Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.compute.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.compute.FirewallArgs.builder
import com.pulumi.gcp.compute.kotlin.inputs.FirewallAllowArgs
import com.pulumi.gcp.compute.kotlin.inputs.FirewallAllowArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.FirewallDenyArgs
import com.pulumi.gcp.compute.kotlin.inputs.FirewallDenyArgsBuilder
import com.pulumi.gcp.compute.kotlin.inputs.FirewallLogConfigArgs
import com.pulumi.gcp.compute.kotlin.inputs.FirewallLogConfigArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Deprecated
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* Each network has its own firewall controlling access to and from the
* instances.
* All traffic to instances, even from other instances, is blocked by the
* firewall unless firewall rules are created to allow it.
* The default network has automatically created firewall rules that are
* shown in default firewall rules. No manually created network has
* automatically created firewall rules except for a default "allow" rule for
* outgoing traffic and a default "deny" for incoming traffic. For all
* networks except the default network, you must create any firewall rules
* you need.
* To get more information about Firewall, see:
* * [API documentation](https://cloud.google.com/compute/docs/reference/v1/firewalls)
* * How-to Guides
* * [Official Documentation](https://cloud.google.com/vpc/docs/firewalls)
* ## Example Usage
* ### Firewall Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const defaultNetwork = new gcp.compute.Network("default", {name: "test-network"});
* const _default = new gcp.compute.Firewall("default", {
* name: "test-firewall",
* network: defaultNetwork.name,
* allows: [
* {
* protocol: "icmp",
* },
* {
* protocol: "tcp",
* ports: [
* "80",
* "8080",
* "1000-2000",
* ],
* },
* ],
* sourceTags: ["web"],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default_network = gcp.compute.Network("default", name="test-network")
* default = gcp.compute.Firewall("default",
* name="test-firewall",
* network=default_network.name,
* allows=[
* gcp.compute.FirewallAllowArgs(
* protocol="icmp",
* ),
* gcp.compute.FirewallAllowArgs(
* protocol="tcp",
* ports=[
* "80",
* "8080",
* "1000-2000",
* ],
* ),
* ],
* source_tags=["web"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var defaultNetwork = new Gcp.Compute.Network("default", new()
* {
* Name = "test-network",
* });
* var @default = new Gcp.Compute.Firewall("default", new()
* {
* Name = "test-firewall",
* Network = defaultNetwork.Name,
* Allows = new[]
* {
* new Gcp.Compute.Inputs.FirewallAllowArgs
* {
* Protocol = "icmp",
* },
* new Gcp.Compute.Inputs.FirewallAllowArgs
* {
* Protocol = "tcp",
* Ports = new[]
* {
* "80",
* "8080",
* "1000-2000",
* },
* },
* },
* SourceTags = new[]
* {
* "web",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
* Name: pulumi.String("test-network"),
* })
* if err != nil {
* return err
* }
* _, err = compute.NewFirewall(ctx, "default", &compute.FirewallArgs{
* Name: pulumi.String("test-firewall"),
* Network: defaultNetwork.Name,
* Allows: compute.FirewallAllowArray{
* &compute.FirewallAllowArgs{
* Protocol: pulumi.String("icmp"),
* },
* &compute.FirewallAllowArgs{
* Protocol: pulumi.String("tcp"),
* Ports: pulumi.StringArray{
* pulumi.String("80"),
* pulumi.String("8080"),
* pulumi.String("1000-2000"),
* },
* },
* },
* SourceTags: pulumi.StringArray{
* pulumi.String("web"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.Network;
* import com.pulumi.gcp.compute.NetworkArgs;
* import com.pulumi.gcp.compute.Firewall;
* import com.pulumi.gcp.compute.FirewallArgs;
* import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
* .name("test-network")
* .build());
* var default_ = new Firewall("default", FirewallArgs.builder()
* .name("test-firewall")
* .network(defaultNetwork.name())
* .allows(
* FirewallAllowArgs.builder()
* .protocol("icmp")
* .build(),
* FirewallAllowArgs.builder()
* .protocol("tcp")
* .ports(
* "80",
* "8080",
* "1000-2000")
* .build())
* .sourceTags("web")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:compute:Firewall
* properties:
* name: test-firewall
* network: ${defaultNetwork.name}
* allows:
* - protocol: icmp
* - protocol: tcp
* ports:
* - '80'
* - '8080'
* - 1000-2000
* sourceTags:
* - web
* defaultNetwork:
* type: gcp:compute:Network
* name: default
* properties:
* name: test-network
* ```
*
* ### Firewall With Target Tags
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const rules = new gcp.compute.Firewall("rules", {
* project: "my-project-name",
* name: "my-firewall-rule",
* network: "default",
* description: "Creates firewall rule targeting tagged instances",
* allows: [{
* protocol: "tcp",
* ports: [
* "80",
* "8080",
* "1000-2000",
* ],
* }],
* sourceTags: ["foo"],
* targetTags: ["web"],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* rules = gcp.compute.Firewall("rules",
* project="my-project-name",
* name="my-firewall-rule",
* network="default",
* description="Creates firewall rule targeting tagged instances",
* allows=[gcp.compute.FirewallAllowArgs(
* protocol="tcp",
* ports=[
* "80",
* "8080",
* "1000-2000",
* ],
* )],
* source_tags=["foo"],
* target_tags=["web"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var rules = new Gcp.Compute.Firewall("rules", new()
* {
* Project = "my-project-name",
* Name = "my-firewall-rule",
* Network = "default",
* Description = "Creates firewall rule targeting tagged instances",
* Allows = new[]
* {
* new Gcp.Compute.Inputs.FirewallAllowArgs
* {
* Protocol = "tcp",
* Ports = new[]
* {
* "80",
* "8080",
* "1000-2000",
* },
* },
* },
* SourceTags = new[]
* {
* "foo",
* },
* TargetTags = new[]
* {
* "web",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := compute.NewFirewall(ctx, "rules", &compute.FirewallArgs{
* Project: pulumi.String("my-project-name"),
* Name: pulumi.String("my-firewall-rule"),
* Network: pulumi.String("default"),
* Description: pulumi.String("Creates firewall rule targeting tagged instances"),
* Allows: compute.FirewallAllowArray{
* &compute.FirewallAllowArgs{
* Protocol: pulumi.String("tcp"),
* Ports: pulumi.StringArray{
* pulumi.String("80"),
* pulumi.String("8080"),
* pulumi.String("1000-2000"),
* },
* },
* },
* SourceTags: pulumi.StringArray{
* pulumi.String("foo"),
* },
* TargetTags: pulumi.StringArray{
* pulumi.String("web"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.Firewall;
* import com.pulumi.gcp.compute.FirewallArgs;
* import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var rules = new Firewall("rules", FirewallArgs.builder()
* .project("my-project-name")
* .name("my-firewall-rule")
* .network("default")
* .description("Creates firewall rule targeting tagged instances")
* .allows(FirewallAllowArgs.builder()
* .protocol("tcp")
* .ports(
* "80",
* "8080",
* "1000-2000")
* .build())
* .sourceTags("foo")
* .targetTags("web")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* rules:
* type: gcp:compute:Firewall
* properties:
* project: my-project-name
* name: my-firewall-rule
* network: default
* description: Creates firewall rule targeting tagged instances
* allows:
* - protocol: tcp
* ports:
* - '80'
* - '8080'
* - 1000-2000
* sourceTags:
* - foo
* targetTags:
* - web
* ```
*
* ## Import
* Firewall can be imported using any of these accepted formats:
* * `projects/{{project}}/global/firewalls/{{name}}`
* * `{{project}}/{{name}}`
* * `{{name}}`
* When using the `pulumi import` command, Firewall can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:compute/firewall:Firewall default projects/{{project}}/global/firewalls/{{name}}
* ```
* ```sh
* $ pulumi import gcp:compute/firewall:Firewall default {{project}}/{{name}}
* ```
* ```sh
* $ pulumi import gcp:compute/firewall:Firewall default {{name}}
* ```
* @property allows The list of ALLOW rules specified by this firewall. Each rule
* specifies a protocol and port-range tuple that describes a permitted
* connection.
* Structure is documented below.
* @property denies The list of DENY rules specified by this firewall. Each rule specifies
* a protocol and port-range tuple that describes a denied connection.
* Structure is documented below.
* @property description An optional description of this resource. Provide this property when
* you create the resource.
* @property destinationRanges If destination ranges are specified, the firewall will apply only to
* traffic that has destination IP address in these ranges. These ranges
* must be expressed in CIDR format. IPv4 or IPv6 ranges are supported.
* @property direction Direction of traffic to which this firewall applies; default is
* INGRESS. Note: For INGRESS traffic, one of `source_ranges`,
* `source_tags` or `source_service_accounts` is required.
* Possible values are: `INGRESS`, `EGRESS`.
* @property disabled Denotes whether the firewall rule is disabled, i.e not applied to the
* network it is associated with. When set to true, the firewall rule is
* not enforced and the network behaves as if it did not exist. If this
* is unspecified, the firewall rule will be enabled.
* @property enableLogging This field denotes whether to enable logging for a particular firewall rule.
* If logging is enabled, logs will be exported to Stackdriver. Deprecated in favor of `log_config`
* @property logConfig This field denotes the logging options for a particular firewall rule.
* If defined, logging is enabled, and logs will be exported to Cloud Logging.
* Structure is documented below.
* @property name Name of the resource. Provided by the client when the resource is
* created. The name must be 1-63 characters long, and comply with
* RFC1035. Specifically, the name must be 1-63 characters long and match
* the regular expression `a-z?` which means the
* first character must be a lowercase letter, and all following
* characters must be a dash, lowercase letter, or digit, except the last
* character, which cannot be a dash.
* @property network The name or self_link of the network to attach this firewall to.
* - - -
* @property priority Priority for this rule. This is an integer between 0 and 65535, both
* inclusive. When not specified, the value assumed is 1000. Relative
* priorities determine precedence of conflicting rules. Lower value of
* priority implies higher precedence (eg, a rule with priority 0 has
* higher precedence than a rule with priority 1). DENY rules take
* precedence over ALLOW rules having equal priority.
* @property project The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
* @property sourceRanges If source ranges are specified, the firewall will apply only to
* traffic that has source IP address in these ranges. These ranges must
* be expressed in CIDR format. One or both of sourceRanges and
* sourceTags may be set. If both properties are set, the firewall will
* apply to traffic that has source IP address within sourceRanges OR the
* source IP that belongs to a tag listed in the sourceTags property. The
* connection does not need to match both properties for the firewall to
* apply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of
* `source_ranges`, `source_tags` or `source_service_accounts` is required.
* @property sourceServiceAccounts If source service accounts are specified, the firewall will apply only
* to traffic originating from an instance with a service account in this
* list. Source service accounts cannot be used to control traffic to an
* instance's external IP address because service accounts are associated
* with an instance, not an IP address. sourceRanges can be set at the
* same time as sourceServiceAccounts. If both are set, the firewall will
* apply to traffic that has source IP address within sourceRanges OR the
* source IP belongs to an instance with service account listed in
* sourceServiceAccount. The connection does not need to match both
* properties for the firewall to apply. sourceServiceAccounts cannot be
* used at the same time as sourceTags or targetTags. For INGRESS traffic,
* one of `source_ranges`, `source_tags` or `source_service_accounts` is required.
* @property sourceTags If source tags are specified, the firewall will apply only to traffic
* with source IP that belongs to a tag listed in source tags. Source
* tags cannot be used to control traffic to an instance's external IP
* address. Because tags are associated with an instance, not an IP
* address. One or both of sourceRanges and sourceTags may be set. If
* both properties are set, the firewall will apply to traffic that has
* source IP address within sourceRanges OR the source IP that belongs to
* a tag listed in the sourceTags property. The connection does not need
* to match both properties for the firewall to apply. For INGRESS traffic,
* one of `source_ranges`, `source_tags` or `source_service_accounts` is required.
* @property targetServiceAccounts A list of service accounts indicating sets of instances located in the
* network that may make network connections as specified in allowed[].
* targetServiceAccounts cannot be used at the same time as targetTags or
* sourceTags. If neither targetServiceAccounts nor targetTags are
* specified, the firewall rule applies to all instances on the specified
* network.
* @property targetTags A list of instance tags indicating sets of instances located in the
* network that may make network connections as specified in allowed[].
* If no targetTags are specified, the firewall rule applies to all
* instances on the specified network.
*/
public data class FirewallArgs(
public val allows: Output>? = null,
public val denies: Output>? = null,
public val description: Output? = null,
public val destinationRanges: Output>? = null,
public val direction: Output? = null,
public val disabled: Output? = null,
@Deprecated(
message = """
Deprecated in favor of log_config
""",
)
public val enableLogging: Output? = null,
public val logConfig: Output? = null,
public val name: Output? = null,
public val network: Output? = null,
public val priority: Output? = null,
public val project: Output? = null,
public val sourceRanges: Output>? = null,
public val sourceServiceAccounts: Output>? = null,
public val sourceTags: Output>? = null,
public val targetServiceAccounts: Output>? = null,
public val targetTags: Output>? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.compute.FirewallArgs =
com.pulumi.gcp.compute.FirewallArgs.builder()
.allows(allows?.applyValue({ args0 -> args0.map({ args0 -> args0.let({ args0 -> args0.toJava() }) }) }))
.denies(denies?.applyValue({ args0 -> args0.map({ args0 -> args0.let({ args0 -> args0.toJava() }) }) }))
.description(description?.applyValue({ args0 -> args0 }))
.destinationRanges(destinationRanges?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.direction(direction?.applyValue({ args0 -> args0 }))
.disabled(disabled?.applyValue({ args0 -> args0 }))
.enableLogging(enableLogging?.applyValue({ args0 -> args0 }))
.logConfig(logConfig?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.name(name?.applyValue({ args0 -> args0 }))
.network(network?.applyValue({ args0 -> args0 }))
.priority(priority?.applyValue({ args0 -> args0 }))
.project(project?.applyValue({ args0 -> args0 }))
.sourceRanges(sourceRanges?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.sourceServiceAccounts(sourceServiceAccounts?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.sourceTags(sourceTags?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.targetServiceAccounts(targetServiceAccounts?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.targetTags(targetTags?.applyValue({ args0 -> args0.map({ args0 -> args0 }) })).build()
}
/**
* Builder for [FirewallArgs].
*/
@PulumiTagMarker
public class FirewallArgsBuilder internal constructor() {
private var allows: Output>? = null
private var denies: Output>? = null
private var description: Output? = null
private var destinationRanges: Output>? = null
private var direction: Output? = null
private var disabled: Output? = null
private var enableLogging: Output? = null
private var logConfig: Output? = null
private var name: Output? = null
private var network: Output? = null
private var priority: Output? = null
private var project: Output? = null
private var sourceRanges: Output>? = null
private var sourceServiceAccounts: Output>? = null
private var sourceTags: Output>? = null
private var targetServiceAccounts: Output>? = null
private var targetTags: Output>? = null
/**
* @param value The list of ALLOW rules specified by this firewall. Each rule
* specifies a protocol and port-range tuple that describes a permitted
* connection.
* Structure is documented below.
*/
@JvmName("bmbnbuidkdujajkq")
public suspend fun allows(`value`: Output>) {
this.allows = value
}
@JvmName("jfckgbsevocajylj")
public suspend fun allows(vararg values: Output) {
this.allows = Output.all(values.asList())
}
/**
* @param values The list of ALLOW rules specified by this firewall. Each rule
* specifies a protocol and port-range tuple that describes a permitted
* connection.
* Structure is documented below.
*/
@JvmName("xediucneqtfxqmhv")
public suspend fun allows(values: List