All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.binaryauthorization.kotlin.PolicyArgs.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.binaryauthorization.kotlin

import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.binaryauthorization.PolicyArgs.builder
import com.pulumi.gcp.binaryauthorization.kotlin.inputs.PolicyAdmissionWhitelistPatternArgs
import com.pulumi.gcp.binaryauthorization.kotlin.inputs.PolicyAdmissionWhitelistPatternArgsBuilder
import com.pulumi.gcp.binaryauthorization.kotlin.inputs.PolicyClusterAdmissionRuleArgs
import com.pulumi.gcp.binaryauthorization.kotlin.inputs.PolicyClusterAdmissionRuleArgsBuilder
import com.pulumi.gcp.binaryauthorization.kotlin.inputs.PolicyDefaultAdmissionRuleArgs
import com.pulumi.gcp.binaryauthorization.kotlin.inputs.PolicyDefaultAdmissionRuleArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName

/**
 * A policy for container image binary authorization.
 * To get more information about Policy, see:
 * * [API documentation](https://cloud.google.com/binary-authorization/docs/reference/rest/)
 * * How-to Guides
 *     * [Official Documentation](https://cloud.google.com/binary-authorization/)
 * ## Example Usage
 * ### Binary Authorization Policy Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const note = new gcp.containeranalysis.Note("note", {
 *     name: "test-attestor-note",
 *     attestationAuthority: {
 *         hint: {
 *             humanReadableName: "My attestor",
 *         },
 *     },
 * });
 * const attestor = new gcp.binaryauthorization.Attestor("attestor", {
 *     name: "test-attestor",
 *     attestationAuthorityNote: {
 *         noteReference: note.name,
 *     },
 * });
 * const policy = new gcp.binaryauthorization.Policy("policy", {
 *     admissionWhitelistPatterns: [{
 *         namePattern: "gcr.io/google_containers/*",
 *     }],
 *     defaultAdmissionRule: {
 *         evaluationMode: "ALWAYS_ALLOW",
 *         enforcementMode: "ENFORCED_BLOCK_AND_AUDIT_LOG",
 *     },
 *     clusterAdmissionRules: [{
 *         cluster: "us-central1-a.prod-cluster",
 *         evaluationMode: "REQUIRE_ATTESTATION",
 *         enforcementMode: "ENFORCED_BLOCK_AND_AUDIT_LOG",
 *         requireAttestationsBies: [attestor.name],
 *     }],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * note = gcp.containeranalysis.Note("note",
 *     name="test-attestor-note",
 *     attestation_authority=gcp.containeranalysis.NoteAttestationAuthorityArgs(
 *         hint=gcp.containeranalysis.NoteAttestationAuthorityHintArgs(
 *             human_readable_name="My attestor",
 *         ),
 *     ))
 * attestor = gcp.binaryauthorization.Attestor("attestor",
 *     name="test-attestor",
 *     attestation_authority_note=gcp.binaryauthorization.AttestorAttestationAuthorityNoteArgs(
 *         note_reference=note.name,
 *     ))
 * policy = gcp.binaryauthorization.Policy("policy",
 *     admission_whitelist_patterns=[gcp.binaryauthorization.PolicyAdmissionWhitelistPatternArgs(
 *         name_pattern="gcr.io/google_containers/*",
 *     )],
 *     default_admission_rule=gcp.binaryauthorization.PolicyDefaultAdmissionRuleArgs(
 *         evaluation_mode="ALWAYS_ALLOW",
 *         enforcement_mode="ENFORCED_BLOCK_AND_AUDIT_LOG",
 *     ),
 *     cluster_admission_rules=[gcp.binaryauthorization.PolicyClusterAdmissionRuleArgs(
 *         cluster="us-central1-a.prod-cluster",
 *         evaluation_mode="REQUIRE_ATTESTATION",
 *         enforcement_mode="ENFORCED_BLOCK_AND_AUDIT_LOG",
 *         require_attestations_bies=[attestor.name],
 *     )])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var note = new Gcp.ContainerAnalysis.Note("note", new()
 *     {
 *         Name = "test-attestor-note",
 *         AttestationAuthority = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityArgs
 *         {
 *             Hint = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityHintArgs
 *             {
 *                 HumanReadableName = "My attestor",
 *             },
 *         },
 *     });
 *     var attestor = new Gcp.BinaryAuthorization.Attestor("attestor", new()
