com.pulumi.gcp.organizations.kotlin.AccessApprovalSettingsArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.organizations.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.organizations.AccessApprovalSettingsArgs.builder
import com.pulumi.gcp.organizations.kotlin.inputs.AccessApprovalSettingsEnrolledServiceArgs
import com.pulumi.gcp.organizations.kotlin.inputs.AccessApprovalSettingsEnrolledServiceArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content.
* To get more information about OrganizationSettings, see:
* * [API documentation](https://cloud.google.com/access-approval/docs/reference/rest/v1/organizations)
* ## Example Usage
* ### Organization Access Approval Full
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const organizationAccessApproval = new gcp.organizations.AccessApprovalSettings("organization_access_approval", {
* organizationId: "123456789",
* notificationEmails: [
* "[email protected]",
* "[email protected]",
* ],
* enrolledServices: [
* {
* cloudProduct: "appengine.googleapis.com",
* },
* {
* cloudProduct: "dataflow.googleapis.com",
* enrollmentLevel: "BLOCK_ALL",
* },
* ],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* organization_access_approval = gcp.organizations.AccessApprovalSettings("organization_access_approval",
* organization_id="123456789",
* notification_emails=[
* "[email protected]",
* "[email protected]",
* ],
* enrolled_services=[
* gcp.organizations.AccessApprovalSettingsEnrolledServiceArgs(
* cloud_product="appengine.googleapis.com",
* ),
* gcp.organizations.AccessApprovalSettingsEnrolledServiceArgs(
* cloud_product="dataflow.googleapis.com",
* enrollment_level="BLOCK_ALL",
* ),
* ])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var organizationAccessApproval = new Gcp.Organizations.AccessApprovalSettings("organization_access_approval", new()
* {
* OrganizationId = "123456789",
* NotificationEmails = new[]
* {
* "[email protected]",
* "[email protected]",
* },
* EnrolledServices = new[]
* {
* new Gcp.Organizations.Inputs.AccessApprovalSettingsEnrolledServiceArgs
* {
* CloudProduct = "appengine.googleapis.com",
* },
* new Gcp.Organizations.Inputs.AccessApprovalSettingsEnrolledServiceArgs
* {
* CloudProduct = "dataflow.googleapis.com",
* EnrollmentLevel = "BLOCK_ALL",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := organizations.NewAccessApprovalSettings(ctx, "organization_access_approval", &organizations.AccessApprovalSettingsArgs{
* OrganizationId: pulumi.String("123456789"),
* NotificationEmails: pulumi.StringArray{
* pulumi.String("[email protected]"),
* pulumi.String("[email protected]"),
* },
* EnrolledServices: organizations.AccessApprovalSettingsEnrolledServiceArray{
* &organizations.AccessApprovalSettingsEnrolledServiceArgs{
* CloudProduct: pulumi.String("appengine.googleapis.com"),
* },
* &organizations.AccessApprovalSettingsEnrolledServiceArgs{
* CloudProduct: pulumi.String("dataflow.googleapis.com"),
* EnrollmentLevel: pulumi.String("BLOCK_ALL"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.AccessApprovalSettings;
* import com.pulumi.gcp.organizations.AccessApprovalSettingsArgs;
* import com.pulumi.gcp.organizations.inputs.AccessApprovalSettingsEnrolledServiceArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var organizationAccessApproval = new AccessApprovalSettings("organizationAccessApproval", AccessApprovalSettingsArgs.builder()
* .organizationId("123456789")
* .notificationEmails(
* "[email protected]",
* "[email protected]")
* .enrolledServices(
* AccessApprovalSettingsEnrolledServiceArgs.builder()
* .cloudProduct("appengine.googleapis.com")
* .build(),
* AccessApprovalSettingsEnrolledServiceArgs.builder()
* .cloudProduct("dataflow.googleapis.com")
* .enrollmentLevel("BLOCK_ALL")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* organizationAccessApproval:
* type: gcp:organizations:AccessApprovalSettings
* name: organization_access_approval
* properties:
* organizationId: '123456789'
* notificationEmails:
* - [email protected]
* - [email protected]
* enrolledServices:
* - cloudProduct: appengine.googleapis.com
* - cloudProduct: dataflow.googleapis.com
* enrollmentLevel: BLOCK_ALL
* ```
*
* ### Organization Access Approval Active Key Version
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const myProject = new gcp.organizations.Project("my_project", {
* name: "My Project",
* projectId: "your-project-id",
* orgId: "123456789",
* });
* const keyRing = new gcp.kms.KeyRing("key_ring", {
* name: "key-ring",
* location: "global",
* project: myProject.projectId,
* });
* const cryptoKey = new gcp.kms.CryptoKey("crypto_key", {
* name: "crypto-key",
* keyRing: keyRing.id,
* purpose: "ASYMMETRIC_SIGN",
* versionTemplate: {
* algorithm: "EC_SIGN_P384_SHA384",
* },
* });
* const serviceAccount = gcp.accessapproval.getOrganizationServiceAccount({
* organizationId: "123456789",
* });
* const iam = new gcp.kms.CryptoKeyIAMMember("iam", {
* cryptoKeyId: cryptoKey.id,
* role: "roles/cloudkms.signerVerifier",
* member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`),
* });
* const cryptoKeyVersion = gcp.kms.getKMSCryptoKeyVersionOutput({
* cryptoKey: cryptoKey.id,
* });
* const organizationAccessApproval = new gcp.organizations.AccessApprovalSettings("organization_access_approval", {
* organizationId: "123456789",
* activeKeyVersion: cryptoKeyVersion.apply(cryptoKeyVersion => cryptoKeyVersion.name),
* enrolledServices: [{
* cloudProduct: "all",
* }],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* my_project = gcp.organizations.Project("my_project",
* name="My Project",
* project_id="your-project-id",
* org_id="123456789")
* key_ring = gcp.kms.KeyRing("key_ring",
* name="key-ring",
* location="global",
* project=my_project.project_id)
* crypto_key = gcp.kms.CryptoKey("crypto_key",
* name="crypto-key",
* key_ring=key_ring.id,
* purpose="ASYMMETRIC_SIGN",
* version_template=gcp.kms.CryptoKeyVersionTemplateArgs(
* algorithm="EC_SIGN_P384_SHA384",
* ))
* service_account = gcp.accessapproval.get_organization_service_account(organization_id="123456789")
* iam = gcp.kms.CryptoKeyIAMMember("iam",
* crypto_key_id=crypto_key.id,
* role="roles/cloudkms.signerVerifier",
* member=f"serviceAccount:{service_account.account_email}")
* crypto_key_version = gcp.kms.get_kms_crypto_key_version_output(crypto_key=crypto_key.id)
* organization_access_approval = gcp.organizations.AccessApprovalSettings("organization_access_approval",
* organization_id="123456789",
* active_key_version=crypto_key_version.name,
* enrolled_services=[gcp.organizations.AccessApprovalSettingsEnrolledServiceArgs(
* cloud_product="all",
* )])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var myProject = new Gcp.Organizations.Project("my_project", new()
* {
* Name = "My Project",
* ProjectId = "your-project-id",
* OrgId = "123456789",
* });
* var keyRing = new Gcp.Kms.KeyRing("key_ring", new()
* {
* Name = "key-ring",
* Location = "global",
* Project = myProject.ProjectId,
* });
* var cryptoKey = new Gcp.Kms.CryptoKey("crypto_key", new()
* {
* Name = "crypto-key",
* KeyRing = keyRing.Id,
* Purpose = "ASYMMETRIC_SIGN",
* VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs
* {
* Algorithm = "EC_SIGN_P384_SHA384",
* },
* });
* var serviceAccount = Gcp.AccessApproval.GetOrganizationServiceAccount.Invoke(new()
* {
* OrganizationId = "123456789",
* });
* var iam = new Gcp.Kms.CryptoKeyIAMMember("iam", new()
* {
* CryptoKeyId = cryptoKey.Id,
* Role = "roles/cloudkms.signerVerifier",
* Member = $"serviceAccount:{serviceAccount.Apply(getOrganizationServiceAccountResult => getOrganizationServiceAccountResult.AccountEmail)}",
* });
* var cryptoKeyVersion = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()
* {
* CryptoKey = cryptoKey.Id,
* });
* var organizationAccessApproval = new Gcp.Organizations.AccessApprovalSettings("organization_access_approval", new()
* {
* OrganizationId = "123456789",
* ActiveKeyVersion = cryptoKeyVersion.Apply(getKMSCryptoKeyVersionResult => getKMSCryptoKeyVersionResult.Name),
* EnrolledServices = new[]
* {
* new Gcp.Organizations.Inputs.AccessApprovalSettingsEnrolledServiceArgs
* {
* CloudProduct = "all",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accessapproval"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* myProject, err := organizations.NewProject(ctx, "my_project", &organizations.ProjectArgs{
* Name: pulumi.String("My Project"),
* ProjectId: pulumi.String("your-project-id"),
* OrgId: pulumi.String("123456789"),
* })
* if err != nil {
* return err
* }
* keyRing, err := kms.NewKeyRing(ctx, "key_ring", &kms.KeyRingArgs{
* Name: pulumi.String("key-ring"),
* Location: pulumi.String("global"),
* Project: myProject.ProjectId,
* })
* if err != nil {
* return err
* }
* cryptoKey, err := kms.NewCryptoKey(ctx, "crypto_key", &kms.CryptoKeyArgs{
* Name: pulumi.String("crypto-key"),
* KeyRing: keyRing.ID(),
* Purpose: pulumi.String("ASYMMETRIC_SIGN"),
* VersionTemplate: &kms.CryptoKeyVersionTemplateArgs{
