import * as pulumi from "@pulumi/pulumi"; /** * App Check enforcement policy for a specific resource of a Google service supported by App Check. Note that this policy will override the service-level configuration. * * To get more information about ResourcePolicy, see: * * * [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.services.resourcePolicies) * * How-to Guides * * [Official Documentation](https://firebase.google.com/docs/app-check) * * ## Example Usage * * ### Firebase App Check Resource Policy Oauth2 Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const firebaseappcheck = new gcp.projects.Service("firebaseappcheck", { * project: "my-project-name", * service: "firebaseappcheck.googleapis.com", * }); * const _default = new gcp.firebase.AppCheckResourcePolicy("default", { * project: "my-project-name", * serviceId: "oauth2.googleapis.com", * targetResource: "//oauth2.googleapis.com/projects/my-project-name/oauthClients/example-client-id", * enforcementMode: "UNENFORCED", * }, { * dependsOn: [firebaseappcheck], * }); * ``` * * ## Import * * ResourcePolicy can be imported using any of these accepted formats: * * * `projects/{{project}}/services/{{service_id}}/resourcePolicies/{{resource_policy_id}}` * * `{{project}}/{{service_id}}/{{resource_policy_id}}` * * `{{service_id}}/{{resource_policy_id}}` * * When using the `pulumi import` command, ResourcePolicy can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:firebase/appCheckResourcePolicy:AppCheckResourcePolicy default projects/{{project}}/services/{{service_id}}/resourcePolicies/{{resource_policy_id}} * $ pulumi import gcp:firebase/appCheckResourcePolicy:AppCheckResourcePolicy default {{project}}/{{service_id}}/{{resource_policy_id}} * $ pulumi import gcp:firebase/appCheckResourcePolicy:AppCheckResourcePolicy default {{service_id}}/{{resource_policy_id}} * ``` */ export declare class AppCheckResourcePolicy extends pulumi.CustomResource { /** * Get an existing AppCheckResourcePolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: AppCheckResourcePolicyState, opts?: pulumi.CustomResourceOptions): AppCheckResourcePolicy; /** * Returns true if the given object is an instance of AppCheckResourcePolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AppCheckResourcePolicy; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ readonly deletionPolicy: pulumi.Output; /** * The App Check enforcement mode for a service supported by App Check. This will override the EnforcementMode setting on the service. * Valid values are: * (Unset) * Firebase App Check is not enforced for the service, nor are App Check metrics collected. * Though the service is not protected by App Check in this mode, other applicable protections, * such as user authorization, are still enforced. An unconfigured service is in this mode by default. * This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the * enforcement to OFF for this service. * UNENFORCED * Firebase App Check is not enforced for the service. App Check metrics are collected to help you * decide when to turn on enforcement for the service. Though the service is not protected by App Check * in this mode, other applicable protections, such as user authorization, are still enforced. * ENFORCED * Firebase App Check is enforced for the service. The service will reject any request that attempts to * access your project's resources if it does not have valid App Check token attached, with some exceptions * depending on the service; for example, some services will still allow requests bearing the developer's * privileged service account credentials without an App Check token. App Check metrics continue to be * collected to help you detect issues with your App Check integration and monitor the composition of your * callers. While the service is protected by App Check, other applicable protections, such as user * authorization, continue to be enforced at the same time. * Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated * to an App Check capable version of your app, their apps will no longer be able to use your Firebase * services that are enforcing App Check. App Check metrics can help you decide whether to enforce App * Check on your Firebase services. * If your app has not launched yet, you should enable enforcement immediately, since there are no outdated * clients in use. * Possible values are: `UNENFORCED`, `ENFORCED`. */ readonly enforcementMode: pulumi.Output; /** * This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. */ readonly etag: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The server-generated UID for the Resource Policy. */ readonly resourcePolicyId: pulumi.Output; /** * The identifier of the service to configure a Resource Policy for. * Currently, the following service IDs are supported: * * `oauth2.googleapis.com` (Google Identity for iOS) */ readonly serviceId: pulumi.Output; /** * Service specific name of the resource object to which this policy applies, in the format: * * iOS OAuth clients (Google Identity for iOS): * `//oauth2.googleapis.com/projects/{project_number}/oauthClients/{oauthClientId}` */ readonly targetResource: pulumi.Output; /** * Output only. Timestamp when this resource policy configuration object was most recently updated. */ readonly updateTime: pulumi.Output; /** * Create a AppCheckResourcePolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: AppCheckResourcePolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering AppCheckResourcePolicy resources. */ export interface AppCheckResourcePolicyState { /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ deletionPolicy?: pulumi.Input; /** * The App Check enforcement mode for a service supported by App Check. This will override the EnforcementMode setting on the service. * Valid values are: * (Unset) * Firebase App Check is not enforced for the service, nor are App Check metrics collected. * Though the service is not protected by App Check in this mode, other applicable protections, * such as user authorization, are still enforced. An unconfigured service is in this mode by default. * This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the * enforcement to OFF for this service. * UNENFORCED * Firebase App Check is not enforced for the service. App Check metrics are collected to help you * decide when to turn on enforcement for the service. Though the service is not protected by App Check * in this mode, other applicable protections, such as user authorization, are still enforced. * ENFORCED * Firebase App Check is enforced for the service. The service will reject any request that attempts to * access your project's resources if it does not have valid App Check token attached, with some exceptions * depending on the service; for example, some services will still allow requests bearing the developer's * privileged service account credentials without an App Check token. App Check metrics continue to be * collected to help you detect issues with your App Check integration and monitor the composition of your * callers. While the service is protected by App Check, other applicable protections, such as user * authorization, continue to be enforced at the same time. * Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated * to an App Check capable version of your app, their apps will no longer be able to use your Firebase * services that are enforcing App Check. App Check metrics can help you decide whether to enforce App * Check on your Firebase services. * If your app has not launched yet, you should enable enforcement immediately, since there are no outdated * clients in use. * Possible values are: `UNENFORCED`, `ENFORCED`. */ enforcementMode?: pulumi.Input; /** * This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. */ etag?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The server-generated UID for the Resource Policy. */ resourcePolicyId?: pulumi.Input; /** * The identifier of the service to configure a Resource Policy for. * Currently, the following service IDs are supported: * * `oauth2.googleapis.com` (Google Identity for iOS) */ serviceId?: pulumi.Input; /** * Service specific name of the resource object to which this policy applies, in the format: * * iOS OAuth clients (Google Identity for iOS): * `//oauth2.googleapis.com/projects/{project_number}/oauthClients/{oauthClientId}` */ targetResource?: pulumi.Input; /** * Output only. Timestamp when this resource policy configuration object was most recently updated. */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a AppCheckResourcePolicy resource. */ export interface AppCheckResourcePolicyArgs { /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ deletionPolicy?: pulumi.Input; /** * The App Check enforcement mode for a service supported by App Check. This will override the EnforcementMode setting on the service. * Valid values are: * (Unset) * Firebase App Check is not enforced for the service, nor are App Check metrics collected. * Though the service is not protected by App Check in this mode, other applicable protections, * such as user authorization, are still enforced. An unconfigured service is in this mode by default. * This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the * enforcement to OFF for this service. * UNENFORCED * Firebase App Check is not enforced for the service. App Check metrics are collected to help you * decide when to turn on enforcement for the service. Though the service is not protected by App Check * in this mode, other applicable protections, such as user authorization, are still enforced. * ENFORCED * Firebase App Check is enforced for the service. The service will reject any request that attempts to * access your project's resources if it does not have valid App Check token attached, with some exceptions * depending on the service; for example, some services will still allow requests bearing the developer's * privileged service account credentials without an App Check token. App Check metrics continue to be * collected to help you detect issues with your App Check integration and monitor the composition of your * callers. While the service is protected by App Check, other applicable protections, such as user * authorization, continue to be enforced at the same time. * Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated * to an App Check capable version of your app, their apps will no longer be able to use your Firebase * services that are enforcing App Check. App Check metrics can help you decide whether to enforce App * Check on your Firebase services. * If your app has not launched yet, you should enable enforcement immediately, since there are no outdated * clients in use. * Possible values are: `UNENFORCED`, `ENFORCED`. */ enforcementMode?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The identifier of the service to configure a Resource Policy for. * Currently, the following service IDs are supported: * * `oauth2.googleapis.com` (Google Identity for iOS) */ serviceId: pulumi.Input; /** * Service specific name of the resource object to which this policy applies, in the format: * * iOS OAuth clients (Google Identity for iOS): * `//oauth2.googleapis.com/projects/{project_number}/oauthClients/{oauthClientId}` */ targetResource: pulumi.Input; } //# sourceMappingURL=appCheckResourcePolicy.d.ts.map