import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * ## Example Usage * * ### Network Security Authorization Policy Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.networksecurity.AuthorizationPolicy("default", { * name: "my-authorization-policy", * labels: { * foo: "bar", * }, * description: "my description", * action: "ALLOW", * rules: [{ * sources: [{ * principals: ["namespace/*"], * ipBlocks: ["1.2.3.0/24"], * }], * }], * }); * ``` * ### Network Security Authorization Policy Destinations * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.networksecurity.AuthorizationPolicy("default", { * name: "my-authorization-policy", * labels: { * foo: "bar", * }, * description: "my description", * action: "ALLOW", * rules: [{ * sources: [{ * principals: ["namespace/*"], * ipBlocks: ["1.2.3.0/24"], * }], * destinations: [{ * hosts: ["mydomain.*"], * ports: [8080], * methods: ["GET"], * httpHeaderMatch: { * headerName: ":method", * regexMatch: "GET", * }, * }], * }], * }); * ``` * * ## Import * * AuthorizationPolicy can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}}` * * * `{{project}}/{{location}}/{{name}}` * * * `{{location}}/{{name}}` * * When using the `pulumi import` command, AuthorizationPolicy can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:networksecurity/authorizationPolicy:AuthorizationPolicy default projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}} * ``` * * ```sh * $ pulumi import gcp:networksecurity/authorizationPolicy:AuthorizationPolicy default {{project}}/{{location}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:networksecurity/authorizationPolicy:AuthorizationPolicy default {{location}}/{{name}} * ``` */ export declare class AuthorizationPolicy extends pulumi.CustomResource { /** * Get an existing AuthorizationPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: AuthorizationPolicyState, opts?: pulumi.CustomResourceOptions): AuthorizationPolicy; /** * Returns true if the given object is an instance of AuthorizationPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AuthorizationPolicy; /** * The action to take when a rule match is found. Possible values are "ALLOW" or "DENY". * Possible values are: `ALLOW`, `DENY`. */ readonly action: pulumi.Output; /** * Time the AuthorizationPolicy was created in UTC. */ readonly createTime: pulumi.Output; /** * A free-text description of the resource. Max length 1024 characters. */ readonly description: pulumi.Output; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * Set of label tags associated with the AuthorizationPolicy resource. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ readonly labels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * The location of the authorization policy. * The default value is `global`. */ readonly location: pulumi.Output; /** * Name of the AuthorizationPolicy resource. * * * - - - */ readonly name: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; /** * List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. * A rule is a match if there is a matching source and destination. If left blank, the action specified in the action field will be applied on every request. * Structure is documented below. */ readonly rules: pulumi.Output; /** * Time the AuthorizationPolicy was updated in UTC. */ readonly updateTime: pulumi.Output; /** * Create a AuthorizationPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: AuthorizationPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering AuthorizationPolicy resources. */ export interface AuthorizationPolicyState { /** * The action to take when a rule match is found. Possible values are "ALLOW" or "DENY". * Possible values are: `ALLOW`, `DENY`. */ action?: pulumi.Input; /** * Time the AuthorizationPolicy was created in UTC. */ createTime?: pulumi.Input; /** * A free-text description of the resource. Max length 1024 characters. */ description?: pulumi.Input; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Set of label tags associated with the AuthorizationPolicy resource. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The location of the authorization policy. * The default value is `global`. */ location?: pulumi.Input; /** * Name of the AuthorizationPolicy resource. * * * - - - */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. * A rule is a match if there is a matching source and destination. If left blank, the action specified in the action field will be applied on every request. * Structure is documented below. */ rules?: pulumi.Input[]>; /** * Time the AuthorizationPolicy was updated in UTC. */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a AuthorizationPolicy resource. */ export interface AuthorizationPolicyArgs { /** * The action to take when a rule match is found. Possible values are "ALLOW" or "DENY". * Possible values are: `ALLOW`, `DENY`. */ action: pulumi.Input; /** * A free-text description of the resource. Max length 1024 characters. */ description?: pulumi.Input; /** * Set of label tags associated with the AuthorizationPolicy resource. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The location of the authorization policy. * The default value is `global`. */ location?: pulumi.Input; /** * Name of the AuthorizationPolicy resource. * * * - - - */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * List of rules to match. Note that at least one of the rules must match in order for the action specified in the 'action' field to be taken. * A rule is a match if there is a matching source and destination. If left blank, the action specified in the action field will be applied on every request. * Structure is documented below. */ rules?: pulumi.Input[]>; }