* Algorithm: pulumi.String("EC_SIGN_P384_SHA384"),
* },
* })
* if err != nil {
* return err
* }
* serviceAccount, err := accessapproval.GetOrganizationServiceAccount(ctx, &accessapproval.GetOrganizationServiceAccountArgs{
* OrganizationId: "123456789",
* }, nil)
* if err != nil {
* return err
* }
* _, err = kms.NewCryptoKeyIAMMember(ctx, "iam", &kms.CryptoKeyIAMMemberArgs{
* CryptoKeyId: cryptoKey.ID(),
* Role: pulumi.String("roles/cloudkms.signerVerifier"),
* Member: pulumi.String(fmt.Sprintf("serviceAccount:%v", serviceAccount.AccountEmail)),
* })
* if err != nil {
* return err
* }
* cryptoKeyVersion := kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{
* CryptoKey: cryptoKey.ID(),
* }, nil)
* _, err = organizations.NewAccessApprovalSettings(ctx, "organization_access_approval", &organizations.AccessApprovalSettingsArgs{
* OrganizationId: pulumi.String("123456789"),
* ActiveKeyVersion: cryptoKeyVersion.ApplyT(func(cryptoKeyVersion kms.GetKMSCryptoKeyVersionResult) (*string, error) {
* return &cryptoKeyVersion.Name, nil
* }).(pulumi.StringPtrOutput),
* EnrolledServices: organizations.AccessApprovalSettingsEnrolledServiceArray{
* &organizations.AccessApprovalSettingsEnrolledServiceArgs{
* CloudProduct: pulumi.String("all"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.Project;
* import com.pulumi.gcp.organizations.ProjectArgs;
* import com.pulumi.gcp.kms.KeyRing;
* import com.pulumi.gcp.kms.KeyRingArgs;
* import com.pulumi.gcp.kms.CryptoKey;
* import com.pulumi.gcp.kms.CryptoKeyArgs;
* import com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;
* import com.pulumi.gcp.accessapproval.AccessapprovalFunctions;
* import com.pulumi.gcp.accessapproval.inputs.GetOrganizationServiceAccountArgs;
* import com.pulumi.gcp.kms.CryptoKeyIAMMember;
* import com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;
* import com.pulumi.gcp.kms.KmsFunctions;
* import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;
* import com.pulumi.gcp.organizations.AccessApprovalSettings;
* import com.pulumi.gcp.organizations.AccessApprovalSettingsArgs;
* import com.pulumi.gcp.organizations.inputs.AccessApprovalSettingsEnrolledServiceArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var myProject = new Project("myProject", ProjectArgs.builder()
* .name("My Project")
* .projectId("your-project-id")
* .orgId("123456789")
* .build());
* var keyRing = new KeyRing("keyRing", KeyRingArgs.builder()
* .name("key-ring")
* .location("global")
* .project(myProject.projectId())
* .build());
* var cryptoKey = new CryptoKey("cryptoKey", CryptoKeyArgs.builder()
* .name("crypto-key")
* .keyRing(keyRing.id())
* .purpose("ASYMMETRIC_SIGN")
* .versionTemplate(CryptoKeyVersionTemplateArgs.builder()
* .algorithm("EC_SIGN_P384_SHA384")
* .build())
* .build());
* final var serviceAccount = AccessapprovalFunctions.getOrganizationServiceAccount(GetOrganizationServiceAccountArgs.builder()
* .organizationId("123456789")
* .build());
* var iam = new CryptoKeyIAMMember("iam", CryptoKeyIAMMemberArgs.builder()
* .cryptoKeyId(cryptoKey.id())
* .role("roles/cloudkms.signerVerifier")
* .member(String.format("serviceAccount:%s", serviceAccount.applyValue(getOrganizationServiceAccountResult -> getOrganizationServiceAccountResult.accountEmail())))
* .build());
* final var cryptoKeyVersion = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()
* .cryptoKey(cryptoKey.id())
* .build());
* var organizationAccessApproval = new AccessApprovalSettings("organizationAccessApproval", AccessApprovalSettingsArgs.builder()
* .organizationId("123456789")
* .activeKeyVersion(cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult).applyValue(cryptoKeyVersion -> cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.name())))
* .enrolledServices(AccessApprovalSettingsEnrolledServiceArgs.builder()
* .cloudProduct("all")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* myProject:
* type: gcp:organizations:Project
* name: my_project
* properties:
* name: My Project
* projectId: your-project-id
* orgId: '123456789'
* keyRing:
* type: gcp:kms:KeyRing
* name: key_ring
* properties:
* name: key-ring
* location: global
* project: ${myProject.projectId}
* cryptoKey:
* type: gcp:kms:CryptoKey
* name: crypto_key
* properties:
* name: crypto-key
* keyRing: ${keyRing.id}
* purpose: ASYMMETRIC_SIGN
* versionTemplate:
* algorithm: EC_SIGN_P384_SHA384
* iam:
* type: gcp:kms:CryptoKeyIAMMember
* properties:
* cryptoKeyId: ${cryptoKey.id}
* role: roles/cloudkms.signerVerifier
* member: serviceAccount:${serviceAccount.accountEmail}
* organizationAccessApproval:
* type: gcp:organizations:AccessApprovalSettings
* name: organization_access_approval
* properties:
* organizationId: '123456789'
* activeKeyVersion: ${cryptoKeyVersion.name}
* enrolledServices:
* - cloudProduct: all
* variables:
* serviceAccount:
* fn::invoke:
* Function: gcp:accessapproval:getOrganizationServiceAccount
* Arguments:
* organizationId: '123456789'
* cryptoKeyVersion:
* fn::invoke:
* Function: gcp:kms:getKMSCryptoKeyVersion
* Arguments:
* cryptoKey: ${cryptoKey.id}
* ```
*
* ## Import
* OrganizationSettings can be imported using any of these accepted formats:
* * `organizations/{{organization_id}}/accessApprovalSettings`
* * `{{organization_id}}`
* When using the `pulumi import` command, OrganizationSettings can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:organizations/accessApprovalSettings:AccessApprovalSettings default organizations/{{organization_id}}/accessApprovalSettings
* ```
* ```sh
* $ pulumi import gcp:organizations/accessApprovalSettings:AccessApprovalSettings default {{organization_id}}
* ```
* @property activeKeyVersion The asymmetric crypto key version to use for signing approval requests. Empty active_key_version indicates that a
* Google-managed key should be used for signing.
* @property enrolledServices A list of Google Cloud Services for which the given resource has Access Approval enrolled.
* Access requests for the resource given by name against any of these services contained here will be required
* to have explicit approval. Enrollment can be done for individual services.
* A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.
* Structure is documented below.
* @property notificationEmails A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to
* a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email
* addresses are allowed.
* @property organizationId ID of the organization of the access approval settings.
*/
public data class AccessApprovalSettingsArgs(
public val activeKeyVersion: Output? = null,
public val enrolledServices: Output>? = null,
public val notificationEmails: Output>? = null,
public val organizationId: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.organizations.AccessApprovalSettingsArgs =
com.pulumi.gcp.organizations.AccessApprovalSettingsArgs.builder()
.activeKeyVersion(activeKeyVersion?.applyValue({ args0 -> args0 }))
.enrolledServices(
enrolledServices?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
)
.notificationEmails(notificationEmails?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.organizationId(organizationId?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [AccessApprovalSettingsArgs].
*/
@PulumiTagMarker
public class AccessApprovalSettingsArgsBuilder internal constructor() {
private var activeKeyVersion: Output? = null
private var enrolledServices: Output>? = null
private var notificationEmails: Output>? = null
private var organizationId: Output? = null
/**
* @param value The asymmetric crypto key version to use for signing approval requests. Empty active_key_version indicates that a
* Google-managed key should be used for signing.
*/
@JvmName("ppojhaagevuirydw")
public suspend fun activeKeyVersion(`value`: Output) {
this.activeKeyVersion = value
}
/**
* @param value A list of Google Cloud Services for which the given resource has Access Approval enrolled.
* Access requests for the resource given by name against any of these services contained here will be required
* to have explicit approval. Enrollment can be done for individual services.
* A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.
* Structure is documented below.
*/
@JvmName("ynchcvmbkdbyvgvy")
public suspend fun enrolledServices(`value`: Output>) {
this.enrolledServices = value
}
@JvmName("sslppjvewgeqmtfo")
public suspend fun enrolledServices(vararg values: Output) {
this.enrolledServices = Output.all(values.asList())
}
/**
* @param values A list of Google Cloud Services for which the given resource has Access Approval enrolled.
* Access requests for the resource given by name against any of these services contained here will be required
* to have explicit approval. Enrollment can be done for individual services.
* A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.
* Structure is documented below.
*/
@JvmName("qvsgvkccbbykgvae")
public suspend fun enrolledServices(values: List
© 2015 - 2024 Weber Informatics LLC | Privacy Policy