com.pulumi.gcp.compute.kotlin.Firewall.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.compute.kotlin
import com.pulumi.core.Output
import com.pulumi.gcp.compute.kotlin.outputs.FirewallAllow
import com.pulumi.gcp.compute.kotlin.outputs.FirewallDeny
import com.pulumi.gcp.compute.kotlin.outputs.FirewallLogConfig
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.Deprecated
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import com.pulumi.gcp.compute.kotlin.outputs.FirewallAllow.Companion.toKotlin as firewallAllowToKotlin
import com.pulumi.gcp.compute.kotlin.outputs.FirewallDeny.Companion.toKotlin as firewallDenyToKotlin
import com.pulumi.gcp.compute.kotlin.outputs.FirewallLogConfig.Companion.toKotlin as firewallLogConfigToKotlin
/**
* Builder for [Firewall].
*/
@PulumiTagMarker
public class FirewallResourceBuilder internal constructor() {
public var name: String? = null
public var args: FirewallArgs = FirewallArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend FirewallArgsBuilder.() -> Unit) {
val builder = FirewallArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): Firewall {
val builtJavaResource = com.pulumi.gcp.compute.Firewall(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return Firewall(builtJavaResource)
}
}
/**
* Each network has its own firewall controlling access to and from the
* instances.
* All traffic to instances, even from other instances, is blocked by the
* firewall unless firewall rules are created to allow it.
* The default network has automatically created firewall rules that are
* shown in default firewall rules. No manually created network has
* automatically created firewall rules except for a default "allow" rule for
* outgoing traffic and a default "deny" for incoming traffic. For all
* networks except the default network, you must create any firewall rules
* you need.
* To get more information about Firewall, see:
* * [API documentation](https://cloud.google.com/compute/docs/reference/v1/firewalls)
* * How-to Guides
* * [Official Documentation](https://cloud.google.com/vpc/docs/firewalls)
* ## Example Usage
* ### Firewall Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const defaultNetwork = new gcp.compute.Network("default", {name: "test-network"});
* const _default = new gcp.compute.Firewall("default", {
* name: "test-firewall",
* network: defaultNetwork.name,
* allows: [
* {
* protocol: "icmp",
* },
* {
* protocol: "tcp",
* ports: [
* "80",
* "8080",
* "1000-2000",
* ],
* },
* ],
* sourceTags: ["web"],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default_network = gcp.compute.Network("default", name="test-network")
* default = gcp.compute.Firewall("default",
* name="test-firewall",
* network=default_network.name,
* allows=[
* {
* "protocol": "icmp",
* },
* {
* "protocol": "tcp",
* "ports": [
* "80",
* "8080",
* "1000-2000",
* ],
* },
* ],
* source_tags=["web"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var defaultNetwork = new Gcp.Compute.Network("default", new()
* {
* Name = "test-network",
* });
* var @default = new Gcp.Compute.Firewall("default", new()
* {
* Name = "test-firewall",
* Network = defaultNetwork.Name,
* Allows = new[]
* {
* new Gcp.Compute.Inputs.FirewallAllowArgs
* {
* Protocol = "icmp",
* },
* new Gcp.Compute.Inputs.FirewallAllowArgs
* {
* Protocol = "tcp",
* Ports = new[]
* {
* "80",
* "8080",
* "1000-2000",
* },
* },
* },
* SourceTags = new[]
* {
* "web",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
* Name: pulumi.String("test-network"),
* })
* if err != nil {
* return err
* }
* _, err = compute.NewFirewall(ctx, "default", &compute.FirewallArgs{
* Name: pulumi.String("test-firewall"),
* Network: defaultNetwork.Name,
* Allows: compute.FirewallAllowArray{
* &compute.FirewallAllowArgs{
* Protocol: pulumi.String("icmp"),
* },
* &compute.FirewallAllowArgs{
* Protocol: pulumi.String("tcp"),
* Ports: pulumi.StringArray{
* pulumi.String("80"),
* pulumi.String("8080"),
* pulumi.String("1000-2000"),
* },
* },
* },
* SourceTags: pulumi.StringArray{
* pulumi.String("web"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.Network;
* import com.pulumi.gcp.compute.NetworkArgs;
* import com.pulumi.gcp.compute.Firewall;
* import com.pulumi.gcp.compute.FirewallArgs;
* import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
* .name("test-network")
* .build());
* var default_ = new Firewall("default", FirewallArgs.builder()
* .name("test-firewall")
* .network(defaultNetwork.name())
* .allows(
* FirewallAllowArgs.builder()
* .protocol("icmp")
* .build(),
* FirewallAllowArgs.builder()
* .protocol("tcp")
* .ports(
* "80",
* "8080",
* "1000-2000")
* .build())
* .sourceTags("web")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:compute:Firewall
* properties:
* name: test-firewall
* network: ${defaultNetwork.name}
* allows:
* - protocol: icmp
* - protocol: tcp
* ports:
* - '80'
* - '8080'
* - 1000-2000
* sourceTags:
* - web
* defaultNetwork:
* type: gcp:compute:Network
* name: default
* properties:
* name: test-network
* ```
*
* ### Firewall With Target Tags
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const rules = new gcp.compute.Firewall("rules", {
* project: "my-project-name",
* name: "my-firewall-rule",
* network: "default",
* description: "Creates firewall rule targeting tagged instances",
* allows: [{
* protocol: "tcp",
* ports: [
* "80",
* "8080",
* "1000-2000",
* ],
* }],
* sourceTags: ["foo"],
* targetTags: ["web"],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* rules = gcp.compute.Firewall("rules",
* project="my-project-name",
* name="my-firewall-rule",
* network="default",
* description="Creates firewall rule targeting tagged instances",
* allows=[{
* "protocol": "tcp",
* "ports": [
* "80",
* "8080",
* "1000-2000",
* ],
* }],
* source_tags=["foo"],
* target_tags=["web"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var rules = new Gcp.Compute.Firewall("rules", new()
* {
* Project = "my-project-name",
* Name = "my-firewall-rule",
* Network = "default",
* Description = "Creates firewall rule targeting tagged instances",
* Allows = new[]
* {
* new Gcp.Compute.Inputs.FirewallAllowArgs
* {
* Protocol = "tcp",
* Ports = new[]
* {
* "80",
* "8080",
* "1000-2000",
* },
* },
* },
* SourceTags = new[]
* {
* "foo",
* },
* TargetTags = new[]
* {
* "web",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := compute.NewFirewall(ctx, "rules", &compute.FirewallArgs{
* Project: pulumi.String("my-project-name"),
* Name: pulumi.String("my-firewall-rule"),
* Network: pulumi.String("default"),
* Description: pulumi.String("Creates firewall rule targeting tagged instances"),
* Allows: compute.FirewallAllowArray{
* &compute.FirewallAllowArgs{
* Protocol: pulumi.String("tcp"),
* Ports: pulumi.StringArray{
* pulumi.String("80"),
* pulumi.String("8080"),
* pulumi.String("1000-2000"),
* },
* },
* },
* SourceTags: pulumi.StringArray{
* pulumi.String("foo"),
* },
* TargetTags: pulumi.StringArray{
* pulumi.String("web"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.Firewall;
* import com.pulumi.gcp.compute.FirewallArgs;
* import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var rules = new Firewall("rules", FirewallArgs.builder()
* .project("my-project-name")
* .name("my-firewall-rule")
* .network("default")
* .description("Creates firewall rule targeting tagged instances")
* .allows(FirewallAllowArgs.builder()
* .protocol("tcp")
* .ports(
* "80",
* "8080",
* "1000-2000")
* .build())
* .sourceTags("foo")
* .targetTags("web")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* rules:
* type: gcp:compute:Firewall
* properties:
* project: my-project-name
* name: my-firewall-rule
* network: default
* description: Creates firewall rule targeting tagged instances
* allows:
* - protocol: tcp
* ports:
* - '80'
* - '8080'
* - 1000-2000
* sourceTags:
* - foo
* targetTags:
* - web
* ```
*
* ## Import
* Firewall can be imported using any of these accepted formats:
* * `projects/{{project}}/global/firewalls/{{name}}`
* * `{{project}}/{{name}}`
* * `{{name}}`
* When using the `pulumi import` command, Firewall can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:compute/firewall:Firewall default projects/{{project}}/global/firewalls/{{name}}
* ```
* ```sh
* $ pulumi import gcp:compute/firewall:Firewall default {{project}}/{{name}}
* ```
* ```sh
* $ pulumi import gcp:compute/firewall:Firewall default {{name}}
* ```
*/
public class Firewall internal constructor(
override val javaResource: com.pulumi.gcp.compute.Firewall,
) : KotlinCustomResource(javaResource, FirewallMapper) {
/**
* The list of ALLOW rules specified by this firewall. Each rule
* specifies a protocol and port-range tuple that describes a permitted
* connection.
* Structure is documented below.
*/
public val allows: Output>?
get() = javaResource.allows().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> firewallAllowToKotlin(args0) })
})
}).orElse(null)
})
/**
* Creation timestamp in RFC3339 text format.
*/
public val creationTimestamp: Output
get() = javaResource.creationTimestamp().applyValue({ args0 -> args0 })
/**
* The list of DENY rules specified by this firewall. Each rule specifies
* a protocol and port-range tuple that describes a denied connection.
* Structure is documented below.
*/
public val denies: Output>?
get() = javaResource.denies().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> firewallDenyToKotlin(args0) })
})
}).orElse(null)
})
/**
* An optional description of this resource. Provide this property when
* you create the resource.
*/
public val description: Output?
get() = javaResource.description().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* If destination ranges are specified, the firewall will apply only to
* traffic that has destination IP address in these ranges. These ranges
* must be expressed in CIDR format. IPv4 or IPv6 ranges are supported.
*/
public val destinationRanges: Output>
get() = javaResource.destinationRanges().applyValue({ args0 -> args0.map({ args0 -> args0 }) })
/**
* Direction of traffic to which this firewall applies; default is
* INGRESS. Note: For INGRESS traffic, one of `source_ranges`,
* `source_tags` or `source_service_accounts` is required.
* Possible values are: `INGRESS`, `EGRESS`.
*/
public val direction: Output
get() = javaResource.direction().applyValue({ args0 -> args0 })
/**
* Denotes whether the firewall rule is disabled, i.e not applied to the
* network it is associated with. When set to true, the firewall rule is
* not enforced and the network behaves as if it did not exist. If this
* is unspecified, the firewall rule will be enabled.
*/
public val disabled: Output?
get() = javaResource.disabled().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* This field denotes whether to enable logging for a particular firewall rule.
* If logging is enabled, logs will be exported to Stackdriver. Deprecated in favor of `log_config`
*/
@Deprecated(
message = """
Deprecated in favor of log_config
""",
)
public val enableLogging: Output
get() = javaResource.enableLogging().applyValue({ args0 -> args0 })
/**
* This field denotes the logging options for a particular firewall rule.
* If defined, logging is enabled, and logs will be exported to Cloud Logging.
* Structure is documented below.
*/
public val logConfig: Output?
get() = javaResource.logConfig().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
firewallLogConfigToKotlin(args0)
})
}).orElse(null)
})
/**
* Name of the resource. Provided by the client when the resource is
* created. The name must be 1-63 characters long, and comply with
* RFC1035. Specifically, the name must be 1-63 characters long and match
* the regular expression `a-z?` which means the
* first character must be a lowercase letter, and all following
* characters must be a dash, lowercase letter, or digit, except the last
* character, which cannot be a dash.
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* The name or self_link of the network to attach this firewall to.
* - - -
*/
public val network: Output
get() = javaResource.network().applyValue({ args0 -> args0 })
/**
* Priority for this rule. This is an integer between 0 and 65535, both
* inclusive. When not specified, the value assumed is 1000. Relative
* priorities determine precedence of conflicting rules. Lower value of
* priority implies higher precedence (eg, a rule with priority 0 has
* higher precedence than a rule with priority 1). DENY rules take
* precedence over ALLOW rules having equal priority.
*/
public val priority: Output?
get() = javaResource.priority().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
public val project: Output
get() = javaResource.project().applyValue({ args0 -> args0 })
/**
* The URI of the created resource.
*/
public val selfLink: Output
get() = javaResource.selfLink().applyValue({ args0 -> args0 })
/**
* If source ranges are specified, the firewall will apply only to
* traffic that has source IP address in these ranges. These ranges must
* be expressed in CIDR format. One or both of sourceRanges and
* sourceTags may be set. If both properties are set, the firewall will
* apply to traffic that has source IP address within sourceRanges OR the
* source IP that belongs to a tag listed in the sourceTags property. The
* connection does not need to match both properties for the firewall to
* apply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of
* `source_ranges`, `source_tags` or `source_service_accounts` is required.
*/
public val sourceRanges: Output>?
get() = javaResource.sourceRanges().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0
})
}).orElse(null)
})
/**
* If source service accounts are specified, the firewall will apply only
* to traffic originating from an instance with a service account in this
* list. Source service accounts cannot be used to control traffic to an
* instance's external IP address because service accounts are associated
* with an instance, not an IP address. sourceRanges can be set at the
* same time as sourceServiceAccounts. If both are set, the firewall will
* apply to traffic that has source IP address within sourceRanges OR the
* source IP belongs to an instance with service account listed in
* sourceServiceAccount. The connection does not need to match both
* properties for the firewall to apply. sourceServiceAccounts cannot be
* used at the same time as sourceTags or targetTags. For INGRESS traffic,
* one of `source_ranges`, `source_tags` or `source_service_accounts` is required.
*/
public val sourceServiceAccounts: Output>?
get() = javaResource.sourceServiceAccounts().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* If source tags are specified, the firewall will apply only to traffic
* with source IP that belongs to a tag listed in source tags. Source
* tags cannot be used to control traffic to an instance's external IP
* address. Because tags are associated with an instance, not an IP
* address. One or both of sourceRanges and sourceTags may be set. If
* both properties are set, the firewall will apply to traffic that has
* source IP address within sourceRanges OR the source IP that belongs to
* a tag listed in the sourceTags property. The connection does not need
* to match both properties for the firewall to apply. For INGRESS traffic,
* one of `source_ranges`, `source_tags` or `source_service_accounts` is required.
*/
public val sourceTags: Output>?
get() = javaResource.sourceTags().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0
})
}).orElse(null)
})
/**
* A list of service accounts indicating sets of instances located in the
* network that may make network connections as specified in allowed[].
* targetServiceAccounts cannot be used at the same time as targetTags or
* sourceTags. If neither targetServiceAccounts nor targetTags are
* specified, the firewall rule applies to all instances on the specified
* network.
*/
public val targetServiceAccounts: Output>?
get() = javaResource.targetServiceAccounts().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* A list of instance tags indicating sets of instances located in the
* network that may make network connections as specified in allowed[].
* If no targetTags are specified, the firewall rule applies to all
* instances on the specified network.
*/
public val targetTags: Output>?
get() = javaResource.targetTags().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0
})
}).orElse(null)
})
}
public object FirewallMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.gcp.compute.Firewall::class == javaResource::class
override fun map(javaResource: Resource): Firewall = Firewall(
javaResource as
com.pulumi.gcp.compute.Firewall,
)
}
/**
* @see [Firewall].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [Firewall].
*/
public suspend fun firewall(name: String, block: suspend FirewallResourceBuilder.() -> Unit): Firewall {
val builder = FirewallResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [Firewall].
* @param name The _unique_ name of the resulting resource.
*/
public fun firewall(name: String): Firewall {
val builder = FirewallResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy