import * as pulumi from "@pulumi/pulumi"; /** * The GatewaySecurityPolicy resource contains a collection of GatewaySecurityPolicyRules and associated metadata. * * To get more information about GatewaySecurityPolicy, see: * * * [API documentation](https://cloud.google.com/secure-web-proxy/docs/reference/network-security/rest/v1/projects.locations.gatewaySecurityPolicies) * * ## Example Usage * * ### Network Security Gateway Security Policy Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.networksecurity.GatewaySecurityPolicy("default", { * name: "my-gateway-security-policy", * location: "us-central1", * description: "my description", * }); * ``` * ### Network Security Gateway Security Policy Tls Inspection Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.certificateauthority.CaPool("default", { * name: "my-basic-ca-pool", * location: "us-central1", * tier: "DEVOPS", * publishingOptions: { * publishCaCert: false, * publishCrl: false, * }, * issuancePolicy: { * maximumLifetime: "1209600s", * baselineValues: { * caOptions: { * isCa: false, * }, * keyUsage: { * baseKeyUsage: {}, * extendedKeyUsage: { * serverAuth: true, * }, * }, * }, * }, * }); * const defaultAuthority = new gcp.certificateauthority.Authority("default", { * pool: _default.name, * certificateAuthorityId: "my-basic-certificate-authority", * location: "us-central1", * lifetime: "86400s", * type: "SELF_SIGNED", * deletionProtection: false, * skipGracePeriod: true, * ignoreActiveCertificatesOnDeletion: true, * config: { * subjectConfig: { * subject: { * organization: "Test LLC", * commonName: "my-ca", * }, * }, * x509Config: { * caOptions: { * isCa: true, * }, * keyUsage: { * baseKeyUsage: { * certSign: true, * crlSign: true, * }, * extendedKeyUsage: { * serverAuth: false, * }, * }, * }, * }, * keySpec: { * algorithm: "RSA_PKCS1_4096_SHA256", * }, * }); * const project = gcp.organizations.getProject({}); * const tlsInspectionPermission = new gcp.certificateauthority.CaPoolIamMember("tls_inspection_permission", { * caPool: _default.id, * role: "roles/privateca.certificateManager", * member: project.then(project => `serviceAccount:service-${project.number}@gcp-sa-networksecurity.iam.gserviceaccount.com`), * }); * const defaultTlsInspectionPolicy = new gcp.networksecurity.TlsInspectionPolicy("default", { * name: "my-tls-inspection-policy", * location: "us-central1", * caPool: _default.id, * }, { * dependsOn: [ * _default, * defaultAuthority, * tlsInspectionPermission, * ], * }); * const defaultGatewaySecurityPolicy = new gcp.networksecurity.GatewaySecurityPolicy("default", { * name: "my-gateway-security-policy", * location: "us-central1", * description: "my description", * tlsInspectionPolicy: defaultTlsInspectionPolicy.id, * }, { * dependsOn: [defaultTlsInspectionPolicy], * }); * ``` * * ## Import * * GatewaySecurityPolicy can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{name}}` * * * `{{project}}/{{location}}/{{name}}` * * * `{{location}}/{{name}}` * * When using the `pulumi import` command, GatewaySecurityPolicy can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:networksecurity/gatewaySecurityPolicy:GatewaySecurityPolicy default projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{name}} * ``` * * ```sh * $ pulumi import gcp:networksecurity/gatewaySecurityPolicy:GatewaySecurityPolicy default {{project}}/{{location}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:networksecurity/gatewaySecurityPolicy:GatewaySecurityPolicy default {{location}}/{{name}} * ``` */ export declare class GatewaySecurityPolicy extends pulumi.CustomResource { /** * Get an existing GatewaySecurityPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: GatewaySecurityPolicyState, opts?: pulumi.CustomResourceOptions): GatewaySecurityPolicy; /** * Returns true if the given object is an instance of GatewaySecurityPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is GatewaySecurityPolicy; /** * The timestamp when the resource was created. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z" */ readonly createTime: pulumi.Output; /** * A free-text description of the resource. Max length 1024 characters. */ readonly description: pulumi.Output; /** * The location of the gateway security policy. * The default value is `global`. */ readonly location: pulumi.Output; /** * Name of the resource. Name is of the form projects/{project}/locations/{location}/gatewaySecurityPolicies/{gatewaySecurityPolicy} * gatewaySecurityPolicy should match the pattern:(^a-z?$). * * * - - - */ readonly name: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * Server-defined URL of this resource. */ readonly selfLink: pulumi.Output; /** * Name of a TlsInspectionPolicy resource that defines how TLS inspection is performed for any rule that enables it. */ readonly tlsInspectionPolicy: pulumi.Output; /** * The timestamp when the resource was updated. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ readonly updateTime: pulumi.Output; /** * Create a GatewaySecurityPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: GatewaySecurityPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering GatewaySecurityPolicy resources. */ export interface GatewaySecurityPolicyState { /** * The timestamp when the resource was created. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z" */ createTime?: pulumi.Input; /** * A free-text description of the resource. Max length 1024 characters. */ description?: pulumi.Input; /** * The location of the gateway security policy. * The default value is `global`. */ location?: pulumi.Input; /** * Name of the resource. Name is of the form projects/{project}/locations/{location}/gatewaySecurityPolicies/{gatewaySecurityPolicy} * gatewaySecurityPolicy should match the pattern:(^a-z?$). * * * - - - */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Server-defined URL of this resource. */ selfLink?: pulumi.Input; /** * Name of a TlsInspectionPolicy resource that defines how TLS inspection is performed for any rule that enables it. */ tlsInspectionPolicy?: pulumi.Input; /** * The timestamp when the resource was updated. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a GatewaySecurityPolicy resource. */ export interface GatewaySecurityPolicyArgs { /** * A free-text description of the resource. Max length 1024 characters. */ description?: pulumi.Input; /** * The location of the gateway security policy. * The default value is `global`. */ location?: pulumi.Input; /** * Name of the resource. Name is of the form projects/{project}/locations/{location}/gatewaySecurityPolicies/{gatewaySecurityPolicy} * gatewaySecurityPolicy should match the pattern:(^a-z?$). * * * - - - */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Name of a TlsInspectionPolicy resource that defines how TLS inspection is performed for any rule that enables it. */ tlsInspectionPolicy?: pulumi.Input; }