Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
com.pulumi.gcp.orgpolicy.kotlin.Policy.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.orgpolicy.kotlin
import com.pulumi.core.Output
import com.pulumi.gcp.orgpolicy.kotlin.outputs.PolicyDryRunSpec
import com.pulumi.gcp.orgpolicy.kotlin.outputs.PolicySpec
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import com.pulumi.gcp.orgpolicy.kotlin.outputs.PolicyDryRunSpec.Companion.toKotlin as policyDryRunSpecToKotlin
import com.pulumi.gcp.orgpolicy.kotlin.outputs.PolicySpec.Companion.toKotlin as policySpecToKotlin
/**
* Builder for [Policy].
*/
@PulumiTagMarker
public class PolicyResourceBuilder internal constructor() {
public var name: String? = null
public var args: PolicyArgs = PolicyArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend PolicyArgsBuilder.() -> Unit) {
val builder = PolicyArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): Policy {
val builtJavaResource = com.pulumi.gcp.orgpolicy.Policy(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return Policy(builtJavaResource)
}
}
/**
* Defines an organization policy which is used to specify constraints for configurations of Google Cloud resources.
* To get more information about Policy, see:
* * [API documentation](https://cloud.google.com/resource-manager/docs/reference/orgpolicy/rest/v2/organizations.policies)
* * How-to Guides
* * [Official Documentation](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints)
* * [Supported Services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services)
* ## Example Usage
* ### Org Policy Policy Enforce
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const basic = new gcp.organizations.Project("basic", {
* projectId: "id",
* name: "id",
* orgId: "123456789",
* });
* const primary = new gcp.orgpolicy.Policy("primary", {
* name: pulumi.interpolate`projects/${basic.name}/policies/iam.disableServiceAccountKeyUpload`,
* parent: pulumi.interpolate`projects/${basic.name}`,
* spec: {
* rules: [{
* enforce: "FALSE",
* }],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* basic = gcp.organizations.Project("basic",
* project_id="id",
* name="id",
* org_id="123456789")
* primary = gcp.orgpolicy.Policy("primary",
* name=basic.name.apply(lambda name: f"projects/{name}/policies/iam.disableServiceAccountKeyUpload"),
* parent=basic.name.apply(lambda name: f"projects/{name}"),
* spec={
* "rules": [{
* "enforce": "FALSE",
* }],
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var basic = new Gcp.Organizations.Project("basic", new()
* {
* ProjectId = "id",
* Name = "id",
* OrgId = "123456789",
* });
* var primary = new Gcp.OrgPolicy.Policy("primary", new()
* {
* Name = basic.Name.Apply(name => $"projects/{name}/policies/iam.disableServiceAccountKeyUpload"),
* Parent = basic.Name.Apply(name => $"projects/{name}"),
* Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
* {
* Rules = new[]
* {
* new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
* {
* Enforce = "FALSE",
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
* ProjectId: pulumi.String("id"),
* Name: pulumi.String("id"),
* OrgId: pulumi.String("123456789"),
* })
* if err != nil {
* return err
* }
* _, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
* Name: basic.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("projects/%v/policies/iam.disableServiceAccountKeyUpload", name), nil
* }).(pulumi.StringOutput),
* Parent: basic.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("projects/%v", name), nil
* }).(pulumi.StringOutput),
* Spec: &orgpolicy.PolicySpecArgs{
* Rules: orgpolicy.PolicySpecRuleArray{
* &orgpolicy.PolicySpecRuleArgs{
* Enforce: pulumi.String("FALSE"),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.Project;
* import com.pulumi.gcp.organizations.ProjectArgs;
* import com.pulumi.gcp.orgpolicy.Policy;
* import com.pulumi.gcp.orgpolicy.PolicyArgs;
* import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var basic = new Project("basic", ProjectArgs.builder()
* .projectId("id")
* .name("id")
* .orgId("123456789")
* .build());
* var primary = new Policy("primary", PolicyArgs.builder()
* .name(basic.name().applyValue(name -> String.format("projects/%s/policies/iam.disableServiceAccountKeyUpload", name)))
* .parent(basic.name().applyValue(name -> String.format("projects/%s", name)))
* .spec(PolicySpecArgs.builder()
* .rules(PolicySpecRuleArgs.builder()
* .enforce("FALSE")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* primary:
* type: gcp:orgpolicy:Policy
* properties:
* name: projects/${basic.name}/policies/iam.disableServiceAccountKeyUpload
* parent: projects/${basic.name}
* spec:
* rules:
* - enforce: FALSE
* basic:
* type: gcp:organizations:Project
* properties:
* projectId: id
* name: id
* orgId: '123456789'
* ```
*
* ### Org Policy Policy Folder
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const basic = new gcp.organizations.Folder("basic", {
* parent: "organizations/123456789",
* displayName: "folder",
* });
* const primary = new gcp.orgpolicy.Policy("primary", {
* name: pulumi.interpolate`${basic.name}/policies/gcp.resourceLocations`,
* parent: basic.name,
* spec: {
* inheritFromParent: true,
* rules: [{
* denyAll: "TRUE",
* }],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* basic = gcp.organizations.Folder("basic",
* parent="organizations/123456789",
* display_name="folder")
* primary = gcp.orgpolicy.Policy("primary",
* name=basic.name.apply(lambda name: f"{name}/policies/gcp.resourceLocations"),
* parent=basic.name,
* spec={
* "inherit_from_parent": True,
* "rules": [{
* "deny_all": "TRUE",
* }],
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var basic = new Gcp.Organizations.Folder("basic", new()
* {
* Parent = "organizations/123456789",
* DisplayName = "folder",
* });
* var primary = new Gcp.OrgPolicy.Policy("primary", new()
* {
* Name = basic.Name.Apply(name => $"{name}/policies/gcp.resourceLocations"),
* Parent = basic.Name,
* Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
* {
* InheritFromParent = true,
* Rules = new[]
* {
* new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
* {
* DenyAll = "TRUE",
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* basic, err := organizations.NewFolder(ctx, "basic", &organizations.FolderArgs{
* Parent: pulumi.String("organizations/123456789"),
* DisplayName: pulumi.String("folder"),
* })
* if err != nil {
* return err
* }
* _, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
* Name: basic.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("%v/policies/gcp.resourceLocations", name), nil
* }).(pulumi.StringOutput),
* Parent: basic.Name,
* Spec: &orgpolicy.PolicySpecArgs{
* InheritFromParent: pulumi.Bool(true),
* Rules: orgpolicy.PolicySpecRuleArray{
* &orgpolicy.PolicySpecRuleArgs{
* DenyAll: pulumi.String("TRUE"),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.Folder;
* import com.pulumi.gcp.organizations.FolderArgs;
* import com.pulumi.gcp.orgpolicy.Policy;
* import com.pulumi.gcp.orgpolicy.PolicyArgs;
* import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var basic = new Folder("basic", FolderArgs.builder()
* .parent("organizations/123456789")
* .displayName("folder")
* .build());
* var primary = new Policy("primary", PolicyArgs.builder()
* .name(basic.name().applyValue(name -> String.format("%s/policies/gcp.resourceLocations", name)))
* .parent(basic.name())
* .spec(PolicySpecArgs.builder()
* .inheritFromParent(true)
* .rules(PolicySpecRuleArgs.builder()
* .denyAll("TRUE")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* primary:
* type: gcp:orgpolicy:Policy
* properties:
* name: ${basic.name}/policies/gcp.resourceLocations
* parent: ${basic.name}
* spec:
* inheritFromParent: true
* rules:
* - denyAll: TRUE
* basic:
* type: gcp:organizations:Folder
* properties:
* parent: organizations/123456789
* displayName: folder
* ```
*
* ### Org Policy Policy Organization
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const primary = new gcp.orgpolicy.Policy("primary", {
* name: "organizations/123456789/policies/gcp.detailedAuditLoggingMode",
* parent: "organizations/123456789",
* spec: {
* reset: true,
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* primary = gcp.orgpolicy.Policy("primary",
* name="organizations/123456789/policies/gcp.detailedAuditLoggingMode",
* parent="organizations/123456789",
* spec={
* "reset": True,
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var primary = new Gcp.OrgPolicy.Policy("primary", new()
* {
* Name = "organizations/123456789/policies/gcp.detailedAuditLoggingMode",
* Parent = "organizations/123456789",
* Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
* {
* Reset = true,
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
* Name: pulumi.String("organizations/123456789/policies/gcp.detailedAuditLoggingMode"),
* Parent: pulumi.String("organizations/123456789"),
* Spec: &orgpolicy.PolicySpecArgs{
* Reset: pulumi.Bool(true),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.orgpolicy.Policy;
* import com.pulumi.gcp.orgpolicy.PolicyArgs;
* import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var primary = new Policy("primary", PolicyArgs.builder()
