pulumi-gcp 7.23.0__py3-none-any.whl → 7.23.0a1715621482__py3-none-any.whl

pulumi_gcp/compute/network_firewall_policy_rule.py

@@ -26,13 +26,11 @@ class NetworkFirewallPolicyRuleArgs:
                  enable_logging: Optional[pulumi.Input[bool]] = None,
                  project: Optional[pulumi.Input[str]] = None,
                  rule_name: Optional[pulumi.Input[str]] = None,
-                 security_profile_group: Optional[pulumi.Input[str]] = None,
                  target_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleTargetSecureTagArgs']]]] = None,
-                 target_service_accounts: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 tls_inspect: Optional[pulumi.Input[bool]] = None):
+                 target_service_accounts: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
         """
         The set of arguments for constructing a NetworkFirewallPolicyRule resource.
-        :param pulumi.Input[str] action: The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
+        :param pulumi.Input[str] action: The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
         :param pulumi.Input[str] direction: The direction in which this rule applies. Possible values: INGRESS, EGRESS
         :param pulumi.Input[str] firewall_policy: The firewall policy of the resource.
         :param pulumi.Input['NetworkFirewallPolicyRuleMatchArgs'] match: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
@@ -45,9 +43,6 @@ class NetworkFirewallPolicyRuleArgs:
                "goto_next" rules.
         :param pulumi.Input[str] project: The project for the resource
         :param pulumi.Input[str] rule_name: An optional name for the rule. This field is not a unique identifier and can be updated.
-        :param pulumi.Input[str] security_profile_group: A fully-qualified URL of a SecurityProfileGroup resource. Example:
-               https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
-               It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
         :param pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleTargetSecureTagArgs']]] target_secure_tags: A list of secure tags that controls which instances the firewall rule applies to. If <code>targetSecureTag</code> are
                specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure
                tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored.
@@ -55,8 +50,6 @@ class NetworkFirewallPolicyRuleArgs:
                <code>targetServiceAccounts</code> nor <code>targetSecureTag</code> are specified, the firewall rule applies to all
                instances on the specified network. Maximum number of target label tags allowed is 256.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] target_service_accounts: A list of service accounts indicating the sets of instances that are applied with this rule.
-        :param pulumi.Input[bool] tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
-               'apply_security_profile_group' and cannot be set for other actions.
         """
         pulumi.set(__self__, "action", action)
         pulumi.set(__self__, "direction", direction)
@@ -73,20 +66,16 @@ class NetworkFirewallPolicyRuleArgs:
             pulumi.set(__self__, "project", project)
         if rule_name is not None:
             pulumi.set(__self__, "rule_name", rule_name)
-        if security_profile_group is not None:
-            pulumi.set(__self__, "security_profile_group", security_profile_group)
         if target_secure_tags is not None:
             pulumi.set(__self__, "target_secure_tags", target_secure_tags)
         if target_service_accounts is not None:
             pulumi.set(__self__, "target_service_accounts", target_service_accounts)
-        if tls_inspect is not None:
-            pulumi.set(__self__, "tls_inspect", tls_inspect)
 
     @property
     @pulumi.getter
     def action(self) -> pulumi.Input[str]:
         """
-        The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
+        The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
         """
         return pulumi.get(self, "action")
 
@@ -205,20 +194,6 @@ class NetworkFirewallPolicyRuleArgs:
     def rule_name(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "rule_name", value)
 
-    @property
-    @pulumi.getter(name="securityProfileGroup")
-    def security_profile_group(self) -> Optional[pulumi.Input[str]]:
-        """
-        A fully-qualified URL of a SecurityProfileGroup resource. Example:
-        https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
-        It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
-        """
-        return pulumi.get(self, "security_profile_group")
-
-    @security_profile_group.setter
-    def security_profile_group(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "security_profile_group", value)
-
     @property
     @pulumi.getter(name="targetSecureTags")
     def target_secure_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleTargetSecureTagArgs']]]]:
@@ -248,19 +223,6 @@ class NetworkFirewallPolicyRuleArgs:
     def target_service_accounts(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "target_service_accounts", value)
 
-    @property
-    @pulumi.getter(name="tlsInspect")
-    def tls_inspect(self) -> Optional[pulumi.Input[bool]]:
-        """
-        Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
-        'apply_security_profile_group' and cannot be set for other actions.
-        """
-        return pulumi.get(self, "tls_inspect")
-
-    @tls_inspect.setter
-    def tls_inspect(self, value: Optional[pulumi.Input[bool]]):
-        pulumi.set(self, "tls_inspect", value)
-
 
 @pulumi.input_type
 class _NetworkFirewallPolicyRuleState:
@@ -277,13 +239,11 @@ class _NetworkFirewallPolicyRuleState:
                  project: Optional[pulumi.Input[str]] = None,
                  rule_name: Optional[pulumi.Input[str]] = None,
                  rule_tuple_count: Optional[pulumi.Input[int]] = None,
-                 security_profile_group: Optional[pulumi.Input[str]] = None,
                  target_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleTargetSecureTagArgs']]]] = None,
-                 target_service_accounts: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 tls_inspect: Optional[pulumi.Input[bool]] = None):
+                 target_service_accounts: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
         """
         Input properties used for looking up and filtering NetworkFirewallPolicyRule resources.
-        :param pulumi.Input[str] action: The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
+        :param pulumi.Input[str] action: The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
         :param pulumi.Input[str] description: An optional description for this resource.
         :param pulumi.Input[str] direction: The direction in which this rule applies. Possible values: INGRESS, EGRESS
         :param pulumi.Input[bool] disabled: Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and
@@ -298,9 +258,6 @@ class _NetworkFirewallPolicyRuleState:
         :param pulumi.Input[str] project: The project for the resource
         :param pulumi.Input[str] rule_name: An optional name for the rule. This field is not a unique identifier and can be updated.
         :param pulumi.Input[int] rule_tuple_count: Calculation of the complexity of a single firewall policy rule.
-        :param pulumi.Input[str] security_profile_group: A fully-qualified URL of a SecurityProfileGroup resource. Example:
-               https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
-               It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
         :param pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleTargetSecureTagArgs']]] target_secure_tags: A list of secure tags that controls which instances the firewall rule applies to. If <code>targetSecureTag</code> are
                specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure
                tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored.
@@ -308,8 +265,6 @@ class _NetworkFirewallPolicyRuleState:
                <code>targetServiceAccounts</code> nor <code>targetSecureTag</code> are specified, the firewall rule applies to all
                instances on the specified network. Maximum number of target label tags allowed is 256.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] target_service_accounts: A list of service accounts indicating the sets of instances that are applied with this rule.
-        :param pulumi.Input[bool] tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
-               'apply_security_profile_group' and cannot be set for other actions.
         """
         if action is not None:
             pulumi.set(__self__, "action", action)
@@ -335,20 +290,16 @@ class _NetworkFirewallPolicyRuleState:
             pulumi.set(__self__, "rule_name", rule_name)
         if rule_tuple_count is not None:
             pulumi.set(__self__, "rule_tuple_count", rule_tuple_count)
-        if security_profile_group is not None:
-            pulumi.set(__self__, "security_profile_group", security_profile_group)
         if target_secure_tags is not None:
             pulumi.set(__self__, "target_secure_tags", target_secure_tags)
         if target_service_accounts is not None:
             pulumi.set(__self__, "target_service_accounts", target_service_accounts)
-        if tls_inspect is not None:
-            pulumi.set(__self__, "tls_inspect", tls_inspect)
 
     @property
     @pulumi.getter
     def action(self) -> Optional[pulumi.Input[str]]:
         """
-        The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
+        The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
         """
         return pulumi.get(self, "action")
 
@@ -491,20 +442,6 @@ class _NetworkFirewallPolicyRuleState:
     def rule_tuple_count(self, value: Optional[pulumi.Input[int]]):
         pulumi.set(self, "rule_tuple_count", value)
 
-    @property
-    @pulumi.getter(name="securityProfileGroup")
-    def security_profile_group(self) -> Optional[pulumi.Input[str]]:
-        """
-        A fully-qualified URL of a SecurityProfileGroup resource. Example:
-        https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
-        It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
-        """
-        return pulumi.get(self, "security_profile_group")
-
-    @security_profile_group.setter
-    def security_profile_group(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "security_profile_group", value)
-
     @property
     @pulumi.getter(name="targetSecureTags")
     def target_secure_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleTargetSecureTagArgs']]]]:
@@ -534,19 +471,6 @@ class _NetworkFirewallPolicyRuleState:
     def target_service_accounts(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "target_service_accounts", value)
 
-    @property
-    @pulumi.getter(name="tlsInspect")
-    def tls_inspect(self) -> Optional[pulumi.Input[bool]]:
-        """
-        Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
-        'apply_security_profile_group' and cannot be set for other actions.
-        """
-        return pulumi.get(self, "tls_inspect")
-
-    @tls_inspect.setter
-    def tls_inspect(self, value: Optional[pulumi.Input[bool]]):
-        pulumi.set(self, "tls_inspect", value)
-
 
 class NetworkFirewallPolicyRule(pulumi.CustomResource):
     @overload
@@ -563,10 +487,8 @@ class NetworkFirewallPolicyRule(pulumi.CustomResource):
                  priority: Optional[pulumi.Input[int]] = None,
                  project: Optional[pulumi.Input[str]] = None,
                  rule_name: Optional[pulumi.Input[str]] = None,
-                 security_profile_group: Optional[pulumi.Input[str]] = None,
                  target_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['NetworkFirewallPolicyRuleTargetSecureTagArgs']]]]] = None,
                  target_service_accounts: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 tls_inspect: Optional[pulumi.Input[bool]] = None,
                  __props__=None):
         """
         The Compute NetworkFirewallPolicyRule resource
@@ -654,7 +576,7 @@ class NetworkFirewallPolicyRule(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] action: The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
+        :param pulumi.Input[str] action: The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
         :param pulumi.Input[str] description: An optional description for this resource.
         :param pulumi.Input[str] direction: The direction in which this rule applies. Possible values: INGRESS, EGRESS
         :param pulumi.Input[bool] disabled: Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and
@@ -667,9 +589,6 @@ class NetworkFirewallPolicyRule(pulumi.CustomResource):
         :param pulumi.Input[int] priority: An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
         :param pulumi.Input[str] project: The project for the resource
         :param pulumi.Input[str] rule_name: An optional name for the rule. This field is not a unique identifier and can be updated.
-        :param pulumi.Input[str] security_profile_group: A fully-qualified URL of a SecurityProfileGroup resource. Example:
-               https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
-               It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
         :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['NetworkFirewallPolicyRuleTargetSecureTagArgs']]]] target_secure_tags: A list of secure tags that controls which instances the firewall rule applies to. If <code>targetSecureTag</code> are
                specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure
                tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored.
@@ -677,8 +596,6 @@ class NetworkFirewallPolicyRule(pulumi.CustomResource):
                <code>targetServiceAccounts</code> nor <code>targetSecureTag</code> are specified, the firewall rule applies to all
                instances on the specified network. Maximum number of target label tags allowed is 256.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] target_service_accounts: A list of service accounts indicating the sets of instances that are applied with this rule.
-        :param pulumi.Input[bool] tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
-               'apply_security_profile_group' and cannot be set for other actions.
         """
         ...
     @overload
@@ -795,10 +712,8 @@ class NetworkFirewallPolicyRule(pulumi.CustomResource):
                  priority: Optional[pulumi.Input[int]] = None,
                  project: Optional[pulumi.Input[str]] = None,
                  rule_name: Optional[pulumi.Input[str]] = None,
-                 security_profile_group: Optional[pulumi.Input[str]] = None,
                  target_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['NetworkFirewallPolicyRuleTargetSecureTagArgs']]]]] = None,
                  target_service_accounts: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 tls_inspect: Optional[pulumi.Input[bool]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -828,10 +743,8 @@ class NetworkFirewallPolicyRule(pulumi.CustomResource):
             __props__.__dict__["priority"] = priority
             __props__.__dict__["project"] = project
             __props__.__dict__["rule_name"] = rule_name
-            __props__.__dict__["security_profile_group"] = security_profile_group
             __props__.__dict__["target_secure_tags"] = target_secure_tags
             __props__.__dict__["target_service_accounts"] = target_service_accounts
-            __props__.__dict__["tls_inspect"] = tls_inspect
             __props__.__dict__["kind"] = None
             __props__.__dict__["rule_tuple_count"] = None
         super(NetworkFirewallPolicyRule, __self__).__init__(
@@ -856,10 +769,8 @@ class NetworkFirewallPolicyRule(pulumi.CustomResource):
             project: Optional[pulumi.Input[str]] = None,
             rule_name: Optional[pulumi.Input[str]] = None,
             rule_tuple_count: Optional[pulumi.Input[int]] = None,
-            security_profile_group: Optional[pulumi.Input[str]] = None,
             target_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['NetworkFirewallPolicyRuleTargetSecureTagArgs']]]]] = None,
-            target_service_accounts: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            tls_inspect: Optional[pulumi.Input[bool]] = None) -> 'NetworkFirewallPolicyRule':
+            target_service_accounts: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None) -> 'NetworkFirewallPolicyRule':
         """
         Get an existing NetworkFirewallPolicyRule resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -867,7 +778,7 @@ class NetworkFirewallPolicyRule(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] action: The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
+        :param pulumi.Input[str] action: The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
         :param pulumi.Input[str] description: An optional description for this resource.
         :param pulumi.Input[str] direction: The direction in which this rule applies. Possible values: INGRESS, EGRESS
         :param pulumi.Input[bool] disabled: Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and
@@ -882,9 +793,6 @@ class NetworkFirewallPolicyRule(pulumi.CustomResource):
         :param pulumi.Input[str] project: The project for the resource
         :param pulumi.Input[str] rule_name: An optional name for the rule. This field is not a unique identifier and can be updated.
         :param pulumi.Input[int] rule_tuple_count: Calculation of the complexity of a single firewall policy rule.
-        :param pulumi.Input[str] security_profile_group: A fully-qualified URL of a SecurityProfileGroup resource. Example:
-               https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
-               It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
         :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['NetworkFirewallPolicyRuleTargetSecureTagArgs']]]] target_secure_tags: A list of secure tags that controls which instances the firewall rule applies to. If <code>targetSecureTag</code> are
                specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure
                tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored.
@@ -892,8 +800,6 @@ class NetworkFirewallPolicyRule(pulumi.CustomResource):
                <code>targetServiceAccounts</code> nor <code>targetSecureTag</code> are specified, the firewall rule applies to all
                instances on the specified network. Maximum number of target label tags allowed is 256.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] target_service_accounts: A list of service accounts indicating the sets of instances that are applied with this rule.
-        :param pulumi.Input[bool] tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
-               'apply_security_profile_group' and cannot be set for other actions.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -911,17 +817,15 @@ class NetworkFirewallPolicyRule(pulumi.CustomResource):
         __props__.__dict__["project"] = project
         __props__.__dict__["rule_name"] = rule_name
         __props__.__dict__["rule_tuple_count"] = rule_tuple_count
-        __props__.__dict__["security_profile_group"] = security_profile_group
         __props__.__dict__["target_secure_tags"] = target_secure_tags
         __props__.__dict__["target_service_accounts"] = target_service_accounts
-        __props__.__dict__["tls_inspect"] = tls_inspect
         return NetworkFirewallPolicyRule(resource_name, opts=opts, __props__=__props__)
 
     @property
     @pulumi.getter
     def action(self) -> pulumi.Output[str]:
         """
-        The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
+        The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
         """
         return pulumi.get(self, "action")
 
@@ -1016,16 +920,6 @@ class NetworkFirewallPolicyRule(pulumi.CustomResource):
         """
         return pulumi.get(self, "rule_tuple_count")
 
-    @property
-    @pulumi.getter(name="securityProfileGroup")
-    def security_profile_group(self) -> pulumi.Output[Optional[str]]:
-        """
-        A fully-qualified URL of a SecurityProfileGroup resource. Example:
-        https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
-        It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
-        """
-        return pulumi.get(self, "security_profile_group")
-
     @property
     @pulumi.getter(name="targetSecureTags")
     def target_secure_tags(self) -> pulumi.Output[Optional[Sequence['outputs.NetworkFirewallPolicyRuleTargetSecureTag']]]:
@@ -1047,12 +941,3 @@ class NetworkFirewallPolicyRule(pulumi.CustomResource):
         """
         return pulumi.get(self, "target_service_accounts")
 
-    @property
-    @pulumi.getter(name="tlsInspect")
-    def tls_inspect(self) -> pulumi.Output[Optional[bool]]:
-        """
-        Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
-        'apply_security_profile_group' and cannot be set for other actions.
-        """
-        return pulumi.get(self, "tls_inspect")
-