import * as pulumi from "@pulumi/pulumi"; /** * The GatewaySecurityPolicyRule resource is in a nested collection within a GatewaySecurityPolicy and represents * a traffic matching condition and associated action to perform. * * To get more information about GatewaySecurityPolicyRule, see: * * * [API documentation](https://cloud.google.com/secure-web-proxy/docs/reference/network-security/rest/v1/projects.locations.gatewaySecurityPolicies.rules) * * ## Example Usage * * ### Network Security Gateway Security Policy Rules Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.networksecurity.GatewaySecurityPolicy("default", { * name: "my-gateway-security-policy", * location: "us-central1", * description: "gateway security policy created to be used as reference by the rule.", * }); * const defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule("default", { * name: "my-gateway-security-policy-rule", * location: "us-central1", * gatewaySecurityPolicy: _default.name, * enabled: true, * description: "my description", * priority: 0, * sessionMatcher: "host() == 'example.com'", * basicProfile: "ALLOW", * }); * ``` * ### Network Security Gateway Security Policy Rules Advanced * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.networksecurity.GatewaySecurityPolicy("default", { * name: "my-gateway-security-policy", * location: "us-central1", * description: "gateway security policy created to be used as reference by the rule.", * }); * const defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule("default", { * name: "my-gateway-security-policy-rule", * location: "us-central1", * gatewaySecurityPolicy: _default.name, * enabled: true, * description: "my description", * priority: 0, * sessionMatcher: "host() == 'example.com'", * applicationMatcher: "request.method == 'POST'", * tlsInspectionEnabled: false, * basicProfile: "ALLOW", * }); * ``` * * ## Import * * GatewaySecurityPolicyRule can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{gateway_security_policy}}/rules/{{name}}` * * * `{{project}}/{{location}}/{{gateway_security_policy}}/{{name}}` * * * `{{location}}/{{gateway_security_policy}}/{{name}}` * * When using the `pulumi import` command, GatewaySecurityPolicyRule can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{gateway_security_policy}}/rules/{{name}} * ``` * * ```sh * $ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default {{project}}/{{location}}/{{gateway_security_policy}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule default {{location}}/{{gateway_security_policy}}/{{name}} * ``` */ export declare class GatewaySecurityPolicyRule extends pulumi.CustomResource { /** * Get an existing GatewaySecurityPolicyRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: GatewaySecurityPolicyRuleState, opts?: pulumi.CustomResourceOptions): GatewaySecurityPolicyRule; /** * Returns true if the given object is an instance of GatewaySecurityPolicyRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is GatewaySecurityPolicyRule; /** * CEL expression for matching on L7/application level criteria. */ readonly applicationMatcher: pulumi.Output; /** * Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. * Possible values are: `BASIC_PROFILE_UNSPECIFIED`, `ALLOW`, `DENY`. */ readonly basicProfile: pulumi.Output; /** * The timestamp when the resource was created. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z" */ readonly createTime: pulumi.Output; /** * Free-text description of the resource. */ readonly description: pulumi.Output; /** * Whether the rule is enforced. */ readonly enabled: pulumi.Output; /** * The name of the gatewat security policy this rule belongs to. * * * - - - */ readonly gatewaySecurityPolicy: pulumi.Output; /** * The location of the gateway security policy. */ readonly location: pulumi.Output; /** * Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} * rule should match the pattern: (^a-z?$). */ readonly name: pulumi.Output; /** * Priority of the rule. Lower number corresponds to higher precedence. */ readonly priority: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * Server-defined URL of this resource. */ readonly selfLink: pulumi.Output; /** * CEL expression for matching on session criteria. */ readonly sessionMatcher: pulumi.Output; /** * Flag to enable TLS inspection of traffic matching on. Can only be true if the * parent GatewaySecurityPolicy references a TLSInspectionConfig. */ readonly tlsInspectionEnabled: pulumi.Output; /** * The timestamp when the resource was updated. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ readonly updateTime: pulumi.Output; /** * Create a GatewaySecurityPolicyRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: GatewaySecurityPolicyRuleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering GatewaySecurityPolicyRule resources. */ export interface GatewaySecurityPolicyRuleState { /** * CEL expression for matching on L7/application level criteria. */ applicationMatcher?: pulumi.Input; /** * Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. * Possible values are: `BASIC_PROFILE_UNSPECIFIED`, `ALLOW`, `DENY`. */ basicProfile?: pulumi.Input; /** * The timestamp when the resource was created. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z" */ createTime?: pulumi.Input; /** * Free-text description of the resource. */ description?: pulumi.Input; /** * Whether the rule is enforced. */ enabled?: pulumi.Input; /** * The name of the gatewat security policy this rule belongs to. * * * - - - */ gatewaySecurityPolicy?: pulumi.Input; /** * The location of the gateway security policy. */ location?: pulumi.Input; /** * Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} * rule should match the pattern: (^a-z?$). */ name?: pulumi.Input; /** * Priority of the rule. Lower number corresponds to higher precedence. */ priority?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Server-defined URL of this resource. */ selfLink?: pulumi.Input; /** * CEL expression for matching on session criteria. */ sessionMatcher?: pulumi.Input; /** * Flag to enable TLS inspection of traffic matching on. Can only be true if the * parent GatewaySecurityPolicy references a TLSInspectionConfig. */ tlsInspectionEnabled?: pulumi.Input; /** * The timestamp when the resource was updated. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. * Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a GatewaySecurityPolicyRule resource. */ export interface GatewaySecurityPolicyRuleArgs { /** * CEL expression for matching on L7/application level criteria. */ applicationMatcher?: pulumi.Input; /** * Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. * Possible values are: `BASIC_PROFILE_UNSPECIFIED`, `ALLOW`, `DENY`. */ basicProfile: pulumi.Input; /** * Free-text description of the resource. */ description?: pulumi.Input; /** * Whether the rule is enforced. */ enabled: pulumi.Input; /** * The name of the gatewat security policy this rule belongs to. * * * - - - */ gatewaySecurityPolicy: pulumi.Input; /** * The location of the gateway security policy. */ location: pulumi.Input; /** * Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} * rule should match the pattern: (^a-z?$). */ name?: pulumi.Input; /** * Priority of the rule. Lower number corresponds to higher precedence. */ priority: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * CEL expression for matching on session criteria. */ sessionMatcher: pulumi.Input; /** * Flag to enable TLS inspection of traffic matching on. Can only be true if the * parent GatewaySecurityPolicy references a TLSInspectionConfig. */ tlsInspectionEnabled?: pulumi.Input; }