pulumi-gcp 8.17.0a1738274430__py3-none-any.whl → 8.18.0a1738391833__py3-none-any.whl

pulumi_gcp/compute/firewall_policy_rule.py

@@ -539,7 +539,7 @@ class FirewallPolicyRule(pulumi.CustomResource):
         import pulumi_gcp as gcp
 
         basic_global_networksecurity_address_group = gcp.networksecurity.AddressGroup("basic_global_networksecurity_address_group",
-            name="address",
+            name="address-group",
             parent="organizations/123456789",
             description="Sample global networksecurity_address_group",
             location="global",
@@ -552,9 +552,9 @@ class FirewallPolicyRule(pulumi.CustomResource):
             deletion_protection=False)
         default = gcp.compute.FirewallPolicy("default",
             parent=folder.id,
-            short_name="policy",
+            short_name="fw-policy",
             description="Resource created for Terraform acceptance testing")
-        policy_rule = gcp.compute.FirewallPolicyRule("policy_rule",
+        primary = gcp.compute.FirewallPolicyRule("primary",
             firewall_policy=default.name,
             description="Resource created for Terraform acceptance testing",
             priority=9000,
@@ -562,7 +562,15 @@ class FirewallPolicyRule(pulumi.CustomResource):
             action="allow",
             direction="EGRESS",
             disabled=False,
+            target_service_accounts=["my@service-account.com"],
             match={
+                "dest_ip_ranges": ["11.100.0.1/32"],
+                "dest_fqdns": [],
+                "dest_region_codes": ["US"],
+                "dest_threat_intelligences": ["iplist-known-malicious-ips"],
+                "src_address_groups": [],
+                "dest_address_groups": [basic_global_networksecurity_address_group.id],
+                "dest_network_scope": "INTERNET",
                 "layer4_configs": [
                     {
                         "ip_protocol": "tcp",
@@ -573,14 +581,47 @@ class FirewallPolicyRule(pulumi.CustomResource):
                         "ports": ["22"],
                     },
                 ],
-                "dest_ip_ranges": ["11.100.0.1/32"],
-                "dest_fqdns": [],
-                "dest_region_codes": ["US"],
-                "dest_threat_intelligences": ["iplist-known-malicious-ips"],
-                "src_address_groups": [],
-                "dest_address_groups": [basic_global_networksecurity_address_group.id],
-            },
-            target_service_accounts=["my@service-account.com"])
+            })
+        ```
+        ### Firewall Policy Rule Network Scope
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        folder = gcp.organizations.Folder("folder",
+            display_name="folder",
+            parent="organizations/123456789",
+            deletion_protection=False)
+        default = gcp.compute.FirewallPolicy("default",
+            parent=folder.id,
+            short_name="fw-policy",
+            description="Firewall policy")
+        network = gcp.compute.Network("network",
+            name="network",
+            auto_create_subnetworks=False)
+        primary = gcp.compute.FirewallPolicyRule("primary",
+            firewall_policy=default.name,
+            description="Firewall policy rule with network scope",
+            priority=9000,
+            action="allow",
+            direction="INGRESS",
+            disabled=False,
+            match={
+                "src_ip_ranges": ["11.100.0.1/32"],
+                "src_network_scope": "VPC_NETWORKS",
+                "src_networks": [network.id],
+                "layer4_configs": [
+                    {
+                        "ip_protocol": "tcp",
+                        "ports": ["8080"],
+                    },
+                    {
+                        "ip_protocol": "udp",
+                        "ports": ["22"],
+                    },
+                ],
+            })
         ```
 
         ## Import
@@ -649,7 +690,7 @@ class FirewallPolicyRule(pulumi.CustomResource):
         import pulumi_gcp as gcp
 
         basic_global_networksecurity_address_group = gcp.networksecurity.AddressGroup("basic_global_networksecurity_address_group",
-            name="address",
+            name="address-group",
             parent="organizations/123456789",
             description="Sample global networksecurity_address_group",
             location="global",
@@ -662,9 +703,9 @@ class FirewallPolicyRule(pulumi.CustomResource):
             deletion_protection=False)
         default = gcp.compute.FirewallPolicy("default",
             parent=folder.id,
-            short_name="policy",
+            short_name="fw-policy",
             description="Resource created for Terraform acceptance testing")
-        policy_rule = gcp.compute.FirewallPolicyRule("policy_rule",
+        primary = gcp.compute.FirewallPolicyRule("primary",
             firewall_policy=default.name,
             description="Resource created for Terraform acceptance testing",
             priority=9000,
@@ -672,7 +713,15 @@ class FirewallPolicyRule(pulumi.CustomResource):
             action="allow",
             direction="EGRESS",
             disabled=False,
+            target_service_accounts=["my@service-account.com"],
             match={
+                "dest_ip_ranges": ["11.100.0.1/32"],
+                "dest_fqdns": [],
+                "dest_region_codes": ["US"],
+                "dest_threat_intelligences": ["iplist-known-malicious-ips"],
+                "src_address_groups": [],
+                "dest_address_groups": [basic_global_networksecurity_address_group.id],
+                "dest_network_scope": "INTERNET",
                 "layer4_configs": [
                     {
                         "ip_protocol": "tcp",
@@ -683,14 +732,47 @@ class FirewallPolicyRule(pulumi.CustomResource):
                         "ports": ["22"],
                     },
                 ],
-                "dest_ip_ranges": ["11.100.0.1/32"],
-                "dest_fqdns": [],
-                "dest_region_codes": ["US"],
-                "dest_threat_intelligences": ["iplist-known-malicious-ips"],
-                "src_address_groups": [],
-                "dest_address_groups": [basic_global_networksecurity_address_group.id],
-            },
-            target_service_accounts=["my@service-account.com"])
+            })
+        ```
+        ### Firewall Policy Rule Network Scope
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        folder = gcp.organizations.Folder("folder",
+            display_name="folder",
+            parent="organizations/123456789",
+            deletion_protection=False)
+        default = gcp.compute.FirewallPolicy("default",
+            parent=folder.id,
+            short_name="fw-policy",
+            description="Firewall policy")
+        network = gcp.compute.Network("network",
+            name="network",
+            auto_create_subnetworks=False)
+        primary = gcp.compute.FirewallPolicyRule("primary",
+            firewall_policy=default.name,
+            description="Firewall policy rule with network scope",
+            priority=9000,
+            action="allow",
+            direction="INGRESS",
+            disabled=False,
+            match={
+                "src_ip_ranges": ["11.100.0.1/32"],
+                "src_network_scope": "VPC_NETWORKS",
+                "src_networks": [network.id],
+                "layer4_configs": [
+                    {
+                        "ip_protocol": "tcp",
+                        "ports": ["8080"],
+                    },
+                    {
+                        "ip_protocol": "udp",
+                        "ports": ["22"],
+                    },
+                ],
+            })
         ```
 
         ## Import

pulumi_gcp/compute/firewall_policy_with_rules.py

@@ -306,7 +306,7 @@ class FirewallPolicyWithRules(pulumi.CustomResource):
 
         project = gcp.organizations.get_project()
         address_group1 = gcp.networksecurity.AddressGroup("address_group_1",
-            name="tf-address-group",
+            name="address-group",
             parent="organizations/123456789",
             description="Global address group",
             location="global",
@@ -314,17 +314,20 @@ class FirewallPolicyWithRules(pulumi.CustomResource):
             type="IPV4",
             capacity=100)
         security_profile1 = gcp.networksecurity.SecurityProfile("security_profile_1",
-            name="tf-security-profile",
+            name="sp",
             type="THREAT_PREVENTION",
             parent="organizations/123456789",
             location="global")
         security_profile_group1 = gcp.networksecurity.SecurityProfileGroup("security_profile_group_1",
-            name="tf-security-profile-group",
+            name="spg",
             parent="organizations/123456789",
             description="my description",
             threat_prevention_profile=security_profile1.id)
-        firewall_policy_with_rules = gcp.compute.FirewallPolicyWithRules("firewall-policy-with-rules",
-            short_name="tf-fw-org-policy-with-rules",
+        network = gcp.compute.Network("network",
+            name="network",
+            auto_create_subnetworks=False)
+        primary = gcp.compute.FirewallPolicyWithRules("primary",
+            short_name="fw-policy",
             description="Terraform test",
             parent="organizations/123456789",
             rules=[
@@ -334,14 +337,8 @@ class FirewallPolicyWithRules(pulumi.CustomResource):
                     "enable_logging": True,
                     "action": "allow",
                     "direction": "EGRESS",
+                    "target_resources": [f"https://www.googleapis.com/compute/beta/projects/{project.name}/global/networks/default"],
                     "match": {
-                        "layer4_configs": [{
-                            "ip_protocol": "tcp",
-                            "ports": [
-                                "8080",
-                                "7070",
-                            ],
-                        }],
                         "dest_ip_ranges": ["11.100.0.1/32"],
                         "dest_fqdns": [
                             "www.yyy.com",
@@ -356,8 +353,14 @@ class FirewallPolicyWithRules(pulumi.CustomResource):
                             "iplist-tor-exit-nodes",
                         ],
                         "dest_address_groups": [address_group1.id],
+                        "layer4_configs": [{
+                            "ip_protocol": "tcp",
+                            "ports": [
+                                "8080",
+                                "7070",
+                            ],
+                        }],
                     },
-                    "target_resources": [f"https://www.googleapis.com/compute/beta/projects/{project.name}/global/networks/default"],
                 },
                 {
                     "description": "udp rule",
@@ -365,10 +368,8 @@ class FirewallPolicyWithRules(pulumi.CustomResource):
                     "enable_logging": False,
                     "action": "deny",
                     "direction": "INGRESS",
+                    "disabled": True,
                     "match": {
-                        "layer4_configs": [{
-                            "ip_protocol": "udp",
-                        }],
                         "src_ip_ranges": ["0.0.0.0/0"],
                         "src_fqdns": [
                             "www.abc.com",
@@ -383,8 +384,10 @@ class FirewallPolicyWithRules(pulumi.CustomResource):
                             "iplist-public-clouds",
                         ],
                         "src_address_groups": [address_group1.id],
+                        "layer4_configs": [{
+                            "ip_protocol": "udp",
+                        }],
                     },
-                    "disabled": True,
                 },
                 {
                     "description": "security profile group rule",
@@ -393,15 +396,48 @@ class FirewallPolicyWithRules(pulumi.CustomResource):
                     "enable_logging": False,
                     "action": "apply_security_profile_group",
                     "direction": "INGRESS",
+                    "target_service_accounts": ["test@google.com"],
+                    "security_profile_group": security_profile_group1.id.apply(lambda id: f"//networksecurity.googleapis.com/{id}"),
+                    "tls_inspect": True,
+                    "match": {
+                        "src_ip_ranges": ["0.0.0.0/0"],
+                        "layer4_configs": [{
+                            "ip_protocol": "tcp",
+                        }],
+                    },
+                },
+                {
+                    "description": "network scope rule 1",
+                    "rule_name": "network scope 1",
+                    "priority": 4000,
+                    "enable_logging": False,
+                    "action": "allow",
+                    "direction": "INGRESS",
                     "match": {
+                        "src_ip_ranges": ["11.100.0.1/32"],
+                        "src_network_scope": "VPC_NETWORKS",
+                        "src_networks": [network.id],
                         "layer4_configs": [{
                             "ip_protocol": "tcp",
+                            "ports": ["8080"],
+                        }],
+                    },
+                },
+                {
+                    "description": "network scope rule 2",
+                    "rule_name": "network scope 2",
+                    "priority": 5000,
+                    "enable_logging": False,
+                    "action": "allow",
+                    "direction": "EGRESS",
+                    "match": {
+                        "dest_ip_ranges": ["0.0.0.0/0"],
+                        "dest_network_scope": "INTERNET",
+                        "layer4_configs": [{
+                            "ip_protocol": "tcp",
+                            "ports": ["8080"],
                         }],
-                        "src_ip_ranges": ["0.0.0.0/0"],
                     },
-                    "target_service_accounts": ["test@google.com"],
-                    "security_profile_group": security_profile_group1.id.apply(lambda id: f"//networksecurity.googleapis.com/{id}"),
-                    "tls_inspect": True,
                 },
             ])
         ```
@@ -451,7 +487,7 @@ class FirewallPolicyWithRules(pulumi.CustomResource):
 
         project = gcp.organizations.get_project()
         address_group1 = gcp.networksecurity.AddressGroup("address_group_1",
-            name="tf-address-group",
+            name="address-group",
             parent="organizations/123456789",
             description="Global address group",
             location="global",
@@ -459,17 +495,20 @@ class FirewallPolicyWithRules(pulumi.CustomResource):
             type="IPV4",
             capacity=100)
         security_profile1 = gcp.networksecurity.SecurityProfile("security_profile_1",
-            name="tf-security-profile",
+            name="sp",
             type="THREAT_PREVENTION",
             parent="organizations/123456789",
             location="global")
         security_profile_group1 = gcp.networksecurity.SecurityProfileGroup("security_profile_group_1",
-            name="tf-security-profile-group",
+            name="spg",
             parent="organizations/123456789",
             description="my description",
             threat_prevention_profile=security_profile1.id)
-        firewall_policy_with_rules = gcp.compute.FirewallPolicyWithRules("firewall-policy-with-rules",
-            short_name="tf-fw-org-policy-with-rules",
+        network = gcp.compute.Network("network",
+            name="network",
+            auto_create_subnetworks=False)
+        primary = gcp.compute.FirewallPolicyWithRules("primary",
+            short_name="fw-policy",
             description="Terraform test",
             parent="organizations/123456789",
             rules=[
@@ -479,14 +518,8 @@ class FirewallPolicyWithRules(pulumi.CustomResource):
                     "enable_logging": True,
                     "action": "allow",
                     "direction": "EGRESS",
+                    "target_resources": [f"https://www.googleapis.com/compute/beta/projects/{project.name}/global/networks/default"],
                     "match": {
-                        "layer4_configs": [{
-                            "ip_protocol": "tcp",
-                            "ports": [
-                                "8080",
-                                "7070",
-                            ],
-                        }],
                         "dest_ip_ranges": ["11.100.0.1/32"],
                         "dest_fqdns": [
                             "www.yyy.com",
@@ -501,8 +534,14 @@ class FirewallPolicyWithRules(pulumi.CustomResource):
                             "iplist-tor-exit-nodes",
                         ],
                         "dest_address_groups": [address_group1.id],
+                        "layer4_configs": [{
+                            "ip_protocol": "tcp",
+                            "ports": [
+                                "8080",
+                                "7070",
+                            ],
+                        }],
                     },
-                    "target_resources": [f"https://www.googleapis.com/compute/beta/projects/{project.name}/global/networks/default"],
                 },
                 {
                     "description": "udp rule",
@@ -510,10 +549,8 @@ class FirewallPolicyWithRules(pulumi.CustomResource):
                     "enable_logging": False,
                     "action": "deny",
                     "direction": "INGRESS",
+                    "disabled": True,
                     "match": {
-                        "layer4_configs": [{
-                            "ip_protocol": "udp",
-                        }],
                         "src_ip_ranges": ["0.0.0.0/0"],
                         "src_fqdns": [
                             "www.abc.com",
@@ -528,8 +565,10 @@ class FirewallPolicyWithRules(pulumi.CustomResource):
                             "iplist-public-clouds",
                         ],
                         "src_address_groups": [address_group1.id],
+                        "layer4_configs": [{
+                            "ip_protocol": "udp",
+                        }],
                     },
-                    "disabled": True,
                 },
                 {
                     "description": "security profile group rule",
@@ -538,15 +577,48 @@ class FirewallPolicyWithRules(pulumi.CustomResource):
                     "enable_logging": False,
                     "action": "apply_security_profile_group",
                     "direction": "INGRESS",
+                    "target_service_accounts": ["test@google.com"],
+                    "security_profile_group": security_profile_group1.id.apply(lambda id: f"//networksecurity.googleapis.com/{id}"),
+                    "tls_inspect": True,
+                    "match": {
+                        "src_ip_ranges": ["0.0.0.0/0"],
+                        "layer4_configs": [{
+                            "ip_protocol": "tcp",
+                        }],
+                    },
+                },
+                {
+                    "description": "network scope rule 1",
+                    "rule_name": "network scope 1",
+                    "priority": 4000,
+                    "enable_logging": False,
+                    "action": "allow",
+                    "direction": "INGRESS",
                     "match": {
+                        "src_ip_ranges": ["11.100.0.1/32"],
+                        "src_network_scope": "VPC_NETWORKS",
+                        "src_networks": [network.id],
                         "layer4_configs": [{
                             "ip_protocol": "tcp",
+                            "ports": ["8080"],
+                        }],
+                    },
+                },
+                {
+                    "description": "network scope rule 2",
+                    "rule_name": "network scope 2",
+                    "priority": 5000,
+                    "enable_logging": False,
+                    "action": "allow",
+                    "direction": "EGRESS",
+                    "match": {
+                        "dest_ip_ranges": ["0.0.0.0/0"],
+                        "dest_network_scope": "INTERNET",
+                        "layer4_configs": [{
+                            "ip_protocol": "tcp",
+                            "ports": ["8080"],
                         }],
-                        "src_ip_ranges": ["0.0.0.0/0"],
                     },
-                    "target_service_accounts": ["test@google.com"],
-                    "security_profile_group": security_profile_group1.id.apply(lambda id: f"//networksecurity.googleapis.com/{id}"),
-                    "tls_inspect": True,
                 },
             ])
         ```

pulumi_gcp/compute/get_instance_template_iam_policy.py

@@ -0,0 +1,159 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+
+__all__ = [
+    'GetInstanceTemplateIamPolicyResult',
+    'AwaitableGetInstanceTemplateIamPolicyResult',
+    'get_instance_template_iam_policy',
+    'get_instance_template_iam_policy_output',
+]
+
+@pulumi.output_type
+class GetInstanceTemplateIamPolicyResult:
+    """
+    A collection of values returned by getInstanceTemplateIamPolicy.
+    """
+    def __init__(__self__, etag=None, id=None, name=None, policy_data=None, project=None):
+        if etag and not isinstance(etag, str):
+            raise TypeError("Expected argument 'etag' to be a str")
+        pulumi.set(__self__, "etag", etag)
+        if id and not isinstance(id, str):
+            raise TypeError("Expected argument 'id' to be a str")
+        pulumi.set(__self__, "id", id)
+        if name and not isinstance(name, str):
+            raise TypeError("Expected argument 'name' to be a str")
+        pulumi.set(__self__, "name", name)
+        if policy_data and not isinstance(policy_data, str):
+            raise TypeError("Expected argument 'policy_data' to be a str")
+        pulumi.set(__self__, "policy_data", policy_data)
+        if project and not isinstance(project, str):
+            raise TypeError("Expected argument 'project' to be a str")
+        pulumi.set(__self__, "project", project)
+
+    @property
+    @pulumi.getter
+    def etag(self) -> str:
+        """
+        (Computed) The etag of the IAM policy.
+        """
+        return pulumi.get(self, "etag")
+
+    @property
+    @pulumi.getter
+    def id(self) -> str:
+        """
+        The provider-assigned unique ID for this managed resource.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter
+    def name(self) -> str:
+        return pulumi.get(self, "name")
+
+    @property
+    @pulumi.getter(name="policyData")
+    def policy_data(self) -> str:
+        """
+        (Required only by `compute.InstanceTemplateIamPolicy`) The policy data generated by
+        a `organizations_get_iam_policy` data source.
+        """
+        return pulumi.get(self, "policy_data")
+
+    @property
+    @pulumi.getter
+    def project(self) -> str:
+        return pulumi.get(self, "project")
+
+
+class AwaitableGetInstanceTemplateIamPolicyResult(GetInstanceTemplateIamPolicyResult):
+    # pylint: disable=using-constant-test
+    def __await__(self):
+        if False:
+            yield self
+        return GetInstanceTemplateIamPolicyResult(
+            etag=self.etag,
+            id=self.id,
+            name=self.name,
+            policy_data=self.policy_data,
+            project=self.project)
+
+
+def get_instance_template_iam_policy(name: Optional[str] = None,
+                                     project: Optional[str] = None,
+                                     opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetInstanceTemplateIamPolicyResult:
+    """
+    Retrieves the current IAM policy data for instancetemplate
+
+    ## example
+
+    ```python
+    import pulumi
+    import pulumi_gcp as gcp
+
+    policy = gcp.compute.get_instance_template_iam_policy(project=default["project"],
+        name=default["name"])
+    ```
+
+
+    :param str name: Used to find the parent resource to bind the IAM policy to
+    :param str project: The ID of the project in which the resource belongs.
+           If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
+    """
+    __args__ = dict()
+    __args__['name'] = name
+    __args__['project'] = project
+    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke('gcp:compute/getInstanceTemplateIamPolicy:getInstanceTemplateIamPolicy', __args__, opts=opts, typ=GetInstanceTemplateIamPolicyResult).value
+
+    return AwaitableGetInstanceTemplateIamPolicyResult(
+        etag=pulumi.get(__ret__, 'etag'),
+        id=pulumi.get(__ret__, 'id'),
+        name=pulumi.get(__ret__, 'name'),
+        policy_data=pulumi.get(__ret__, 'policy_data'),
+        project=pulumi.get(__ret__, 'project'))
+def get_instance_template_iam_policy_output(name: Optional[pulumi.Input[str]] = None,
+                                            project: Optional[pulumi.Input[Optional[str]]] = None,
+                                            opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceTemplateIamPolicyResult]:
+    """
+    Retrieves the current IAM policy data for instancetemplate
+
+    ## example
+
+    ```python
+    import pulumi
+    import pulumi_gcp as gcp
+
+    policy = gcp.compute.get_instance_template_iam_policy(project=default["project"],
+        name=default["name"])
+    ```
+
+
+    :param str name: Used to find the parent resource to bind the IAM policy to
+    :param str project: The ID of the project in which the resource belongs.
+           If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
+    """
+    __args__ = dict()
+    __args__['name'] = name
+    __args__['project'] = project
+    opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('gcp:compute/getInstanceTemplateIamPolicy:getInstanceTemplateIamPolicy', __args__, opts=opts, typ=GetInstanceTemplateIamPolicyResult)
+    return __ret__.apply(lambda __response__: GetInstanceTemplateIamPolicyResult(
+        etag=pulumi.get(__response__, 'etag'),
+        id=pulumi.get(__response__, 'id'),
+        name=pulumi.get(__response__, 'name'),
+        policy_data=pulumi.get(__response__, 'policy_data'),
+        project=pulumi.get(__response__, 'project')))