All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.orgpolicy.kotlin.Policy.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.orgpolicy.kotlin

import com.pulumi.core.Output
import com.pulumi.gcp.orgpolicy.kotlin.outputs.PolicyDryRunSpec
import com.pulumi.gcp.orgpolicy.kotlin.outputs.PolicySpec
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import com.pulumi.gcp.orgpolicy.kotlin.outputs.PolicyDryRunSpec.Companion.toKotlin as policyDryRunSpecToKotlin
import com.pulumi.gcp.orgpolicy.kotlin.outputs.PolicySpec.Companion.toKotlin as policySpecToKotlin

/**
 * Builder for [Policy].
 */
@PulumiTagMarker
public class PolicyResourceBuilder internal constructor() {
    public var name: String? = null

    public var args: PolicyArgs = PolicyArgs()

    public var opts: CustomResourceOptions = CustomResourceOptions()

    /**
     * @param name The _unique_ name of the resulting resource.
     */
    public fun name(`value`: String) {
        this.name = value
    }

    /**
     * @param block The arguments to use to populate this resource's properties.
     */
    public suspend fun args(block: suspend PolicyArgsBuilder.() -> Unit) {
        val builder = PolicyArgsBuilder()
        block(builder)
        this.args = builder.build()
    }

    /**
     * @param block A bag of options that control this resource's behavior.
     */
    public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
        this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
    }

    internal fun build(): Policy {
        val builtJavaResource = com.pulumi.gcp.orgpolicy.Policy(
            this.name,
            this.args.toJava(),
            this.opts.toJava(),
        )
        return Policy(builtJavaResource)
    }
}

