import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * A security profile defines the behavior associated to a profile type. * * To get more information about SecurityProfile, see: * * * [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1/organizations.locations.securityProfiles) * * How-to Guides * * [Create and manage security profiles](https://cloud.google.com/firewall/docs/configure-security-profiles) * * ## Example Usage * * ### Network Security Security Profile Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.networksecurity.SecurityProfile("default", { * name: "my-security-profile", * parent: "organizations/123456789", * description: "my description", * type: "THREAT_PREVENTION", * labels: { * foo: "bar", * }, * }); * ``` * ### Network Security Security Profile Overrides * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.networksecurity.SecurityProfile("default", { * name: "my-security-profile", * parent: "organizations/123456789", * description: "my description", * type: "THREAT_PREVENTION", * threatPreventionProfile: { * severityOverrides: [ * { * action: "ALLOW", * severity: "INFORMATIONAL", * }, * { * action: "DENY", * severity: "HIGH", * }, * ], * threatOverrides: [{ * action: "ALLOW", * threatId: "280647", * }], * antivirusOverrides: [{ * protocol: "SMTP", * action: "ALLOW", * }], * }, * }); * ``` * ### Network Security Security Profile Mirroring * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", { * name: "my-network", * autoCreateSubnetworks: false, * }); * const defaultMirroringDeploymentGroup = new gcp.networksecurity.MirroringDeploymentGroup("default", { * mirroringDeploymentGroupId: "my-dg", * location: "global", * network: _default.id, * }); * const defaultMirroringEndpointGroup = new gcp.networksecurity.MirroringEndpointGroup("default", { * mirroringEndpointGroupId: "my-eg", * location: "global", * mirroringDeploymentGroup: defaultMirroringDeploymentGroup.id, * }); * const defaultSecurityProfile = new gcp.networksecurity.SecurityProfile("default", { * name: "my-security-profile", * parent: "organizations/123456789", * description: "my description", * type: "CUSTOM_MIRRORING", * customMirroringProfile: { * mirroringEndpointGroup: defaultMirroringEndpointGroup.id, * }, * }); * ``` * ### Network Security Security Profile Intercept * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", { * name: "my-network", * autoCreateSubnetworks: false, * }); * const defaultInterceptDeploymentGroup = new gcp.networksecurity.InterceptDeploymentGroup("default", { * interceptDeploymentGroupId: "my-dg", * location: "global", * network: _default.id, * }); * const defaultInterceptEndpointGroup = new gcp.networksecurity.InterceptEndpointGroup("default", { * interceptEndpointGroupId: "my-eg", * location: "global", * interceptDeploymentGroup: defaultInterceptDeploymentGroup.id, * }); * const defaultSecurityProfile = new gcp.networksecurity.SecurityProfile("default", { * name: "my-security-profile", * parent: "organizations/123456789", * description: "my description", * type: "CUSTOM_INTERCEPT", * customInterceptProfile: { * interceptEndpointGroup: defaultInterceptEndpointGroup.id, * }, * }); * ``` * ### Network Security Security Profile Url Filtering * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.networksecurity.SecurityProfile("default", { * name: "my-security-profile", * parent: "organizations/123456789", * description: "my description", * type: "URL_FILTERING", * urlFilteringProfile: { * urlFilters: [ * { * priority: 1, * filteringAction: "ALLOW", * urls: [ * "*example.com", * "*about.example.com", * "*help.example.com", * ], * }, * { * priority: 2, * filteringAction: "DENY", * urls: ["*restricted.example.com"], * }, * ], * }, * labels: { * foo: "bar", * }, * }); * ``` * * ## Import * * SecurityProfile can be imported using any of these accepted formats: * * * `{{parent}}/locations/{{location}}/securityProfiles/{{name}}` * * When using the `pulumi import` command, SecurityProfile can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:networksecurity/securityProfile:SecurityProfile default {{parent}}/locations/{{location}}/securityProfiles/{{name}} * ``` */ export declare class SecurityProfile extends pulumi.CustomResource { /** * Get an existing SecurityProfile resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: SecurityProfileState, opts?: pulumi.CustomResourceOptions): SecurityProfile; /** * Returns true if the given object is an instance of SecurityProfile. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is SecurityProfile; /** * Time the security profile was created in UTC. */ readonly createTime: pulumi.Output; /** * The configuration for defining the Intercept Endpoint Group used to * intercept traffic to third-party firewall appliances. * Structure is documented below. */ readonly customInterceptProfile: pulumi.Output; /** * The configuration for defining the Mirroring Endpoint Group used to * mirror traffic to third-party collectors. * Structure is documented below. */ readonly customMirroringProfile: pulumi.Output; /** * An optional description of the security profile. The Max length is 512 characters. */ readonly description: pulumi.Output; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * This checksum is computed by the server based on the value of other fields, * and may be sent on update and delete requests to ensure the client has an up-to-date * value before proceeding. */ readonly etag: pulumi.Output; /** * A map of key/value label pairs to assign to the resource. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ readonly labels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * The location of the security profile. * The default value is `global`. */ readonly location: pulumi.Output; /** * The name of the security profile resource. */ readonly name: pulumi.Output; /** * The name of the parent this security profile belongs to. * Format: organizations/{organization_id}. */ readonly parent: pulumi.Output; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; /** * Server-defined URL of this resource. */ readonly selfLink: pulumi.Output; /** * The threat prevention configuration for the security profile. * Structure is documented below. */ readonly threatPreventionProfile: pulumi.Output; /** * The type of security profile. * Possible values are: `THREAT_PREVENTION`, `URL_FILTERING`, `CUSTOM_MIRRORING`, `CUSTOM_INTERCEPT`. */ readonly type: pulumi.Output; /** * Time the security profile was updated in UTC. */ readonly updateTime: pulumi.Output; /** * The url filtering configuration for the security profile. * Structure is documented below. */ readonly urlFilteringProfile: pulumi.Output; /** * Create a SecurityProfile resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SecurityProfileArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering SecurityProfile resources. */ export interface SecurityProfileState { /** * Time the security profile was created in UTC. */ createTime?: pulumi.Input; /** * The configuration for defining the Intercept Endpoint Group used to * intercept traffic to third-party firewall appliances. * Structure is documented below. */ customInterceptProfile?: pulumi.Input; /** * The configuration for defining the Mirroring Endpoint Group used to * mirror traffic to third-party collectors. * Structure is documented below. */ customMirroringProfile?: pulumi.Input; /** * An optional description of the security profile. The Max length is 512 characters. */ description?: pulumi.Input; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * This checksum is computed by the server based on the value of other fields, * and may be sent on update and delete requests to ensure the client has an up-to-date * value before proceeding. */ etag?: pulumi.Input; /** * A map of key/value label pairs to assign to the resource. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The location of the security profile. * The default value is `global`. */ location?: pulumi.Input; /** * The name of the security profile resource. */ name?: pulumi.Input; /** * The name of the parent this security profile belongs to. * Format: organizations/{organization_id}. */ parent?: pulumi.Input; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Server-defined URL of this resource. */ selfLink?: pulumi.Input; /** * The threat prevention configuration for the security profile. * Structure is documented below. */ threatPreventionProfile?: pulumi.Input; /** * The type of security profile. * Possible values are: `THREAT_PREVENTION`, `URL_FILTERING`, `CUSTOM_MIRRORING`, `CUSTOM_INTERCEPT`. */ type?: pulumi.Input; /** * Time the security profile was updated in UTC. */ updateTime?: pulumi.Input; /** * The url filtering configuration for the security profile. * Structure is documented below. */ urlFilteringProfile?: pulumi.Input; } /** * The set of arguments for constructing a SecurityProfile resource. */ export interface SecurityProfileArgs { /** * The configuration for defining the Intercept Endpoint Group used to * intercept traffic to third-party firewall appliances. * Structure is documented below. */ customInterceptProfile?: pulumi.Input; /** * The configuration for defining the Mirroring Endpoint Group used to * mirror traffic to third-party collectors. * Structure is documented below. */ customMirroringProfile?: pulumi.Input; /** * An optional description of the security profile. The Max length is 512 characters. */ description?: pulumi.Input; /** * A map of key/value label pairs to assign to the resource. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The location of the security profile. * The default value is `global`. */ location?: pulumi.Input; /** * The name of the security profile resource. */ name?: pulumi.Input; /** * The name of the parent this security profile belongs to. * Format: organizations/{organization_id}. */ parent?: pulumi.Input; /** * The threat prevention configuration for the security profile. * Structure is documented below. */ threatPreventionProfile?: pulumi.Input; /** * The type of security profile. * Possible values are: `THREAT_PREVENTION`, `URL_FILTERING`, `CUSTOM_MIRRORING`, `CUSTOM_INTERCEPT`. */ type: pulumi.Input; /** * The url filtering configuration for the security profile. * Structure is documented below. */ urlFilteringProfile?: pulumi.Input; }