All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.iam.kotlin.AccessBoundaryPolicy.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.iam.kotlin

import com.pulumi.core.Output
import com.pulumi.gcp.iam.kotlin.outputs.AccessBoundaryPolicyRule
import com.pulumi.gcp.iam.kotlin.outputs.AccessBoundaryPolicyRule.Companion.toKotlin
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List

/**
 * Builder for [AccessBoundaryPolicy].
 */
@PulumiTagMarker
public class AccessBoundaryPolicyResourceBuilder internal constructor() {
    public var name: String? = null

    public var args: AccessBoundaryPolicyArgs = AccessBoundaryPolicyArgs()

    public var opts: CustomResourceOptions = CustomResourceOptions()

    /**
     * @param name The _unique_ name of the resulting resource.
     */
    public fun name(`value`: String) {
        this.name = value
    }

    /**
     * @param block The arguments to use to populate this resource's properties.
     */
    public suspend fun args(block: suspend AccessBoundaryPolicyArgsBuilder.() -> Unit) {
        val builder = AccessBoundaryPolicyArgsBuilder()
        block(builder)
        this.args = builder.build()
    }

    /**
     * @param block A bag of options that control this resource's behavior.
     */
    public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
        this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
    }

    internal fun build(): AccessBoundaryPolicy {
        val builtJavaResource = com.pulumi.gcp.iam.AccessBoundaryPolicy(
            this.name,
            this.args.toJava(),
            this.opts.toJava(),
        )
        return AccessBoundaryPolicy(builtJavaResource)
    }
}

/**
 * Represents a collection of access boundary policies to apply to a given resource.
 * **NOTE**: This is a private feature and users should contact GCP support
 * if they would like to test it.
 * ## Example Usage
 * ### Iam Access Boundary Policy Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * import * as std from "@pulumi/std";
 * const project = new gcp.organizations.Project("project", {
 *     projectId: "my-project",
 *     name: "my-project",
 *     orgId: "123456789",
 *     billingAccount: "000000-0000000-0000000-000000",
 * });
 * const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", {
 *     parent: project.orgId.apply(orgId => `organizations/${orgId}`),
 *     title: "my policy",
 * });
 * const test_access = new gcp.accesscontextmanager.AccessLevel("test-access", {
 *     parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,
 *     name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,
 *     title: "chromeos_no_lock",
 *     basic: {
 *         conditions: [{
 *             devicePolicy: {
 *                 requireScreenLock: true,
 *                 osConstraints: [{
 *                     osType: "DESKTOP_CHROME_OS",
 *                 }],
 *             },
 *             regions: [
 *                 "CH",
 *                 "IT",
 *                 "US",
 *             ],
 *         }],
 *     },
 * });
 * const example = new gcp.iam.AccessBoundaryPolicy("example", {
 *     parent: std.urlencodeOutput({
 *         input: pulumi.interpolate`cloudresourcemanager.googleapis.com/projects/${project.projectId}`,
 *     }).apply(invoke => invoke.result),
 *     name: "my-ab-policy",
 *     displayName: "My AB policy",
 *     rules: [{
 *         description: "AB rule",
 *         accessBoundaryRule: {
 *             availableResource: "*",
 *             availablePermissions: ["*"],
 *             availabilityCondition: {
 *                 title: "Access level expr",
 *                 expression: pulumi.all([project.orgId, test_access.name]).apply(([orgId, name]) => `request.matchAccessLevels('${orgId}', ['${name}'])`),
 *             },
 *         },
 *     }],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * import pulumi_std as std
 * project = gcp.organizations.Project("project",
 *     project_id="my-project",
 *     name="my-project",
 *     org_id="123456789",
 *     billing_account="000000-0000000-0000000-000000")
 * access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
 *     parent=project.org_id.apply(lambda org_id: f"organizations/{org_id}"),
 *     title="my policy")
 * test_access = gcp.accesscontextmanager.AccessLevel("test-access",
 *     parent=access_policy.name.apply(lambda name: f"accessPolicies/{name}"),
 *     name=access_policy.name.apply(lambda name: f"accessPolicies/{name}/accessLevels/chromeos_no_lock"),
 *     title="chromeos_no_lock",
 *     basic=gcp.accesscontextmanager.AccessLevelBasicArgs(
 *         conditions=[gcp.accesscontextmanager.AccessLevelBasicConditionArgs(
 *             device_policy=gcp.accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs(
 *                 require_screen_lock=True,
 *                 os_constraints=[gcp.accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs(
 *                     os_type="DESKTOP_CHROME_OS",
 *                 )],
 *             ),
 *             regions=[
 *                 "CH",
 *                 "IT",
 *                 "US",
 *             ],
 *         )],
 *     ))
 * example = gcp.iam.AccessBoundaryPolicy("example",
 *     parent=std.urlencode_output(input=project.project_id.apply(lambda project_id: f"cloudresourcemanager.googleapis.com/projects/{project_id}")).apply(lambda invoke: invoke.result),
 *     name="my-ab-policy",
 *     display_name="My AB policy",
 *     rules=[gcp.iam.AccessBoundaryPolicyRuleArgs(
 *         description="AB rule",
 *         access_boundary_rule=gcp.iam.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs(
 *             available_resource="*",
 *             available_permissions=["*"],
 *             availability_condition=gcp.iam.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs(
 *                 title="Access level expr",
 *                 expression=pulumi.Output.all(project.org_id, test_access.name).apply(lambda org_id, name: f"request.matchAccessLevels('{org_id}', ['{name}'])"),
 *             ),
 *         ),
 *     )])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * using Std = Pulumi.Std;
 * return await Deployment.RunAsync(() =>
 * {
 *     var project = new Gcp.Organizations.Project("project", new()
 *     {
 *         ProjectId = "my-project",
 *         Name = "my-project",
 *         OrgId = "123456789",
 *         BillingAccount = "000000-0000000-0000000-000000",
 *     });
 *     var access_policy = new Gcp.AccessContextManager.AccessPolicy("access-policy", new()
 *     {
 *         Parent = project.OrgId.Apply(orgId => $"organizations/{orgId}"),
 *         Title = "my policy",
 *     });
 *     var test_access = new Gcp.AccessContextManager.AccessLevel("test-access", new()
 *     {
 *         Parent = access_policy.Name.Apply(name => $"accessPolicies/{name}"),
 *         Name = access_policy.Name.Apply(name => $"accessPolicies/{name}/accessLevels/chromeos_no_lock"),
 *         Title = "chromeos_no_lock",
 *         Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs
 *         {
 *             Conditions = new[]
 *             {
 *                 new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs
 *                 {
 *                     DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs
 *                     {
 *                         RequireScreenLock = true,
 *                         OsConstraints = new[]
 *                         {
 *                             new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs
 *                             {
 *                                 OsType = "DESKTOP_CHROME_OS",
 *                             },
 *                         },
 *                     },
 *                     Regions = new[]
 *                     {
 *                         "CH",
 *                         "IT",
 *                         "US",
 *                     },
 *                 },
 *             },
 *         },
 *     });
 *     var example = new Gcp.Iam.AccessBoundaryPolicy("example", new()
 *     {
 *         Parent = Std.Urlencode.Invoke(new()
 *         {
 *             Input = project.ProjectId.Apply(projectId => $"cloudresourcemanager.googleapis.com/projects/{projectId}"),
 *         }).Apply(invoke => invoke.Result),
 *         Name = "my-ab-policy",
 *         DisplayName = "My AB policy",
 *         Rules = new[]
 *         {
 *             new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleArgs
 *             {
 *                 Description = "AB rule",
 *                 AccessBoundaryRule = new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs
 *                 {
 *                     AvailableResource = "*",
 *                     AvailablePermissions = new[]
 *                     {
 *                         "*",
 *                     },
 *                     AvailabilityCondition = new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs
 *                     {
 *                         Title = "Access level expr",
 *                         Expression = Output.Tuple(project.OrgId, test_access.Name).Apply(values =>
 *                         {
 *                             var orgId = values.Item1;
 *                             var name = values.Item2;
 *                             return $"request.matchAccessLevels('{orgId}', ['{name}'])";
 *                         }),
 *                     },
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi-std/sdk/go/std"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		project, err := organizations.NewProject(ctx, "project", &organizations.ProjectArgs{
 * 			ProjectId:      pulumi.String("my-project"),
 * 			Name:           pulumi.String("my-project"),
 * 			OrgId:          pulumi.String("123456789"),
 * 			BillingAccount: pulumi.String("000000-0000000-0000000-000000"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = accesscontextmanager.NewAccessPolicy(ctx, "access-policy", &accesscontextmanager.AccessPolicyArgs{
 * 			Parent: project.OrgId.ApplyT(func(orgId *string) (string, error) {
 * 				return fmt.Sprintf("organizations/%v", orgId), nil
 * 			}).(pulumi.StringOutput),
 * 			Title: pulumi.String("my policy"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = accesscontextmanager.NewAccessLevel(ctx, "test-access", &accesscontextmanager.AccessLevelArgs{
 * 			Parent: access_policy.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("accessPolicies/%v", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Name: access_policy.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("accessPolicies/%v/accessLevels/chromeos_no_lock", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Title: pulumi.String("chromeos_no_lock"),
 * 			Basic: &accesscontextmanager.AccessLevelBasicArgs{
 * 				Conditions: accesscontextmanager.AccessLevelBasicConditionArray{
 * 					&accesscontextmanager.AccessLevelBasicConditionArgs{
 * 						DevicePolicy: &accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{
 * 							RequireScreenLock: pulumi.Bool(true),
 * 							OsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{
 * 								&accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{
 * 									OsType: pulumi.String("DESKTOP_CHROME_OS"),
 * 								},
 * 							},
 * 						},
 * 						Regions: pulumi.StringArray{
 * 							pulumi.String("CH"),
 * 							pulumi.String("IT"),
 * 							pulumi.String("US"),
 * 						},
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = iam.NewAccessBoundaryPolicy(ctx, "example", &iam.AccessBoundaryPolicyArgs{
 * 			Parent: std.UrlencodeOutput(ctx, std.UrlencodeOutputArgs{
 * 				Input: project.ProjectId.ApplyT(func(projectId string) (string, error) {
 * 					return fmt.Sprintf("cloudresourcemanager.googleapis.com/projects/%v", projectId), nil
 * 				}).(pulumi.StringOutput),
 * 			}, nil).ApplyT(func(invoke std.UrlencodeResult) (*string, error) {
 * 				return invoke.Result, nil
 * 			}).(pulumi.StringPtrOutput),
 * 			Name:        pulumi.String("my-ab-policy"),
 * 			DisplayName: pulumi.String("My AB policy"),
 * 			Rules: iam.AccessBoundaryPolicyRuleArray{
 * 				&iam.AccessBoundaryPolicyRuleArgs{
 * 					Description: pulumi.String("AB rule"),
 * 					AccessBoundaryRule: &iam.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs{
 * 						AvailableResource: pulumi.String("*"),
 * 						AvailablePermissions: pulumi.StringArray{
 * 							pulumi.String("*"),
 * 						},
 * 						AvailabilityCondition: &iam.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs{
 * 							Title: pulumi.String("Access level expr"),
 * 							Expression: pulumi.All(project.OrgId, test_access.Name).ApplyT(func(_args []interface{}) (string, error) {
 * 								orgId := _args[0].(*string)
 * 								name := _args[1].(string)
 * 								return fmt.Sprintf("request.matchAccessLevels('%v', ['%v'])", orgId, name), nil
 * 							}).(pulumi.StringOutput),
 * 						},
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.organizations.Project;
 * import com.pulumi.gcp.organizations.ProjectArgs;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicy;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;
 * import com.pulumi.gcp.accesscontextmanager.AccessLevel;
 * import com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;
 * import com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;
 * import com.pulumi.gcp.iam.AccessBoundaryPolicy;
 * import com.pulumi.gcp.iam.AccessBoundaryPolicyArgs;
 * import com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleArgs;
 * import com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs;
 * import com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var project = new Project("project", ProjectArgs.builder()
 *             .projectId("my-project")
 *             .name("my-project")
 *             .orgId("123456789")
 *             .billingAccount("000000-0000000-0000000-000000")
 *             .build());
 *         var access_policy = new AccessPolicy("access-policy", AccessPolicyArgs.builder()
 *             .parent(project.orgId().applyValue(orgId -> String.format("organizations/%s", orgId)))
 *             .title("my policy")
 *             .build());
 *         var test_access = new AccessLevel("test-access", AccessLevelArgs.builder()
 *             .parent(access_policy.name().applyValue(name -> String.format("accessPolicies/%s", name)))
 *             .name(access_policy.name().applyValue(name -> String.format("accessPolicies/%s/accessLevels/chromeos_no_lock", name)))
 *             .title("chromeos_no_lock")
 *             .basic(AccessLevelBasicArgs.builder()
 *                 .conditions(AccessLevelBasicConditionArgs.builder()
 *                     .devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()
 *                         .requireScreenLock(true)
 *                         .osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()
 *                             .osType("DESKTOP_CHROME_OS")
 *                             .build())
 *                         .build())
 *                     .regions(
 *                         "CH",
 *                         "IT",
 *                         "US")
 *                     .build())
 *                 .build())
 *             .build());
 *         var example = new AccessBoundaryPolicy("example", AccessBoundaryPolicyArgs.builder()
 *             .parent(StdFunctions.urlencode().applyValue(invoke -> invoke.result()))
 *             .name("my-ab-policy")
 *             .displayName("My AB policy")
 *             .rules(AccessBoundaryPolicyRuleArgs.builder()
 *                 .description("AB rule")
 *                 .accessBoundaryRule(AccessBoundaryPolicyRuleAccessBoundaryRuleArgs.builder()
 *                     .availableResource("*")
 *                     .availablePermissions("*")
 *                     .availabilityCondition(AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs.builder()
 *                         .title("Access level expr")
 *                         .expression(Output.tuple(project.orgId(), test_access.name()).applyValue(values -> {
 *                             var orgId = values.t1;
 *                             var name = values.t2;
 *                             return String.format("request.matchAccessLevels('%s', ['%s'])", orgId,name);
 *                         }))
 *                         .build())
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:organizations:Project
 *     properties:
 *       projectId: my-project
 *       name: my-project
 *       orgId: '123456789'
 *       billingAccount: 000000-0000000-0000000-000000
 *   test-access:
 *     type: gcp:accesscontextmanager:AccessLevel
 *     properties:
 *       parent: accessPolicies/${["access-policy"].name}
 *       name: accessPolicies/${["access-policy"].name}/accessLevels/chromeos_no_lock
 *       title: chromeos_no_lock
 *       basic:
 *         conditions:
 *           - devicePolicy:
 *               requireScreenLock: true
 *               osConstraints:
 *                 - osType: DESKTOP_CHROME_OS
 *             regions:
 *               - CH
 *               - IT
 *               - US
 *   access-policy:
 *     type: gcp:accesscontextmanager:AccessPolicy
 *     properties:
 *       parent: organizations/${project.orgId}
 *       title: my policy
 *   example:
 *     type: gcp:iam:AccessBoundaryPolicy
 *     properties:
 *       parent:
 *         fn::invoke:
 *           Function: std:urlencode
 *           Arguments:
 *             input: cloudresourcemanager.googleapis.com/projects/${project.projectId}
 *           Return: result
 *       name: my-ab-policy
 *       displayName: My AB policy
 *       rules:
 *         - description: AB rule
 *           accessBoundaryRule:
 *             availableResource: '*'
 *             availablePermissions:
 *               - '*'
 *             availabilityCondition:
 *               title: Access level expr
 *               expression: request.matchAccessLevels('${project.orgId}', ['${["test-access"].name}'])
 * ```
 * 
 * ## Import
 * AccessBoundaryPolicy can be imported using any of these accepted formats:
 * * `{{parent}}/{{name}}`
 * When using the `pulumi import` command, AccessBoundaryPolicy can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:iam/accessBoundaryPolicy:AccessBoundaryPolicy default {{parent}}/{{name}}
 * ```
 */
public class AccessBoundaryPolicy internal constructor(
    override val javaResource: com.pulumi.gcp.iam.AccessBoundaryPolicy,
) : KotlinCustomResource(javaResource, AccessBoundaryPolicyMapper) {
    /**
     * The display name of the rule.
     */
    public val displayName: Output?
        get() = javaResource.displayName().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * The hash of the resource. Used internally during updates.
     */
    public val etag: Output
        get() = javaResource.etag().applyValue({ args0 -> args0 })

    /**
     * The name of the policy.
     */
    public val name: Output
        get() = javaResource.name().applyValue({ args0 -> args0 })

    /**
     * The attachment point is identified by its URL-encoded full resource name.
     */
    public val parent: Output
        get() = javaResource.parent().applyValue({ args0 -> args0 })

    /**
     * Rules to be applied.
     * Structure is documented below.
     */
    public val rules: Output>
        get() = javaResource.rules().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.let({ args0 ->
                    toKotlin(args0)
                })
            })
        })
}

public object AccessBoundaryPolicyMapper : ResourceMapper {
    override fun supportsMappingOfType(javaResource: Resource): Boolean =
        com.pulumi.gcp.iam.AccessBoundaryPolicy::class == javaResource::class

    override fun map(javaResource: Resource): AccessBoundaryPolicy = AccessBoundaryPolicy(
        javaResource
            as com.pulumi.gcp.iam.AccessBoundaryPolicy,
    )
}

/**
 * @see [AccessBoundaryPolicy].
 * @param name The _unique_ name of the resulting resource.
 * @param block Builder for [AccessBoundaryPolicy].
 */
public suspend fun accessBoundaryPolicy(
    name: String,
    block: suspend AccessBoundaryPolicyResourceBuilder.() -> Unit,
): AccessBoundaryPolicy {
    val builder = AccessBoundaryPolicyResourceBuilder()
    builder.name(name)
    block(builder)
    return builder.build()
}

/**
 * @see [AccessBoundaryPolicy].
 * @param name The _unique_ name of the resulting resource.
 */
public fun accessBoundaryPolicy(name: String): AccessBoundaryPolicy {
    val builder = AccessBoundaryPolicyResourceBuilder()
    builder.name(name)
    return builder.build()
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy