com.pulumi.gcp.accesscontextmanager.kotlin.ServicePerimeterResource.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.accesscontextmanager.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
/**
* Builder for [ServicePerimeterResource].
*/
@PulumiTagMarker
public class ServicePerimeterResourceResourceBuilder internal constructor() {
public var name: String? = null
public var args: ServicePerimeterResourceArgs = ServicePerimeterResourceArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend ServicePerimeterResourceArgsBuilder.() -> Unit) {
val builder = ServicePerimeterResourceArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): ServicePerimeterResource {
val builtJavaResource =
com.pulumi.gcp.accesscontextmanager.ServicePerimeterResource(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return ServicePerimeterResource(builtJavaResource)
}
}
/**
* Allows configuring a single GCP resource that should be inside the `status` block of a service perimeter.
* This resource is intended to be used in cases where it is not possible to compile a full list
* of projects to include in a `gcp.accesscontextmanager.ServicePerimeter` resource,
* to enable them to be added separately.
* If your perimeter is in dry-run mode use `gcp.accesscontextmanager.ServicePerimeterDryRunResource` instead.
* > **Note:** If this resource is used alongside a `gcp.accesscontextmanager.ServicePerimeter` resource,
* the service perimeter resource must have a `lifecycle` block with `ignore_changes = [status[0].resources]` so
* they don't fight over which resources should be in the policy.
* To get more information about ServicePerimeterResource, see:
* * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters)
* * How-to Guides
* * [Service Perimeter Quickstart](https://cloud.google.com/vpc-service-controls/docs/quickstart)
* > **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,
* you must specify a `billing_project` and set `user_project_override` to true
* in the provider configuration. Otherwise the ACM API will return a 403 error.
* Your account must have the `serviceusage.services.use` permission on the
* `billing_project` you defined.
* ## Example Usage
* ### Access Context Manager Service Perimeter Resource Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", {
* parent: "organizations/123456789",
* title: "my policy",
* });
* const service_perimeter_resourceServicePerimeter = new gcp.accesscontextmanager.ServicePerimeter("service-perimeter-resource", {
* parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,
* name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/restrict_all`,
* title: "restrict_all",
* status: {
* restrictedServices: ["storage.googleapis.com"],
* },
* });
* const service_perimeter_resource = new gcp.accesscontextmanager.ServicePerimeterResource("service-perimeter-resource", {
* perimeterName: service_perimeter_resourceServicePerimeter.name,
* resource: "projects/987654321",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
* parent="organizations/123456789",
* title="my policy")
* service_perimeter_resource_service_perimeter = gcp.accesscontextmanager.ServicePerimeter("service-perimeter-resource",
* parent=access_policy.name.apply(lambda name: f"accessPolicies/{name}"),
* name=access_policy.name.apply(lambda name: f"accessPolicies/{name}/servicePerimeters/restrict_all"),
* title="restrict_all",
* status=gcp.accesscontextmanager.ServicePerimeterStatusArgs(
* restricted_services=["storage.googleapis.com"],
* ))
* service_perimeter_resource = gcp.accesscontextmanager.ServicePerimeterResource("service-perimeter-resource",
* perimeter_name=service_perimeter_resource_service_perimeter.name,
* resource="projects/987654321")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var access_policy = new Gcp.AccessContextManager.AccessPolicy("access-policy", new()
* {
* Parent = "organizations/123456789",
* Title = "my policy",
* });
* var service_perimeter_resourceServicePerimeter = new Gcp.AccessContextManager.ServicePerimeter("service-perimeter-resource", new()
* {
* Parent = access_policy.Name.Apply(name => $"accessPolicies/{name}"),
* Name = access_policy.Name.Apply(name => $"accessPolicies/{name}/servicePerimeters/restrict_all"),
* Title = "restrict_all",
* Status = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusArgs
* {
* RestrictedServices = new[]
* {
* "storage.googleapis.com",
* },
* },
* });
* var service_perimeter_resource = new Gcp.AccessContextManager.ServicePerimeterResource("service-perimeter-resource", new()
* {
* PerimeterName = service_perimeter_resourceServicePerimeter.Name,
* Resource = "projects/987654321",
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := accesscontextmanager.NewAccessPolicy(ctx, "access-policy", &accesscontextmanager.AccessPolicyArgs{
* Parent: pulumi.String("organizations/123456789"),
* Title: pulumi.String("my policy"),
* })
* if err != nil {
* return err
* }
* _, err = accesscontextmanager.NewServicePerimeter(ctx, "service-perimeter-resource", &accesscontextmanager.ServicePerimeterArgs{
* Parent: access_policy.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("accessPolicies/%v", name), nil
* }).(pulumi.StringOutput),
* Name: access_policy.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("accessPolicies/%v/servicePerimeters/restrict_all", name), nil
* }).(pulumi.StringOutput),
* Title: pulumi.String("restrict_all"),
* Status: &accesscontextmanager.ServicePerimeterStatusArgs{
* RestrictedServices: pulumi.StringArray{
* pulumi.String("storage.googleapis.com"),
* },
* },
* })
* if err != nil {
* return err
* }
* _, err = accesscontextmanager.NewServicePerimeterResource(ctx, "service-perimeter-resource", &accesscontextmanager.ServicePerimeterResourceArgs{
* PerimeterName: service_perimeter_resourceServicePerimeter.Name,
* Resource: pulumi.String("projects/987654321"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.accesscontextmanager.AccessPolicy;
* import com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;
* import com.pulumi.gcp.accesscontextmanager.ServicePerimeter;
* import com.pulumi.gcp.accesscontextmanager.ServicePerimeterArgs;
* import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterStatusArgs;
* import com.pulumi.gcp.accesscontextmanager.ServicePerimeterResource;
* import com.pulumi.gcp.accesscontextmanager.ServicePerimeterResourceArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var access_policy = new AccessPolicy("access-policy", AccessPolicyArgs.builder()
* .parent("organizations/123456789")
* .title("my policy")
* .build());
* var service_perimeter_resourceServicePerimeter = new ServicePerimeter("service-perimeter-resourceServicePerimeter", ServicePerimeterArgs.builder()
* .parent(access_policy.name().applyValue(name -> String.format("accessPolicies/%s", name)))
* .name(access_policy.name().applyValue(name -> String.format("accessPolicies/%s/servicePerimeters/restrict_all", name)))
* .title("restrict_all")
* .status(ServicePerimeterStatusArgs.builder()
* .restrictedServices("storage.googleapis.com")
* .build())
* .build());
* var service_perimeter_resource = new ServicePerimeterResource("service-perimeter-resource", ServicePerimeterResourceArgs.builder()
* .perimeterName(service_perimeter_resourceServicePerimeter.name())
* .resource("projects/987654321")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* service-perimeter-resource:
* type: gcp:accesscontextmanager:ServicePerimeterResource
* properties:
* perimeterName: ${["service-perimeter-resourceServicePerimeter"].name}
* resource: projects/987654321
* service-perimeter-resourceServicePerimeter:
* type: gcp:accesscontextmanager:ServicePerimeter
* name: service-perimeter-resource
* properties:
* parent: accessPolicies/${["access-policy"].name}
* name: accessPolicies/${["access-policy"].name}/servicePerimeters/restrict_all
* title: restrict_all
* status:
* restrictedServices:
* - storage.googleapis.com
* access-policy:
* type: gcp:accesscontextmanager:AccessPolicy
* properties:
* parent: organizations/123456789
* title: my policy
* ```
*
* ## Import
* ServicePerimeterResource can be imported using any of these accepted formats:
* * `{{perimeter_name}}/{{resource}}`
* When using the `pulumi import` command, ServicePerimeterResource can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:accesscontextmanager/servicePerimeterResource:ServicePerimeterResource default {{perimeter_name}}/{{resource}}
* ```
*/
public class ServicePerimeterResource internal constructor(
override val javaResource: com.pulumi.gcp.accesscontextmanager.ServicePerimeterResource,
) : KotlinCustomResource(javaResource, ServicePerimeterResourceMapper) {
/**
* The name of the Service Perimeter to add this resource to.
* - - -
*/
public val perimeterName: Output
get() = javaResource.perimeterName().applyValue({ args0 -> args0 })
/**
* A GCP resource that is inside of the service perimeter.
* Currently only projects are allowed.
* Format: projects/{project_number}
*/
public val resource: Output
get() = javaResource.resource().applyValue({ args0 -> args0 })
}
public object ServicePerimeterResourceMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.gcp.accesscontextmanager.ServicePerimeterResource::class == javaResource::class
override fun map(javaResource: Resource): ServicePerimeterResource =
ServicePerimeterResource(
javaResource as
com.pulumi.gcp.accesscontextmanager.ServicePerimeterResource,
)
}
/**
* @see [ServicePerimeterResource].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [ServicePerimeterResource].
*/
public suspend fun servicePerimeterResource(
name: String,
block: suspend ServicePerimeterResourceResourceBuilder.() -> Unit,
): ServicePerimeterResource {
val builder = ServicePerimeterResourceResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [ServicePerimeterResource].
* @param name The _unique_ name of the resulting resource.
*/
public fun servicePerimeterResource(name: String): ServicePerimeterResource {
val builder = ServicePerimeterResourceResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy