import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; export interface GetTwingateDNSFilteringProfileAllowedDomains { /** * A set of allowed domains. */ domains?: string[]; } export interface GetTwingateDNSFilteringProfileAllowedDomainsArgs { /** * A set of allowed domains. */ domains?: pulumi.Input[]>; } export interface GetTwingateDNSFilteringProfileContentCategories { /** * Whether to block adult content. */ blockAdultContent?: boolean; /** * Whether to block dating content. */ blockDating?: boolean; /** * Whether to block gambling content. */ blockGambling?: boolean; /** * Whether to block games. */ blockGames?: boolean; /** * Whether to block piracy sites. */ blockPiracy?: boolean; /** * Whether to block social media. */ blockSocialMedia?: boolean; /** * Whether to block streaming content. */ blockStreaming?: boolean; /** * Whether to force safe search. */ enableSafesearch?: boolean; /** * Whether to force YouTube to use restricted mode. */ enableYoutubeRestrictedMode?: boolean; } export interface GetTwingateDNSFilteringProfileContentCategoriesArgs { /** * Whether to block adult content. */ blockAdultContent?: pulumi.Input; /** * Whether to block dating content. */ blockDating?: pulumi.Input; /** * Whether to block gambling content. */ blockGambling?: pulumi.Input; /** * Whether to block games. */ blockGames?: pulumi.Input; /** * Whether to block piracy sites. */ blockPiracy?: pulumi.Input; /** * Whether to block social media. */ blockSocialMedia?: pulumi.Input; /** * Whether to block streaming content. */ blockStreaming?: pulumi.Input; /** * Whether to force safe search. */ enableSafesearch?: pulumi.Input; /** * Whether to force YouTube to use restricted mode. */ enableYoutubeRestrictedMode?: pulumi.Input; } export interface GetTwingateDNSFilteringProfileDeniedDomains { /** * A set of denied domains. */ domains?: string[]; } export interface GetTwingateDNSFilteringProfileDeniedDomainsArgs { /** * A set of denied domains. */ domains?: pulumi.Input[]>; } export interface GetTwingateDNSFilteringProfilePrivacyCategories { /** * Whether to block ads and trackers. */ blockAdsAndTrackers?: boolean; /** * Whether to block affiliate links. */ blockAffiliateLinks?: boolean; /** * Whether to block disguised third party trackers. */ blockDisguisedTrackers?: boolean; } export interface GetTwingateDNSFilteringProfilePrivacyCategoriesArgs { /** * Whether to block ads and trackers. */ blockAdsAndTrackers?: pulumi.Input; /** * Whether to block affiliate links. */ blockAffiliateLinks?: pulumi.Input; /** * Whether to block disguised third party trackers. */ blockDisguisedTrackers?: pulumi.Input; } export interface GetTwingateDNSFilteringProfileSecurityCategories { /** * Whether to block cryptojacking sites. */ blockCryptojacking?: boolean; /** * Blocks public DNS entries from returning private IP addresses. */ blockDnsRebinding?: boolean; /** * Blocks DGA domains. */ blockDomainGenerationAlgorithms?: boolean; /** * Whether to block homoglyph attacks. */ blockIdnHomoglyph?: boolean; /** * Blocks newly registered domains. */ blockNewlyRegisteredDomains?: boolean; /** * Block parked domains. */ blockParkedDomains?: boolean; /** * Blocks typosquatted domains. */ blockTyposquatting?: boolean; /** * Whether to use Google Safe browsing lists to block content. */ enableGoogleSafeBrowsing?: boolean; /** * Whether to filter content using threat intelligence feeds. */ enableThreatIntelligenceFeeds?: boolean; } export interface GetTwingateDNSFilteringProfileSecurityCategoriesArgs { /** * Whether to block cryptojacking sites. */ blockCryptojacking?: pulumi.Input; /** * Blocks public DNS entries from returning private IP addresses. */ blockDnsRebinding?: pulumi.Input; /** * Blocks DGA domains. */ blockDomainGenerationAlgorithms?: pulumi.Input; /** * Whether to block homoglyph attacks. */ blockIdnHomoglyph?: pulumi.Input; /** * Blocks newly registered domains. */ blockNewlyRegisteredDomains?: pulumi.Input; /** * Block parked domains. */ blockParkedDomains?: pulumi.Input; /** * Blocks typosquatted domains. */ blockTyposquatting?: pulumi.Input; /** * Whether to use Google Safe browsing lists to block content. */ enableGoogleSafeBrowsing?: pulumi.Input; /** * Whether to filter content using threat intelligence feeds. */ enableThreatIntelligenceFeeds?: pulumi.Input; } export interface GetTwingateResourceProtocols { /** * Whether to allow ICMP (ping) traffic */ allowIcmp?: boolean; tcp?: inputs.GetTwingateResourceProtocolsTcp; udp?: inputs.GetTwingateResourceProtocolsUdp; } export interface GetTwingateResourceProtocolsArgs { /** * Whether to allow ICMP (ping) traffic */ allowIcmp?: pulumi.Input; tcp?: pulumi.Input; udp?: pulumi.Input; } export interface GetTwingateResourceProtocolsTcp { /** * Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL` */ policy?: string; /** * List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port */ ports?: string[]; } export interface GetTwingateResourceProtocolsTcpArgs { /** * Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL` */ policy?: pulumi.Input; /** * List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port */ ports?: pulumi.Input[]>; } export interface GetTwingateResourceProtocolsUdp { /** * Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL` */ policy?: string; /** * List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port */ ports?: string[]; } export interface GetTwingateResourceProtocolsUdpArgs { /** * Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL` */ policy?: pulumi.Input; /** * List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port */ ports?: pulumi.Input[]>; } export interface ProviderCache { /** * Specifies whether the provider should cache groups. The default value is `true`. */ groupsEnabled?: pulumi.Input; /** * Specifies the filter for the groups to be cached. */ groupsFilter?: pulumi.Input; /** * Specifies whether the provider should cache resources. The default value is `true`. */ resourceEnabled?: pulumi.Input; /** * Specifies the filter for the resources to be cached. */ resourcesFilter?: pulumi.Input; } export interface ProviderCacheGroupsFilter { /** * Returns only Groups matching the specified state. */ isActive?: pulumi.Input; /** * Returns only groups that exactly match this name. If no options are passed it will return all resources. Only one option can be used at a time. */ name?: pulumi.Input; /** * Match when the value exist in the name of the group. */ nameContains?: pulumi.Input; /** * Match when the exact value does not exist in the name of the group. */ nameExclude?: pulumi.Input; /** * The name of the group must start with the value. */ namePrefix?: pulumi.Input; /** * The regular expression match of the name of the group. */ nameRegexp?: pulumi.Input; /** * The name of the group must end with the value. */ nameSuffix?: pulumi.Input; /** * Returns groups that match a list of types. valid types: `MANUAL`, `SYNCED`, `SYSTEM`. */ types?: pulumi.Input[]>; } export interface ProviderCacheResourcesFilter { /** * Returns only resources that exactly match this name. If no options are passed it will return all resources. Only one option can be used at a time. */ name?: pulumi.Input; /** * Match when the value exist in the name of the resource. */ nameContains?: pulumi.Input; /** * Match when the exact value does not exist in the name of the resource. */ nameExclude?: pulumi.Input; /** * The name of the resource must start with the value. */ namePrefix?: pulumi.Input; /** * The regular expression match of the name of the resource. */ nameRegexp?: pulumi.Input; /** * The name of the resource must end with the value. */ nameSuffix?: pulumi.Input; /** * Returns only resources that exactly match the given tags. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } export interface ProviderDefaultTags { /** * A map of key-value pair tags to be set on all resources by default. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } export interface TwingateDNSFilteringProfileAllowedDomains { /** * A set of allowed domains. Defaults to an empty set. */ domains?: pulumi.Input[]>; /** * Whether Terraform should override changes made outside of Terraform. Defaults to true. */ isAuthoritative?: pulumi.Input; } export interface TwingateDNSFilteringProfileContentCategories { /** * Whether to block adult content. Defaults to false. */ blockAdultContent?: pulumi.Input; /** * Whether to block dating content. Defaults to false. */ blockDating?: pulumi.Input; /** * Whether to block gambling content. Defaults to false. */ blockGambling?: pulumi.Input; /** * Whether to block games. Defaults to false. */ blockGames?: pulumi.Input; /** * Whether to block piracy sites. Defaults to false. */ blockPiracy?: pulumi.Input; /** * Whether to block social media. Defaults to false. */ blockSocialMedia?: pulumi.Input; /** * Whether to block streaming content. Defaults to false. */ blockStreaming?: pulumi.Input; /** * Whether to force safe search. Defaults to false. */ enableSafesearch?: pulumi.Input; /** * Whether to force YouTube to use restricted mode. Defaults to false. */ enableYoutubeRestrictedMode?: pulumi.Input; } export interface TwingateDNSFilteringProfileDeniedDomains { /** * A set of denied domains. Defaults to an empty set. */ domains?: pulumi.Input[]>; /** * Whether Terraform should override changes made outside of Terraform. Defaults to true. */ isAuthoritative?: pulumi.Input; } export interface TwingateDNSFilteringProfilePrivacyCategories { /** * Whether to block ads and trackers. Defaults to false. */ blockAdsAndTrackers?: pulumi.Input; /** * Whether to block affiliate links. Defaults to false. */ blockAffiliateLinks?: pulumi.Input; /** * Whether to block disguised third party trackers. Defaults to false. */ blockDisguisedTrackers?: pulumi.Input; } export interface TwingateDNSFilteringProfileSecurityCategories { /** * Whether to block cryptojacking sites. Defaults to true. */ blockCryptojacking?: pulumi.Input; /** * Blocks public DNS entries from returning private IP addresses. Defaults to true. */ blockDnsRebinding?: pulumi.Input; /** * Blocks DGA domains. Defaults to true. */ blockDomainGenerationAlgorithms?: pulumi.Input; /** * Whether to block homoglyph attacks. Defaults to true. */ blockIdnHomoglyph?: pulumi.Input; /** * Blocks newly registered domains. Defaults to true. */ blockNewlyRegisteredDomains?: pulumi.Input; /** * Block parked domains. Defaults to true. */ blockParkedDomains?: pulumi.Input; /** * Blocks typosquatted domains. Defaults to true. */ blockTyposquatting?: pulumi.Input; /** * Whether to use Google Safe browsing lists to block content. Defaults to true. */ enableGoogleSafeBrowsing?: pulumi.Input; /** * Whether to filter content using threat intelligence feeds. Defaults to true. */ enableThreatIntelligenceFeeds?: pulumi.Input; } export interface TwingateGatewayConfigKubernetes { /** * List of Kubernetes resources. Accepts full twingate*kubernetes*resource references. */ resources?: pulumi.Input[]>; } export interface TwingateGatewayConfigKubernetesResource { address: pulumi.Input; inCluster: pulumi.Input; name: pulumi.Input; } export interface TwingateGatewayConfigSsh { /** * SSH CA configuration. Specify either vault.address or private*key*file, not both. */ ca?: pulumi.Input; /** * SSH gateway settings. All fields are optional and fall back to built-in defaults. */ gateway?: pulumi.Input; /** * List of SSH resources. Accepts full twingate*ssh*resource references. */ resources?: pulumi.Input[]>; } export interface TwingateGatewayConfigSshCa { /** * Path to the SSH CA private key file. Can't be used together with vault.address. */ privateKeyFile?: pulumi.Input; /** * Vault SSH CA configuration. */ vault?: pulumi.Input; } export interface TwingateGatewayConfigSshCaVault { /** * Vault server address. Can't be used together with ca.private*key*file. */ address?: pulumi.Input; /** * Vault authentication configuration. */ auth?: pulumi.Input; /** * Path to the Vault CA bundle file. Default: "/etc/ssl/vault-ca.crt". */ caBundleFile?: pulumi.Input; /** * Vault SSH secrets engine mount path. Default: "ssh". */ mount?: pulumi.Input; /** * Vault role for signing certificates. Default: "gateway". */ role?: pulumi.Input; } export interface TwingateGatewayConfigSshCaVaultAuth { /** * GCP authentication for Vault. Can't be used together with token. */ gcp?: pulumi.Input; /** * Vault token used for authentication. Can't be used together with gcp. */ token?: pulumi.Input; } export interface TwingateGatewayConfigSshCaVaultAuthGcp { /** * Vault GCP auth mount path. Default: "gcp". */ mount?: pulumi.Input; /** * GCP IAM role for Vault GCP authentication. */ role?: pulumi.Input; /** * Service account email. Required when type is "iam". */ serviceAccountEmail?: pulumi.Input; /** * GCP authentication type for Vault (e.g. "iam" or "gce"). When set to "iam", service*account*email is required. */ type?: pulumi.Input; } export interface TwingateGatewayConfigSshGateway { /** * Host certificate TTL. Default: "24h". */ hostCertTtl?: pulumi.Input; /** * SSH key type. Default: "ed25519". */ keyType?: pulumi.Input; /** * User certificate TTL. Default: "5m". */ userCertTtl?: pulumi.Input; /** * SSH gateway username. Default: "gateway". */ username?: pulumi.Input; } export interface TwingateGatewayConfigSshResource { address: pulumi.Input; name: pulumi.Input; username: pulumi.Input; } export interface TwingateGatewayConfigTls { /** * Path to the TLS certificate file. Default: "/etc/gateway/tls.crt". */ certificateFile?: pulumi.Input; /** * Path to the TLS private key file. Default: "/etc/gateway/tls.key". */ privateKeyFile?: pulumi.Input; } export interface TwingateKubernetesResourceAccessGroup { /** * Restrict access according to JIT access policy */ accessPolicies?: pulumi.Input[]>; /** * Group ID that will have permission to access the Resource. */ groupId?: pulumi.Input; /** * The ID of a `twingate.getTwingateSecurityPolicy` to use as the access policy for the group IDs in the access block. Default is 'Null' which points to `Default Policy` on Admin console. */ securityPolicyId?: pulumi.Input; } export interface TwingateKubernetesResourceAccessGroupAccessPolicy { /** * This will set the approval model for the policy. The valid values are `AUTOMATIC` and `MANUAL`. */ approvalMode?: pulumi.Input; /** * This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include `1h` and `2d`. */ duration?: pulumi.Input; /** * This will set the accessPolicy mode for the policy. The valid values are `MANUAL`, `AUTO_LOCK` and `ACCESS_REQUEST`. */ mode?: pulumi.Input; } export interface TwingateKubernetesResourceAccessPolicy { /** * This will set the approval model for the policy. The valid values are `AUTOMATIC` and `MANUAL`. */ approvalMode?: pulumi.Input; /** * This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include `1h` and `2d`. */ duration?: pulumi.Input; /** * This will set the accessPolicy mode for the policy. The valid values are `MANUAL`, `AUTO_LOCK` and `ACCESS_REQUEST`. */ mode?: pulumi.Input; } export interface TwingateKubernetesResourceProtocols { /** * Whether to allow ICMP (ping) traffic */ allowIcmp?: pulumi.Input; tcp?: pulumi.Input; udp?: pulumi.Input; } export interface TwingateKubernetesResourceProtocolsTcp { /** * Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL` */ policy?: pulumi.Input; /** * List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port */ ports?: pulumi.Input[]>; } export interface TwingateKubernetesResourceProtocolsUdp { /** * Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL` */ policy?: pulumi.Input; /** * List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port */ ports?: pulumi.Input[]>; } export interface TwingateResourceAccessGroup { /** * Restrict access according to JIT access policy */ accessPolicies?: pulumi.Input[]>; /** * Group ID that will have permission to access the Resource. */ groupId?: pulumi.Input; /** * The ID of a `twingate.getTwingateSecurityPolicy` to use as the access policy for the group IDs in the access block. Default is 'Null' which points to `Default Policy` on Admin console. */ securityPolicyId?: pulumi.Input; } export interface TwingateResourceAccessGroupAccessPolicy { /** * This will set the approval model for the policy. The valid values are `AUTOMATIC` and `MANUAL`. */ approvalMode?: pulumi.Input; /** * This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include `1h` and `2d`. */ duration?: pulumi.Input; /** * This will set the accessPolicy mode for the policy. The valid values are `MANUAL`, `AUTO_LOCK` and `ACCESS_REQUEST`. */ mode?: pulumi.Input; } export interface TwingateResourceAccessPolicy { /** * This will set the approval model for the policy. The valid values are `AUTOMATIC` and `MANUAL`. */ approvalMode?: pulumi.Input; /** * This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include `1h` and `2d`. */ duration?: pulumi.Input; /** * This will set the accessPolicy mode for the policy. The valid values are `MANUAL`, `AUTO_LOCK` and `ACCESS_REQUEST`. */ mode?: pulumi.Input; } export interface TwingateResourceAccessService { /** * The ID of the service account that should have access to this Resource. */ serviceAccountId?: pulumi.Input; } export interface TwingateResourceProtocols { /** * Whether to allow ICMP (ping) traffic */ allowIcmp?: pulumi.Input; tcp?: pulumi.Input; udp?: pulumi.Input; } export interface TwingateResourceProtocolsTcp { /** * Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL` */ policy?: pulumi.Input; /** * List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port */ ports?: pulumi.Input[]>; } export interface TwingateResourceProtocolsUdp { /** * Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL` */ policy?: pulumi.Input; /** * List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port */ ports?: pulumi.Input[]>; } export interface TwingateSSHResourceAccessGroup { /** * Restrict access according to JIT access policy */ accessPolicies?: pulumi.Input[]>; /** * Group ID that will have permission to access the Resource. */ groupId?: pulumi.Input; /** * The ID of a `twingate.getTwingateSecurityPolicy` to use as the access policy for the group IDs in the access block. Default is 'Null' which points to `Default Policy` on Admin console. */ securityPolicyId?: pulumi.Input; } export interface TwingateSSHResourceAccessGroupAccessPolicy { /** * This will set the approval model for the policy. The valid values are `AUTOMATIC` and `MANUAL`. */ approvalMode?: pulumi.Input; /** * This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include `1h` and `2d`. */ duration?: pulumi.Input; /** * This will set the accessPolicy mode for the policy. The valid values are `MANUAL`, `AUTO_LOCK` and `ACCESS_REQUEST`. */ mode?: pulumi.Input; } export interface TwingateSSHResourceAccessPolicy { /** * This will set the approval model for the policy. The valid values are `AUTOMATIC` and `MANUAL`. */ approvalMode?: pulumi.Input; /** * This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include `1h` and `2d`. */ duration?: pulumi.Input; /** * This will set the accessPolicy mode for the policy. The valid values are `MANUAL`, `AUTO_LOCK` and `ACCESS_REQUEST`. */ mode?: pulumi.Input; } export interface TwingateSSHResourceProtocols { /** * Whether to allow ICMP (ping) traffic */ allowIcmp?: pulumi.Input; tcp?: pulumi.Input; udp?: pulumi.Input; } export interface TwingateSSHResourceProtocolsTcp { /** * Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL` */ policy?: pulumi.Input; /** * List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port */ ports?: pulumi.Input[]>; } export interface TwingateSSHResourceProtocolsUdp { /** * Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be `RESTRICTED` (only listed ports are allowed), `ALLOW_ALL`, or `DENY_ALL` */ policy?: pulumi.Input; /** * List of port ranges between 1 and 65535 inclusive, in the format `100-200` for a range, or `8080` for a single port */ ports?: pulumi.Input[]>; } export declare namespace config { }