import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * The Compute NetworkFirewallPolicy with rules resource * * ## Example Usage * * ### Compute Region Network Firewall Policy With Rules Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = gcp.organizations.getProject({}); * const addressGroup1 = new gcp.networksecurity.AddressGroup("address_group_1", { * name: "address-group", * parent: project.then(project => project.id), * description: "Regional address group", * location: "us-west2", * items: ["208.80.154.224/32"], * type: "IPV4", * capacity: 100, * }); * const secureTagKey1 = new gcp.tags.TagKey("secure_tag_key_1", { * description: "Tag key", * parent: project.then(project => project.id), * purpose: "GCE_FIREWALL", * shortName: "tag-key", * purposeData: { * network: project.then(project => `${project.name}/default`), * }, * }); * const secureTagValue1 = new gcp.tags.TagValue("secure_tag_value_1", { * description: "Tag value", * parent: secureTagKey1.id, * shortName: "tag-value", * }); * const primary = new gcp.compute.RegionNetworkFirewallPolicyWithRules("primary", { * name: "fw-policy", * region: "us-west2", * description: "Terraform test", * rules: [ * { * description: "tcp rule", * priority: 1000, * enableLogging: true, * action: "allow", * direction: "EGRESS", * match: { * destIpRanges: ["11.100.0.1/32"], * destFqdns: [ * "www.yyy.com", * "www.zzz.com", * ], * destRegionCodes: [ * "HK", * "IN", * ], * destThreatIntelligences: [ * "iplist-search-engines-crawlers", * "iplist-tor-exit-nodes", * ], * destAddressGroups: [addressGroup1.id], * layer4Configs: [{ * ipProtocol: "tcp", * ports: [ * "8080", * "7070", * ], * }], * }, * targetSecureTags: [{ * name: secureTagValue1.id, * }], * }, * { * description: "udp rule", * ruleName: "test-rule", * priority: 2000, * enableLogging: false, * action: "deny", * direction: "INGRESS", * disabled: true, * match: { * srcIpRanges: ["0.0.0.0/0"], * srcFqdns: [ * "www.abc.com", * "www.def.com", * ], * srcRegionCodes: [ * "US", * "CA", * ], * srcThreatIntelligences: [ * "iplist-known-malicious-ips", * "iplist-public-clouds", * ], * srcAddressGroups: [addressGroup1.id], * srcSecureTags: [{ * name: secureTagValue1.id, * }], * layer4Configs: [{ * ipProtocol: "udp", * }], * }, * }, * ], * }); * ``` * ### Compute Region Network Firewall Policy With Rules Roce * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const policy = new gcp.compute.RegionNetworkFirewallPolicyWithRules("policy", { * name: "rnf-policy", * description: "Terraform test", * policyType: "RDMA_ROCE_POLICY", * rules: [{ * description: "deny all rule", * priority: 1000, * enableLogging: true, * action: "deny", * direction: "INGRESS", * match: { * srcIpRanges: ["0.0.0.0/0"], * layer4Configs: [{ * ipProtocol: "all", * }], * }, * }], * }); * ``` * * ## Import * * RegionNetworkFirewallPolicyWithRules can be imported using any of these accepted formats: * * * `projects/{{project}}/regions/{{region}}/firewallPolicies/{{name}}` * * * `{{project}}/{{region}}/{{name}}` * * * `{{region}}/{{name}}` * * * `{{name}}` * * When using the `pulumi import` command, RegionNetworkFirewallPolicyWithRules can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/regionNetworkFirewallPolicyWithRules:RegionNetworkFirewallPolicyWithRules default projects/{{project}}/regions/{{region}}/firewallPolicies/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/regionNetworkFirewallPolicyWithRules:RegionNetworkFirewallPolicyWithRules default {{project}}/{{region}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/regionNetworkFirewallPolicyWithRules:RegionNetworkFirewallPolicyWithRules default {{region}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/regionNetworkFirewallPolicyWithRules:RegionNetworkFirewallPolicyWithRules default {{name}} * ``` */ export declare class RegionNetworkFirewallPolicyWithRules extends pulumi.CustomResource { /** * Get an existing RegionNetworkFirewallPolicyWithRules resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: RegionNetworkFirewallPolicyWithRulesState, opts?: pulumi.CustomResourceOptions): RegionNetworkFirewallPolicyWithRules; /** * Returns true if the given object is an instance of RegionNetworkFirewallPolicyWithRules. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is RegionNetworkFirewallPolicyWithRules; /** * Creation timestamp in RFC3339 text format. */ readonly creationTimestamp: pulumi.Output; /** * An optional description of this resource. */ readonly description: pulumi.Output; /** * Fingerprint of the resource. This field is used internally during updates of this resource. */ readonly fingerprint: pulumi.Output; /** * User-provided name of the Network firewall policy. * The name should be unique in the project in which the firewall policy is created. * The name must be 1-63 characters long, and comply with RFC1035. Specifically, * the name must be 1-63 characters long and match the regular expression a-z? * which means the first character must be a lowercase letter, and all following characters must be a dash, * lowercase letter, or digit, except the last character, which cannot be a dash. */ readonly name: pulumi.Output; /** * The unique identifier for the resource. This identifier is defined by the server. */ readonly networkFirewallPolicyId: pulumi.Output; /** * Policy type is used to determine which resources (networks) the policy can be associated with. * A policy can be associated with a network only if the network has the matching policyType in its network profile. * Different policy types may support some of the Firewall Rules features. * Possible values are: `VPC_POLICY`, `RDMA_ROCE_POLICY`. */ readonly policyType: pulumi.Output; /** * A list of firewall policy pre-defined rules. * Structure is documented below. */ readonly predefinedRules: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The region of this resource. */ readonly region: pulumi.Output; /** * Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. */ readonly ruleTupleCount: pulumi.Output; /** * A list of firewall policy rules. * Structure is documented below. */ readonly rules: pulumi.Output; /** * Server-defined URL for the resource. */ readonly selfLink: pulumi.Output; /** * Server-defined URL for this resource with the resource id. */ readonly selfLinkWithId: pulumi.Output; /** * Create a RegionNetworkFirewallPolicyWithRules resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: RegionNetworkFirewallPolicyWithRulesArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering RegionNetworkFirewallPolicyWithRules resources. */ export interface RegionNetworkFirewallPolicyWithRulesState { /** * Creation timestamp in RFC3339 text format. */ creationTimestamp?: pulumi.Input; /** * An optional description of this resource. */ description?: pulumi.Input; /** * Fingerprint of the resource. This field is used internally during updates of this resource. */ fingerprint?: pulumi.Input; /** * User-provided name of the Network firewall policy. * The name should be unique in the project in which the firewall policy is created. * The name must be 1-63 characters long, and comply with RFC1035. Specifically, * the name must be 1-63 characters long and match the regular expression a-z? * which means the first character must be a lowercase letter, and all following characters must be a dash, * lowercase letter, or digit, except the last character, which cannot be a dash. */ name?: pulumi.Input; /** * The unique identifier for the resource. This identifier is defined by the server. */ networkFirewallPolicyId?: pulumi.Input; /** * Policy type is used to determine which resources (networks) the policy can be associated with. * A policy can be associated with a network only if the network has the matching policyType in its network profile. * Different policy types may support some of the Firewall Rules features. * Possible values are: `VPC_POLICY`, `RDMA_ROCE_POLICY`. */ policyType?: pulumi.Input; /** * A list of firewall policy pre-defined rules. * Structure is documented below. */ predefinedRules?: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The region of this resource. */ region?: pulumi.Input; /** * Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. */ ruleTupleCount?: pulumi.Input; /** * A list of firewall policy rules. * Structure is documented below. */ rules?: pulumi.Input[]>; /** * Server-defined URL for the resource. */ selfLink?: pulumi.Input; /** * Server-defined URL for this resource with the resource id. */ selfLinkWithId?: pulumi.Input; } /** * The set of arguments for constructing a RegionNetworkFirewallPolicyWithRules resource. */ export interface RegionNetworkFirewallPolicyWithRulesArgs { /** * An optional description of this resource. */ description?: pulumi.Input; /** * User-provided name of the Network firewall policy. * The name should be unique in the project in which the firewall policy is created. * The name must be 1-63 characters long, and comply with RFC1035. Specifically, * the name must be 1-63 characters long and match the regular expression a-z? * which means the first character must be a lowercase letter, and all following characters must be a dash, * lowercase letter, or digit, except the last character, which cannot be a dash. */ name?: pulumi.Input; /** * Policy type is used to determine which resources (networks) the policy can be associated with. * A policy can be associated with a network only if the network has the matching policyType in its network profile. * Different policy types may support some of the Firewall Rules features. * Possible values are: `VPC_POLICY`, `RDMA_ROCE_POLICY`. */ policyType?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The region of this resource. */ region?: pulumi.Input; /** * A list of firewall policy rules. * Structure is documented below. */ rules: pulumi.Input[]>; }