All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.compute.kotlin.FirewallPolicyRule.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.compute.kotlin

import com.pulumi.core.Output
import com.pulumi.gcp.compute.kotlin.outputs.FirewallPolicyRuleMatch
import com.pulumi.gcp.compute.kotlin.outputs.FirewallPolicyRuleMatch.Companion.toKotlin
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List

/**
 * Builder for [FirewallPolicyRule].
 */
@PulumiTagMarker
public class FirewallPolicyRuleResourceBuilder internal constructor() {
    public var name: String? = null

    public var args: FirewallPolicyRuleArgs = FirewallPolicyRuleArgs()

    public var opts: CustomResourceOptions = CustomResourceOptions()

    /**
     * @param name The _unique_ name of the resulting resource.
     */
    public fun name(`value`: String) {
        this.name = value
    }

    /**
     * @param block The arguments to use to populate this resource's properties.
     */
    public suspend fun args(block: suspend FirewallPolicyRuleArgsBuilder.() -> Unit) {
        val builder = FirewallPolicyRuleArgsBuilder()
        block(builder)
        this.args = builder.build()
    }

    /**
     * @param block A bag of options that control this resource's behavior.
     */
    public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
        this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
    }

    internal fun build(): FirewallPolicyRule {
        val builtJavaResource = com.pulumi.gcp.compute.FirewallPolicyRule(
            this.name,
            this.args.toJava(),
            this.opts.toJava(),
        )
        return FirewallPolicyRule(builtJavaResource)
    }
}

/**
 * The Compute FirewallPolicyRule resource
 * ## Example Usage
 * ### Basic_fir_sec_rule
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const basicGlobalNetworksecurityAddressGroup = new gcp.networksecurity.AddressGroup("basic_global_networksecurity_address_group", {
 *     name: "policy",
 *     parent: "organizations/123456789",
 *     description: "Sample global networksecurity_address_group",
 *     location: "global",
 *     items: ["208.80.154.224/32"],
 *     type: "IPV4",
 *     capacity: 100,
 * });
 * const folder = new gcp.organizations.Folder("folder", {
 *     displayName: "policy",
 *     parent: "organizations/123456789",
 * });
 * const _default = new gcp.compute.FirewallPolicy("default", {
 *     parent: folder.id,
 *     shortName: "policy",
 *     description: "Resource created for Terraform acceptance testing",
 * });
 * const primary = new gcp.compute.FirewallPolicyRule("primary", {
 *     firewallPolicy: _default.name,
 *     description: "Resource created for Terraform acceptance testing",
 *     priority: 9000,
 *     enableLogging: true,
 *     action: "allow",
 *     direction: "EGRESS",
 *     disabled: false,
 *     match: {
 *         layer4Configs: [
 *             {
 *                 ipProtocol: "tcp",
 *                 ports: ["8080"],
 *             },
 *             {
 *                 ipProtocol: "udp",
 *                 ports: ["22"],
 *             },
 *         ],
 *         destIpRanges: ["11.100.0.1/32"],
 *         destFqdns: [],
 *         destRegionCodes: ["US"],
 *         destThreatIntelligences: ["iplist-known-malicious-ips"],
 *         srcAddressGroups: [],
 *         destAddressGroups: [basicGlobalNetworksecurityAddressGroup.id],
 *     },
 *     targetServiceAccounts: ["my@service-account.com"],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * basic_global_networksecurity_address_group = gcp.networksecurity.AddressGroup("basic_global_networksecurity_address_group",
 *     name="policy",
 *     parent="organizations/123456789",
 *     description="Sample global networksecurity_address_group",
 *     location="global",
 *     items=["208.80.154.224/32"],
 *     type="IPV4",
 *     capacity=100)
 * folder = gcp.organizations.Folder("folder",
 *     display_name="policy",
 *     parent="organizations/123456789")
 * default = gcp.compute.FirewallPolicy("default",
 *     parent=folder.id,
 *     short_name="policy",
 *     description="Resource created for Terraform acceptance testing")
 * primary = gcp.compute.FirewallPolicyRule("primary",
 *     firewall_policy=default.name,
 *     description="Resource created for Terraform acceptance testing",
 *     priority=9000,
 *     enable_logging=True,
 *     action="allow",
 *     direction="EGRESS",
 *     disabled=False,
 *     match=gcp.compute.FirewallPolicyRuleMatchArgs(
 *         layer4_configs=[
 *             gcp.compute.FirewallPolicyRuleMatchLayer4ConfigArgs(
 *                 ip_protocol="tcp",
 *                 ports=["8080"],
 *             ),
 *             gcp.compute.FirewallPolicyRuleMatchLayer4ConfigArgs(
 *                 ip_protocol="udp",
 *                 ports=["22"],
 *             ),
 *         ],
 *         dest_ip_ranges=["11.100.0.1/32"],
 *         dest_fqdns=[],
 *         dest_region_codes=["US"],
 *         dest_threat_intelligences=["iplist-known-malicious-ips"],
 *         src_address_groups=[],
 *         dest_address_groups=[basic_global_networksecurity_address_group.id],
 *     ),
 *     target_service_accounts=["my@service-account.com"])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var basicGlobalNetworksecurityAddressGroup = new Gcp.NetworkSecurity.AddressGroup("basic_global_networksecurity_address_group", new()
 *     {
 *         Name = "policy",
 *         Parent = "organizations/123456789",
 *         Description = "Sample global networksecurity_address_group",
 *         Location = "global",
 *         Items = new[]
 *         {
 *             "208.80.154.224/32",
 *         },
 *         Type = "IPV4",
 *         Capacity = 100,
 *     });
 *     var folder = new Gcp.Organizations.Folder("folder", new()
 *     {
 *         DisplayName = "policy",
 *         Parent = "organizations/123456789",
 *     });
 *     var @default = new Gcp.Compute.FirewallPolicy("default", new()
 *     {
 *         Parent = folder.Id,
 *         ShortName = "policy",
 *         Description = "Resource created for Terraform acceptance testing",
 *     });
 *     var primary = new Gcp.Compute.FirewallPolicyRule("primary", new()
 *     {
 *         FirewallPolicy = @default.Name,
 *         Description = "Resource created for Terraform acceptance testing",
 *         Priority = 9000,
 *         EnableLogging = true,
 *         Action = "allow",
 *         Direction = "EGRESS",
 *         Disabled = false,
 *         Match = new Gcp.Compute.Inputs.FirewallPolicyRuleMatchArgs
 *         {
 *             Layer4Configs = new[]
 *             {
 *                 new Gcp.Compute.Inputs.FirewallPolicyRuleMatchLayer4ConfigArgs
 *                 {
 *                     IpProtocol = "tcp",
 *                     Ports = new[]
 *                     {
 *                         "8080",
 *                     },
 *                 },
 *                 new Gcp.Compute.Inputs.FirewallPolicyRuleMatchLayer4ConfigArgs
 *                 {
 *                     IpProtocol = "udp",
 *                     Ports = new[]
 *                     {
 *                         "22",
 *                     },
 *                 },
 *             },
 *             DestIpRanges = new[]
 *             {
 *                 "11.100.0.1/32",
 *             },
 *             DestFqdns = new() { },
 *             DestRegionCodes = new[]
 *             {
 *                 "US",
 *             },
 *             DestThreatIntelligences = new[]
 *             {
 *                 "iplist-known-malicious-ips",
 *             },
 *             SrcAddressGroups = new() { },
 *             DestAddressGroups = new[]
 *             {
 *                 basicGlobalNetworksecurityAddressGroup.Id,
 *             },
 *         },
 *         TargetServiceAccounts = new[]
 *         {
 *             "[email protected]",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networksecurity"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		basicGlobalNetworksecurityAddressGroup, err := networksecurity.NewAddressGroup(ctx, "basic_global_networksecurity_address_group", &networksecurity.AddressGroupArgs{
 * 			Name:        pulumi.String("policy"),
 * 			Parent:      pulumi.String("organizations/123456789"),
 * 			Description: pulumi.String("Sample global networksecurity_address_group"),
 * 			Location:    pulumi.String("global"),
 * 			Items: pulumi.StringArray{
 * 				pulumi.String("208.80.154.224/32"),
 * 			},
 * 			Type:     pulumi.String("IPV4"),
 * 			Capacity: pulumi.Int(100),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		folder, err := organizations.NewFolder(ctx, "folder", &organizations.FolderArgs{
 * 			DisplayName: pulumi.String("policy"),
 * 			Parent:      pulumi.String("organizations/123456789"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = compute.NewFirewallPolicy(ctx, "default", &compute.FirewallPolicyArgs{
 * 			Parent:      folder.ID(),
 * 			ShortName:   pulumi.String("policy"),
 * 			Description: pulumi.String("Resource created for Terraform acceptance testing"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = compute.NewFirewallPolicyRule(ctx, "primary", &compute.FirewallPolicyRuleArgs{
 * 			FirewallPolicy: _default.Name,
 * 			Description:    pulumi.String("Resource created for Terraform acceptance testing"),
 * 			Priority:       pulumi.Int(9000),
 * 			EnableLogging:  pulumi.Bool(true),
 * 			Action:         pulumi.String("allow"),
 * 			Direction:      pulumi.String("EGRESS"),
 * 			Disabled:       pulumi.Bool(false),
 * 			Match: &compute.FirewallPolicyRuleMatchArgs{
 * 				Layer4Configs: compute.FirewallPolicyRuleMatchLayer4ConfigArray{
 * 					&compute.FirewallPolicyRuleMatchLayer4ConfigArgs{
 * 						IpProtocol: pulumi.String("tcp"),
 * 						Ports: pulumi.StringArray{
 * 							pulumi.String("8080"),
 * 						},
 * 					},
 * 					&compute.FirewallPolicyRuleMatchLayer4ConfigArgs{
 * 						IpProtocol: pulumi.String("udp"),
 * 						Ports: pulumi.StringArray{
 * 							pulumi.String("22"),
 * 						},
 * 					},
 * 				},
 * 				DestIpRanges: pulumi.StringArray{
 * 					pulumi.String("11.100.0.1/32"),
 * 				},
 * 				DestFqdns: pulumi.StringArray{},
 * 				DestRegionCodes: pulumi.StringArray{
 * 					pulumi.String("US"),
 * 				},
 * 				DestThreatIntelligences: pulumi.StringArray{
 * 					pulumi.String("iplist-known-malicious-ips"),
 * 				},
 * 				SrcAddressGroups: pulumi.StringArray{},
 * 				DestAddressGroups: pulumi.StringArray{
 * 					basicGlobalNetworksecurityAddressGroup.ID(),
 * 				},
 * 			},
 * 			TargetServiceAccounts: pulumi.StringArray{
 * 				pulumi.String("[email protected]"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.networksecurity.AddressGroup;
 * import com.pulumi.gcp.networksecurity.AddressGroupArgs;
 * import com.pulumi.gcp.organizations.Folder;
 * import com.pulumi.gcp.organizations.FolderArgs;
 * import com.pulumi.gcp.compute.FirewallPolicy;
 * import com.pulumi.gcp.compute.FirewallPolicyArgs;
 * import com.pulumi.gcp.compute.FirewallPolicyRule;
 * import com.pulumi.gcp.compute.FirewallPolicyRuleArgs;
 * import com.pulumi.gcp.compute.inputs.FirewallPolicyRuleMatchArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var basicGlobalNetworksecurityAddressGroup = new AddressGroup("basicGlobalNetworksecurityAddressGroup", AddressGroupArgs.builder()
 *             .name("policy")
 *             .parent("organizations/123456789")
 *             .description("Sample global networksecurity_address_group")
 *             .location("global")
 *             .items("208.80.154.224/32")
 *             .type("IPV4")
 *             .capacity(100)
 *             .build());
 *         var folder = new Folder("folder", FolderArgs.builder()
 *             .displayName("policy")
 *             .parent("organizations/123456789")
 *             .build());
 *         var default_ = new FirewallPolicy("default", FirewallPolicyArgs.builder()
 *             .parent(folder.id())
 *             .shortName("policy")
 *             .description("Resource created for Terraform acceptance testing")
 *             .build());
 *         var primary = new FirewallPolicyRule("primary", FirewallPolicyRuleArgs.builder()
 *             .firewallPolicy(default_.name())
 *             .description("Resource created for Terraform acceptance testing")
 *             .priority(9000)
 *             .enableLogging(true)
 *             .action("allow")
 *             .direction("EGRESS")
 *             .disabled(false)
 *             .match(FirewallPolicyRuleMatchArgs.builder()
 *                 .layer4Configs(
 *                     FirewallPolicyRuleMatchLayer4ConfigArgs.builder()
 *                         .ipProtocol("tcp")
 *                         .ports(8080)
 *                         .build(),
 *                     FirewallPolicyRuleMatchLayer4ConfigArgs.builder()
 *                         .ipProtocol("udp")
 *                         .ports(22)
 *                         .build())
 *                 .destIpRanges("11.100.0.1/32")
 *                 .destFqdns()
 *                 .destRegionCodes("US")
 *                 .destThreatIntelligences("iplist-known-malicious-ips")
 *                 .srcAddressGroups()
 *                 .destAddressGroups(basicGlobalNetworksecurityAddressGroup.id())
 *                 .build())
 *             .targetServiceAccounts("[email protected]")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   basicGlobalNetworksecurityAddressGroup:
 *     type: gcp:networksecurity:AddressGroup
 *     name: basic_global_networksecurity_address_group
 *     properties:
 *       name: policy
 *       parent: organizations/123456789
 *       description: Sample global networksecurity_address_group
 *       location: global
 *       items:
 *         - 208.80.154.224/32
 *       type: IPV4
 *       capacity: 100
 *   folder:
 *     type: gcp:organizations:Folder
 *     properties:
 *       displayName: policy
 *       parent: organizations/123456789
 *   default:
 *     type: gcp:compute:FirewallPolicy
 *     properties:
 *       parent: ${folder.id}
 *       shortName: policy
 *       description: Resource created for Terraform acceptance testing
 *   primary:
 *     type: gcp:compute:FirewallPolicyRule
 *     properties:
 *       firewallPolicy: ${default.name}
 *       description: Resource created for Terraform acceptance testing
 *       priority: 9000
 *       enableLogging: true
 *       action: allow
 *       direction: EGRESS
 *       disabled: false
 *       match:
 *         layer4Configs:
 *           - ipProtocol: tcp
 *             ports:
 *               - 8080
 *           - ipProtocol: udp
 *             ports:
 *               - 22
 *         destIpRanges:
 *           - 11.100.0.1/32
 *         destFqdns: []
 *         destRegionCodes:
 *           - US
 *         destThreatIntelligences:
 *           - iplist-known-malicious-ips
 *         srcAddressGroups: []
 *         destAddressGroups:
 *           - ${basicGlobalNetworksecurityAddressGroup.id}
 *       targetServiceAccounts:
 *         - [email protected]
 * ```
 * 
 * ## Import
 * FirewallPolicyRule can be imported using any of these accepted formats:
 * * `locations/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}}`
 * * `{{firewall_policy}}/{{priority}}`
 * When using the `pulumi import` command, FirewallPolicyRule can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:compute/firewallPolicyRule:FirewallPolicyRule default locations/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}}
 * ```
 * ```sh
 * $ pulumi import gcp:compute/firewallPolicyRule:FirewallPolicyRule default {{firewall_policy}}/{{priority}}
 * ```
 */
public class FirewallPolicyRule internal constructor(
    override val javaResource: com.pulumi.gcp.compute.FirewallPolicyRule,
) : KotlinCustomResource(javaResource, FirewallPolicyRuleMapper) {
    /**
     * The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
     */
    public val action: Output
        get() = javaResource.action().applyValue({ args0 -> args0 })

    /**
     * An optional description for this resource.
     */
    public val description: Output?
        get() = javaResource.description().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * The direction in which this rule applies. Possible values: INGRESS, EGRESS
     */
    public val direction: Output
        get() = javaResource.direction().applyValue({ args0 -> args0 })

    /**
     * Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and
     * traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
     */
    public val disabled: Output?
        get() = javaResource.disabled().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })

    /**
     * Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured
     * export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on
     * "goto_next" rules.
     */
    public val enableLogging: Output?
        get() = javaResource.enableLogging().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * The firewall policy of the resource.
     */
    public val firewallPolicy: Output
        get() = javaResource.firewallPolicy().applyValue({ args0 -> args0 })

    /**
     * Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules
     */
    public val kind: Output
        get() = javaResource.kind().applyValue({ args0 -> args0 })

    /**
     * A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
     */
    public val match: Output
        get() = javaResource.match().applyValue({ args0 -> args0.let({ args0 -> toKotlin(args0) }) })

    /**
     * An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
     */
    public val priority: Output
        get() = javaResource.priority().applyValue({ args0 -> args0 })

    /**
     * Calculation of the complexity of a single firewall policy rule.
     */
    public val ruleTupleCount: Output
        get() = javaResource.ruleTupleCount().applyValue({ args0 -> args0 })

    /**
     * A fully-qualified URL of a SecurityProfileGroup resource. Example:
     * https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
     * It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
     */
    public val securityProfileGroup: Output?
        get() = javaResource.securityProfileGroup().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get
     * this rule. If this field is left blank, all VMs within the organization will receive the rule.
     */
    public val targetResources: Output>?
        get() = javaResource.targetResources().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.map({ args0 -> args0 })
            }).orElse(null)
        })

    /**
     * A list of service accounts indicating the sets of instances that are applied with this rule.
     */
    public val targetServiceAccounts: Output>?
        get() = javaResource.targetServiceAccounts().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.map({ args0 -> args0 })
            }).orElse(null)
        })

    /**
     * Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
     * 'apply_security_profile_group' and cannot be set for other actions.
     */
    public val tlsInspect: Output?
        get() = javaResource.tlsInspect().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })
}

public object FirewallPolicyRuleMapper : ResourceMapper {
    override fun supportsMappingOfType(javaResource: Resource): Boolean =
        com.pulumi.gcp.compute.FirewallPolicyRule::class == javaResource::class

    override fun map(javaResource: Resource): FirewallPolicyRule = FirewallPolicyRule(
        javaResource as
            com.pulumi.gcp.compute.FirewallPolicyRule,
    )
}

/**
 * @see [FirewallPolicyRule].
 * @param name The _unique_ name of the resulting resource.
 * @param block Builder for [FirewallPolicyRule].
 */
public suspend fun firewallPolicyRule(
    name: String,
    block: suspend FirewallPolicyRuleResourceBuilder.() -> Unit,
): FirewallPolicyRule {
    val builder = FirewallPolicyRuleResourceBuilder()
    builder.name(name)
    block(builder)
    return builder.build()
}

/**
 * @see [FirewallPolicyRule].
 * @param name The _unique_ name of the resulting resource.
 */
public fun firewallPolicyRule(name: String): FirewallPolicyRule {
    val builder = FirewallPolicyRuleResourceBuilder()
    builder.name(name)
    return builder.build()
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy