All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.orgpolicy.kotlin.PolicyArgs.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.orgpolicy.kotlin

import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.orgpolicy.PolicyArgs.builder
import com.pulumi.gcp.orgpolicy.kotlin.inputs.PolicyDryRunSpecArgs
import com.pulumi.gcp.orgpolicy.kotlin.inputs.PolicyDryRunSpecArgsBuilder
import com.pulumi.gcp.orgpolicy.kotlin.inputs.PolicySpecArgs
import com.pulumi.gcp.orgpolicy.kotlin.inputs.PolicySpecArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.jvm.JvmName

/**
 * An organization policy gives you programmatic control over your organization's cloud resources.  Using Organization Policies, you will be able to configure constraints across your entire resource hierarchy.
 * For more information, see:
 * * [Understanding Org Policy concepts](https://cloud.google.com/resource-manager/docs/organization-policy/overview)
 * * [The resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy)
 * * [All valid constraints](https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints)
 * ## Example Usage
 * ### Enforce_policy
 * A test of an enforce orgpolicy policy for a project
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const basic = new gcp.organizations.Project("basic", {
 *     projectId: "id",
 *     name: "id",
 *     orgId: "123456789",
 * });
 * const primary = new gcp.orgpolicy.Policy("primary", {
 *     name: pulumi.interpolate`projects/${basic.name}/policies/iam.disableServiceAccountKeyUpload`,
 *     parent: pulumi.interpolate`projects/${basic.name}`,
 *     spec: {
 *         rules: [{
 *             enforce: "FALSE",
 *         }],
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * basic = gcp.organizations.Project("basic",
 *     project_id="id",
 *     name="id",
 *     org_id="123456789")
 * primary = gcp.orgpolicy.Policy("primary",
 *     name=basic.name.apply(lambda name: f"projects/{name}/policies/iam.disableServiceAccountKeyUpload"),
 *     parent=basic.name.apply(lambda name: f"projects/{name}"),
 *     spec=gcp.orgpolicy.PolicySpecArgs(
 *         rules=[gcp.orgpolicy.PolicySpecRuleArgs(
 *             enforce="FALSE",
 *         )],
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var basic = new Gcp.Organizations.Project("basic", new()
 *     {
 *         ProjectId = "id",
 *         Name = "id",
 *         OrgId = "123456789",
 *     });
 *     var primary = new Gcp.OrgPolicy.Policy("primary", new()
 *     {
 *         Name = basic.Name.Apply(name => $"projects/{name}/policies/iam.disableServiceAccountKeyUpload"),
 *         Parent = basic.Name.Apply(name => $"projects/{name}"),
 *         Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
 *         {
 *             Rules = new[]
 *             {
 *                 new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
 *                 {
 *                     Enforce = "FALSE",
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
 * 			ProjectId: pulumi.String("id"),
 * 			Name:      pulumi.String("id"),
 * 			OrgId:     pulumi.String("123456789"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
 * 			Name: basic.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("projects/%v/policies/iam.disableServiceAccountKeyUpload", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Parent: basic.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("projects/%v", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Spec: &orgpolicy.PolicySpecArgs{
 * 				Rules: orgpolicy.PolicySpecRuleArray{
 * 					&orgpolicy.PolicySpecRuleArgs{
 * 						Enforce: pulumi.String("FALSE"),
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.organizations.Project;
 * import com.pulumi.gcp.organizations.ProjectArgs;
 * import com.pulumi.gcp.orgpolicy.Policy;
 * import com.pulumi.gcp.orgpolicy.PolicyArgs;
 * import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var basic = new Project("basic", ProjectArgs.builder()
 *             .projectId("id")
 *             .name("id")
 *             .orgId("123456789")
 *             .build());
 *         var primary = new Policy("primary", PolicyArgs.builder()
 *             .name(basic.name().applyValue(name -> String.format("projects/%s/policies/iam.disableServiceAccountKeyUpload", name)))
 *             .parent(basic.name().applyValue(name -> String.format("projects/%s", name)))
 *             .spec(PolicySpecArgs.builder()
 *                 .rules(PolicySpecRuleArgs.builder()
 *                     .enforce("FALSE")
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   primary:
 *     type: gcp:orgpolicy:Policy
 *     properties:
 *       name: projects/${basic.name}/policies/iam.disableServiceAccountKeyUpload
 *       parent: projects/${basic.name}
 *       spec:
 *         rules:
 *           - enforce: FALSE
 *   basic:
 *     type: gcp:organizations:Project
 *     properties:
 *       projectId: id
 *       name: id
 *       orgId: '123456789'
 * ```
 * 
 * ### Folder_policy
 * A test of an orgpolicy policy for a folder
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const basic = new gcp.organizations.Folder("basic", {
 *     parent: "organizations/123456789",
 *     displayName: "folder",
 * });
 * const primary = new gcp.orgpolicy.Policy("primary", {
 *     name: pulumi.interpolate`${basic.name}/policies/gcp.resourceLocations`,
 *     parent: basic.name,
 *     spec: {
 *         inheritFromParent: true,
 *         rules: [{
 *             denyAll: "TRUE",
 *         }],
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * basic = gcp.organizations.Folder("basic",
 *     parent="organizations/123456789",
 *     display_name="folder")
 * primary = gcp.orgpolicy.Policy("primary",
 *     name=basic.name.apply(lambda name: f"{name}/policies/gcp.resourceLocations"),
 *     parent=basic.name,
 *     spec=gcp.orgpolicy.PolicySpecArgs(
 *         inherit_from_parent=True,
 *         rules=[gcp.orgpolicy.PolicySpecRuleArgs(
 *             deny_all="TRUE",
 *         )],
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var basic = new Gcp.Organizations.Folder("basic", new()
 *     {
 *         Parent = "organizations/123456789",
 *         DisplayName = "folder",
 *     });
 *     var primary = new Gcp.OrgPolicy.Policy("primary", new()
 *     {
 *         Name = basic.Name.Apply(name => $"{name}/policies/gcp.resourceLocations"),
 *         Parent = basic.Name,
 *         Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
 *         {
 *             InheritFromParent = true,
 *             Rules = new[]
 *             {
 *                 new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
 *                 {
 *                     DenyAll = "TRUE",
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		basic, err := organizations.NewFolder(ctx, "basic", &organizations.FolderArgs{
 * 			Parent:      pulumi.String("organizations/123456789"),
 * 			DisplayName: pulumi.String("folder"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
 * 			Name: basic.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("%v/policies/gcp.resourceLocations", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Parent: basic.Name,
 * 			Spec: &orgpolicy.PolicySpecArgs{
 * 				InheritFromParent: pulumi.Bool(true),
 * 				Rules: orgpolicy.PolicySpecRuleArray{
 * 					&orgpolicy.PolicySpecRuleArgs{
 * 						DenyAll: pulumi.String("TRUE"),
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.organizations.Folder;
 * import com.pulumi.gcp.organizations.FolderArgs;
 * import com.pulumi.gcp.orgpolicy.Policy;
 * import com.pulumi.gcp.orgpolicy.PolicyArgs;
 * import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var basic = new Folder("basic", FolderArgs.builder()
 *             .parent("organizations/123456789")
 *             .displayName("folder")
 *             .build());
 *         var primary = new Policy("primary", PolicyArgs.builder()
 *             .name(basic.name().applyValue(name -> String.format("%s/policies/gcp.resourceLocations", name)))
 *             .parent(basic.name())
 *             .spec(PolicySpecArgs.builder()
 *                 .inheritFromParent(true)
 *                 .rules(PolicySpecRuleArgs.builder()
 *                     .denyAll("TRUE")
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   primary:
 *     type: gcp:orgpolicy:Policy
 *     properties:
 *       name: ${basic.name}/policies/gcp.resourceLocations
 *       parent: ${basic.name}
 *       spec:
 *         inheritFromParent: true
 *         rules:
 *           - denyAll: TRUE
 *   basic:
 *     type: gcp:organizations:Folder
 *     properties:
 *       parent: organizations/123456789
 *       displayName: folder
 * ```
 * 
 * ### Organization_policy
 * A test of an orgpolicy policy for an organization
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const primary = new gcp.orgpolicy.Policy("primary", {
 *     name: "organizations/123456789/policies/gcp.detailedAuditLoggingMode",
 *     parent: "organizations/123456789",
 *     spec: {
 *         reset: true,
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * primary = gcp.orgpolicy.Policy("primary",
 *     name="organizations/123456789/policies/gcp.detailedAuditLoggingMode",
 *     parent="organizations/123456789",
 *     spec=gcp.orgpolicy.PolicySpecArgs(
 *         reset=True,
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var primary = new Gcp.OrgPolicy.Policy("primary", new()
 *     {
 *         Name = "organizations/123456789/policies/gcp.detailedAuditLoggingMode",
 *         Parent = "organizations/123456789",
 *         Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
 *         {
 *             Reset = true,
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
 * 			Name:   pulumi.String("organizations/123456789/policies/gcp.detailedAuditLoggingMode"),
 * 			Parent: pulumi.String("organizations/123456789"),
 * 			Spec: &orgpolicy.PolicySpecArgs{
 * 				Reset: pulumi.Bool(true),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.orgpolicy.Policy;
 * import com.pulumi.gcp.orgpolicy.PolicyArgs;
 * import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var primary = new Policy("primary", PolicyArgs.builder()
 *             .name("organizations/123456789/policies/gcp.detailedAuditLoggingMode")
 *             .parent("organizations/123456789")
 *             .spec(PolicySpecArgs.builder()
 *                 .reset(true)
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   primary:
 *     type: gcp:orgpolicy:Policy
 *     properties:
 *       name: organizations/123456789/policies/gcp.detailedAuditLoggingMode
 *       parent: organizations/123456789
 *       spec:
 *         reset: true
 * ```
 * 
 * ### Project_policy
 * A test of an orgpolicy policy for a project
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const basic = new gcp.organizations.Project("basic", {
 *     projectId: "id",
 *     name: "id",
 *     orgId: "123456789",
 * });
 * const primary = new gcp.orgpolicy.Policy("primary", {
 *     name: pulumi.interpolate`projects/${basic.name}/policies/gcp.resourceLocations`,
 *     parent: pulumi.interpolate`projects/${basic.name}`,
 *     spec: {
 *         rules: [
 *             {
 *                 condition: {
 *                     description: "A sample condition for the policy",
 *                     expression: "resource.matchLabels('labelKeys/123', 'labelValues/345')",
 *                     location: "sample-location.log",
 *                     title: "sample-condition",
 *                 },
 *                 values: {
 *                     allowedValues: ["projects/allowed-project"],
 *                     deniedValues: ["projects/denied-project"],
 *                 },
 *             },
 *             {
 *                 allowAll: "TRUE",
 *             },
 *         ],
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * basic = gcp.organizations.Project("basic",
 *     project_id="id",
 *     name="id",
 *     org_id="123456789")
 * primary = gcp.orgpolicy.Policy("primary",
 *     name=basic.name.apply(lambda name: f"projects/{name}/policies/gcp.resourceLocations"),
 *     parent=basic.name.apply(lambda name: f"projects/{name}"),
 *     spec=gcp.orgpolicy.PolicySpecArgs(
 *         rules=[
 *             gcp.orgpolicy.PolicySpecRuleArgs(
 *                 condition=gcp.orgpolicy.PolicySpecRuleConditionArgs(
 *                     description="A sample condition for the policy",
 *                     expression="resource.matchLabels('labelKeys/123', 'labelValues/345')",
 *                     location="sample-location.log",
 *                     title="sample-condition",
 *                 ),
 *                 values=gcp.orgpolicy.PolicySpecRuleValuesArgs(
 *                     allowed_values=["projects/allowed-project"],
 *                     denied_values=["projects/denied-project"],
 *                 ),
 *             ),
 *             gcp.orgpolicy.PolicySpecRuleArgs(
 *                 allow_all="TRUE",
 *             ),
 *         ],
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var basic = new Gcp.Organizations.Project("basic", new()
 *     {
 *         ProjectId = "id",
 *         Name = "id",
 *         OrgId = "123456789",
 *     });
 *     var primary = new Gcp.OrgPolicy.Policy("primary", new()
 *     {
 *         Name = basic.Name.Apply(name => $"projects/{name}/policies/gcp.resourceLocations"),
 *         Parent = basic.Name.Apply(name => $"projects/{name}"),
 *         Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
 *         {
 *             Rules = new[]
 *             {
 *                 new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
 *                 {
 *                     Condition = new Gcp.OrgPolicy.Inputs.PolicySpecRuleConditionArgs
 *                     {
 *                         Description = "A sample condition for the policy",
 *                         Expression = "resource.matchLabels('labelKeys/123', 'labelValues/345')",
 *                         Location = "sample-location.log",
 *                         Title = "sample-condition",
 *                     },
 *                     Values = new Gcp.OrgPolicy.Inputs.PolicySpecRuleValuesArgs
 *                     {
 *                         AllowedValues = new[]
 *                         {
 *                             "projects/allowed-project",
 *                         },
 *                         DeniedValues = new[]
 *                         {
 *                             "projects/denied-project",
 *                         },
 *                     },
 *                 },
 *                 new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
 *                 {
 *                     AllowAll = "TRUE",
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
 * 			ProjectId: pulumi.String("id"),
 * 			Name:      pulumi.String("id"),
 * 			OrgId:     pulumi.String("123456789"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
 * 			Name: basic.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("projects/%v/policies/gcp.resourceLocations", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Parent: basic.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("projects/%v", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Spec: &orgpolicy.PolicySpecArgs{
 * 				Rules: orgpolicy.PolicySpecRuleArray{
 * 					&orgpolicy.PolicySpecRuleArgs{
 * 						Condition: &orgpolicy.PolicySpecRuleConditionArgs{
 * 							Description: pulumi.String("A sample condition for the policy"),
 * 							Expression:  pulumi.String("resource.matchLabels('labelKeys/123', 'labelValues/345')"),
 * 							Location:    pulumi.String("sample-location.log"),
 * 							Title:       pulumi.String("sample-condition"),
 * 						},
 * 						Values: &orgpolicy.PolicySpecRuleValuesArgs{
 * 							AllowedValues: pulumi.StringArray{
 * 								pulumi.String("projects/allowed-project"),
 * 							},
 * 							DeniedValues: pulumi.StringArray{
 * 								pulumi.String("projects/denied-project"),
 * 							},
 * 						},
 * 					},
 * 					&orgpolicy.PolicySpecRuleArgs{
 * 						AllowAll: pulumi.String("TRUE"),
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.organizations.Project;
 * import com.pulumi.gcp.organizations.ProjectArgs;
 * import com.pulumi.gcp.orgpolicy.Policy;
 * import com.pulumi.gcp.orgpolicy.PolicyArgs;
 * import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var basic = new Project("basic", ProjectArgs.builder()
 *             .projectId("id")
 *             .name("id")
 *             .orgId("123456789")
 *             .build());
 *         var primary = new Policy("primary", PolicyArgs.builder()
 *             .name(basic.name().applyValue(name -> String.format("projects/%s/policies/gcp.resourceLocations", name)))
 *             .parent(basic.name().applyValue(name -> String.format("projects/%s", name)))
 *             .spec(PolicySpecArgs.builder()
 *                 .rules(
 *                     PolicySpecRuleArgs.builder()
 *                         .condition(PolicySpecRuleConditionArgs.builder()
 *                             .description("A sample condition for the policy")
 *                             .expression("resource.matchLabels('labelKeys/123', 'labelValues/345')")
 *                             .location("sample-location.log")
 *                             .title("sample-condition")
 *                             .build())
 *                         .values(PolicySpecRuleValuesArgs.builder()
 *                             .allowedValues("projects/allowed-project")
 *                             .deniedValues("projects/denied-project")
 *                             .build())
 *                         .build(),
 *                     PolicySpecRuleArgs.builder()
 *                         .allowAll("TRUE")
 *                         .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   primary:
 *     type: gcp:orgpolicy:Policy
 *     properties:
 *       name: projects/${basic.name}/policies/gcp.resourceLocations
 *       parent: projects/${basic.name}
 *       spec:
 *         rules:
 *           - condition:
 *               description: A sample condition for the policy
 *               expression: resource.matchLabels('labelKeys/123', 'labelValues/345')
 *               location: sample-location.log
 *               title: sample-condition
 *             values:
 *               allowedValues:
 *                 - projects/allowed-project
 *               deniedValues:
 *                 - projects/denied-project
 *           - allowAll: TRUE
 *   basic:
 *     type: gcp:organizations:Project
 *     properties:
 *       projectId: id
 *       name: id
 *       orgId: '123456789'
 * ```
 * 
 * ### Dry_run_spec
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const constraint = new gcp.orgpolicy.CustomConstraint("constraint", {
 *     name: "custom.disableGkeAutoUpgrade_87786",
 *     parent: "organizations/123456789",
 *     displayName: "Disable GKE auto upgrade",
 *     description: "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
 *     actionType: "ALLOW",
 *     condition: "resource.management.autoUpgrade == false",
 *     methodTypes: ["CREATE"],
 *     resourceTypes: ["container.googleapis.com/NodePool"],
 * });
 * const primary = new gcp.orgpolicy.Policy("primary", {
 *     name: pulumi.interpolate`organizations/123456789/policies/${constraint.name}`,
 *     parent: "organizations/123456789",
 *     spec: {
 *         rules: [{
 *             enforce: "FALSE",
 *         }],
 *     },
 *     dryRunSpec: {
 *         inheritFromParent: false,
 *         reset: false,
 *         rules: [{
 *             enforce: "FALSE",
 *         }],
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * constraint = gcp.orgpolicy.CustomConstraint("constraint",
 *     name="custom.disableGkeAutoUpgrade_87786",
 *     parent="organizations/123456789",
 *     display_name="Disable GKE auto upgrade",
 *     description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
 *     action_type="ALLOW",
 *     condition="resource.management.autoUpgrade == false",
 *     method_types=["CREATE"],
 *     resource_types=["container.googleapis.com/NodePool"])
 * primary = gcp.orgpolicy.Policy("primary",
 *     name=constraint.name.apply(lambda name: f"organizations/123456789/policies/{name}"),
 *     parent="organizations/123456789",
 *     spec=gcp.orgpolicy.PolicySpecArgs(
 *         rules=[gcp.orgpolicy.PolicySpecRuleArgs(
 *             enforce="FALSE",
 *         )],
 *     ),
 *     dry_run_spec=gcp.orgpolicy.PolicyDryRunSpecArgs(
 *         inherit_from_parent=False,
 *         reset=False,
 *         rules=[gcp.orgpolicy.PolicyDryRunSpecRuleArgs(
 *             enforce="FALSE",
 *         )],
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var constraint = new Gcp.OrgPolicy.CustomConstraint("constraint", new()
 *     {
 *         Name = "custom.disableGkeAutoUpgrade_87786",
 *         Parent = "organizations/123456789",
 *         DisplayName = "Disable GKE auto upgrade",
 *         Description = "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
 *         ActionType = "ALLOW",
 *         Condition = "resource.management.autoUpgrade == false",
 *         MethodTypes = new[]
 *         {
 *             "CREATE",
 *         },
 *         ResourceTypes = new[]
 *         {
 *             "container.googleapis.com/NodePool",
 *         },
 *     });
 *     var primary = new Gcp.OrgPolicy.Policy("primary", new()
 *     {
 *         Name = constraint.Name.Apply(name => $"organizations/123456789/policies/{name}"),
 *         Parent = "organizations/123456789",
 *         Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
 *         {
 *             Rules = new[]
 *             {
 *                 new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
 *                 {
 *                     Enforce = "FALSE",
 *                 },
 *             },
 *         },
 *         DryRunSpec = new Gcp.OrgPolicy.Inputs.PolicyDryRunSpecArgs
 *         {
 *             InheritFromParent = false,
 *             Reset = false,
 *             Rules = new[]
 *             {
 *                 new Gcp.OrgPolicy.Inputs.PolicyDryRunSpecRuleArgs
 *                 {
 *                     Enforce = "FALSE",
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		constraint, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
 * 			Name:        pulumi.String("custom.disableGkeAutoUpgrade_87786"),
 * 			Parent:      pulumi.String("organizations/123456789"),
 * 			DisplayName: pulumi.String("Disable GKE auto upgrade"),
 * 			Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
 * 			ActionType:  pulumi.String("ALLOW"),
 * 			Condition:   pulumi.String("resource.management.autoUpgrade == false"),
 * 			MethodTypes: pulumi.StringArray{
 * 				pulumi.String("CREATE"),
 * 			},
 * 			ResourceTypes: pulumi.StringArray{
 * 				pulumi.String("container.googleapis.com/NodePool"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
 * 			Name: constraint.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("organizations/123456789/policies/%v", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Parent: pulumi.String("organizations/123456789"),
 * 			Spec: &orgpolicy.PolicySpecArgs{
 * 				Rules: orgpolicy.PolicySpecRuleArray{
 * 					&orgpolicy.PolicySpecRuleArgs{
 * 						Enforce: pulumi.String("FALSE"),
 * 					},
 * 				},
 * 			},
 * 			DryRunSpec: &orgpolicy.PolicyDryRunSpecArgs{
 * 				InheritFromParent: pulumi.Bool(false),
 * 				Reset:             pulumi.Bool(false),
 * 				Rules: orgpolicy.PolicyDryRunSpecRuleArray{
 * 					&orgpolicy.PolicyDryRunSpecRuleArgs{
 * 						Enforce: pulumi.String("FALSE"),
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.orgpolicy.CustomConstraint;
 * import com.pulumi.gcp.orgpolicy.CustomConstraintArgs;
 * import com.pulumi.gcp.orgpolicy.Policy;
 * import com.pulumi.gcp.orgpolicy.PolicyArgs;
 * import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
 * import com.pulumi.gcp.orgpolicy.inputs.PolicyDryRunSpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var constraint = new CustomConstraint("constraint", CustomConstraintArgs.builder()
 *             .name("custom.disableGkeAutoUpgrade_87786")
 *             .parent("organizations/123456789")
 *             .displayName("Disable GKE auto upgrade")
 *             .description("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.")
 *             .actionType("ALLOW")
 *             .condition("resource.management.autoUpgrade == false")
 *             .methodTypes("CREATE")
 *             .resourceTypes("container.googleapis.com/NodePool")
 *             .build());
 *         var primary = new Policy("primary", PolicyArgs.builder()
 *             .name(constraint.name().applyValue(name -> String.format("organizations/123456789/policies/%s", name)))
 *             .parent("organizations/123456789")
 *             .spec(PolicySpecArgs.builder()
 *                 .rules(PolicySpecRuleArgs.builder()
 *                     .enforce("FALSE")
 *                     .build())
 *                 .build())
 *             .dryRunSpec(PolicyDryRunSpecArgs.builder()
 *                 .inheritFromParent(false)
 *                 .reset(false)
 *                 .rules(PolicyDryRunSpecRuleArgs.builder()
 *                     .enforce("FALSE")
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   constraint:
 *     type: gcp:orgpolicy:CustomConstraint
 *     properties:
 *       name: custom.disableGkeAutoUpgrade_87786
 *       parent: organizations/123456789
 *       displayName: Disable GKE auto upgrade
 *       description: Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.
 *       actionType: ALLOW
 *       condition: resource.management.autoUpgrade == false
 *       methodTypes:
 *         - CREATE
 *       resourceTypes:
 *         - container.googleapis.com/NodePool
 *   primary:
 *     type: gcp:orgpolicy:Policy
 *     properties:
 *       name: organizations/123456789/policies/${constraint.name}
 *       parent: organizations/123456789
 *       spec:
 *         rules:
 *           - enforce: FALSE
 *       dryRunSpec:
 *         inheritFromParent: false
 *         reset: false
 *         rules:
 *           - enforce: FALSE
 * ```
 * 
 * ## Import
 * Policy can be imported using any of these accepted formats:
 * * `{{parent}}/policies/{{name}}`
 * When using the `pulumi import` command, Policy can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:orgpolicy/policy:Policy default {{parent}}/policies/{{name}}
 * ```
 * @property dryRunSpec Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
 * @property name Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
 * @property parent The parent of the resource.
 * - - -
 * @property spec Basic information about the Organization Policy.
 */
public data class PolicyArgs(
    public val dryRunSpec: Output? = null,
    public val name: Output? = null,
    public val parent: Output? = null,
    public val spec: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.gcp.orgpolicy.PolicyArgs =
        com.pulumi.gcp.orgpolicy.PolicyArgs.builder()
            .dryRunSpec(dryRunSpec?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
            .name(name?.applyValue({ args0 -> args0 }))
            .parent(parent?.applyValue({ args0 -> args0 }))
            .spec(spec?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) })).build()
}

/**
 * Builder for [PolicyArgs].
 */
@PulumiTagMarker
public class PolicyArgsBuilder internal constructor() {
    private var dryRunSpec: Output? = null

    private var name: Output? = null

    private var parent: Output? = null

    private var spec: Output? = null

    /**
     * @param value Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
     */
    @JvmName("hxwvwwlyoipmivbp")
    public suspend fun dryRunSpec(`value`: Output) {
        this.dryRunSpec = value
    }

    /**
     * @param value Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
     */
    @JvmName("ydonuldbmyortvue")
    public suspend fun name(`value`: Output) {
        this.name = value
    }

    /**
     * @param value The parent of the resource.
     * - - -
     */
    @JvmName("eutkcwsqlxvoqvgf")
    public suspend fun parent(`value`: Output) {
        this.parent = value
    }

    /**
     * @param value Basic information about the Organization Policy.
     */
    @JvmName("dgljdltltyvmqvsu")
    public suspend fun spec(`value`: Output) {
        this.spec = value
    }

    /**
     * @param value Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
     */
    @JvmName("tqkchryobqvenocl")
    public suspend fun dryRunSpec(`value`: PolicyDryRunSpecArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.dryRunSpec = mapped
    }

    /**
     * @param argument Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
     */
    @JvmName("sekmnkcnqcmqtayk")
    public suspend fun dryRunSpec(argument: suspend PolicyDryRunSpecArgsBuilder.() -> Unit) {
        val toBeMapped = PolicyDryRunSpecArgsBuilder().applySuspend { argument() }.build()
        val mapped = of(toBeMapped)
        this.dryRunSpec = mapped
    }

    /**
     * @param value Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
     */
    @JvmName("aoknctdghvqjomnk")
    public suspend fun name(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.name = mapped
    }

    /**
     * @param value The parent of the resource.
     * - - -
     */
    @JvmName("btcuxwfxfmvwkdhk")
    public suspend fun parent(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.parent = mapped
    }

    /**
     * @param value Basic information about the Organization Policy.
     */
    @JvmName("ujmkafsugddxpjvp")
    public suspend fun spec(`value`: PolicySpecArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.spec = mapped
    }

    /**
     * @param argument Basic information about the Organization Policy.
     */
    @JvmName("gjmliupyybvthtdh")
    public suspend fun spec(argument: suspend PolicySpecArgsBuilder.() -> Unit) {
        val toBeMapped = PolicySpecArgsBuilder().applySuspend { argument() }.build()
        val mapped = of(toBeMapped)
        this.spec = mapped
    }

    internal fun build(): PolicyArgs = PolicyArgs(
        dryRunSpec = dryRunSpec,
        name = name,
        parent = parent,
        spec = spec,
    )
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy