import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * ## Example Usage * * ### Compute Network Firewall Policy With Rules Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = gcp.organizations.getProject({}); * const addressGroup1 = new gcp.networksecurity.AddressGroup("address_group_1", { * name: "address-group", * parent: project.then(project => project.id), * description: "Global address group", * location: "global", * items: ["208.80.154.224/32"], * type: "IPV4", * capacity: 100, * }); * const secureTagKey1 = new gcp.tags.TagKey("secure_tag_key_1", { * description: "Tag key", * parent: project.then(project => project.id), * purpose: "GCE_FIREWALL", * shortName: "tag-key", * purposeData: { * network: project.then(project => `${project.name}/default`), * }, * }); * const secureTagValue1 = new gcp.tags.TagValue("secure_tag_value_1", { * description: "Tag value", * parent: secureTagKey1.id, * shortName: "tag-value", * }); * const securityProfile1 = new gcp.networksecurity.SecurityProfile("security_profile_1", { * name: "sp", * type: "THREAT_PREVENTION", * parent: "organizations/123456789", * location: "global", * }); * const securityProfileGroup1 = new gcp.networksecurity.SecurityProfileGroup("security_profile_group_1", { * name: "spg", * parent: "organizations/123456789", * description: "my description", * threatPreventionProfile: securityProfile1.id, * }); * const network = new gcp.compute.Network("network", { * name: "network", * autoCreateSubnetworks: false, * }); * const primary = new gcp.compute.NetworkFirewallPolicyWithRules("primary", { * name: "fw-policy", * description: "Terraform test", * rules: [ * { * description: "tcp rule", * priority: 1000, * enableLogging: true, * action: "allow", * direction: "EGRESS", * match: { * destIpRanges: ["11.100.0.1/32"], * destFqdns: [ * "www.yyy.com", * "www.zzz.com", * ], * destRegionCodes: [ * "HK", * "IN", * ], * destThreatIntelligences: [ * "iplist-search-engines-crawlers", * "iplist-tor-exit-nodes", * ], * destAddressGroups: [addressGroup1.id], * layer4Configs: [{ * ipProtocol: "tcp", * ports: [ * "8080", * "7070", * ], * }], * }, * targetSecureTags: [{ * name: secureTagValue1.id, * }], * }, * { * description: "udp rule", * priority: 2000, * enableLogging: false, * action: "deny", * direction: "INGRESS", * disabled: true, * match: { * srcIpRanges: ["0.0.0.0/0"], * srcFqdns: [ * "www.abc.com", * "www.def.com", * ], * srcRegionCodes: [ * "US", * "CA", * ], * srcThreatIntelligences: [ * "iplist-known-malicious-ips", * "iplist-public-clouds", * ], * srcAddressGroups: [addressGroup1.id], * srcSecureTags: [{ * name: secureTagValue1.id, * }], * layer4Configs: [{ * ipProtocol: "udp", * }], * }, * }, * { * description: "security profile group rule", * ruleName: "tcp rule", * priority: 3000, * enableLogging: false, * action: "apply_security_profile_group", * direction: "INGRESS", * targetServiceAccounts: ["test@google.com"], * securityProfileGroup: pulumi.interpolate`//networksecurity.googleapis.com/${securityProfileGroup1.id}`, * tlsInspect: true, * match: { * srcIpRanges: ["0.0.0.0/0"], * layer4Configs: [{ * ipProtocol: "tcp", * }], * }, * }, * { * description: "network scope rule 1", * ruleName: "network scope 1", * priority: 4000, * enableLogging: false, * action: "allow", * direction: "INGRESS", * match: { * srcIpRanges: ["11.100.0.1/32"], * srcNetworkScope: "VPC_NETWORKS", * srcNetworks: [network.id], * layer4Configs: [{ * ipProtocol: "tcp", * ports: ["8080"], * }], * }, * }, * { * description: "network scope rule 2", * ruleName: "network scope 2", * priority: 5000, * enableLogging: false, * action: "allow", * direction: "EGRESS", * match: { * destIpRanges: ["0.0.0.0/0"], * destNetworkScope: "INTERNET", * layer4Configs: [{ * ipProtocol: "tcp", * ports: ["8080"], * }], * }, * }, * ], * }); * ``` * * ## Import * * NetworkFirewallPolicyWithRules can be imported using any of these accepted formats: * * * `projects/{{project}}/global/firewallPolicies/{{name}}` * * * `{{project}}/{{name}}` * * * `{{name}}` * * When using the `pulumi import` command, NetworkFirewallPolicyWithRules can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/networkFirewallPolicyWithRules:NetworkFirewallPolicyWithRules default projects/{{project}}/global/firewallPolicies/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/networkFirewallPolicyWithRules:NetworkFirewallPolicyWithRules default {{project}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/networkFirewallPolicyWithRules:NetworkFirewallPolicyWithRules default {{name}} * ``` */ export declare class NetworkFirewallPolicyWithRules extends pulumi.CustomResource { /** * Get an existing NetworkFirewallPolicyWithRules resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: NetworkFirewallPolicyWithRulesState, opts?: pulumi.CustomResourceOptions): NetworkFirewallPolicyWithRules; /** * Returns true if the given object is an instance of NetworkFirewallPolicyWithRules. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is NetworkFirewallPolicyWithRules; /** * Creation timestamp in RFC3339 text format. */ readonly creationTimestamp: pulumi.Output; /** * (Output) * A description of the rule. */ readonly description: pulumi.Output; /** * Fingerprint of the resource. This field is used internally during updates of this resource. */ readonly fingerprint: pulumi.Output; /** * User-provided name of the Network firewall policy. * The name should be unique in the project in which the firewall policy is created. * The name must be 1-63 characters long, and comply with RFC1035. Specifically, * the name must be 1-63 characters long and match the regular expression a-z? * which means the first character must be a lowercase letter, and all following characters must be a dash, * lowercase letter, or digit, except the last character, which cannot be a dash. */ readonly name: pulumi.Output; /** * The unique identifier for the resource. This identifier is defined by the server. */ readonly networkFirewallPolicyId: pulumi.Output; /** * A list of firewall policy pre-defined rules. * Structure is documented below. */ readonly predefinedRules: pulumi.Output; readonly project: pulumi.Output; /** * Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. */ readonly ruleTupleCount: pulumi.Output; /** * A list of firewall policy rules. * Structure is documented below. */ readonly rules: pulumi.Output; /** * Server-defined URL for the resource. */ readonly selfLink: pulumi.Output; /** * Server-defined URL for this resource with the resource id. */ readonly selfLinkWithId: pulumi.Output; /** * Create a NetworkFirewallPolicyWithRules resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: NetworkFirewallPolicyWithRulesArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering NetworkFirewallPolicyWithRules resources. */ export interface NetworkFirewallPolicyWithRulesState { /** * Creation timestamp in RFC3339 text format. */ creationTimestamp?: pulumi.Input; /** * (Output) * A description of the rule. */ description?: pulumi.Input; /** * Fingerprint of the resource. This field is used internally during updates of this resource. */ fingerprint?: pulumi.Input; /** * User-provided name of the Network firewall policy. * The name should be unique in the project in which the firewall policy is created. * The name must be 1-63 characters long, and comply with RFC1035. Specifically, * the name must be 1-63 characters long and match the regular expression a-z? * which means the first character must be a lowercase letter, and all following characters must be a dash, * lowercase letter, or digit, except the last character, which cannot be a dash. */ name?: pulumi.Input; /** * The unique identifier for the resource. This identifier is defined by the server. */ networkFirewallPolicyId?: pulumi.Input; /** * A list of firewall policy pre-defined rules. * Structure is documented below. */ predefinedRules?: pulumi.Input[]>; project?: pulumi.Input; /** * Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. */ ruleTupleCount?: pulumi.Input; /** * A list of firewall policy rules. * Structure is documented below. */ rules?: pulumi.Input[]>; /** * Server-defined URL for the resource. */ selfLink?: pulumi.Input; /** * Server-defined URL for this resource with the resource id. */ selfLinkWithId?: pulumi.Input; } /** * The set of arguments for constructing a NetworkFirewallPolicyWithRules resource. */ export interface NetworkFirewallPolicyWithRulesArgs { /** * (Output) * A description of the rule. */ description?: pulumi.Input; /** * User-provided name of the Network firewall policy. * The name should be unique in the project in which the firewall policy is created. * The name must be 1-63 characters long, and comply with RFC1035. Specifically, * the name must be 1-63 characters long and match the regular expression a-z? * which means the first character must be a lowercase letter, and all following characters must be a dash, * lowercase letter, or digit, except the last character, which cannot be a dash. */ name?: pulumi.Input; project?: pulumi.Input; /** * A list of firewall policy rules. * Structure is documented below. */ rules: pulumi.Input[]>; }