All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.orgpolicy.kotlin.CustomConstraint.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.orgpolicy.kotlin

import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List

/**
 * Builder for [CustomConstraint].
 */
@PulumiTagMarker
public class CustomConstraintResourceBuilder internal constructor() {
    public var name: String? = null

    public var args: CustomConstraintArgs = CustomConstraintArgs()

    public var opts: CustomResourceOptions = CustomResourceOptions()

    /**
     * @param name The _unique_ name of the resulting resource.
     */
    public fun name(`value`: String) {
        this.name = value
    }

    /**
     * @param block The arguments to use to populate this resource's properties.
     */
    public suspend fun args(block: suspend CustomConstraintArgsBuilder.() -> Unit) {
        val builder = CustomConstraintArgsBuilder()
        block(builder)
        this.args = builder.build()
    }

    /**
     * @param block A bag of options that control this resource's behavior.
     */
    public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
        this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
    }

    internal fun build(): CustomConstraint {
        val builtJavaResource = com.pulumi.gcp.orgpolicy.CustomConstraint(
            this.name,
            this.args.toJava(),
            this.opts.toJava(),
        )
        return CustomConstraint(builtJavaResource)
    }
}

/**
 * Custom constraints are created by administrators to provide more granular and customizable control over the specific fields that are restricted by your organization policies.
 * To get more information about CustomConstraint, see:
 * * [API documentation](https://cloud.google.com/resource-manager/docs/reference/orgpolicy/rest/v2/organizations.constraints)
 * * How-to Guides
 *     * [Official Documentation](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints)
 *     * [Supported Services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services)
 * ## Example Usage
 * ### Org Policy Custom Constraint Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const constraint = new gcp.orgpolicy.CustomConstraint("constraint", {
 *     name: "custom.disableGkeAutoUpgrade",
 *     parent: "organizations/123456789",
 *     actionType: "ALLOW",
 *     condition: "resource.management.autoUpgrade == false",
 *     methodTypes: [
 *         "CREATE",
 *         "UPDATE",
 *     ],
 *     resourceTypes: ["container.googleapis.com/NodePool"],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * constraint = gcp.orgpolicy.CustomConstraint("constraint",
 *     name="custom.disableGkeAutoUpgrade",
 *     parent="organizations/123456789",
 *     action_type="ALLOW",
 *     condition="resource.management.autoUpgrade == false",
 *     method_types=[
 *         "CREATE",
 *         "UPDATE",
 *     ],
 *     resource_types=["container.googleapis.com/NodePool"])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var constraint = new Gcp.OrgPolicy.CustomConstraint("constraint", new()
 *     {
 *         Name = "custom.disableGkeAutoUpgrade",
 *         Parent = "organizations/123456789",
 *         ActionType = "ALLOW",
 *         Condition = "resource.management.autoUpgrade == false",
 *         MethodTypes = new[]
 *         {
 *             "CREATE",
 *             "UPDATE",
 *         },
 *         ResourceTypes = new[]
 *         {
 *             "container.googleapis.com/NodePool",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
 * 			Name:       pulumi.String("custom.disableGkeAutoUpgrade"),
 * 			Parent:     pulumi.String("organizations/123456789"),
 * 			ActionType: pulumi.String("ALLOW"),
 * 			Condition:  pulumi.String("resource.management.autoUpgrade == false"),
 * 			MethodTypes: pulumi.StringArray{
 * 				pulumi.String("CREATE"),
 * 				pulumi.String("UPDATE"),
 * 			},
 * 			ResourceTypes: pulumi.StringArray{
 * 				pulumi.String("container.googleapis.com/NodePool"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.orgpolicy.CustomConstraint;
 * import com.pulumi.gcp.orgpolicy.CustomConstraintArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var constraint = new CustomConstraint("constraint", CustomConstraintArgs.builder()
 *             .name("custom.disableGkeAutoUpgrade")
 *             .parent("organizations/123456789")
 *             .actionType("ALLOW")
 *             .condition("resource.management.autoUpgrade == false")
 *             .methodTypes(
 *                 "CREATE",
 *                 "UPDATE")
 *             .resourceTypes("container.googleapis.com/NodePool")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   constraint:
 *     type: gcp:orgpolicy:CustomConstraint
 *     properties:
 *       name: custom.disableGkeAutoUpgrade
 *       parent: organizations/123456789
 *       actionType: ALLOW