 *     {
 *         Name = "test-attestor",
 *         AttestationAuthorityNote = new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNoteArgs
 *         {
 *             NoteReference = note.Name,
 *         },
 *     });
 *     var policy = new Gcp.BinaryAuthorization.Policy("policy", new()
 *     {
 *         AdmissionWhitelistPatterns = new[]
 *         {
 *             new Gcp.BinaryAuthorization.Inputs.PolicyAdmissionWhitelistPatternArgs
 *             {
 *                 NamePattern = "gcr.io/google_containers/*",
 *             },
 *         },
 *         DefaultAdmissionRule = new Gcp.BinaryAuthorization.Inputs.PolicyDefaultAdmissionRuleArgs
 *         {
 *             EvaluationMode = "ALWAYS_ALLOW",
 *             EnforcementMode = "ENFORCED_BLOCK_AND_AUDIT_LOG",
 *         },
 *         ClusterAdmissionRules = new[]
 *         {
 *             new Gcp.BinaryAuthorization.Inputs.PolicyClusterAdmissionRuleArgs
 *             {
 *                 Cluster = "us-central1-a.prod-cluster",
 *                 EvaluationMode = "REQUIRE_ATTESTATION",
 *                 EnforcementMode = "ENFORCED_BLOCK_AND_AUDIT_LOG",
 *                 RequireAttestationsBies = new[]
 *                 {
 *                     attestor.Name,
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		note, err := containeranalysis.NewNote(ctx, "note", &containeranalysis.NoteArgs{
 * 			Name: pulumi.String("test-attestor-note"),
 * 			AttestationAuthority: &containeranalysis.NoteAttestationAuthorityArgs{
 * 				Hint: &containeranalysis.NoteAttestationAuthorityHintArgs{
 * 					HumanReadableName: pulumi.String("My attestor"),
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		attestor, err := binaryauthorization.NewAttestor(ctx, "attestor", &binaryauthorization.AttestorArgs{
 * 			Name: pulumi.String("test-attestor"),
 * 			AttestationAuthorityNote: &binaryauthorization.AttestorAttestationAuthorityNoteArgs{
 * 				NoteReference: note.Name,
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = binaryauthorization.NewPolicy(ctx, "policy", &binaryauthorization.PolicyArgs{
 * 			AdmissionWhitelistPatterns: binaryauthorization.PolicyAdmissionWhitelistPatternArray{
 * 				&binaryauthorization.PolicyAdmissionWhitelistPatternArgs{
 * 					NamePattern: pulumi.String("gcr.io/google_containers/*"),
 * 				},
 * 			},
 * 			DefaultAdmissionRule: &binaryauthorization.PolicyDefaultAdmissionRuleArgs{
 * 				EvaluationMode:  pulumi.String("ALWAYS_ALLOW"),
 * 				EnforcementMode: pulumi.String("ENFORCED_BLOCK_AND_AUDIT_LOG"),
 * 			},
 * 			ClusterAdmissionRules: binaryauthorization.PolicyClusterAdmissionRuleArray{
 * 				&binaryauthorization.PolicyClusterAdmissionRuleArgs{
 * 					Cluster:         pulumi.String("us-central1-a.prod-cluster"),
 * 					EvaluationMode:  pulumi.String("REQUIRE_ATTESTATION"),
 * 					EnforcementMode: pulumi.String("ENFORCED_BLOCK_AND_AUDIT_LOG"),
 * 					RequireAttestationsBies: pulumi.StringArray{
 * 						attestor.Name,
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.containeranalysis.Note;
 * import com.pulumi.gcp.containeranalysis.NoteArgs;
 * import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;
 * import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;
 * import com.pulumi.gcp.binaryauthorization.Attestor;
 * import com.pulumi.gcp.binaryauthorization.AttestorArgs;
 * import com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;
 * import com.pulumi.gcp.binaryauthorization.Policy;
 * import com.pulumi.gcp.binaryauthorization.PolicyArgs;
 * import com.pulumi.gcp.binaryauthorization.inputs.PolicyAdmissionWhitelistPatternArgs;
 * import com.pulumi.gcp.binaryauthorization.inputs.PolicyDefaultAdmissionRuleArgs;
 * import com.pulumi.gcp.binaryauthorization.inputs.PolicyClusterAdmissionRuleArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var note = new Note("note", NoteArgs.builder()
 *             .name("test-attestor-note")
 *             .attestationAuthority(NoteAttestationAuthorityArgs.builder()
 *                 .hint(NoteAttestationAuthorityHintArgs.builder()
 *                     .humanReadableName("My attestor")
 *                     .build())
 *                 .build())
 *             .build());
 *         var attestor = new Attestor("attestor", AttestorArgs.builder()
 *             .name("test-attestor")
 *             .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()
 *                 .noteReference(note.name())
 *                 .build())
 *             .build());
 *         var policy = new Policy("policy", PolicyArgs.builder()
 *             .admissionWhitelistPatterns(PolicyAdmissionWhitelistPatternArgs.builder()
 *                 .namePattern("gcr.io/google_containers/*")
 *                 .build())
 *             .defaultAdmissionRule(PolicyDefaultAdmissionRuleArgs.builder()
 *                 .evaluationMode("ALWAYS_ALLOW")
 *                 .enforcementMode("ENFORCED_BLOCK_AND_AUDIT_LOG")
 *                 .build())
 *             .clusterAdmissionRules(PolicyClusterAdmissionRuleArgs.builder()
 *                 .cluster("us-central1-a.prod-cluster")
 *                 .evaluationMode("REQUIRE_ATTESTATION")
 *                 .enforcementMode("ENFORCED_BLOCK_AND_AUDIT_LOG")
 *                 .requireAttestationsBies(attestor.name())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   policy:
 *     type: gcp:binaryauthorization:Policy
 *     properties:
 *       admissionWhitelistPatterns:
 *         - namePattern: gcr.io/google_containers/*
 *       defaultAdmissionRule:
 *         evaluationMode: ALWAYS_ALLOW
 *         enforcementMode: ENFORCED_BLOCK_AND_AUDIT_LOG
 *       clusterAdmissionRules:
 *         - cluster: us-central1-a.prod-cluster
 *           evaluationMode: REQUIRE_ATTESTATION
 *           enforcementMode: ENFORCED_BLOCK_AND_AUDIT_LOG
 *           requireAttestationsBies:
 *             - ${attestor.name}
 *   note:
 *     type: gcp:containeranalysis:Note
 *     properties:
 *       name: test-attestor-note
 *       attestationAuthority:
 *         hint:
 *           humanReadableName: My attestor
 *   attestor:
 *     type: gcp:binaryauthorization:Attestor
 *     properties:
 *       name: test-attestor
 *       attestationAuthorityNote:
 *         noteReference: ${note.name}
 * ```
 * 
 * ### Binary Authorization Policy Global Evaluation
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const note = new gcp.containeranalysis.Note("note", {
 *     name: "test-attestor-note",
 *     attestationAuthority: {
 *         hint: {
 *             humanReadableName: "My attestor",
 *         },
 *     },
 * });
 * const attestor = new gcp.binaryauthorization.Attestor("attestor", {
 *     name: "test-attestor",
 *     attestationAuthorityNote: {
 *         noteReference: note.name,
 *     },
 * });
 * const policy = new gcp.binaryauthorization.Policy("policy", {
 *     defaultAdmissionRule: {
 *         evaluationMode: "REQUIRE_ATTESTATION",
 *         enforcementMode: "ENFORCED_BLOCK_AND_AUDIT_LOG",
 *         requireAttestationsBies: [attestor.name],
 *     },
 *     globalPolicyEvaluationMode: "ENABLE",
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * note = gcp.containeranalysis.Note("note",
 *     name="test-attestor-note",
 *     attestation_authority=gcp.containeranalysis.NoteAttestationAuthorityArgs(
 *         hint=gcp.containeranalysis.NoteAttestationAuthorityHintArgs(
 *             human_readable_name="My attestor",
 *         ),
 *     ))
 * attestor = gcp.binaryauthorization.Attestor("attestor",
 *     name="test-attestor",
 *     attestation_authority_note=gcp.binaryauthorization.AttestorAttestationAuthorityNoteArgs(
 *         note_reference=note.name,
 *     ))
 * policy = gcp.binaryauthorization.Policy("policy",
 *     default_admission_rule=gcp.binaryauthorization.PolicyDefaultAdmissionRuleArgs(
 *         evaluation_mode="REQUIRE_ATTESTATION",
 *         enforcement_mode="ENFORCED_BLOCK_AND_AUDIT_LOG",
 *         require_attestations_bies=[attestor.name],
 *     ),
 *     global_policy_evaluation_mode="ENABLE")
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var note = new Gcp.ContainerAnalysis.Note("note", new()
 *     {
 *         Name = "test-attestor-note",
 *         AttestationAuthority = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityArgs
 *         {
 *             Hint = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityHintArgs
 *             {
 *                 HumanReadableName = "My attestor",
 *             },
 *         },
 *     });
 *     var attestor = new Gcp.BinaryAuthorization.Attestor("attestor", new()
 *     {
 *         Name = "test-attestor",
 *         AttestationAuthorityNote = new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNoteArgs
 *         {
 *             NoteReference = note.Name,
 *         },
 *     });
 *     var policy = new Gcp.BinaryAuthorization.Policy("policy", new()
 *     {
 *         DefaultAdmissionRule = new Gcp.BinaryAuthorization.Inputs.PolicyDefaultAdmissionRuleArgs
 *         {
 *             EvaluationMode = "REQUIRE_ATTESTATION",
 *             EnforcementMode = "ENFORCED_BLOCK_AND_AUDIT_LOG",
 *             RequireAttestationsBies = new[]
 *             {
 *                 attestor.Name,
 *             },
 *         },
 *         GlobalPolicyEvaluationMode = "ENABLE",
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		note, err := containeranalysis.NewNote(ctx, "note", &containeranalysis.NoteArgs{
 * 			Name: pulumi.String("test-attestor-note"),
 * 			AttestationAuthority: &containeranalysis.NoteAttestationAuthorityArgs{
 * 				Hint: &containeranalysis.NoteAttestationAuthorityHintArgs{
 * 					HumanReadableName: pulumi.String("My attestor"),
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		attestor, err := binaryauthorization.NewAttestor(ctx, "attestor", &binaryauthorization.AttestorArgs{
 * 			Name: pulumi.String("test-attestor"),
 * 			AttestationAuthorityNote: &binaryauthorization.AttestorAttestationAuthorityNoteArgs{
 * 				NoteReference: note.Name,
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = binaryauthorization.NewPolicy(ctx, "policy", &binaryauthorization.PolicyArgs{
 * 			DefaultAdmissionRule: &binaryauthorization.PolicyDefaultAdmissionRuleArgs{
 * 				EvaluationMode:  pulumi.String("REQUIRE_ATTESTATION"),
 * 				EnforcementMode: pulumi.String("ENFORCED_BLOCK_AND_AUDIT_LOG"),
 * 				RequireAttestationsBies: pulumi.StringArray{
 * 					attestor.Name,
 * 				},
 * 			},
 * 			GlobalPolicyEvaluationMode: pulumi.String("ENABLE"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.containeranalysis.Note;
 * import com.pulumi.gcp.containeranalysis.NoteArgs;
 * import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;
 * import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;
 * import com.pulumi.gcp.binaryauthorization.Attestor;
 * import com.pulumi.gcp.binaryauthorization.AttestorArgs;
 * import com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;
 * import com.pulumi.gcp.binaryauthorization.Policy;
 * import com.pulumi.gcp.binaryauthorization.PolicyArgs;
 * import com.pulumi.gcp.binaryauthorization.inputs.PolicyDefaultAdmissionRuleArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var note = new Note("note", NoteArgs.builder()
 *             .name("test-attestor-note")
 *             .attestationAuthority(NoteAttestationAuthorityArgs.builder()
 *                 .hint(NoteAttestationAuthorityHintArgs.builder()
 *                     .humanReadableName("My attestor")
 *                     .build())
 *                 .build())
 *             .build());
 *         var attestor = new Attestor("attestor", AttestorArgs.builder()
 *             .name("test-attestor")
 *             .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()
 *                 .noteReference(note.name())
 *                 .build())
 *             .build());
 *         var policy = new Policy("policy", PolicyArgs.builder()
 *             .defaultAdmissionRule(PolicyDefaultAdmissionRuleArgs.builder()
 *                 .evaluationMode("REQUIRE_ATTESTATION")
 *                 .enforcementMode("ENFORCED_BLOCK_AND_AUDIT_LOG")
 *                 .requireAttestationsBies(attestor.name())
 *                 .build())
 *             .globalPolicyEvaluationMode("ENABLE")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   policy:
 *     type: gcp:binaryauthorization:Policy
 *     properties:
 *       defaultAdmissionRule:
 *         evaluationMode: REQUIRE_ATTESTATION
 *         enforcementMode: ENFORCED_BLOCK_AND_AUDIT_LOG
 *         requireAttestationsBies:
 *           - ${attestor.name}
 *       globalPolicyEvaluationMode: ENABLE
 *   note:
 *     type: gcp:containeranalysis:Note
 *     properties:
 *       name: test-attestor-note
 *       attestationAuthority:
 *         hint:
 *           humanReadableName: My attestor
 *   attestor:
 *     type: gcp:binaryauthorization:Attestor
 *     properties:
 *       name: test-attestor
 *       attestationAuthorityNote:
 *         noteReference: ${note.name}
 * ```
 * 
 * ## Import
 * Policy can be imported using any of these accepted formats:
 * * `projects/{{project}}`
 * * `{{project}}`
 * When using the `pulumi import` command, Policy can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:binaryauthorization/policy:Policy default projects/{{project}}
 * ```
 * ```sh
 * $ pulumi import gcp:binaryauthorization/policy:Policy default {{project}}
 * ```
 * @property admissionWhitelistPatterns A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
 * image's admission requests will always be permitted regardless of your admission rules.
 * @property clusterAdmissionRules Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
 * must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
 * denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
 * location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
 * @property defaultAdmissionRule Default admission rule for a cluster without a per-cluster admission
 * rule.
 * Structure is documented below.
 * @property description A descriptive comment.
 * @property globalPolicyEvaluationMode Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not
 * covered by the global policy will be subject to the project admission policy. Possible values: ["ENABLE", "DISABLE"]
 * @property project
 * */*/*/*/*/*/
 */
public data class PolicyArgs(
    public val admissionWhitelistPatterns: Output>? = null,
    public val clusterAdmissionRules: Output>? = null,
    public val defaultAdmissionRule: Output? = null,
    public val description: Output? = null,
    public val globalPolicyEvaluationMode: Output? = null,
    public val project: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.gcp.binaryauthorization.PolicyArgs =
        com.pulumi.gcp.binaryauthorization.PolicyArgs.builder()
            .admissionWhitelistPatterns(
                admissionWhitelistPatterns?.applyValue({ args0 ->
                    args0.map({ args0 ->
                        args0.let({ args0 -> args0.toJava() })
                    })
                }),
            )
            .clusterAdmissionRules(
                clusterAdmissionRules?.applyValue({ args0 ->
                    args0.map({ args0 ->
                        args0.let({ args0 -> args0.toJava() })
                    })
                }),
            )
            .defaultAdmissionRule(
                defaultAdmissionRule?.applyValue({ args0 ->
                    args0.let({ args0 ->
                        args0.toJava()
                    })
                }),
            )
            .description(description?.applyValue({ args0 -> args0 }))
            .globalPolicyEvaluationMode(globalPolicyEvaluationMode?.applyValue({ args0 -> args0 }))
            .project(project?.applyValue({ args0 -> args0 })).build()
}

/**
 * Builder for [PolicyArgs].
 */
@PulumiTagMarker
public class PolicyArgsBuilder internal constructor() {
    private var admissionWhitelistPatterns: Output>? = null

    private var clusterAdmissionRules: Output>? = null

    private var defaultAdmissionRule: Output? = null

    private var description: Output? = null

    private var globalPolicyEvaluationMode: Output? = null

    private var project: Output? = null

    /**
     * @param value A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
     * image's admission requests will always be permitted regardless of your admission rules.
     */
    @JvmName("wumvrknntgnlubsi")
    public suspend fun admissionWhitelistPatterns(`value`: Output>) {
        this.admissionWhitelistPatterns = value
    }

    @JvmName("qissjrulgbfwlxge")
    public suspend fun admissionWhitelistPatterns(vararg values: Output) {
        this.admissionWhitelistPatterns = Output.all(values.asList())
    }

    /**
     * @param values A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
     * image's admission requests will always be permitted regardless of your admission rules.
     */
    @JvmName("wwnedvlhgwcgfisp")
    public suspend fun admissionWhitelistPatterns(values: List>) {
        this.admissionWhitelistPatterns = Output.all(values)
    }

    /**
     * @param value Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
     * must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
     * denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
     * location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
     */
    @JvmName("dcyjnflwctpaxhdb")
    public suspend fun clusterAdmissionRules(`value`: Output>) {
        this.clusterAdmissionRules = value
    }

    @JvmName("fakptslctnsifjho")
    public suspend fun clusterAdmissionRules(vararg values: Output) {
        this.clusterAdmissionRules = Output.all(values.asList())
    }

    /**
     * @param values Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
     * must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
     * denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
     * location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
     */
    @JvmName("jmpdrlfppibrsxif")
    public suspend fun clusterAdmissionRules(values: List>) {
        this.clusterAdmissionRules = Output.all(values)
    }

    /**
     * @param value Default admission rule for a cluster without a per-cluster admission
     * rule.
     * Structure is documented below.
     */
    @JvmName("fduvuvknjajrsfbo")
    public suspend fun defaultAdmissionRule(`value`: Output) {
        this.defaultAdmissionRule = value
    }

    /**
     * @param value A descriptive comment.
     */
    @JvmName("xqpbqnigmflayryd")
    public suspend fun description(`value`: Output) {
        this.description = value
    }

    /**
     * @param value Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not
     * covered by the global policy will be subject to the project admission policy. Possible values: ["ENABLE", "DISABLE"]
     */
    @JvmName("jfvhhmlipakcedoy")
    public suspend fun globalPolicyEvaluationMode(`value`: Output) {
        this.globalPolicyEvaluationMode = value
    }

    /**
     * @param value
     */
    @JvmName("nbwsqlgkyutcavvd")
    public suspend fun project(`value`: Output) {
        this.project = value
    }

    /**
     * @param value A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
     * image's admission requests will always be permitted regardless of your admission rules.
     */
    @JvmName("nlvvgotskhkkrpqd")
    public suspend fun admissionWhitelistPatterns(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.admissionWhitelistPatterns = mapped
    }

    /**
     * @param argument A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
     * image's admission requests will always be permitted regardless of your admission rules.
     */
    @JvmName("qyxhqislhawrgocr")
    public suspend fun admissionWhitelistPatterns(argument: List Unit>) {
        val toBeMapped = argument.toList().map {
            PolicyAdmissionWhitelistPatternArgsBuilder().applySuspend { it() }.build()
        }
        val mapped = of(toBeMapped)
        this.admissionWhitelistPatterns = mapped
    }

    /**
     * @param argument A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
     * image's admission requests will always be permitted regardless of your admission rules.
     */
    @JvmName("xqmrtlcvmnhsfdse")
    public suspend fun admissionWhitelistPatterns(vararg argument: suspend PolicyAdmissionWhitelistPatternArgsBuilder.() -> Unit) {
        val toBeMapped = argument.toList().map {
            PolicyAdmissionWhitelistPatternArgsBuilder().applySuspend { it() }.build()
        }
        val mapped = of(toBeMapped)
        this.admissionWhitelistPatterns = mapped
    }

    /**
     * @param argument A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
     * image's admission requests will always be permitted regardless of your admission rules.
     */
    @JvmName("xgilkraujgsyniif")
    public suspend fun admissionWhitelistPatterns(argument: suspend PolicyAdmissionWhitelistPatternArgsBuilder.() -> Unit) {
        val toBeMapped = listOf(
            PolicyAdmissionWhitelistPatternArgsBuilder().applySuspend {
                argument()
            }.build(),
        )
        val mapped = of(toBeMapped)
        this.admissionWhitelistPatterns = mapped
    }

    /**
     * @param values A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
     * image's admission requests will always be permitted regardless of your admission rules.
     */
    @JvmName("gidogqrqaclyladw")
    public suspend fun admissionWhitelistPatterns(vararg values: PolicyAdmissionWhitelistPatternArgs) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.admissionWhitelistPatterns = mapped
    }

    /**
     * @param value Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
     * must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
     * denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
     * location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
     */
    @JvmName("dyrccvjcbtuklonn")
    public suspend fun clusterAdmissionRules(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.clusterAdmissionRules = mapped
    }

    /**
     * @param argument Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
     * must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
     * denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
     * location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
     */
    @JvmName("mlecjinxexprftra")
    public suspend fun clusterAdmissionRules(argument: List Unit>) {
        val toBeMapped = argument.toList().map {
            PolicyClusterAdmissionRuleArgsBuilder().applySuspend {
                it()
            }.build()
        }
        val mapped = of(toBeMapped)
        this.clusterAdmissionRules = mapped
    }

    /**
     * @param argument Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
     * must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
     * denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
     * location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
     */
    @JvmName("ooavxsdlmnnvtife")
    public suspend fun clusterAdmissionRules(vararg argument: suspend PolicyClusterAdmissionRuleArgsBuilder.() -> Unit) {
        val toBeMapped = argument.toList().map {
            PolicyClusterAdmissionRuleArgsBuilder().applySuspend {
                it()
            }.build()
        }
        val mapped = of(toBeMapped)
        this.clusterAdmissionRules = mapped
    }

    /**
     * @param argument Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
     * must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
     * denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
     * location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
     */
    @JvmName("ruiwkldspnustuvm")
    public suspend fun clusterAdmissionRules(argument: suspend PolicyClusterAdmissionRuleArgsBuilder.() -> Unit) {
        val toBeMapped = listOf(
            PolicyClusterAdmissionRuleArgsBuilder().applySuspend {
                argument()
            }.build(),
        )
        val mapped = of(toBeMapped)
        this.clusterAdmissionRules = mapped
    }

    /**
     * @param values Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
     * must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
     * denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
     * location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
     */
    @JvmName("csadfvfbonnthwhe")
    public suspend fun clusterAdmissionRules(vararg values: PolicyClusterAdmissionRuleArgs) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.clusterAdmissionRules = mapped
    }

    /**
     * @param value Default admission rule for a cluster without a per-cluster admission
     * rule.
     * Structure is documented below.
     */
    @JvmName("iqoggaoyvbjethvc")
    public suspend fun defaultAdmissionRule(`value`: PolicyDefaultAdmissionRuleArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.defaultAdmissionRule = mapped
    }

    /**
     * @param argument Default admission rule for a cluster without a per-cluster admission
     * rule.
     * Structure is documented below.
     */
    @JvmName("katwweqftxkscjhu")
    public suspend fun defaultAdmissionRule(argument: suspend PolicyDefaultAdmissionRuleArgsBuilder.() -> Unit) {
        val toBeMapped = PolicyDefaultAdmissionRuleArgsBuilder().applySuspend { argument() }.build()
        val mapped = of(toBeMapped)
        this.defaultAdmissionRule = mapped
    }

    /**
     * @param value A descriptive comment.
     */
    @JvmName("yreytrjdixtjorok")
    public suspend fun description(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.description = mapped
    }

    /**
     * @param value Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not
     * covered by the global policy will be subject to the project admission policy. Possible values: ["ENABLE", "DISABLE"]
     */
    @JvmName("imimsscjjgcxofnv")
    public suspend fun globalPolicyEvaluationMode(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.globalPolicyEvaluationMode = mapped
    }

    /**
     * @param value
     */
    @JvmName("wnvrqpovpxttttsb")
    public suspend fun project(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.project = mapped
    }

    internal fun build(): PolicyArgs = PolicyArgs(
        admissionWhitelistPatterns = admissionWhitelistPatterns,
        clusterAdmissionRules = clusterAdmissionRules,
        defaultAdmissionRule = defaultAdmissionRule,
        description = description,
        globalPolicyEvaluationMode = globalPolicyEvaluationMode,
        project = project,
    )
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy