com.pulumi.gcp.orgpolicy.kotlin.PolicyArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.orgpolicy.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.orgpolicy.PolicyArgs.builder
import com.pulumi.gcp.orgpolicy.kotlin.inputs.PolicyDryRunSpecArgs
import com.pulumi.gcp.orgpolicy.kotlin.inputs.PolicyDryRunSpecArgsBuilder
import com.pulumi.gcp.orgpolicy.kotlin.inputs.PolicySpecArgs
import com.pulumi.gcp.orgpolicy.kotlin.inputs.PolicySpecArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.jvm.JvmName
/**
* An organization policy gives you programmatic control over your organization's cloud resources. Using Organization Policies, you will be able to configure constraints across your entire resource hierarchy.
* For more information, see:
* * [Understanding Org Policy concepts](https://cloud.google.com/resource-manager/docs/organization-policy/overview)
* * [The resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy)
* * [All valid constraints](https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints)
* ## Example Usage
* ### Enforce_policy
* A test of an enforce orgpolicy policy for a project
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const basic = new gcp.organizations.Project("basic", {
* projectId: "id",
* name: "id",
* orgId: "123456789",
* });
* const primary = new gcp.orgpolicy.Policy("primary", {
* name: pulumi.interpolate`projects/${basic.name}/policies/iam.disableServiceAccountKeyUpload`,
* parent: pulumi.interpolate`projects/${basic.name}`,
* spec: {
* rules: [{
* enforce: "FALSE",
* }],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* basic = gcp.organizations.Project("basic",
* project_id="id",
* name="id",
* org_id="123456789")
* primary = gcp.orgpolicy.Policy("primary",
* name=basic.name.apply(lambda name: f"projects/{name}/policies/iam.disableServiceAccountKeyUpload"),
* parent=basic.name.apply(lambda name: f"projects/{name}"),
* spec=gcp.orgpolicy.PolicySpecArgs(
* rules=[gcp.orgpolicy.PolicySpecRuleArgs(
* enforce="FALSE",
* )],
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var basic = new Gcp.Organizations.Project("basic", new()
* {
* ProjectId = "id",
* Name = "id",
* OrgId = "123456789",
* });
* var primary = new Gcp.OrgPolicy.Policy("primary", new()
* {
* Name = basic.Name.Apply(name => $"projects/{name}/policies/iam.disableServiceAccountKeyUpload"),
* Parent = basic.Name.Apply(name => $"projects/{name}"),
* Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
* {
* Rules = new[]
* {
* new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
* {
* Enforce = "FALSE",
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
* ProjectId: pulumi.String("id"),
* Name: pulumi.String("id"),
* OrgId: pulumi.String("123456789"),
* })
* if err != nil {
* return err
* }
* _, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
* Name: basic.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("projects/%v/policies/iam.disableServiceAccountKeyUpload", name), nil
* }).(pulumi.StringOutput),
* Parent: basic.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("projects/%v", name), nil
* }).(pulumi.StringOutput),
* Spec: &orgpolicy.PolicySpecArgs{
* Rules: orgpolicy.PolicySpecRuleArray{
* &orgpolicy.PolicySpecRuleArgs{
* Enforce: pulumi.String("FALSE"),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.Project;
* import com.pulumi.gcp.organizations.ProjectArgs;
* import com.pulumi.gcp.orgpolicy.Policy;
* import com.pulumi.gcp.orgpolicy.PolicyArgs;
* import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var basic = new Project("basic", ProjectArgs.builder()
* .projectId("id")
* .name("id")
* .orgId("123456789")
* .build());
* var primary = new Policy("primary", PolicyArgs.builder()
* .name(basic.name().applyValue(name -> String.format("projects/%s/policies/iam.disableServiceAccountKeyUpload", name)))
* .parent(basic.name().applyValue(name -> String.format("projects/%s", name)))
* .spec(PolicySpecArgs.builder()
* .rules(PolicySpecRuleArgs.builder()