/**
 * An organization policy gives you programmatic control over your organization's cloud resources.  Using Organization Policies, you will be able to configure constraints across your entire resource hierarchy.
 * For more information, see:
 * * [Understanding Org Policy concepts](https://cloud.google.com/resource-manager/docs/organization-policy/overview)
 * * [The resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy)
 * * [All valid constraints](https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints)
 * ## Example Usage
 * ### Enforce_policy
 * A test of an enforce orgpolicy policy for a project
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const basic = new gcp.organizations.Project("basic", {
 *     projectId: "id",
 *     name: "id",
 *     orgId: "123456789",
 * });
 * const primary = new gcp.orgpolicy.Policy("primary", {
 *     name: pulumi.interpolate`projects/${basic.name}/policies/iam.disableServiceAccountKeyUpload`,
 *     parent: pulumi.interpolate`projects/${basic.name}`,
 *     spec: {
 *         rules: [{
 *             enforce: "FALSE",
 *         }],
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * basic = gcp.organizations.Project("basic",
 *     project_id="id",
 *     name="id",
 *     org_id="123456789")
 * primary = gcp.orgpolicy.Policy("primary",
 *     name=basic.name.apply(lambda name: f"projects/{name}/policies/iam.disableServiceAccountKeyUpload"),
 *     parent=basic.name.apply(lambda name: f"projects/{name}"),
 *     spec=gcp.orgpolicy.PolicySpecArgs(
 *         rules=[gcp.orgpolicy.PolicySpecRuleArgs(
 *             enforce="FALSE",
 *         )],
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var basic = new Gcp.Organizations.Project("basic", new()
 *     {
 *         ProjectId = "id",
 *         Name = "id",
 *         OrgId = "123456789",
 *     });
 *     var primary = new Gcp.OrgPolicy.Policy("primary", new()
 *     {
 *         Name = basic.Name.Apply(name => $"projects/{name}/policies/iam.disableServiceAccountKeyUpload"),
 *         Parent = basic.Name.Apply(name => $"projects/{name}"),
 *         Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
 *         {
 *             Rules = new[]
 *             {
 *                 new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
 *                 {
 *                     Enforce = "FALSE",
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
 * 			ProjectId: pulumi.String("id"),
 * 			Name:      pulumi.String("id"),
 * 			OrgId:     pulumi.String("123456789"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
 * 			Name: basic.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("projects/%v/policies/iam.disableServiceAccountKeyUpload", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Parent: basic.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("projects/%v", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Spec: &orgpolicy.PolicySpecArgs{
 * 				Rules: orgpolicy.PolicySpecRuleArray{
 * 					&orgpolicy.PolicySpecRuleArgs{
 * 						Enforce: pulumi.String("FALSE"),
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.organizations.Project;
 * import com.pulumi.gcp.organizations.ProjectArgs;
 * import com.pulumi.gcp.orgpolicy.Policy;
 * import com.pulumi.gcp.orgpolicy.PolicyArgs;
 * import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var basic = new Project("basic", ProjectArgs.builder()
 *             .projectId("id")
 *             .name("id")
 *             .orgId("123456789")
 *             .build());
 *         var primary = new Policy("primary", PolicyArgs.builder()
 *             .name(basic.name().applyValue(name -> String.format("projects/%s/policies/iam.disableServiceAccountKeyUpload", name)))
 *             .parent(basic.name().applyValue(name -> String.format("projects/%s", name)))
 *             .spec(PolicySpecArgs.builder()
 *                 .rules(PolicySpecRuleArgs.builder()
 *                     .enforce("FALSE")
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   primary:
 *     type: gcp:orgpolicy:Policy
 *     properties:
 *       name: projects/${basic.name}/policies/iam.disableServiceAccountKeyUpload
 *       parent: projects/${basic.name}
 *       spec:
 *         rules:
 *           - enforce: FALSE
 *   basic:
 *     type: gcp:organizations:Project
 *     properties:
 *       projectId: id
 *       name: id
 *       orgId: '123456789'
 * ```
 * 
 * ### Folder_policy
 * A test of an orgpolicy policy for a folder
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const basic = new gcp.organizations.Folder("basic", {
 *     parent: "organizations/123456789",
 *     displayName: "folder",
 * });
 * const primary = new gcp.orgpolicy.Policy("primary", {
 *     name: pulumi.interpolate`${basic.name}/policies/gcp.resourceLocations`,
 *     parent: basic.name,
 *     spec: {
 *         inheritFromParent: true,
 *         rules: [{
 *             denyAll: "TRUE",
 *         }],
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * basic = gcp.organizations.Folder("basic",
 *     parent="organizations/123456789",
 *     display_name="folder")
 * primary = gcp.orgpolicy.Policy("primary",
 *     name=basic.name.apply(lambda name: f"{name}/policies/gcp.resourceLocations"),
 *     parent=basic.name,
 *     spec=gcp.orgpolicy.PolicySpecArgs(
 *         inherit_from_parent=True,
 *         rules=[gcp.orgpolicy.PolicySpecRuleArgs(
 *             deny_all="TRUE",
 *         )],
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var basic = new Gcp.Organizations.Folder("basic", new()
 *     {
 *         Parent = "organizations/123456789",
 *         DisplayName = "folder",
 *     });
 *     var primary = new Gcp.OrgPolicy.Policy("primary", new()
 *     {
 *         Name = basic.Name.Apply(name => $"{name}/policies/gcp.resourceLocations"),
 *         Parent = basic.Name,
 *         Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
 *         {
 *             InheritFromParent = true,
 *             Rules = new[]
 *             {
 *                 new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
 *                 {
 *                     DenyAll = "TRUE",
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		basic, err := organizations.NewFolder(ctx, "basic", &organizations.FolderArgs{
 * 			Parent:      pulumi.String("organizations/123456789"),
 * 			DisplayName: pulumi.String("folder"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
 * 			Name: basic.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("%v/policies/gcp.resourceLocations", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Parent: basic.Name,
 * 			Spec: &orgpolicy.PolicySpecArgs{
 * 				InheritFromParent: pulumi.Bool(true),
 * 				Rules: orgpolicy.PolicySpecRuleArray{
 * 					&orgpolicy.PolicySpecRuleArgs{
 * 						DenyAll: pulumi.String("TRUE"),
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.organizations.Folder;
 * import com.pulumi.gcp.organizations.FolderArgs;
 * import com.pulumi.gcp.orgpolicy.Policy;
 * import com.pulumi.gcp.orgpolicy.PolicyArgs;
 * import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var basic = new Folder("basic", FolderArgs.builder()
 *             .parent("organizations/123456789")
 *             .displayName("folder")
 *             .build());
 *         var primary = new Policy("primary", PolicyArgs.builder()
 *             .name(basic.name().applyValue(name -> String.format("%s/policies/gcp.resourceLocations", name)))
 *             .parent(basic.name())
 *             .spec(PolicySpecArgs.builder()
 *                 .inheritFromParent(true)
 *                 .rules(PolicySpecRuleArgs.builder()
 *                     .denyAll("TRUE")
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   primary:
 *     type: gcp:orgpolicy:Policy
 *     properties:
 *       name: ${basic.name}/policies/gcp.resourceLocations
 *       parent: ${basic.name}
 *       spec:
 *         inheritFromParent: true
 *         rules:
 *           - denyAll: TRUE
 *   basic:
 *     type: gcp:organizations:Folder
 *     properties:
 *       parent: organizations/123456789
 *       displayName: folder
 * ```
 * 
 * ### Organization_policy
 * A test of an orgpolicy policy for an organization
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const primary = new gcp.orgpolicy.Policy("primary", {
 *     name: "organizations/123456789/policies/gcp.detailedAuditLoggingMode",
 *     parent: "organizations/123456789",
 *     spec: {
 *         reset: true,
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * primary = gcp.orgpolicy.Policy("primary",
 *     name="organizations/123456789/policies/gcp.detailedAuditLoggingMode",
 *     parent="organizations/123456789",
 *     spec=gcp.orgpolicy.PolicySpecArgs(
 *         reset=True,
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var primary = new Gcp.OrgPolicy.Policy("primary", new()
 *     {
 *         Name = "organizations/123456789/policies/gcp.detailedAuditLoggingMode",
 *         Parent = "organizations/123456789",
 *         Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
 *         {
 *             Reset = true,
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
 * 			Name:   pulumi.String("organizations/123456789/policies/gcp.detailedAuditLoggingMode"),
 * 			Parent: pulumi.String("organizations/123456789"),
 * 			Spec: &orgpolicy.PolicySpecArgs{
 * 				Reset: pulumi.Bool(true),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.orgpolicy.Policy;
 * import com.pulumi.gcp.orgpolicy.PolicyArgs;
 * import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var primary = new Policy("primary", PolicyArgs.builder()
 *             .name("organizations/123456789/policies/gcp.detailedAuditLoggingMode")
 *             .parent("organizations/123456789")
 *             .spec(PolicySpecArgs.builder()
 *                 .reset(true)
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   primary:
 *     type: gcp:orgpolicy:Policy
 *     properties:
 *       name: organizations/123456789/policies/gcp.detailedAuditLoggingMode
 *       parent: organizations/123456789
 *       spec:
 *         reset: true
 * ```
 * 
 * ### Project_policy
 * A test of an orgpolicy policy for a project
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const basic = new gcp.organizations.Project("basic", {
 *     projectId: "id",
 *     name: "id",
 *     orgId: "123456789",
 * });
 * const primary = new gcp.orgpolicy.Policy("primary", {
 *     name: pulumi.interpolate`projects/${basic.name}/policies/gcp.resourceLocations`,
 *     parent: pulumi.interpolate`projects/${basic.name}`,
 *     spec: {
 *         rules: [
 *             {
 *                 condition: {
 *                     description: "A sample condition for the policy",
 *                     expression: "resource.matchLabels('labelKeys/123', 'labelValues/345')",
 *                     location: "sample-location.log",
 *                     title: "sample-condition",
 *                 },
 *                 values: {
 *                     allowedValues: ["projects/allowed-project"],
 *                     deniedValues: ["projects/denied-project"],
 *                 },
 *             },
 *             {
 *                 allowAll: "TRUE",
 *             },
 *         ],
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * basic = gcp.organizations.Project("basic",
 *     project_id="id",
 *     name="id",
 *     org_id="123456789")
 * primary = gcp.orgpolicy.Policy("primary",
 *     name=basic.name.apply(lambda name: f"projects/{name}/policies/gcp.resourceLocations"),
 *     parent=basic.name.apply(lambda name: f"projects/{name}"),
 *     spec=gcp.orgpolicy.PolicySpecArgs(
 *         rules=[
 *             gcp.orgpolicy.PolicySpecRuleArgs(
 *                 condition=gcp.orgpolicy.PolicySpecRuleConditionArgs(
 *                     description="A sample condition for the policy",
 *                     expression="resource.matchLabels('labelKeys/123', 'labelValues/345')",
 *                     location="sample-location.log",
 *                     title="sample-condition",
 *                 ),
 *                 values=gcp.orgpolicy.PolicySpecRuleValuesArgs(
 *                     allowed_values=["projects/allowed-project"],
 *                     denied_values=["projects/denied-project"],
 *                 ),
 *             ),
 *             gcp.orgpolicy.PolicySpecRuleArgs(
 *                 allow_all="TRUE",
 *             ),
 *         ],
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var basic = new Gcp.Organizations.Project("basic", new()
 *     {
 *         ProjectId = "id",
 *         Name = "id",
 *         OrgId = "123456789",
 *     });
 *     var primary = new Gcp.OrgPolicy.Policy("primary", new()
 *     {
 *         Name = basic.Name.Apply(name => $"projects/{name}/policies/gcp.resourceLocations"),
 *         Parent = basic.Name.Apply(name => $"projects/{name}"),
 *         Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
 *         {
 *             Rules = new[]
 *             {
 *                 new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
 *                 {
 *                     Condition = new Gcp.OrgPolicy.Inputs.PolicySpecRuleConditionArgs
 *                     {
 *                         Description = "A sample condition for the policy",
 *                         Expression = "resource.matchLabels('labelKeys/123', 'labelValues/345')",
 *                         Location = "sample-location.log",
 *                         Title = "sample-condition",
 *                     },
 *                     Values = new Gcp.OrgPolicy.Inputs.PolicySpecRuleValuesArgs
 *                     {
 *                         AllowedValues = new[]
 *                         {
 *                             "projects/allowed-project",
 *                         },
 *                         DeniedValues = new[]
 *                         {
 *                             "projects/denied-project",
 *                         },
 *                     },
 *                 },
 *                 new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
 *                 {
 *                     AllowAll = "TRUE",
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
 * 			ProjectId: pulumi.String("id"),
 * 			Name:      pulumi.String("id"),
 * 			OrgId:     pulumi.String("123456789"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
 * 			Name: basic.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("projects/%v/policies/gcp.resourceLocations", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Parent: basic.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("projects/%v", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Spec: &orgpolicy.PolicySpecArgs{
 * 				Rules: orgpolicy.PolicySpecRuleArray{
 * 					&orgpolicy.PolicySpecRuleArgs{
 * 						Condition: &orgpolicy.PolicySpecRuleConditionArgs{
 * 							Description: pulumi.String("A sample condition for the policy"),
 * 							Expression:  pulumi.String("resource.matchLabels('labelKeys/123', 'labelValues/345')"),
 * 							Location:    pulumi.String("sample-location.log"),
 * 							Title:       pulumi.String("sample-condition"),
 * 						},
 * 						Values: &orgpolicy.PolicySpecRuleValuesArgs{
 * 							AllowedValues: pulumi.StringArray{
 * 								pulumi.String("projects/allowed-project"),
 * 							},
 * 							DeniedValues: pulumi.StringArray{
 * 								pulumi.String("projects/denied-project"),
 * 							},
 * 						},
 * 					},
 * 					&orgpolicy.PolicySpecRuleArgs{
 * 						AllowAll: pulumi.String("TRUE"),
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.organizations.Project;
 * import com.pulumi.gcp.organizations.ProjectArgs;
 * import com.pulumi.gcp.orgpolicy.Policy;
 * import com.pulumi.gcp.orgpolicy.PolicyArgs;
 * import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var basic = new Project("basic", ProjectArgs.builder()
 *             .projectId("id")
 *             .name("id")
 *             .orgId("123456789")
 *             .build());
 *         var primary = new Policy("primary", PolicyArgs.builder()
 *             .name(basic.name().applyValue(name -> String.format("projects/%s/policies/gcp.resourceLocations", name)))
 *             .parent(basic.name().applyValue(name -> String.format("projects/%s", name)))
 *             .spec(PolicySpecArgs.builder()
 *                 .rules(
 *                     PolicySpecRuleArgs.builder()
 *                         .condition(PolicySpecRuleConditionArgs.builder()
 *                             .description("A sample condition for the policy")
 *                             .expression("resource.matchLabels('labelKeys/123', 'labelValues/345')")
 *                             .location("sample-location.log")
 *                             .title("sample-condition")
 *                             .build())
 *                         .values(PolicySpecRuleValuesArgs.builder()
 *                             .allowedValues("projects/allowed-project")
 *                             .deniedValues("projects/denied-project")
 *                             .build())
 *                         .build(),
 *                     PolicySpecRuleArgs.builder()
 *                         .allowAll("TRUE")
 *                         .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   primary:
 *     type: gcp:orgpolicy:Policy
 *     properties:
 *       name: projects/${basic.name}/policies/gcp.resourceLocations
 *       parent: projects/${basic.name}
 *       spec:
 *         rules:
 *           - condition:
 *               description: A sample condition for the policy
 *               expression: resource.matchLabels('labelKeys/123', 'labelValues/345')
 *               location: sample-location.log
 *               title: sample-condition
 *             values:
 *               allowedValues:
 *                 - projects/allowed-project
 *               deniedValues:
 *                 - projects/denied-project
 *           - allowAll: TRUE
 *   basic:
 *     type: gcp:organizations:Project
 *     properties:
 *       projectId: id
 *       name: id
 *       orgId: '123456789'
 * ```
 * 
 * ### Dry_run_spec
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const constraint = new gcp.orgpolicy.CustomConstraint("constraint", {
 *     name: "custom.disableGkeAutoUpgrade_87786",
 *     parent: "organizations/123456789",
 *     displayName: "Disable GKE auto upgrade",
 *     description: "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
 *     actionType: "ALLOW",
 *     condition: "resource.management.autoUpgrade == false",
 *     methodTypes: ["CREATE"],
 *     resourceTypes: ["container.googleapis.com/NodePool"],
 * });
 * const primary = new gcp.orgpolicy.Policy("primary", {
 *     name: pulumi.interpolate`organizations/123456789/policies/${constraint.name}`,
 *     parent: "organizations/123456789",
 *     spec: {
 *         rules: [{
 *             enforce: "FALSE",
 *         }],
 *     },
 *     dryRunSpec: {
 *         inheritFromParent: false,
 *         reset: false,
 *         rules: [{
 *             enforce: "FALSE",
 *         }],
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * constraint = gcp.orgpolicy.CustomConstraint("constraint",
 *     name="custom.disableGkeAutoUpgrade_87786",
 *     parent="organizations/123456789",
 *     display_name="Disable GKE auto upgrade",
 *     description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
 *     action_type="ALLOW",
 *     condition="resource.management.autoUpgrade == false",
 *     method_types=["CREATE"],
 *     resource_types=["container.googleapis.com/NodePool"])
 * primary = gcp.orgpolicy.Policy("primary",
 *     name=constraint.name.apply(lambda name: f"organizations/123456789/policies/{name}"),
 *     parent="organizations/123456789",
 *     spec=gcp.orgpolicy.PolicySpecArgs(
 *         rules=[gcp.orgpolicy.PolicySpecRuleArgs(
 *             enforce="FALSE",
 *         )],
 *     ),
 *     dry_run_spec=gcp.orgpolicy.PolicyDryRunSpecArgs(
 *         inherit_from_parent=False,
 *         reset=False,
 *         rules=[gcp.orgpolicy.PolicyDryRunSpecRuleArgs(
 *             enforce="FALSE",
 *         )],
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var constraint = new Gcp.OrgPolicy.CustomConstraint("constraint", new()
 *     {
 *         Name = "custom.disableGkeAutoUpgrade_87786",
 *         Parent = "organizations/123456789",
 *         DisplayName = "Disable GKE auto upgrade",
 *         Description = "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
 *         ActionType = "ALLOW",
 *         Condition = "resource.management.autoUpgrade == false",
 *         MethodTypes = new[]
 *         {
 *             "CREATE",
 *         },
 *         ResourceTypes = new[]
 *         {
 *             "container.googleapis.com/NodePool",
 *         },
 *     });
 *     var primary = new Gcp.OrgPolicy.Policy("primary", new()
 *     {
 *         Name = constraint.Name.Apply(name => $"organizations/123456789/policies/{name}"),
 *         Parent = "organizations/123456789",
 *         Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
 *         {
 *             Rules = new[]
 *             {
 *                 new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
 *                 {
 *                     Enforce = "FALSE",
 *                 },
 *             },
 *         },
 *         DryRunSpec = new Gcp.OrgPolicy.Inputs.PolicyDryRunSpecArgs
 *         {
 *             InheritFromParent = false,
 *             Reset = false,
 *             Rules = new[]
 *             {
 *                 new Gcp.OrgPolicy.Inputs.PolicyDryRunSpecRuleArgs
 *                 {
 *                     Enforce = "FALSE",
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		constraint, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
 * 			Name:        pulumi.String("custom.disableGkeAutoUpgrade_87786"),
 * 			Parent:      pulumi.String("organizations/123456789"),
 * 			DisplayName: pulumi.String("Disable GKE auto upgrade"),
 * 			Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
 * 			ActionType:  pulumi.String("ALLOW"),
 * 			Condition:   pulumi.String("resource.management.autoUpgrade == false"),
 * 			MethodTypes: pulumi.StringArray{
 * 				pulumi.String("CREATE"),
 * 			},
 * 			ResourceTypes: pulumi.StringArray{
 * 				pulumi.String("container.googleapis.com/NodePool"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
 * 			Name: constraint.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("organizations/123456789/policies/%v", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Parent: pulumi.String("organizations/123456789"),
 * 			Spec: &orgpolicy.PolicySpecArgs{
 * 				Rules: orgpolicy.PolicySpecRuleArray{
 * 					&orgpolicy.PolicySpecRuleArgs{
 * 						Enforce: pulumi.String("FALSE"),
 * 					},
 * 				},
 * 			},
 * 			DryRunSpec: &orgpolicy.PolicyDryRunSpecArgs{
 * 				InheritFromParent: pulumi.Bool(false),
 * 				Reset:             pulumi.Bool(false),
 * 				Rules: orgpolicy.PolicyDryRunSpecRuleArray{
 * 					&orgpolicy.PolicyDryRunSpecRuleArgs{
 * 						Enforce: pulumi.String("FALSE"),
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.orgpolicy.CustomConstraint;
 * import com.pulumi.gcp.orgpolicy.CustomConstraintArgs;
 * import com.pulumi.gcp.orgpolicy.Policy;
 * import com.pulumi.gcp.orgpolicy.PolicyArgs;
 * import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
 * import com.pulumi.gcp.orgpolicy.inputs.PolicyDryRunSpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var constraint = new CustomConstraint("constraint", CustomConstraintArgs.builder()
 *             .name("custom.disableGkeAutoUpgrade_87786")
 *             .parent("organizations/123456789")
 *             .displayName("Disable GKE auto upgrade")
 *             .description("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.")
 *             .actionType("ALLOW")
 *             .condition("resource.management.autoUpgrade == false")
 *             .methodTypes("CREATE")
 *             .resourceTypes("container.googleapis.com/NodePool")
 *             .build());
 *         var primary = new Policy("primary", PolicyArgs.builder()
 *             .name(constraint.name().applyValue(name -> String.format("organizations/123456789/policies/%s", name)))
 *             .parent("organizations/123456789")
 *             .spec(PolicySpecArgs.builder()
 *                 .rules(PolicySpecRuleArgs.builder()
 *                     .enforce("FALSE")
 *                     .build())
 *                 .build())
 *             .dryRunSpec(PolicyDryRunSpecArgs.builder()
 *                 .inheritFromParent(false)
 *                 .reset(false)
 *                 .rules(PolicyDryRunSpecRuleArgs.builder()
 *                     .enforce("FALSE")
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   constraint:
 *     type: gcp:orgpolicy:CustomConstraint
 *     properties:
 *       name: custom.disableGkeAutoUpgrade_87786
 *       parent: organizations/123456789
 *       displayName: Disable GKE auto upgrade
 *       description: Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.
 *       actionType: ALLOW
 *       condition: resource.management.autoUpgrade == false
 *       methodTypes:
 *         - CREATE
 *       resourceTypes:
 *         - container.googleapis.com/NodePool
 *   primary:
 *     type: gcp:orgpolicy:Policy
 *     properties:
 *       name: organizations/123456789/policies/${constraint.name}
 *       parent: organizations/123456789
 *       spec:
 *         rules:
 *           - enforce: FALSE
 *       dryRunSpec:
 *         inheritFromParent: false
 *         reset: false
 *         rules:
 *           - enforce: FALSE
 * ```
 * 
 * ## Import
 * Policy can be imported using any of these accepted formats:
 * * `{{parent}}/policies/{{name}}`
 * When using the `pulumi import` command, Policy can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:orgpolicy/policy:Policy default {{parent}}/policies/{{name}}
 * ```
 */
public class Policy internal constructor(
    override val javaResource: com.pulumi.gcp.orgpolicy.Policy,
) : KotlinCustomResource(javaResource, PolicyMapper) {
    /**
     * Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
     */
    public val dryRunSpec: Output?
        get() = javaResource.dryRunSpec().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.let({ args0 ->
                    policyDryRunSpecToKotlin(args0)
                })
            }).orElse(null)
        })

    /**
     * Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
     */
    public val etag: Output
        get() = javaResource.etag().applyValue({ args0 -> args0 })

    /**
     * Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
     */
    public val name: Output
        get() = javaResource.name().applyValue({ args0 -> args0 })

    /**
     * The parent of the resource.
     * - - -
     */
    public val parent: Output
        get() = javaResource.parent().applyValue({ args0 -> args0 })

    /**
     * Basic information about the Organization Policy.
     */
    public val spec: Output?
        get() = javaResource.spec().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.let({ args0 ->
                    policySpecToKotlin(args0)
                })
            }).orElse(null)
        })
}

public object PolicyMapper : ResourceMapper {
    override fun supportsMappingOfType(javaResource: Resource): Boolean =
        com.pulumi.gcp.orgpolicy.Policy::class == javaResource::class

    override fun map(javaResource: Resource): Policy = Policy(
        javaResource as
            com.pulumi.gcp.orgpolicy.Policy,
    )
}

/**
 * @see [Policy].
 * @param name The _unique_ name of the resulting resource.
 * @param block Builder for [Policy].
 */
public suspend fun policy(name: String, block: suspend PolicyResourceBuilder.() -> Unit): Policy {
    val builder = PolicyResourceBuilder()
    builder.name(name)
    block(builder)
    return builder.build()
}

/**
 * @see [Policy].
 * @param name The _unique_ name of the resulting resource.
 */
public fun policy(name: String): Policy {
    val builder = PolicyResourceBuilder()
    builder.name(name)
    return builder.build()
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy