com.pulumi.gcp.orgpolicy.kotlin.CustomConstraint.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.orgpolicy.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
/**
* Builder for [CustomConstraint].
*/
@PulumiTagMarker
public class CustomConstraintResourceBuilder internal constructor() {
public var name: String? = null
public var args: CustomConstraintArgs = CustomConstraintArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend CustomConstraintArgsBuilder.() -> Unit) {
val builder = CustomConstraintArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): CustomConstraint {
val builtJavaResource = com.pulumi.gcp.orgpolicy.CustomConstraint(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return CustomConstraint(builtJavaResource)
}
}
/**
* Custom constraints are created by administrators to provide more granular and customizable control over the specific fields that are restricted by your organization policies.
* To get more information about CustomConstraint, see:
* * [API documentation](https://cloud.google.com/resource-manager/docs/reference/orgpolicy/rest/v2/organizations.constraints)
* * How-to Guides
* * [Official Documentation](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints)
* * [Supported Services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services)
* ## Example Usage
* ### Org Policy Custom Constraint Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const constraint = new gcp.orgpolicy.CustomConstraint("constraint", {
* name: "custom.disableGkeAutoUpgrade",
* parent: "organizations/123456789",
* actionType: "ALLOW",
* condition: "resource.management.autoUpgrade == false",
* methodTypes: [
* "CREATE",
* "UPDATE",
* ],
* resourceTypes: ["container.googleapis.com/NodePool"],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* constraint = gcp.orgpolicy.CustomConstraint("constraint",
* name="custom.disableGkeAutoUpgrade",
* parent="organizations/123456789",
* action_type="ALLOW",
* condition="resource.management.autoUpgrade == false",
* method_types=[
* "CREATE",
* "UPDATE",
* ],
* resource_types=["container.googleapis.com/NodePool"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var constraint = new Gcp.OrgPolicy.CustomConstraint("constraint", new()
* {
* Name = "custom.disableGkeAutoUpgrade",
* Parent = "organizations/123456789",
* ActionType = "ALLOW",
* Condition = "resource.management.autoUpgrade == false",
* MethodTypes = new[]
* {
* "CREATE",
* "UPDATE",
* },
* ResourceTypes = new[]
* {
* "container.googleapis.com/NodePool",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
* Name: pulumi.String("custom.disableGkeAutoUpgrade"),
* Parent: pulumi.String("organizations/123456789"),
* ActionType: pulumi.String("ALLOW"),
* Condition: pulumi.String("resource.management.autoUpgrade == false"),
* MethodTypes: pulumi.StringArray{
* pulumi.String("CREATE"),
* pulumi.String("UPDATE"),
* },
* ResourceTypes: pulumi.StringArray{
* pulumi.String("container.googleapis.com/NodePool"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.orgpolicy.CustomConstraint;
* import com.pulumi.gcp.orgpolicy.CustomConstraintArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var constraint = new CustomConstraint("constraint", CustomConstraintArgs.builder()
* .name("custom.disableGkeAutoUpgrade")
* .parent("organizations/123456789")
* .actionType("ALLOW")
* .condition("resource.management.autoUpgrade == false")
* .methodTypes(
* "CREATE",
* "UPDATE")
* .resourceTypes("container.googleapis.com/NodePool")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* constraint:
* type: gcp:orgpolicy:CustomConstraint
* properties:
* name: custom.disableGkeAutoUpgrade
* parent: organizations/123456789
* actionType: ALLOW
* condition: resource.management.autoUpgrade == false
* methodTypes:
* - CREATE
* - UPDATE
* resourceTypes:
* - container.googleapis.com/NodePool
* ```
*
* ### Org Policy Custom Constraint Full
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const constraint = new gcp.orgpolicy.CustomConstraint("constraint", {
* name: "custom.disableGkeAutoUpgrade",
* parent: "organizations/123456789",
* displayName: "Disable GKE auto upgrade",
* description: "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
* actionType: "ALLOW",
* condition: "resource.management.autoUpgrade == false",
* methodTypes: [
* "CREATE",
* "UPDATE",
* ],
* resourceTypes: ["container.googleapis.com/NodePool"],
* });
* const bool = new gcp.orgpolicy.Policy("bool", {
* name: pulumi.interpolate`organizations/123456789/policies/${constraint.name}`,
* parent: "organizations/123456789",
* spec: {
* rules: [{
* enforce: "TRUE",
* }],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* constraint = gcp.orgpolicy.CustomConstraint("constraint",
* name="custom.disableGkeAutoUpgrade",
* parent="organizations/123456789",
* display_name="Disable GKE auto upgrade",
* description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
* action_type="ALLOW",
* condition="resource.management.autoUpgrade == false",
* method_types=[
* "CREATE",
* "UPDATE",
* ],
* resource_types=["container.googleapis.com/NodePool"])
* bool = gcp.orgpolicy.Policy("bool",
* name=constraint.name.apply(lambda name: f"organizations/123456789/policies/{name}"),
* parent="organizations/123456789",
* spec=gcp.orgpolicy.PolicySpecArgs(
* rules=[gcp.orgpolicy.PolicySpecRuleArgs(
* enforce="TRUE",
* )],
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var constraint = new Gcp.OrgPolicy.CustomConstraint("constraint", new()
* {
* Name = "custom.disableGkeAutoUpgrade",
* Parent = "organizations/123456789",
* DisplayName = "Disable GKE auto upgrade",
* Description = "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
* ActionType = "ALLOW",
* Condition = "resource.management.autoUpgrade == false",
* MethodTypes = new[]
* {
* "CREATE",
* "UPDATE",
* },
* ResourceTypes = new[]
* {
* "container.googleapis.com/NodePool",
* },
* });
* var @bool = new Gcp.OrgPolicy.Policy("bool", new()
* {
* Name = constraint.Name.Apply(name => $"organizations/123456789/policies/{name}"),
* Parent = "organizations/123456789",
* Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
* {
* Rules = new[]
* {
* new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
* {
* Enforce = "TRUE",
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* constraint, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
* Name: pulumi.String("custom.disableGkeAutoUpgrade"),
* Parent: pulumi.String("organizations/123456789"),
* DisplayName: pulumi.String("Disable GKE auto upgrade"),
* Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
* ActionType: pulumi.String("ALLOW"),
* Condition: pulumi.String("resource.management.autoUpgrade == false"),
* MethodTypes: pulumi.StringArray{
* pulumi.String("CREATE"),
* pulumi.String("UPDATE"),
* },
* ResourceTypes: pulumi.StringArray{
* pulumi.String("container.googleapis.com/NodePool"),
* },
* })
* if err != nil {
* return err
* }
* _, err = orgpolicy.NewPolicy(ctx, "bool", &orgpolicy.PolicyArgs{
* Name: constraint.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("organizations/123456789/policies/%v", name), nil
* }).(pulumi.StringOutput),
* Parent: pulumi.String("organizations/123456789"),
* Spec: &orgpolicy.PolicySpecArgs{
* Rules: orgpolicy.PolicySpecRuleArray{
* &orgpolicy.PolicySpecRuleArgs{
* Enforce: pulumi.String("TRUE"),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.orgpolicy.CustomConstraint;
* import com.pulumi.gcp.orgpolicy.CustomConstraintArgs;
* import com.pulumi.gcp.orgpolicy.Policy;
* import com.pulumi.gcp.orgpolicy.PolicyArgs;
* import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var constraint = new CustomConstraint("constraint", CustomConstraintArgs.builder()
* .name("custom.disableGkeAutoUpgrade")
* .parent("organizations/123456789")
* .displayName("Disable GKE auto upgrade")
* .description("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.")
* .actionType("ALLOW")
* .condition("resource.management.autoUpgrade == false")
* .methodTypes(
* "CREATE",
* "UPDATE")
* .resourceTypes("container.googleapis.com/NodePool")
* .build());
* var bool = new Policy("bool", PolicyArgs.builder()
* .name(constraint.name().applyValue(name -> String.format("organizations/123456789/policies/%s", name)))
* .parent("organizations/123456789")
* .spec(PolicySpecArgs.builder()
* .rules(PolicySpecRuleArgs.builder()
* .enforce("TRUE")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* constraint:
* type: gcp:orgpolicy:CustomConstraint
* properties:
* name: custom.disableGkeAutoUpgrade
* parent: organizations/123456789
* displayName: Disable GKE auto upgrade
* description: Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.
* actionType: ALLOW
* condition: resource.management.autoUpgrade == false
* methodTypes:
* - CREATE
* - UPDATE
* resourceTypes:
* - container.googleapis.com/NodePool
* bool:
* type: gcp:orgpolicy:Policy
* properties:
* name: organizations/123456789/policies/${constraint.name}
* parent: organizations/123456789
* spec:
* rules:
* - enforce: TRUE
* ```
*
* ## Import
* CustomConstraint can be imported using any of these accepted formats:
* * `{{parent}}/customConstraints/{{name}}`
* When using the `pulumi import` command, CustomConstraint can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:orgpolicy/customConstraint:CustomConstraint default {{parent}}/customConstraints/{{name}}
* ```
*/
public class CustomConstraint internal constructor(
override val javaResource: com.pulumi.gcp.orgpolicy.CustomConstraint,
) : KotlinCustomResource(javaResource, CustomConstraintMapper) {
/**
* The action to take if the condition is met.
* Possible values are: `ALLOW`, `DENY`.
*/
public val actionType: Output
get() = javaResource.actionType().applyValue({ args0 -> args0 })
/**
* A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
*/
public val condition: Output
get() = javaResource.condition().applyValue({ args0 -> args0 })
/**
* A human-friendly description of the constraint to display as an error message when the policy is violated.
*/
public val description: Output?
get() = javaResource.description().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* A human-friendly name for the constraint.
*/
public val displayName: Output?
get() = javaResource.displayName().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
*/
public val methodTypes: Output>
get() = javaResource.methodTypes().applyValue({ args0 -> args0.map({ args0 -> args0 }) })
/**
* Immutable. The name of the custom constraint. This is unique within the organization.
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* The parent of the resource, an organization. Format should be `organizations/{organization_id}`.
* - - -
*/
public val parent: Output
get() = javaResource.parent().applyValue({ args0 -> args0 })
/**
* Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
*/
public val resourceTypes: Output>
get() = javaResource.resourceTypes().applyValue({ args0 -> args0.map({ args0 -> args0 }) })
/**
* Output only. The timestamp representing when the constraint was last updated.
*/
public val updateTime: Output
get() = javaResource.updateTime().applyValue({ args0 -> args0 })
}
public object CustomConstraintMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.gcp.orgpolicy.CustomConstraint::class == javaResource::class
override fun map(javaResource: Resource): CustomConstraint = CustomConstraint(
javaResource as
com.pulumi.gcp.orgpolicy.CustomConstraint,
)
}
/**
* @see [CustomConstraint].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [CustomConstraint].
*/
public suspend fun customConstraint(
name: String,
block: suspend CustomConstraintResourceBuilder.() -> Unit,
): CustomConstraint {
val builder = CustomConstraintResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [CustomConstraint].
* @param name The _unique_ name of the resulting resource.
*/
public fun customConstraint(name: String): CustomConstraint {
val builder = CustomConstraintResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy