com.pulumi.gcp.projects.kotlin.AccessApprovalSettingsArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.projects.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.projects.AccessApprovalSettingsArgs.builder
import com.pulumi.gcp.projects.kotlin.inputs.AccessApprovalSettingsEnrolledServiceArgs
import com.pulumi.gcp.projects.kotlin.inputs.AccessApprovalSettingsEnrolledServiceArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Deprecated
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content.
* To get more information about ProjectSettings, see:
* * [API documentation](https://cloud.google.com/access-approval/docs/reference/rest/v1/projects)
* ## Example Usage
* ### Project Access Approval Full
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const projectAccessApproval = new gcp.projects.AccessApprovalSettings("project_access_approval", {
* projectId: "my-project-name",
* notificationEmails: [
* "[email protected]",
* "[email protected]",
* ],
* enrolledServices: [{
* cloudProduct: "all",
* enrollmentLevel: "BLOCK_ALL",
* }],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* project_access_approval = gcp.projects.AccessApprovalSettings("project_access_approval",
* project_id="my-project-name",
* notification_emails=[
* "[email protected]",
* "[email protected]",
* ],
* enrolled_services=[gcp.projects.AccessApprovalSettingsEnrolledServiceArgs(
* cloud_product="all",
* enrollment_level="BLOCK_ALL",
* )])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var projectAccessApproval = new Gcp.Projects.AccessApprovalSettings("project_access_approval", new()
* {
* ProjectId = "my-project-name",
* NotificationEmails = new[]
* {
* "[email protected]",
* "[email protected]",
* },
* EnrolledServices = new[]
* {
* new Gcp.Projects.Inputs.AccessApprovalSettingsEnrolledServiceArgs
* {
* CloudProduct = "all",
* EnrollmentLevel = "BLOCK_ALL",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := projects.NewAccessApprovalSettings(ctx, "project_access_approval", &projects.AccessApprovalSettingsArgs{
* ProjectId: pulumi.String("my-project-name"),
* NotificationEmails: pulumi.StringArray{
* pulumi.String("[email protected]"),
* pulumi.String("[email protected]"),
* },
* EnrolledServices: projects.AccessApprovalSettingsEnrolledServiceArray{
* &projects.AccessApprovalSettingsEnrolledServiceArgs{
* CloudProduct: pulumi.String("all"),
* EnrollmentLevel: pulumi.String("BLOCK_ALL"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.projects.AccessApprovalSettings;
* import com.pulumi.gcp.projects.AccessApprovalSettingsArgs;
* import com.pulumi.gcp.projects.inputs.AccessApprovalSettingsEnrolledServiceArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var projectAccessApproval = new AccessApprovalSettings("projectAccessApproval", AccessApprovalSettingsArgs.builder()
* .projectId("my-project-name")
* .notificationEmails(
* "[email protected]",
* "[email protected]")
* .enrolledServices(AccessApprovalSettingsEnrolledServiceArgs.builder()
* .cloudProduct("all")
* .enrollmentLevel("BLOCK_ALL")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* projectAccessApproval:
* type: gcp:projects:AccessApprovalSettings
* name: project_access_approval
* properties:
* projectId: my-project-name
* notificationEmails:
* - [email protected]
* - [email protected]
* enrolledServices:
* - cloudProduct: all
* enrollmentLevel: BLOCK_ALL
* ```
*
* ### Project Access Approval Active Key Version
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const keyRing = new gcp.kms.KeyRing("key_ring", {
* name: "key-ring",
* location: "global",
* project: "my-project-name",
* });
* const cryptoKey = new gcp.kms.CryptoKey("crypto_key", {
* name: "crypto-key",
* keyRing: keyRing.id,
* purpose: "ASYMMETRIC_SIGN",
* versionTemplate: {
* algorithm: "EC_SIGN_P384_SHA384",
* },
* });
* const serviceAccount = gcp.accessapproval.getProjectServiceAccount({
* projectId: "my-project-name",
* });
* const iam = new gcp.kms.CryptoKeyIAMMember("iam", {
* cryptoKeyId: cryptoKey.id,
* role: "roles/cloudkms.signerVerifier",
* member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`),
* });
* const cryptoKeyVersion = gcp.kms.getKMSCryptoKeyVersionOutput({
* cryptoKey: cryptoKey.id,
* });
* const projectAccessApproval = new gcp.projects.AccessApprovalSettings("project_access_approval", {
* projectId: "my-project-name",
* activeKeyVersion: cryptoKeyVersion.apply(cryptoKeyVersion => cryptoKeyVersion.name),
* enrolledServices: [{
* cloudProduct: "all",
* }],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* key_ring = gcp.kms.KeyRing("key_ring",
* name="key-ring",
* location="global",
* project="my-project-name")
* crypto_key = gcp.kms.CryptoKey("crypto_key",
* name="crypto-key",
* key_ring=key_ring.id,
* purpose="ASYMMETRIC_SIGN",
* version_template=gcp.kms.CryptoKeyVersionTemplateArgs(
* algorithm="EC_SIGN_P384_SHA384",
* ))
* service_account = gcp.accessapproval.get_project_service_account(project_id="my-project-name")
* iam = gcp.kms.CryptoKeyIAMMember("iam",
* crypto_key_id=crypto_key.id,
* role="roles/cloudkms.signerVerifier",
* member=f"serviceAccount:{service_account.account_email}")
* crypto_key_version = gcp.kms.get_kms_crypto_key_version_output(crypto_key=crypto_key.id)
* project_access_approval = gcp.projects.AccessApprovalSettings("project_access_approval",
* project_id="my-project-name",
* active_key_version=crypto_key_version.name,
* enrolled_services=[gcp.projects.AccessApprovalSettingsEnrolledServiceArgs(
* cloud_product="all",
* )])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var keyRing = new Gcp.Kms.KeyRing("key_ring", new()
* {
* Name = "key-ring",
* Location = "global",
* Project = "my-project-name",
* });
* var cryptoKey = new Gcp.Kms.CryptoKey("crypto_key", new()
* {
* Name = "crypto-key",
* KeyRing = keyRing.Id,
* Purpose = "ASYMMETRIC_SIGN",
* VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs
* {
* Algorithm = "EC_SIGN_P384_SHA384",
* },
* });
* var serviceAccount = Gcp.AccessApproval.GetProjectServiceAccount.Invoke(new()
* {
* ProjectId = "my-project-name",
* });
* var iam = new Gcp.Kms.CryptoKeyIAMMember("iam", new()
* {
* CryptoKeyId = cryptoKey.Id,
* Role = "roles/cloudkms.signerVerifier",
* Member = $"serviceAccount:{serviceAccount.Apply(getProjectServiceAccountResult => getProjectServiceAccountResult.AccountEmail)}",
* });
* var cryptoKeyVersion = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()
* {
* CryptoKey = cryptoKey.Id,
* });
* var projectAccessApproval = new Gcp.Projects.AccessApprovalSettings("project_access_approval", new()
* {
* ProjectId = "my-project-name",
* ActiveKeyVersion = cryptoKeyVersion.Apply(getKMSCryptoKeyVersionResult => getKMSCryptoKeyVersionResult.Name),
* EnrolledServices = new[]
* {
* new Gcp.Projects.Inputs.AccessApprovalSettingsEnrolledServiceArgs
* {
* CloudProduct = "all",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accessapproval"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* keyRing, err := kms.NewKeyRing(ctx, "key_ring", &kms.KeyRingArgs{
* Name: pulumi.String("key-ring"),
* Location: pulumi.String("global"),
* Project: pulumi.String("my-project-name"),
* })
* if err != nil {
* return err
* }
* cryptoKey, err := kms.NewCryptoKey(ctx, "crypto_key", &kms.CryptoKeyArgs{
* Name: pulumi.String("crypto-key"),
* KeyRing: keyRing.ID(),
* Purpose: pulumi.String("ASYMMETRIC_SIGN"),
* VersionTemplate: &kms.CryptoKeyVersionTemplateArgs{
* Algorithm: pulumi.String("EC_SIGN_P384_SHA384"),
* },
* })
* if err != nil {
* return err
* }
* serviceAccount, err := accessapproval.GetProjectServiceAccount(ctx, &accessapproval.GetProjectServiceAccountArgs{
* ProjectId: "my-project-name",
* }, nil)
* if err != nil {
* return err
* }
* _, err = kms.NewCryptoKeyIAMMember(ctx, "iam", &kms.CryptoKeyIAMMemberArgs{
* CryptoKeyId: cryptoKey.ID(),
* Role: pulumi.String("roles/cloudkms.signerVerifier"),
* Member: pulumi.String(fmt.Sprintf("serviceAccount:%v", serviceAccount.AccountEmail)),
* })
* if err != nil {
* return err
* }
* cryptoKeyVersion := kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{
* CryptoKey: cryptoKey.ID(),
* }, nil)
* _, err = projects.NewAccessApprovalSettings(ctx, "project_access_approval", &projects.AccessApprovalSettingsArgs{
* ProjectId: pulumi.String("my-project-name"),
* ActiveKeyVersion: cryptoKeyVersion.ApplyT(func(cryptoKeyVersion kms.GetKMSCryptoKeyVersionResult) (*string, error) {
* return &cryptoKeyVersion.Name, nil
* }).(pulumi.StringPtrOutput),
* EnrolledServices: projects.AccessApprovalSettingsEnrolledServiceArray{
* &projects.AccessApprovalSettingsEnrolledServiceArgs{
* CloudProduct: pulumi.String("all"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KeyRing;
* import com.pulumi.gcp.kms.KeyRingArgs;
* import com.pulumi.gcp.kms.CryptoKey;
* import com.pulumi.gcp.kms.CryptoKeyArgs;
* import com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;
* import com.pulumi.gcp.accessapproval.AccessapprovalFunctions;
* import com.pulumi.gcp.accessapproval.inputs.GetProjectServiceAccountArgs;
* import com.pulumi.gcp.kms.CryptoKeyIAMMember;
* import com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;
* import com.pulumi.gcp.kms.KmsFunctions;
* import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;
* import com.pulumi.gcp.projects.AccessApprovalSettings;
* import com.pulumi.gcp.projects.AccessApprovalSettingsArgs;
* import com.pulumi.gcp.projects.inputs.AccessApprovalSettingsEnrolledServiceArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var keyRing = new KeyRing("keyRing", KeyRingArgs.builder()
* .name("key-ring")
* .location("global")
* .project("my-project-name")
* .build());
* var cryptoKey = new CryptoKey("cryptoKey", CryptoKeyArgs.builder()
* .name("crypto-key")
* .keyRing(keyRing.id())
* .purpose("ASYMMETRIC_SIGN")
* .versionTemplate(CryptoKeyVersionTemplateArgs.builder()
* .algorithm("EC_SIGN_P384_SHA384")
* .build())
* .build());
* final var serviceAccount = AccessapprovalFunctions.getProjectServiceAccount(GetProjectServiceAccountArgs.builder()
* .projectId("my-project-name")
* .build());
* var iam = new CryptoKeyIAMMember("iam", CryptoKeyIAMMemberArgs.builder()
* .cryptoKeyId(cryptoKey.id())
* .role("roles/cloudkms.signerVerifier")
* .member(String.format("serviceAccount:%s", serviceAccount.applyValue(getProjectServiceAccountResult -> getProjectServiceAccountResult.accountEmail())))
* .build());
* final var cryptoKeyVersion = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()
* .cryptoKey(cryptoKey.id())
* .build());
* var projectAccessApproval = new AccessApprovalSettings("projectAccessApproval", AccessApprovalSettingsArgs.builder()
* .projectId("my-project-name")
* .activeKeyVersion(cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult).applyValue(cryptoKeyVersion -> cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.name())))
* .enrolledServices(AccessApprovalSettingsEnrolledServiceArgs.builder()
* .cloudProduct("all")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* keyRing:
* type: gcp:kms:KeyRing
* name: key_ring
* properties:
* name: key-ring
* location: global
* project: my-project-name
* cryptoKey:
* type: gcp:kms:CryptoKey
* name: crypto_key
* properties:
* name: crypto-key
* keyRing: ${keyRing.id}
* purpose: ASYMMETRIC_SIGN
* versionTemplate:
* algorithm: EC_SIGN_P384_SHA384
* iam:
* type: gcp:kms:CryptoKeyIAMMember
* properties:
* cryptoKeyId: ${cryptoKey.id}
* role: roles/cloudkms.signerVerifier
* member: serviceAccount:${serviceAccount.accountEmail}
* projectAccessApproval:
* type: gcp:projects:AccessApprovalSettings
* name: project_access_approval
* properties:
* projectId: my-project-name
* activeKeyVersion: ${cryptoKeyVersion.name}
* enrolledServices:
* - cloudProduct: all
* variables:
* serviceAccount:
* fn::invoke:
* Function: gcp:accessapproval:getProjectServiceAccount
* Arguments:
* projectId: my-project-name
* cryptoKeyVersion:
* fn::invoke:
* Function: gcp:kms:getKMSCryptoKeyVersion
* Arguments:
* cryptoKey: ${cryptoKey.id}
* ```
*
* ## Import
* ProjectSettings can be imported using any of these accepted formats:
* * `projects/{{project_id}}/accessApprovalSettings`
* * `{{project_id}}`
* When using the `pulumi import` command, ProjectSettings can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:projects/accessApprovalSettings:AccessApprovalSettings default projects/{{project_id}}/accessApprovalSettings
* ```
* ```sh
* $ pulumi import gcp:projects/accessApprovalSettings:AccessApprovalSettings default {{project_id}}
* ```
* @property activeKeyVersion The asymmetric crypto key version to use for signing approval requests. Empty active_key_version indicates that a
* Google-managed key should be used for signing. This property will be ignored if set by an ancestor of the resource, and
* new non-empty values may not be set.
* @property enrolledServices A list of Google Cloud Services for which the given resource has Access Approval enrolled.
* Access requests for the resource given by name against any of these services contained here will be required
* to have explicit approval. Enrollment can only be done on an all or nothing basis.
* A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.
* Structure is documented below.
* @property notificationEmails A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to
* a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email
* addresses are allowed.
* @property project Project id.
* @property projectId ID of the project of the access approval settings.
*/
public data class AccessApprovalSettingsArgs(
public val activeKeyVersion: Output? = null,
public val enrolledServices: Output>? = null,
public val notificationEmails: Output>? = null,
@Deprecated(
message = """
`project` is deprecated and will be removed in a future major release. Use `project_id` instead.
""",
)
public val project: Output? = null,
public val projectId: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.projects.AccessApprovalSettingsArgs =
com.pulumi.gcp.projects.AccessApprovalSettingsArgs.builder()
.activeKeyVersion(activeKeyVersion?.applyValue({ args0 -> args0 }))
.enrolledServices(
enrolledServices?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
)
.notificationEmails(notificationEmails?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.project(project?.applyValue({ args0 -> args0 }))
.projectId(projectId?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [AccessApprovalSettingsArgs].
*/
@PulumiTagMarker
public class AccessApprovalSettingsArgsBuilder internal constructor() {
private var activeKeyVersion: Output? = null
private var enrolledServices: Output>? = null
private var notificationEmails: Output>? = null
private var project: Output? = null
private var projectId: Output? = null
/**
* @param value The asymmetric crypto key version to use for signing approval requests. Empty active_key_version indicates that a
* Google-managed key should be used for signing. This property will be ignored if set by an ancestor of the resource, and
* new non-empty values may not be set.
*/
@JvmName("ypadpqhapmjnlbvu")
public suspend fun activeKeyVersion(`value`: Output) {
this.activeKeyVersion = value
}
/**
* @param value A list of Google Cloud Services for which the given resource has Access Approval enrolled.
* Access requests for the resource given by name against any of these services contained here will be required
* to have explicit approval. Enrollment can only be done on an all or nothing basis.
* A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.
* Structure is documented below.
*/
@JvmName("vhnqyadnjbpgmlay")
public suspend fun enrolledServices(`value`: Output>) {
this.enrolledServices = value
}
@JvmName("gbplmtvucepvdppv")
public suspend fun enrolledServices(vararg values: Output) {
this.enrolledServices = Output.all(values.asList())
}
/**
* @param values A list of Google Cloud Services for which the given resource has Access Approval enrolled.
* Access requests for the resource given by name against any of these services contained here will be required
* to have explicit approval. Enrollment can only be done on an all or nothing basis.
* A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.
* Structure is documented below.
*/
@JvmName("pfsyioontsmvptra")
public suspend fun enrolledServices(values: List
© 2015 - 2025 Weber Informatics LLC | Privacy Policy