 *       condition: resource.management.autoUpgrade == false
 *       methodTypes:
 *         - CREATE
 *         - UPDATE
 *       resourceTypes:
 *         - container.googleapis.com/NodePool
 * ```
 * 
 * ### Org Policy Custom Constraint Full
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const constraint = new gcp.orgpolicy.CustomConstraint("constraint", {
 *     name: "custom.disableGkeAutoUpgrade",
 *     parent: "organizations/123456789",
 *     displayName: "Disable GKE auto upgrade",
 *     description: "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
 *     actionType: "ALLOW",
 *     condition: "resource.management.autoUpgrade == false",
 *     methodTypes: [
 *         "CREATE",
 *         "UPDATE",
 *     ],
 *     resourceTypes: ["container.googleapis.com/NodePool"],
 * });
 * const bool = new gcp.orgpolicy.Policy("bool", {
 *     name: pulumi.interpolate`organizations/123456789/policies/${constraint.name}`,
 *     parent: "organizations/123456789",
 *     spec: {
 *         rules: [{
 *             enforce: "TRUE",
 *         }],
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * constraint = gcp.orgpolicy.CustomConstraint("constraint",
 *     name="custom.disableGkeAutoUpgrade",
 *     parent="organizations/123456789",
 *     display_name="Disable GKE auto upgrade",
 *     description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
 *     action_type="ALLOW",
 *     condition="resource.management.autoUpgrade == false",
 *     method_types=[
 *         "CREATE",
 *         "UPDATE",
 *     ],
 *     resource_types=["container.googleapis.com/NodePool"])
 * bool = gcp.orgpolicy.Policy("bool",
 *     name=constraint.name.apply(lambda name: f"organizations/123456789/policies/{name}"),
 *     parent="organizations/123456789",
 *     spec=gcp.orgpolicy.PolicySpecArgs(
 *         rules=[gcp.orgpolicy.PolicySpecRuleArgs(
 *             enforce="TRUE",
 *         )],
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var constraint = new Gcp.OrgPolicy.CustomConstraint("constraint", new()
 *     {
 *         Name = "custom.disableGkeAutoUpgrade",
 *         Parent = "organizations/123456789",
 *         DisplayName = "Disable GKE auto upgrade",
 *         Description = "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
 *         ActionType = "ALLOW",
 *         Condition = "resource.management.autoUpgrade == false",
 *         MethodTypes = new[]
 *         {
 *             "CREATE",
 *             "UPDATE",
 *         },
 *         ResourceTypes = new[]
 *         {
 *             "container.googleapis.com/NodePool",
 *         },
 *     });
 *     var @bool = new Gcp.OrgPolicy.Policy("bool", new()
 *     {
 *         Name = constraint.Name.Apply(name => $"organizations/123456789/policies/{name}"),
 *         Parent = "organizations/123456789",
 *         Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
 *         {
 *             Rules = new[]
 *             {
 *                 new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
 *                 {
 *                     Enforce = "TRUE",
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		constraint, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
 * 			Name:        pulumi.String("custom.disableGkeAutoUpgrade"),
 * 			Parent:      pulumi.String("organizations/123456789"),
 * 			DisplayName: pulumi.String("Disable GKE auto upgrade"),
 * 			Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
 * 			ActionType:  pulumi.String("ALLOW"),
 * 			Condition:   pulumi.String("resource.management.autoUpgrade == false"),
 * 			MethodTypes: pulumi.StringArray{
 * 				pulumi.String("CREATE"),
 * 				pulumi.String("UPDATE"),
 * 			},
 * 			ResourceTypes: pulumi.StringArray{
 * 				pulumi.String("container.googleapis.com/NodePool"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = orgpolicy.NewPolicy(ctx, "bool", &orgpolicy.PolicyArgs{
 * 			Name: constraint.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("organizations/123456789/policies/%v", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Parent: pulumi.String("organizations/123456789"),
 * 			Spec: &orgpolicy.PolicySpecArgs{
 * 				Rules: orgpolicy.PolicySpecRuleArray{
 * 					&orgpolicy.PolicySpecRuleArgs{
 * 						Enforce: pulumi.String("TRUE"),
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.orgpolicy.CustomConstraint;
 * import com.pulumi.gcp.orgpolicy.CustomConstraintArgs;
 * import com.pulumi.gcp.orgpolicy.Policy;
 * import com.pulumi.gcp.orgpolicy.PolicyArgs;
 * import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var constraint = new CustomConstraint("constraint", CustomConstraintArgs.builder()
 *             .name("custom.disableGkeAutoUpgrade")
 *             .parent("organizations/123456789")
 *             .displayName("Disable GKE auto upgrade")
 *             .description("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.")
 *             .actionType("ALLOW")
 *             .condition("resource.management.autoUpgrade == false")
 *             .methodTypes(
 *                 "CREATE",
 *                 "UPDATE")
 *             .resourceTypes("container.googleapis.com/NodePool")
 *             .build());
 *         var bool = new Policy("bool", PolicyArgs.builder()
 *             .name(constraint.name().applyValue(name -> String.format("organizations/123456789/policies/%s", name)))
 *             .parent("organizations/123456789")
 *             .spec(PolicySpecArgs.builder()
 *                 .rules(PolicySpecRuleArgs.builder()
 *                     .enforce("TRUE")
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   constraint:
 *     type: gcp:orgpolicy:CustomConstraint
 *     properties:
 *       name: custom.disableGkeAutoUpgrade
 *       parent: organizations/123456789
 *       displayName: Disable GKE auto upgrade
 *       description: Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.
 *       actionType: ALLOW
 *       condition: resource.management.autoUpgrade == false
 *       methodTypes:
 *         - CREATE
 *         - UPDATE
 *       resourceTypes:
 *         - container.googleapis.com/NodePool
 *   bool:
 *     type: gcp:orgpolicy:Policy
 *     properties:
 *       name: organizations/123456789/policies/${constraint.name}
 *       parent: organizations/123456789
 *       spec:
 *         rules:
 *           - enforce: TRUE
 * ```
 * 
 * ## Import
 * CustomConstraint can be imported using any of these accepted formats:
 * * `{{parent}}/customConstraints/{{name}}`
 * When using the `pulumi import` command, CustomConstraint can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:orgpolicy/customConstraint:CustomConstraint default {{parent}}/customConstraints/{{name}}
 * ```
 */
public class CustomConstraint internal constructor(
    override val javaResource: com.pulumi.gcp.orgpolicy.CustomConstraint,
) : KotlinCustomResource(javaResource, CustomConstraintMapper) {
    /**
     * The action to take if the condition is met.
     * Possible values are: `ALLOW`, `DENY`.
     */
    public val actionType: Output
        get() = javaResource.actionType().applyValue({ args0 -> args0 })

    /**
     * A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
     */
    public val condition: Output
        get() = javaResource.condition().applyValue({ args0 -> args0 })

    /**
     * A human-friendly description of the constraint to display as an error message when the policy is violated.
     */
    public val description: Output?
        get() = javaResource.description().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * A human-friendly name for the constraint.
     */
    public val displayName: Output?
        get() = javaResource.displayName().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
     */
    public val methodTypes: Output>
        get() = javaResource.methodTypes().applyValue({ args0 -> args0.map({ args0 -> args0 }) })

    /**
     * Immutable. The name of the custom constraint. This is unique within the organization.
     */
    public val name: Output
        get() = javaResource.name().applyValue({ args0 -> args0 })

    /**
     * The parent of the resource, an organization. Format should be `organizations/{organization_id}`.
     * - - -
     */
    public val parent: Output
        get() = javaResource.parent().applyValue({ args0 -> args0 })

    /**
     * Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
     */
    public val resourceTypes: Output>
        get() = javaResource.resourceTypes().applyValue({ args0 -> args0.map({ args0 -> args0 }) })

    /**
     * Output only. The timestamp representing when the constraint was last updated.
     */
    public val updateTime: Output
        get() = javaResource.updateTime().applyValue({ args0 -> args0 })
}

public object CustomConstraintMapper : ResourceMapper {
    override fun supportsMappingOfType(javaResource: Resource): Boolean =
        com.pulumi.gcp.orgpolicy.CustomConstraint::class == javaResource::class

    override fun map(javaResource: Resource): CustomConstraint = CustomConstraint(
        javaResource as
            com.pulumi.gcp.orgpolicy.CustomConstraint,
    )
}

/**
 * @see [CustomConstraint].
 * @param name The _unique_ name of the resulting resource.
 * @param block Builder for [CustomConstraint].
 */
public suspend fun customConstraint(
    name: String,
    block: suspend CustomConstraintResourceBuilder.() -> Unit,
): CustomConstraint {
    val builder = CustomConstraintResourceBuilder()
    builder.name(name)
    block(builder)
    return builder.build()
}

/**
 * @see [CustomConstraint].
 * @param name The _unique_ name of the resulting resource.
 */
public fun customConstraint(name: String): CustomConstraint {
    val builder = CustomConstraintResourceBuilder()
    builder.name(name)
    return builder.build()
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy