All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.securityposture.kotlin.Posture.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.securityposture.kotlin

import com.pulumi.core.Output
import com.pulumi.gcp.securityposture.kotlin.outputs.PosturePolicySet
import com.pulumi.gcp.securityposture.kotlin.outputs.PosturePolicySet.Companion.toKotlin
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List

/**
 * Builder for [Posture].
 */
@PulumiTagMarker
public class PostureResourceBuilder internal constructor() {
    public var name: String? = null

    public var args: PostureArgs = PostureArgs()

    public var opts: CustomResourceOptions = CustomResourceOptions()

    /**
     * @param name The _unique_ name of the resulting resource.
     */
    public fun name(`value`: String) {
        this.name = value
    }

    /**
     * @param block The arguments to use to populate this resource's properties.
     */
    public suspend fun args(block: suspend PostureArgsBuilder.() -> Unit) {
        val builder = PostureArgsBuilder()
        block(builder)
        this.args = builder.build()
    }

    /**
     * @param block A bag of options that control this resource's behavior.
     */
    public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
        this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
    }

    internal fun build(): Posture {
        val builtJavaResource = com.pulumi.gcp.securityposture.Posture(
            this.name,
            this.args.toJava(),
            this.opts.toJava(),
        )
        return Posture(builtJavaResource)
    }
}

/**
 * A Posture represents a collection of policy set including its name, state, description
 * and policy sets. A policy set includes set of policies along with their definition.
 * A posture can be created at the organization level.
 * Every update to a deployed posture creates a new posture revision with an updated revision_id.
 * To get more information about Posture, see:
 * * How-to Guides
 *     * [Create and deploy a posture](https://cloud.google.com/security-command-center/docs/how-to-use-security-posture)
 * ## Example Usage
 * ### Securityposture Posture Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const posture1 = new gcp.securityposture.Posture("posture1", {
 *     postureId: "posture_example",
 *     parent: "organizations/123456789",
 *     location: "global",
 *     state: "ACTIVE",
 *     description: "a new posture",
 *     policySets: [
 *         {
 *             policySetId: "org_policy_set",
 *             description: "set of org policies",
 *             policies: [
 *                 {
 *                     policyId: "canned_org_policy",
 *                     constraint: {
 *                         orgPolicyConstraint: {
 *                             cannedConstraintId: "storage.uniformBucketLevelAccess",
 *                             policyRules: [{
 *                                 enforce: true,
 *                                 condition: {
 *                                     description: "condition description",
 *                                     expression: "resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
 *                                     title: "a CEL condition",
 *                                 },
 *                             }],
 *                         },
 *                     },
 *                 },
 *                 {
 *                     policyId: "custom_org_policy",
 *                     constraint: {
 *                         orgPolicyConstraintCustom: {
 *                             customConstraint: {
 *                                 name: "organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
 *                                 displayName: "Disable GKE auto upgrade",
 *                                 description: "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
 *                                 actionType: "ALLOW",
 *                                 condition: "resource.management.autoUpgrade == false",
 *                                 methodTypes: [
 *                                     "CREATE",
 *                                     "UPDATE",
 *                                 ],
 *                                 resourceTypes: ["container.googleapis.com/NodePool"],
 *                             },
 *                             policyRules: [{
 *                                 enforce: true,
 *                                 condition: {
 *                                     description: "condition description",
 *                                     expression: "resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
 *                                     title: "a CEL condition",
 *                                 },
 *                             }],
 *                         },
 *                     },
 *                 },
 *             ],
 *         },
 *         {
 *             policySetId: "sha_policy_set",
 *             description: "set of sha policies",
 *             policies: [
 *                 {
 *                     policyId: "sha_builtin_module",
 *                     constraint: {
 *                         securityHealthAnalyticsModule: {
 *                             moduleName: "BIGQUERY_TABLE_CMEK_DISABLED",
 *                             moduleEnablementState: "ENABLED",
 *                         },
 *                     },
 *                     description: "enable BIGQUERY_TABLE_CMEK_DISABLED",
 *                 },
 *                 {
 *                     policyId: "sha_custom_module",
 *                     constraint: {
 *                         securityHealthAnalyticsCustomModule: {
 *                             displayName: "custom_SHA_policy",
 *                             config: {
 *                                 predicate: {
 *                                     expression: "resource.rotationPeriod > duration('2592000s')",
 *                                 },
 *                                 customOutput: {
 *                                     properties: [{
 *                                         name: "duration",
 *                                         valueExpression: {
 *                                             expression: "resource.rotationPeriod",
 *                                         },
 *                                     }],
 *                                 },
 *                                 resourceSelector: {
 *                                     resourceTypes: ["cloudkms.googleapis.com/CryptoKey"],
 *                                 },
 *                                 severity: "LOW",
 *                                 description: "Custom Module",
 *                                 recommendation: "Testing custom modules",
 *                             },
 *                             moduleEnablementState: "ENABLED",
 *                         },
 *                     },
 *                 },
 *             ],
 *         },
 *     ],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * posture1 = gcp.securityposture.Posture("posture1",
 *     posture_id="posture_example",
 *     parent="organizations/123456789",
 *     location="global",
 *     state="ACTIVE",
 *     description="a new posture",
 *     policy_sets=[
 *         gcp.securityposture.PosturePolicySetArgs(
 *             policy_set_id="org_policy_set",
 *             description="set of org policies",
 *             policies=[
 *                 gcp.securityposture.PosturePolicySetPolicyArgs(
 *                     policy_id="canned_org_policy",
 *                     constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
 *                         org_policy_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs(
 *                             canned_constraint_id="storage.uniformBucketLevelAccess",
 *                             policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs(
 *                                 enforce=True,
 *                                 condition=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs(
 *                                     description="condition description",
 *                                     expression="resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
 *                                     title="a CEL condition",
 *                                 ),
 *                             )],
 *                         ),
 *                     ),
 *                 ),
 *                 gcp.securityposture.PosturePolicySetPolicyArgs(
 *                     policy_id="custom_org_policy",
 *                     constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
 *                         org_policy_constraint_custom=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs(
 *                             custom_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs(
 *                                 name="organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
 *                                 display_name="Disable GKE auto upgrade",
 *                                 description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
 *                                 action_type="ALLOW",
 *                                 condition="resource.management.autoUpgrade == false",
 *                                 method_types=[
 *                                     "CREATE",
 *                                     "UPDATE",
 *                                 ],
 *                                 resource_types=["container.googleapis.com/NodePool"],
 *                             ),
 *                             policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs(
 *                                 enforce=True,
 *                                 condition=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs(
 *                                     description="condition description",
 *                                     expression="resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
 *                                     title="a CEL condition",
 *                                 ),
 *                             )],
 *                         ),
 *                     ),
 *                 ),
 *             ],
 *         ),
 *         gcp.securityposture.PosturePolicySetArgs(
 *             policy_set_id="sha_policy_set",
 *             description="set of sha policies",
 *             policies=[
 *                 gcp.securityposture.PosturePolicySetPolicyArgs(
 *                     policy_id="sha_builtin_module",
 *                     constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
 *                         security_health_analytics_module=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs(
 *                             module_name="BIGQUERY_TABLE_CMEK_DISABLED",
 *                             module_enablement_state="ENABLED",
 *                         ),
 *                     ),
 *                     description="enable BIGQUERY_TABLE_CMEK_DISABLED",
 *                 ),
 *                 gcp.securityposture.PosturePolicySetPolicyArgs(
 *                     policy_id="sha_custom_module",
 *                     constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
 *                         security_health_analytics_custom_module=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs(
 *                             display_name="custom_SHA_policy",
 *                             config=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs(
 *                                 predicate=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs(
 *                                     expression="resource.rotationPeriod > duration('2592000s')",
 *                                 ),
 *                                 custom_output=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs(
 *                                     properties=[gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs(
 *                                         name="duration",
 *                                         value_expression=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs(
 *                                             expression="resource.rotationPeriod",
 *                                         ),
 *                                     )],
 *                                 ),
 *                                 resource_selector=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs(
 *                                     resource_types=["cloudkms.googleapis.com/CryptoKey"],
 *                                 ),
 *                                 severity="LOW",
 *                                 description="Custom Module",
 *                                 recommendation="Testing custom modules",
 *                             ),
 *                             module_enablement_state="ENABLED",
 *                         ),
 *                     ),
 *                 ),
 *             ],
 *         ),
 *     ])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var posture1 = new Gcp.SecurityPosture.Posture("posture1", new()
 *     {
 *         PostureId = "posture_example",
 *         Parent = "organizations/123456789",
 *         Location = "global",
 *         State = "ACTIVE",
 *         Description = "a new posture",
 *         PolicySets = new[]
 *         {
 *             new Gcp.SecurityPosture.Inputs.PosturePolicySetArgs
 *             {
 *                 PolicySetId = "org_policy_set",
 *                 Description = "set of org policies",
 *                 Policies = new[]
 *                 {
 *                     new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
 *                     {
 *                         PolicyId = "canned_org_policy",
 *                         Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
 *                         {
 *                             OrgPolicyConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs
 *                             {
 *                                 CannedConstraintId = "storage.uniformBucketLevelAccess",
 *                                 PolicyRules = new[]
 *                                 {
 *                                     new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs
 *                                     {
 *                                         Enforce = true,
 *                                         Condition = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs
 *                                         {
 *                                             Description = "condition description",
 *                                             Expression = "resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
 *                                             Title = "a CEL condition",
 *                                         },
 *                                     },
 *                                 },
 *                             },
 *                         },
 *                     },
 *                     new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
 *                     {
 *                         PolicyId = "custom_org_policy",
 *                         Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
 *                         {
 *                             OrgPolicyConstraintCustom = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs
 *                             {
 *                                 CustomConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs
 *                                 {
 *                                     Name = "organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
 *                                     DisplayName = "Disable GKE auto upgrade",
 *                                     Description = "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
 *                                     ActionType = "ALLOW",
 *                                     Condition = "resource.management.autoUpgrade == false",
 *                                     MethodTypes = new[]
 *                                     {
 *                                         "CREATE",
 *                                         "UPDATE",
 *                                     },
 *                                     ResourceTypes = new[]
 *                                     {
 *                                         "container.googleapis.com/NodePool",
 *                                     },
 *                                 },
 *                                 PolicyRules = new[]
 *                                 {
 *                                     new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs
 *                                     {
 *                                         Enforce = true,
 *                                         Condition = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs
 *                                         {
 *                                             Description = "condition description",
 *                                             Expression = "resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
 *                                             Title = "a CEL condition",
 *                                         },
 *                                     },
 *                                 },
 *                             },
 *                         },
 *                     },
 *                 },
 *             },
 *             new Gcp.SecurityPosture.Inputs.PosturePolicySetArgs
 *             {
 *                 PolicySetId = "sha_policy_set",
 *                 Description = "set of sha policies",
 *                 Policies = new[]
 *                 {
 *                     new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
 *                     {
 *                         PolicyId = "sha_builtin_module",
 *                         Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
 *                         {
 *                             SecurityHealthAnalyticsModule = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs
 *                             {
 *                                 ModuleName = "BIGQUERY_TABLE_CMEK_DISABLED",
 *                                 ModuleEnablementState = "ENABLED",
 *                             },
 *                         },
 *                         Description = "enable BIGQUERY_TABLE_CMEK_DISABLED",
 *                     },
 *                     new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
 *                     {
 *                         PolicyId = "sha_custom_module",
 *                         Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
 *                         {
 *                             SecurityHealthAnalyticsCustomModule = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs
 *                             {
 *                                 DisplayName = "custom_SHA_policy",
 *                                 Config = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs
 *                                 {
 *                                     Predicate = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs
 *                                     {
 *                                         Expression = "resource.rotationPeriod > duration('2592000s')",
 *                                     },
 *                                     CustomOutput = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs
 *                                     {
 *                                         Properties = new[]
 *                                         {
 *                                             new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs
 *                                             {
 *                                                 Name = "duration",
 *                                                 ValueExpression = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs
 *                                                 {
 *                                                     Expression = "resource.rotationPeriod",
 *                                                 },
 *                                             },
 *                                         },
 *                                     },
 *                                     ResourceSelector = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs
 *                                     {
 *                                         ResourceTypes = new[]
 *                                         {
 *                                             "cloudkms.googleapis.com/CryptoKey",
 *                                         },
 *                                     },
 *                                     Severity = "LOW",
 *                                     Description = "Custom Module",
 *                                     Recommendation = "Testing custom modules",
 *                                 },
 *                                 ModuleEnablementState = "ENABLED",
 *                             },
 *                         },
 *                     },
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securityposture"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := securityposture.NewPosture(ctx, "posture1", &securityposture.PostureArgs{
 * 			PostureId:   pulumi.String("posture_example"),
 * 			Parent:      pulumi.String("organizations/123456789"),
 * 			Location:    pulumi.String("global"),
 * 			State:       pulumi.String("ACTIVE"),
 * 			Description: pulumi.String("a new posture"),
 * 			PolicySets: securityposture.PosturePolicySetArray{
 * 				&securityposture.PosturePolicySetArgs{
 * 					PolicySetId: pulumi.String("org_policy_set"),
 * 					Description: pulumi.String("set of org policies"),
 * 					Policies: securityposture.PosturePolicySetPolicyArray{
 * 						&securityposture.PosturePolicySetPolicyArgs{
 * 							PolicyId: pulumi.String("canned_org_policy"),
 * 							Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
 * 								OrgPolicyConstraint: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs{
 * 									CannedConstraintId: pulumi.String("storage.uniformBucketLevelAccess"),
 * 									PolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArray{
 * 										&securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs{
 * 											Enforce: pulumi.Bool(true),
 * 											Condition: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs{
 * 												Description: pulumi.String("condition description"),
 * 												Expression:  pulumi.String("resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')"),
 * 												Title:       pulumi.String("a CEL condition"),
 * 											},
 * 										},
 * 									},
 * 								},
 * 							},
 * 						},
 * 						&securityposture.PosturePolicySetPolicyArgs{
 * 							PolicyId: pulumi.String("custom_org_policy"),
 * 							Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
 * 								OrgPolicyConstraintCustom: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs{
 * 									CustomConstraint: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs{
 * 										Name:        pulumi.String("organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade"),
 * 										DisplayName: pulumi.String("Disable GKE auto upgrade"),
 * 										Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
 * 										ActionType:  pulumi.String("ALLOW"),
 * 										Condition:   pulumi.String("resource.management.autoUpgrade == false"),
 * 										MethodTypes: pulumi.StringArray{
 * 											pulumi.String("CREATE"),
 * 											pulumi.String("UPDATE"),
 * 										},
 * 										ResourceTypes: pulumi.StringArray{
 * 											pulumi.String("container.googleapis.com/NodePool"),
 * 										},
 * 									},
 * 									PolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArray{
 * 										&securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs{
 * 											Enforce: pulumi.Bool(true),
 * 											Condition: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs{
 * 												Description: pulumi.String("condition description"),
 * 												Expression:  pulumi.String("resource.matchTagId('tagKeys/key_id','tagValues/value_id')"),
 * 												Title:       pulumi.String("a CEL condition"),
 * 											},
 * 										},
 * 									},
 * 								},
 * 							},
 * 						},
 * 					},
 * 				},
 * 				&securityposture.PosturePolicySetArgs{
 * 					PolicySetId: pulumi.String("sha_policy_set"),
 * 					Description: pulumi.String("set of sha policies"),
 * 					Policies: securityposture.PosturePolicySetPolicyArray{
 * 						&securityposture.PosturePolicySetPolicyArgs{
 * 							PolicyId: pulumi.String("sha_builtin_module"),
 * 							Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
 * 								SecurityHealthAnalyticsModule: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs{
 * 									ModuleName:            pulumi.String("BIGQUERY_TABLE_CMEK_DISABLED"),
 * 									ModuleEnablementState: pulumi.String("ENABLED"),
 * 								},
 * 							},
 * 							Description: pulumi.String("enable BIGQUERY_TABLE_CMEK_DISABLED"),
 * 						},
 * 						&securityposture.PosturePolicySetPolicyArgs{
 * 							PolicyId: pulumi.String("sha_custom_module"),
 * 							Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
 * 								SecurityHealthAnalyticsCustomModule: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs{
 * 									DisplayName: pulumi.String("custom_SHA_policy"),
 * 									Config: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs{
 * 										Predicate: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs{
 * 											Expression: pulumi.String("resource.rotationPeriod > duration('2592000s')"),
 * 										},
 * 										CustomOutput: securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs{
 * 											Properties: securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArray{
 * 												&securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs{
 * 													Name: pulumi.String("duration"),
 * 													ValueExpression: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs{
 * 														Expression: pulumi.String("resource.rotationPeriod"),
 * 													},
 * 												},
 * 											},
 * 										},
 * 										ResourceSelector: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs{
 * 											ResourceTypes: pulumi.StringArray{
 * 												pulumi.String("cloudkms.googleapis.com/CryptoKey"),
 * 											},
 * 										},
 * 										Severity:       pulumi.String("LOW"),
 * 										Description:    pulumi.String("Custom Module"),
 * 										Recommendation: pulumi.String("Testing custom modules"),
 * 									},
 * 									ModuleEnablementState: pulumi.String("ENABLED"),
 * 								},
 * 							},
 * 						},
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.securityposture.Posture;
 * import com.pulumi.gcp.securityposture.PostureArgs;
 * import com.pulumi.gcp.securityposture.inputs.PosturePolicySetArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var posture1 = new Posture("posture1", PostureArgs.builder()
 *             .postureId("posture_example")
 *             .parent("organizations/123456789")
 *             .location("global")
 *             .state("ACTIVE")
 *             .description("a new posture")
 *             .policySets(
 *                 PosturePolicySetArgs.builder()
 *                     .policySetId("org_policy_set")
 *                     .description("set of org policies")
 *                     .policies(
 *                         PosturePolicySetPolicyArgs.builder()
 *                             .policyId("canned_org_policy")
 *                             .constraint(PosturePolicySetPolicyConstraintArgs.builder()
 *                                 .orgPolicyConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs.builder()
 *                                     .cannedConstraintId("storage.uniformBucketLevelAccess")
 *                                     .policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs.builder()
 *                                         .enforce(true)
 *                                         .condition(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs.builder()
 *                                             .description("condition description")
 *                                             .expression("resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')")
 *                                             .title("a CEL condition")
 *                                             .build())
 *                                         .build())
 *                                     .build())
 *                                 .build())
 *                             .build(),
 *                         PosturePolicySetPolicyArgs.builder()
 *                             .policyId("custom_org_policy")
 *                             .constraint(PosturePolicySetPolicyConstraintArgs.builder()
 *                                 .orgPolicyConstraintCustom(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs.builder()
 *                                     .customConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs.builder()
 *                                         .name("organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade")
 *                                         .displayName("Disable GKE auto upgrade")
 *                                         .description("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.")
 *                                         .actionType("ALLOW")
 *                                         .condition("resource.management.autoUpgrade == false")
 *                                         .methodTypes(
 *                                             "CREATE",
 *                                             "UPDATE")
 *                                         .resourceTypes("container.googleapis.com/NodePool")
 *                                         .build())
 *                                     .policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs.builder()
 *                                         .enforce(true)
 *                                         .condition(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs.builder()
 *                                             .description("condition description")
 *                                             .expression("resource.matchTagId('tagKeys/key_id','tagValues/value_id')")
 *                                             .title("a CEL condition")
 *                                             .build())
 *                                         .build())
 *                                     .build())
 *                                 .build())
 *                             .build())
 *                     .build(),
 *                 PosturePolicySetArgs.builder()
 *                     .policySetId("sha_policy_set")
 *                     .description("set of sha policies")
 *                     .policies(
 *                         PosturePolicySetPolicyArgs.builder()
 *                             .policyId("sha_builtin_module")
 *                             .constraint(PosturePolicySetPolicyConstraintArgs.builder()
 *                                 .securityHealthAnalyticsModule(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs.builder()
 *                                     .moduleName("BIGQUERY_TABLE_CMEK_DISABLED")
 *                                     .moduleEnablementState("ENABLED")
 *                                     .build())
 *                                 .build())
 *                             .description("enable BIGQUERY_TABLE_CMEK_DISABLED")
 *                             .build(),
 *                         PosturePolicySetPolicyArgs.builder()
 *                             .policyId("sha_custom_module")
 *                             .constraint(PosturePolicySetPolicyConstraintArgs.builder()
 *                                 .securityHealthAnalyticsCustomModule(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs.builder()
 *                                     .displayName("custom_SHA_policy")
 *                                     .config(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs.builder()
 *                                         .predicate(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs.builder()
 *                                             .expression("resource.rotationPeriod > duration('2592000s')")
 *                                             .build())
 *                                         .customOutput(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs.builder()
 *                                             .properties(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs.builder()
 *                                                 .name("duration")
 *                                                 .valueExpression(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs.builder()
 *                                                     .expression("resource.rotationPeriod")
 *                                                     .build())
 *                                                 .build())
 *                                             .build())
 *                                         .resourceSelector(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs.builder()
 *                                             .resourceTypes("cloudkms.googleapis.com/CryptoKey")
 *                                             .build())
 *                                         .severity("LOW")
 *                                         .description("Custom Module")
 *                                         .recommendation("Testing custom modules")
 *                                         .build())
 *                                     .moduleEnablementState("ENABLED")
 *                                     .build())
 *                                 .build())
 *                             .build())
 *                     .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   posture1:
 *     type: gcp:securityposture:Posture
 *     properties:
 *       postureId: posture_example
 *       parent: organizations/123456789
 *       location: global
 *       state: ACTIVE
 *       description: a new posture
 *       policySets:
 *         - policySetId: org_policy_set
 *           description: set of org policies
 *           policies:
 *             - policyId: canned_org_policy
 *               constraint:
 *                 orgPolicyConstraint:
 *                   cannedConstraintId: storage.uniformBucketLevelAccess
 *                   policyRules:
 *                     - enforce: true
 *                       condition:
 *                         description: condition description
 *                         expression: resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')
 *                         title: a CEL condition
 *             - policyId: custom_org_policy
 *               constraint:
 *                 orgPolicyConstraintCustom:
 *                   customConstraint:
 *                     name: organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade
 *                     displayName: Disable GKE auto upgrade
 *                     description: Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.
 *                     actionType: ALLOW
 *                     condition: resource.management.autoUpgrade == false
 *                     methodTypes:
 *                       - CREATE
 *                       - UPDATE
 *                     resourceTypes:
 *                       - container.googleapis.com/NodePool
 *                   policyRules:
 *                     - enforce: true
 *                       condition:
 *                         description: condition description
 *                         expression: resource.matchTagId('tagKeys/key_id','tagValues/value_id')
 *                         title: a CEL condition
 *         - policySetId: sha_policy_set
 *           description: set of sha policies
 *           policies:
 *             - policyId: sha_builtin_module
 *               constraint:
 *                 securityHealthAnalyticsModule:
 *                   moduleName: BIGQUERY_TABLE_CMEK_DISABLED
 *                   moduleEnablementState: ENABLED
 *               description: enable BIGQUERY_TABLE_CMEK_DISABLED
 *             - policyId: sha_custom_module
 *               constraint:
 *                 securityHealthAnalyticsCustomModule:
 *                   displayName: custom_SHA_policy
 *                   config:
 *                     predicate:
 *                       expression: resource.rotationPeriod > duration('2592000s')
 *                     customOutput:
 *                       properties:
 *                         - name: duration
 *                           valueExpression:
 *                             expression: resource.rotationPeriod
 *                     resourceSelector:
 *                       resourceTypes:
 *                         - cloudkms.googleapis.com/CryptoKey
 *                     severity: LOW
 *                     description: Custom Module
 *                     recommendation: Testing custom modules
 *                   moduleEnablementState: ENABLED
 * ```
 * 
 * ## Import
 * Posture can be imported using any of these accepted formats:
 * * `{{parent}}/locations/{{location}}/postures/{{posture_id}}`
 * When using the `pulumi import` command, Posture can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:securityposture/posture:Posture default {{parent}}/locations/{{location}}/postures/{{posture_id}}
 * ```
 */
public class Posture internal constructor(
    override val javaResource: com.pulumi.gcp.securityposture.Posture,
) : KotlinCustomResource(javaResource, PostureMapper) {
    /**
     * Time the Posture was created in UTC.
     */
    public val createTime: Output
        get() = javaResource.createTime().applyValue({ args0 -> args0 })

    /**
     * Description of the posture.
     */
    public val description: Output?
        get() = javaResource.description().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * For Resource freshness validation (https://google.aip.dev/154)
     */
    public val etag: Output
        get() = javaResource.etag().applyValue({ args0 -> args0 })

    /**
     * Location of the resource, eg: global.
     */
    public val location: Output
        get() = javaResource.location().applyValue({ args0 -> args0 })

    /**
     * Name of the posture.
     */
    public val name: Output
        get() = javaResource.name().applyValue({ args0 -> args0 })

    /**
     * The parent of the resource, an organization. Format should be `organizations/{organization_id}`.
     */
    public val parent: Output
        get() = javaResource.parent().applyValue({ args0 -> args0 })

    /**
     * List of policy sets for the posture.
     * Structure is documented below.
     */
    public val policySets: Output>
        get() = javaResource.policySets().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.let({ args0 ->
                    toKotlin(args0)
                })
            })
        })

    /**
     * Id of the posture. It is an immutable field.
     */
    public val postureId: Output
        get() = javaResource.postureId().applyValue({ args0 -> args0 })

    /**
     * If set, there are currently changes in flight to the posture.
     */
    public val reconciling: Output
        get() = javaResource.reconciling().applyValue({ args0 -> args0 })

    /**
     * Revision_id of the posture.
     */
    public val revisionId: Output
        get() = javaResource.revisionId().applyValue({ args0 -> args0 })

    /**
     * State of the posture. Update to state field should not be triggered along with
     * with other field updates.
     * Possible values are: `DEPRECATED`, `DRAFT`, `ACTIVE`.
     */
    public val state: Output
        get() = javaResource.state().applyValue({ args0 -> args0 })

    /**
     * Time the Posture was updated in UTC.
     */
    public val updateTime: Output
        get() = javaResource.updateTime().applyValue({ args0 -> args0 })
}

public object PostureMapper : ResourceMapper {
    override fun supportsMappingOfType(javaResource: Resource): Boolean =
        com.pulumi.gcp.securityposture.Posture::class == javaResource::class

    override fun map(javaResource: Resource): Posture = Posture(
        javaResource as
            com.pulumi.gcp.securityposture.Posture,
    )
}

/**
 * @see [Posture].
 * @param name The _unique_ name of the resulting resource.
 * @param block Builder for [Posture].
 */
public suspend fun posture(name: String, block: suspend PostureResourceBuilder.() -> Unit): Posture {
    val builder = PostureResourceBuilder()
    builder.name(name)
    block(builder)
    return builder.build()
}

/**
 * @see [Posture].
 * @param name The _unique_ name of the resulting resource.
 */
public fun posture(name: String): Posture {
    val builder = PostureResourceBuilder()
    builder.name(name)
    return builder.build()
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy