import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
 * Replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. This is done atomically.
 * This is a bulk edit of all Service Perimeters and may override existing Service Perimeters created by `gcp.accesscontextmanager.ServicePerimeter`,
 * thus causing a permadiff if used alongside `gcp.accesscontextmanager.ServicePerimeter` on the same parent.
 *
 * To get more information about ServicePerimeters, see:
 *
 * * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters)
 * * How-to Guides
 *     * [Guide to Ingress and Egress Rules](https://cloud.google.com/vpc-service-controls/docs/ingress-egress-rules)
 *     * [Service Perimeter Quickstart](https://cloud.google.com/vpc-service-controls/docs/quickstart)
 *
 * ## Example Usage
 *
 * ### Access Context Manager Service Perimeters Basic
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", {
 *     parent: "organizations/123456789",
 *     title: "my policy",
 * });
 * const service_perimeter = new gcp.accesscontextmanager.ServicePerimeters("service-perimeter", {
 *     parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,
 *     servicePerimeters: [
 *         {
 *             name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/`,
 *             title: "",
 *             status: {
 *                 restrictedServices: ["storage.googleapis.com"],
 *             },
 *         },
 *         {
 *             name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/`,
 *             title: "",
 *             status: {
 *                 restrictedServices: ["bigtable.googleapis.com"],
 *             },
 *         },
 *     ],
 * });
 * const access_level = new gcp.accesscontextmanager.AccessLevel("access-level", {
 *     parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,
 *     name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,
 *     title: "chromeos_no_lock",
 *     basic: {
 *         conditions: [{
 *             devicePolicy: {
 *                 requireScreenLock: false,
 *                 osConstraints: [{
 *                     osType: "DESKTOP_CHROME_OS",
 *                 }],
 *             },
 *             regions: [
 *                 "CH",
 *                 "IT",
 *                 "US",
 *             ],
 *         }],
 *     },
 * });
 * ```
 *
 * ## Import
 *
 * ServicePerimeters can be imported using any of these accepted formats:
 *
 * * `{{parent}}/servicePerimeters`
 * * `{{parent}}`
 *
 * When using the `pulumi import` command, ServicePerimeters can be imported using one of the formats above. For example:
 *
 * ```sh
 * $ pulumi import gcp:accesscontextmanager/servicePerimeters:ServicePerimeters default {{parent}}/servicePerimeters
 * $ pulumi import gcp:accesscontextmanager/servicePerimeters:ServicePerimeters default {{parent}}
 * ```
 */
export declare class ServicePerimeters extends pulumi.CustomResource {
    /**
     * Get an existing ServicePerimeters resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServicePerimetersState, opts?: pulumi.CustomResourceOptions): ServicePerimeters;
    /**
     * Returns true if the given object is an instance of ServicePerimeters.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is ServicePerimeters;
    /**
     * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
     * When a 'terraform destroy' or 'pulumi up' would delete the resource,
     * the command will fail if this field is set to "PREVENT" in Terraform state.
     * When set to "ABANDON", the command will remove the resource from Terraform
     * management without updating or deleting the resource in the API.
     * When set to "DELETE", deleting the resource is allowed.
     */
    readonly deletionPolicy: pulumi.Output<string>;
    /**
     * The AccessPolicy this ServicePerimeter lives in.
     * Format: accessPolicies/{policy_id}
     */
    readonly parent: pulumi.Output<string>;
    /**
     * The desired Service Perimeters that should replace all existing Service Perimeters in the Access Policy.
     * Structure is documented below.
     */
    readonly servicePerimeters: pulumi.Output<outputs.accesscontextmanager.ServicePerimetersServicePerimeter[] | undefined>;
    /**
     * Create a ServicePerimeters resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: ServicePerimetersArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering ServicePerimeters resources.
 */
export interface ServicePerimetersState {
    /**
     * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
     * When a 'terraform destroy' or 'pulumi up' would delete the resource,
     * the command will fail if this field is set to "PREVENT" in Terraform state.
     * When set to "ABANDON", the command will remove the resource from Terraform
     * management without updating or deleting the resource in the API.
     * When set to "DELETE", deleting the resource is allowed.
     */
    deletionPolicy?: pulumi.Input<string | undefined>;
    /**
     * The AccessPolicy this ServicePerimeter lives in.
     * Format: accessPolicies/{policy_id}
     */
    parent?: pulumi.Input<string | undefined>;
    /**
     * The desired Service Perimeters that should replace all existing Service Perimeters in the Access Policy.
     * Structure is documented below.
     */
    servicePerimeters?: pulumi.Input<pulumi.Input<inputs.accesscontextmanager.ServicePerimetersServicePerimeter>[] | undefined>;
}
/**
 * The set of arguments for constructing a ServicePerimeters resource.
 */
export interface ServicePerimetersArgs {
    /**
     * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
     * When a 'terraform destroy' or 'pulumi up' would delete the resource,
     * the command will fail if this field is set to "PREVENT" in Terraform state.
     * When set to "ABANDON", the command will remove the resource from Terraform
     * management without updating or deleting the resource in the API.
     * When set to "DELETE", deleting the resource is allowed.
     */
    deletionPolicy?: pulumi.Input<string | undefined>;
    /**
     * The AccessPolicy this ServicePerimeter lives in.
     * Format: accessPolicies/{policy_id}
     */
    parent: pulumi.Input<string>;
    /**
     * The desired Service Perimeters that should replace all existing Service Perimeters in the Access Policy.
     * Structure is documented below.
     */
    servicePerimeters?: pulumi.Input<pulumi.Input<inputs.accesscontextmanager.ServicePerimetersServicePerimeter>[] | undefined>;
}
//# sourceMappingURL=servicePerimeters.d.ts.map