* .enforce("FALSE")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* primary:
* type: gcp:orgpolicy:Policy
* properties:
* name: projects/${basic.name}/policies/iam.disableServiceAccountKeyUpload
* parent: projects/${basic.name}
* spec:
* rules:
* - enforce: FALSE
* basic:
* type: gcp:organizations:Project
* properties:
* projectId: id
* name: id
* orgId: '123456789'
* ```
*
* ### Folder_policy
* A test of an orgpolicy policy for a folder
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const basic = new gcp.organizations.Folder("basic", {
* parent: "organizations/123456789",
* displayName: "folder",
* });
* const primary = new gcp.orgpolicy.Policy("primary", {
* name: pulumi.interpolate`${basic.name}/policies/gcp.resourceLocations`,
* parent: basic.name,
* spec: {
* inheritFromParent: true,
* rules: [{
* denyAll: "TRUE",
* }],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* basic = gcp.organizations.Folder("basic",
* parent="organizations/123456789",
* display_name="folder")
* primary = gcp.orgpolicy.Policy("primary",
* name=basic.name.apply(lambda name: f"{name}/policies/gcp.resourceLocations"),
* parent=basic.name,
* spec=gcp.orgpolicy.PolicySpecArgs(
* inherit_from_parent=True,
* rules=[gcp.orgpolicy.PolicySpecRuleArgs(
* deny_all="TRUE",
* )],
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var basic = new Gcp.Organizations.Folder("basic", new()
* {
* Parent = "organizations/123456789",
* DisplayName = "folder",
* });
* var primary = new Gcp.OrgPolicy.Policy("primary", new()
* {
* Name = basic.Name.Apply(name => $"{name}/policies/gcp.resourceLocations"),
* Parent = basic.Name,
* Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
* {
* InheritFromParent = true,
* Rules = new[]
* {
* new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
* {
* DenyAll = "TRUE",
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* basic, err := organizations.NewFolder(ctx, "basic", &organizations.FolderArgs{
* Parent: pulumi.String("organizations/123456789"),
* DisplayName: pulumi.String("folder"),
* })
* if err != nil {
* return err
* }
* _, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
* Name: basic.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("%v/policies/gcp.resourceLocations", name), nil
* }).(pulumi.StringOutput),
* Parent: basic.Name,
* Spec: &orgpolicy.PolicySpecArgs{
* InheritFromParent: pulumi.Bool(true),
* Rules: orgpolicy.PolicySpecRuleArray{
* &orgpolicy.PolicySpecRuleArgs{
* DenyAll: pulumi.String("TRUE"),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.Folder;
* import com.pulumi.gcp.organizations.FolderArgs;
* import com.pulumi.gcp.orgpolicy.Policy;
* import com.pulumi.gcp.orgpolicy.PolicyArgs;
* import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var basic = new Folder("basic", FolderArgs.builder()
* .parent("organizations/123456789")
* .displayName("folder")
* .build());
* var primary = new Policy("primary", PolicyArgs.builder()
* .name(basic.name().applyValue(name -> String.format("%s/policies/gcp.resourceLocations", name)))
* .parent(basic.name())
* .spec(PolicySpecArgs.builder()
* .inheritFromParent(true)
* .rules(PolicySpecRuleArgs.builder()
* .denyAll("TRUE")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* primary:
* type: gcp:orgpolicy:Policy
* properties:
* name: ${basic.name}/policies/gcp.resourceLocations
* parent: ${basic.name}
* spec:
* inheritFromParent: true
* rules:
* - denyAll: TRUE
* basic:
* type: gcp:organizations:Folder
* properties:
* parent: organizations/123456789
* displayName: folder
* ```
*
* ### Organization_policy
* A test of an orgpolicy policy for an organization
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const primary = new gcp.orgpolicy.Policy("primary", {
* name: "organizations/123456789/policies/gcp.detailedAuditLoggingMode",
* parent: "organizations/123456789",
* spec: {
* reset: true,
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* primary = gcp.orgpolicy.Policy("primary",
* name="organizations/123456789/policies/gcp.detailedAuditLoggingMode",
* parent="organizations/123456789",
* spec=gcp.orgpolicy.PolicySpecArgs(
* reset=True,
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var primary = new Gcp.OrgPolicy.Policy("primary", new()
* {
* Name = "organizations/123456789/policies/gcp.detailedAuditLoggingMode",
* Parent = "organizations/123456789",
* Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
* {
* Reset = true,
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
* Name: pulumi.String("organizations/123456789/policies/gcp.detailedAuditLoggingMode"),
* Parent: pulumi.String("organizations/123456789"),
* Spec: &orgpolicy.PolicySpecArgs{
* Reset: pulumi.Bool(true),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.orgpolicy.Policy;
* import com.pulumi.gcp.orgpolicy.PolicyArgs;
* import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var primary = new Policy("primary", PolicyArgs.builder()
* .name("organizations/123456789/policies/gcp.detailedAuditLoggingMode")
* .parent("organizations/123456789")
* .spec(PolicySpecArgs.builder()
* .reset(true)
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* primary:
* type: gcp:orgpolicy:Policy
* properties:
* name: organizations/123456789/policies/gcp.detailedAuditLoggingMode
* parent: organizations/123456789
* spec:
* reset: true
* ```
*
* ### Project_policy
* A test of an orgpolicy policy for a project
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const basic = new gcp.organizations.Project("basic", {
* projectId: "id",
* name: "id",
* orgId: "123456789",
* });
* const primary = new gcp.orgpolicy.Policy("primary", {
* name: pulumi.interpolate`projects/${basic.name}/policies/gcp.resourceLocations`,
* parent: pulumi.interpolate`projects/${basic.name}`,
* spec: {
* rules: [
* {
* condition: {
* description: "A sample condition for the policy",
* expression: "resource.matchLabels('labelKeys/123', 'labelValues/345')",
* location: "sample-location.log",
* title: "sample-condition",
* },
* values: {
* allowedValues: ["projects/allowed-project"],
* deniedValues: ["projects/denied-project"],
* },
* },
* {
* allowAll: "TRUE",
* },
* ],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* basic = gcp.organizations.Project("basic",
* project_id="id",
* name="id",
* org_id="123456789")
* primary = gcp.orgpolicy.Policy("primary",
* name=basic.name.apply(lambda name: f"projects/{name}/policies/gcp.resourceLocations"),
* parent=basic.name.apply(lambda name: f"projects/{name}"),
* spec=gcp.orgpolicy.PolicySpecArgs(
* rules=[
* gcp.orgpolicy.PolicySpecRuleArgs(
* condition=gcp.orgpolicy.PolicySpecRuleConditionArgs(
* description="A sample condition for the policy",
* expression="resource.matchLabels('labelKeys/123', 'labelValues/345')",
* location="sample-location.log",
* title="sample-condition",
* ),
* values=gcp.orgpolicy.PolicySpecRuleValuesArgs(
* allowed_values=["projects/allowed-project"],
* denied_values=["projects/denied-project"],
* ),
* ),
* gcp.orgpolicy.PolicySpecRuleArgs(
* allow_all="TRUE",
* ),
* ],
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var basic = new Gcp.Organizations.Project("basic", new()
* {
* ProjectId = "id",
* Name = "id",
* OrgId = "123456789",
* });
* var primary = new Gcp.OrgPolicy.Policy("primary", new()
* {
* Name = basic.Name.Apply(name => $"projects/{name}/policies/gcp.resourceLocations"),
* Parent = basic.Name.Apply(name => $"projects/{name}"),
* Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
* {
* Rules = new[]
* {
* new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
* {
* Condition = new Gcp.OrgPolicy.Inputs.PolicySpecRuleConditionArgs
* {
* Description = "A sample condition for the policy",
* Expression = "resource.matchLabels('labelKeys/123', 'labelValues/345')",
* Location = "sample-location.log",
* Title = "sample-condition",
* },
* Values = new Gcp.OrgPolicy.Inputs.PolicySpecRuleValuesArgs
* {
* AllowedValues = new[]
* {
* "projects/allowed-project",
* },
* DeniedValues = new[]
* {
* "projects/denied-project",
* },
* },
* },
* new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
* {
* AllowAll = "TRUE",
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
* ProjectId: pulumi.String("id"),
* Name: pulumi.String("id"),
* OrgId: pulumi.String("123456789"),
* })
* if err != nil {
* return err
* }
* _, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
* Name: basic.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("projects/%v/policies/gcp.resourceLocations", name), nil
* }).(pulumi.StringOutput),
* Parent: basic.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("projects/%v", name), nil
* }).(pulumi.StringOutput),
* Spec: &orgpolicy.PolicySpecArgs{
* Rules: orgpolicy.PolicySpecRuleArray{
* &orgpolicy.PolicySpecRuleArgs{
* Condition: &orgpolicy.PolicySpecRuleConditionArgs{
* Description: pulumi.String("A sample condition for the policy"),
* Expression: pulumi.String("resource.matchLabels('labelKeys/123', 'labelValues/345')"),
* Location: pulumi.String("sample-location.log"),
* Title: pulumi.String("sample-condition"),
* },
* Values: &orgpolicy.PolicySpecRuleValuesArgs{
* AllowedValues: pulumi.StringArray{
* pulumi.String("projects/allowed-project"),
* },
* DeniedValues: pulumi.StringArray{
* pulumi.String("projects/denied-project"),
* },
* },
* },
* &orgpolicy.PolicySpecRuleArgs{
* AllowAll: pulumi.String("TRUE"),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.Project;
* import com.pulumi.gcp.organizations.ProjectArgs;
* import com.pulumi.gcp.orgpolicy.Policy;
* import com.pulumi.gcp.orgpolicy.PolicyArgs;
* import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var basic = new Project("basic", ProjectArgs.builder()
* .projectId("id")
* .name("id")
* .orgId("123456789")
* .build());
* var primary = new Policy("primary", PolicyArgs.builder()
* .name(basic.name().applyValue(name -> String.format("projects/%s/policies/gcp.resourceLocations", name)))
* .parent(basic.name().applyValue(name -> String.format("projects/%s", name)))
* .spec(PolicySpecArgs.builder()
* .rules(
* PolicySpecRuleArgs.builder()
* .condition(PolicySpecRuleConditionArgs.builder()
* .description("A sample condition for the policy")
* .expression("resource.matchLabels('labelKeys/123', 'labelValues/345')")
* .location("sample-location.log")
* .title("sample-condition")
* .build())
* .values(PolicySpecRuleValuesArgs.builder()
* .allowedValues("projects/allowed-project")
* .deniedValues("projects/denied-project")
* .build())
* .build(),
* PolicySpecRuleArgs.builder()
* .allowAll("TRUE")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* primary:
* type: gcp:orgpolicy:Policy
* properties:
* name: projects/${basic.name}/policies/gcp.resourceLocations
* parent: projects/${basic.name}
* spec:
* rules:
* - condition:
* description: A sample condition for the policy
* expression: resource.matchLabels('labelKeys/123', 'labelValues/345')
* location: sample-location.log
* title: sample-condition
* values:
* allowedValues:
* - projects/allowed-project
* deniedValues:
* - projects/denied-project
* - allowAll: TRUE
* basic:
* type: gcp:organizations:Project
* properties:
* projectId: id
* name: id
* orgId: '123456789'
* ```
*
* ### Dry_run_spec
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const constraint = new gcp.orgpolicy.CustomConstraint("constraint", {
* name: "custom.disableGkeAutoUpgrade_87786",
* parent: "organizations/123456789",
* displayName: "Disable GKE auto upgrade",
* description: "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
* actionType: "ALLOW",
* condition: "resource.management.autoUpgrade == false",
* methodTypes: ["CREATE"],
* resourceTypes: ["container.googleapis.com/NodePool"],
* });
* const primary = new gcp.orgpolicy.Policy("primary", {
* name: pulumi.interpolate`organizations/123456789/policies/${constraint.name}`,
* parent: "organizations/123456789",
* spec: {
* rules: [{
* enforce: "FALSE",
* }],
* },
* dryRunSpec: {
* inheritFromParent: false,
* reset: false,
* rules: [{
* enforce: "FALSE",
* }],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* constraint = gcp.orgpolicy.CustomConstraint("constraint",
* name="custom.disableGkeAutoUpgrade_87786",
* parent="organizations/123456789",
* display_name="Disable GKE auto upgrade",
* description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
* action_type="ALLOW",
* condition="resource.management.autoUpgrade == false",
* method_types=["CREATE"],
* resource_types=["container.googleapis.com/NodePool"])
* primary = gcp.orgpolicy.Policy("primary",
* name=constraint.name.apply(lambda name: f"organizations/123456789/policies/{name}"),
* parent="organizations/123456789",
* spec=gcp.orgpolicy.PolicySpecArgs(
* rules=[gcp.orgpolicy.PolicySpecRuleArgs(
* enforce="FALSE",
* )],
* ),
* dry_run_spec=gcp.orgpolicy.PolicyDryRunSpecArgs(
* inherit_from_parent=False,
* reset=False,
* rules=[gcp.orgpolicy.PolicyDryRunSpecRuleArgs(
* enforce="FALSE",
* )],
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var constraint = new Gcp.OrgPolicy.CustomConstraint("constraint", new()
* {
* Name = "custom.disableGkeAutoUpgrade_87786",
* Parent = "organizations/123456789",
* DisplayName = "Disable GKE auto upgrade",
* Description = "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
* ActionType = "ALLOW",
* Condition = "resource.management.autoUpgrade == false",
* MethodTypes = new[]
* {
* "CREATE",
* },
* ResourceTypes = new[]
* {
* "container.googleapis.com/NodePool",
* },
* });
* var primary = new Gcp.OrgPolicy.Policy("primary", new()
* {
* Name = constraint.Name.Apply(name => $"organizations/123456789/policies/{name}"),
* Parent = "organizations/123456789",
* Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
* {
* Rules = new[]
* {
* new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
* {
* Enforce = "FALSE",
* },
* },
* },
* DryRunSpec = new Gcp.OrgPolicy.Inputs.PolicyDryRunSpecArgs
* {
* InheritFromParent = false,
* Reset = false,
* Rules = new[]
* {
* new Gcp.OrgPolicy.Inputs.PolicyDryRunSpecRuleArgs
* {
* Enforce = "FALSE",
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* constraint, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
* Name: pulumi.String("custom.disableGkeAutoUpgrade_87786"),
* Parent: pulumi.String("organizations/123456789"),
* DisplayName: pulumi.String("Disable GKE auto upgrade"),
* Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
* ActionType: pulumi.String("ALLOW"),
* Condition: pulumi.String("resource.management.autoUpgrade == false"),
* MethodTypes: pulumi.StringArray{
* pulumi.String("CREATE"),
* },
* ResourceTypes: pulumi.StringArray{
* pulumi.String("container.googleapis.com/NodePool"),
* },
* })
* if err != nil {
* return err
* }
* _, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
* Name: constraint.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("organizations/123456789/policies/%v", name), nil
* }).(pulumi.StringOutput),
* Parent: pulumi.String("organizations/123456789"),
* Spec: &orgpolicy.PolicySpecArgs{
* Rules: orgpolicy.PolicySpecRuleArray{
* &orgpolicy.PolicySpecRuleArgs{
* Enforce: pulumi.String("FALSE"),
* },
* },
* },
* DryRunSpec: &orgpolicy.PolicyDryRunSpecArgs{
* InheritFromParent: pulumi.Bool(false),
* Reset: pulumi.Bool(false),
* Rules: orgpolicy.PolicyDryRunSpecRuleArray{
* &orgpolicy.PolicyDryRunSpecRuleArgs{
* Enforce: pulumi.String("FALSE"),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.orgpolicy.CustomConstraint;
* import com.pulumi.gcp.orgpolicy.CustomConstraintArgs;
* import com.pulumi.gcp.orgpolicy.Policy;
* import com.pulumi.gcp.orgpolicy.PolicyArgs;
* import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
* import com.pulumi.gcp.orgpolicy.inputs.PolicyDryRunSpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var constraint = new CustomConstraint("constraint", CustomConstraintArgs.builder()
* .name("custom.disableGkeAutoUpgrade_87786")
* .parent("organizations/123456789")
* .displayName("Disable GKE auto upgrade")
* .description("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.")
* .actionType("ALLOW")
* .condition("resource.management.autoUpgrade == false")
* .methodTypes("CREATE")
* .resourceTypes("container.googleapis.com/NodePool")
* .build());
* var primary = new Policy("primary", PolicyArgs.builder()
* .name(constraint.name().applyValue(name -> String.format("organizations/123456789/policies/%s", name)))
* .parent("organizations/123456789")
* .spec(PolicySpecArgs.builder()
* .rules(PolicySpecRuleArgs.builder()
* .enforce("FALSE")
* .build())
* .build())
* .dryRunSpec(PolicyDryRunSpecArgs.builder()
* .inheritFromParent(false)
* .reset(false)
* .rules(PolicyDryRunSpecRuleArgs.builder()
* .enforce("FALSE")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* constraint:
* type: gcp:orgpolicy:CustomConstraint
* properties:
* name: custom.disableGkeAutoUpgrade_87786
* parent: organizations/123456789
* displayName: Disable GKE auto upgrade
* description: Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.
* actionType: ALLOW
* condition: resource.management.autoUpgrade == false
* methodTypes:
* - CREATE
* resourceTypes:
* - container.googleapis.com/NodePool
* primary:
* type: gcp:orgpolicy:Policy
* properties:
* name: organizations/123456789/policies/${constraint.name}
* parent: organizations/123456789
* spec:
* rules:
* - enforce: FALSE
* dryRunSpec:
* inheritFromParent: false
* reset: false
* rules:
* - enforce: FALSE
* ```
*
* ## Import
* Policy can be imported using any of these accepted formats:
* * `{{parent}}/policies/{{name}}`
* When using the `pulumi import` command, Policy can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:orgpolicy/policy:Policy default {{parent}}/policies/{{name}}
* ```
* @property dryRunSpec Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
* @property name Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
* @property parent The parent of the resource.
* - - -
* @property spec Basic information about the Organization Policy.
*/
public data class PolicyArgs(
public val dryRunSpec: Output? = null,
public val name: Output? = null,
public val parent: Output? = null,
public val spec: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.orgpolicy.PolicyArgs =
com.pulumi.gcp.orgpolicy.PolicyArgs.builder()
.dryRunSpec(dryRunSpec?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.name(name?.applyValue({ args0 -> args0 }))
.parent(parent?.applyValue({ args0 -> args0 }))
.spec(spec?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) })).build()
}
/**
* Builder for [PolicyArgs].
*/
@PulumiTagMarker
public class PolicyArgsBuilder internal constructor() {
private var dryRunSpec: Output? = null
private var name: Output? = null
private var parent: Output? = null
private var spec: Output? = null
/**
* @param value Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
*/
@JvmName("hxwvwwlyoipmivbp")
public suspend fun dryRunSpec(`value`: Output) {
this.dryRunSpec = value
}
/**
* @param value Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
*/
@JvmName("ydonuldbmyortvue")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value The parent of the resource.
* - - -
*/
@JvmName("eutkcwsqlxvoqvgf")
public suspend fun parent(`value`: Output) {
this.parent = value
}
/**
* @param value Basic information about the Organization Policy.
*/
@JvmName("dgljdltltyvmqvsu")
public suspend fun spec(`value`: Output) {
this.spec = value
}
/**
* @param value Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
*/
@JvmName("tqkchryobqvenocl")
public suspend fun dryRunSpec(`value`: PolicyDryRunSpecArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.dryRunSpec = mapped
}
/**
* @param argument Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
*/
@JvmName("sekmnkcnqcmqtayk")
public suspend fun dryRunSpec(argument: suspend PolicyDryRunSpecArgsBuilder.() -> Unit) {
val toBeMapped = PolicyDryRunSpecArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.dryRunSpec = mapped
}
/**
* @param value Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
*/
@JvmName("aoknctdghvqjomnk")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value The parent of the resource.
* - - -
*/
@JvmName("btcuxwfxfmvwkdhk")
public suspend fun parent(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.parent = mapped
}
/**
* @param value Basic information about the Organization Policy.
*/
@JvmName("ujmkafsugddxpjvp")
public suspend fun spec(`value`: PolicySpecArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.spec = mapped
}
/**
* @param argument Basic information about the Organization Policy.
*/
@JvmName("gjmliupyybvthtdh")
public suspend fun spec(argument: suspend PolicySpecArgsBuilder.() -> Unit) {
val toBeMapped = PolicySpecArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.spec = mapped
}
internal fun build(): PolicyArgs = PolicyArgs(
dryRunSpec = dryRunSpec,
name = name,
parent = parent,
spec = spec,
)
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy