulumi.Output<number>;
    /**
     * A list of network resource URLs to which this rule applies.
     * This field allows you to control which network's VMs get
     * this rule. If this field is left blank, all VMs
     * within the organization will receive the rule.
     */
    readonly targetResources: pulumi.Output<string[] | undefined>;
    /**
     * A list of service accounts indicating the sets of
     * instances that are applied with this rule.
     */
    readonly targetServiceAccounts: pulumi.Output<string[] | undefined>;
    /**
     * Create a OrganizationSecurityPolicyRule resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: OrganizationSecurityPolicyRuleArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering OrganizationSecurityPolicyRule resources.
 */
export interface OrganizationSecurityPolicyRuleState {
    /**
     * The Action to perform when the client connection triggers the rule. Can currently be either
     * "allow", "deny" or "gotoNext".
     */
    action?: pulumi.Input<string>;
    /**
     * A description of the rule.
     */
    description?: pulumi.Input<string>;
    /**
     * The direction in which this rule applies. If unspecified an INGRESS rule is created.
     * Possible values are: `INGRESS`, `EGRESS`.
     */
    direction?: pulumi.Input<string>;
    /**
     * Denotes whether to enable logging for a particular rule.
     * If logging is enabled, logs will be exported to the
     * configured export destination in Stackdriver.
     */
    enableLogging?: pulumi.Input<boolean>;
    /**
     * A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
     * Structure is documented below.
     */
    match?: pulumi.Input<inputs.compute.OrganizationSecurityPolicyRuleMatch>;
    /**
     * The ID of the OrganizationSecurityPolicy this rule applies to.
     */
    policyId?: pulumi.Input<string>;
    /**
     * If set to true, the specified action is not enforced.
     */
    preview?: pulumi.Input<boolean>;
    /**
     * An integer indicating the priority of a rule in the list. The priority must be a value
     * between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
     * highest priority and 2147483647 is the lowest prority.
     */
    priority?: pulumi.Input<number>;
    /**
     * A list of network resource URLs to which this rule applies.
     * This field allows you to control which network's VMs get
     * this rule. If this field is left blank, all VMs
     * within the organization will receive the rule.
     */
    targetResources?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * A list of service accounts indicating the sets of
     * instances that are applied with this rule.
     */
    targetServiceAccounts?: pulumi.Input<pulumi.Input<string>[]>;
}
/**
 * The set of arguments for constructing a OrganizationSecurityPolicyRule resource.
 */
export interface OrganizationSecurityPolicyRuleArgs {
    /**
     * The Action to perform when the client connection triggers the rule. Can currently be either
     * "allow", "deny" or "gotoNext".
     */
    action: pulumi.Input<string>;
    /**
     * A description of the rule.
     */
    description?: pulumi.Input<string>;
    /**
     * The direction in which this rule applies. If unspecified an INGRESS rule is created.
     * Possible values are: `INGRESS`, `EGRESS`.
     */
    direction?: pulumi.Input<string>;
    /**
     * Denotes whether to enable logging for a particular rule.
     * If logging is enabled, logs will be exported to the
     * configured export destination in Stackdriver.
     */
    enableLogging?: pulumi.Input<boolean>;
    /**
     * A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
     * Structure is documented below.
     */
    match: pulumi.Input<inputs.compute.OrganizationSecurityPolicyRuleMatch>;
    /**
     * The ID of the OrganizationSecurityPolicy this rule applies to.
     */
    policyId: pulumi.Input<string>;
    /**
     * If set to true, the specified action is not enforced.
     */
    preview?: pulumi.Input<boolean>;
    /**
     * An integer indicating the priority of a rule in the list. The priority must be a value
     * between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
     * highest priority and 2147483647 is the lowest prority.
     */
    priority: pulumi.Input<number>;
    /**
     * A list of network resource URLs to which this rule applies.
     * This field allows you to control which network's VMs get
     * this rule. If this field is left blank, all VMs
     * within the organization will receive the rule.
     */
    targetResources?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * A list of service accounts indicating the sets of
     * instances that are applied with this rule.
     */
    targetServiceAccounts?: pulumi.Input<pulumi.Input<string>[]>;
}