* .name("organizations/123456789/policies/gcp.detailedAuditLoggingMode")
* .parent("organizations/123456789")
* .spec(PolicySpecArgs.builder()
* .reset(true)
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* primary:
* type: gcp:orgpolicy:Policy
* properties:
* name: organizations/123456789/policies/gcp.detailedAuditLoggingMode
* parent: organizations/123456789
* spec:
* reset: true
* ```
*
* ### Org Policy Policy Project
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const basic = new gcp.organizations.Project("basic", {
* projectId: "id",
* name: "id",
* orgId: "123456789",
* });
* const primary = new gcp.orgpolicy.Policy("primary", {
* name: pulumi.interpolate`projects/${basic.name}/policies/gcp.resourceLocations`,
* parent: pulumi.interpolate`projects/${basic.name}`,
* spec: {
* rules: [
* {
* condition: {
* description: "A sample condition for the policy",
* expression: "resource.matchTagId('tagKeys/123', 'tagValues/345')",
* location: "sample-location.log",
* title: "sample-condition",
* },
* values: {
* allowedValues: ["projects/allowed-project"],
* deniedValues: ["projects/denied-project"],
* },
* },
* {
* allowAll: "TRUE",
* },
* ],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* basic = gcp.organizations.Project("basic",
* project_id="id",
* name="id",
* org_id="123456789")
* primary = gcp.orgpolicy.Policy("primary",
* name=basic.name.apply(lambda name: f"projects/{name}/policies/gcp.resourceLocations"),
* parent=basic.name.apply(lambda name: f"projects/{name}"),
* spec={
* "rules": [
* {
* "condition": {
* "description": "A sample condition for the policy",
* "expression": "resource.matchTagId('tagKeys/123', 'tagValues/345')",
* "location": "sample-location.log",
* "title": "sample-condition",
* },
* "values": {
* "allowed_values": ["projects/allowed-project"],
* "denied_values": ["projects/denied-project"],
* },
* },
* {
* "allow_all": "TRUE",
* },
* ],
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var basic = new Gcp.Organizations.Project("basic", new()
* {
* ProjectId = "id",
* Name = "id",
* OrgId = "123456789",
* });
* var primary = new Gcp.OrgPolicy.Policy("primary", new()
* {
* Name = basic.Name.Apply(name => $"projects/{name}/policies/gcp.resourceLocations"),
* Parent = basic.Name.Apply(name => $"projects/{name}"),
* Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
* {
* Rules = new[]
* {
* new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
* {
* Condition = new Gcp.OrgPolicy.Inputs.PolicySpecRuleConditionArgs
* {
* Description = "A sample condition for the policy",
* Expression = "resource.matchTagId('tagKeys/123', 'tagValues/345')",
* Location = "sample-location.log",
* Title = "sample-condition",
* },
* Values = new Gcp.OrgPolicy.Inputs.PolicySpecRuleValuesArgs
* {
* AllowedValues = new[]
* {
* "projects/allowed-project",
* },
* DeniedValues = new[]
* {
* "projects/denied-project",
* },
* },
* },
* new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
* {
* AllowAll = "TRUE",
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
* ProjectId: pulumi.String("id"),
* Name: pulumi.String("id"),
* OrgId: pulumi.String("123456789"),
* })
* if err != nil {
* return err
* }
* _, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
* Name: basic.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("projects/%v/policies/gcp.resourceLocations", name), nil
* }).(pulumi.StringOutput),
* Parent: basic.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("projects/%v", name), nil
* }).(pulumi.StringOutput),
* Spec: &orgpolicy.PolicySpecArgs{
* Rules: orgpolicy.PolicySpecRuleArray{
* &orgpolicy.PolicySpecRuleArgs{
* Condition: &orgpolicy.PolicySpecRuleConditionArgs{
* Description: pulumi.String("A sample condition for the policy"),
* Expression: pulumi.String("resource.matchTagId('tagKeys/123', 'tagValues/345')"),
* Location: pulumi.String("sample-location.log"),
* Title: pulumi.String("sample-condition"),
* },
* Values: &orgpolicy.PolicySpecRuleValuesArgs{
* AllowedValues: pulumi.StringArray{
* pulumi.String("projects/allowed-project"),
* },
* DeniedValues: pulumi.StringArray{
* pulumi.String("projects/denied-project"),
* },
* },
* },
* &orgpolicy.PolicySpecRuleArgs{
* AllowAll: pulumi.String("TRUE"),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.Project;
* import com.pulumi.gcp.organizations.ProjectArgs;
* import com.pulumi.gcp.orgpolicy.Policy;
* import com.pulumi.gcp.orgpolicy.PolicyArgs;
* import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var basic = new Project("basic", ProjectArgs.builder()
* .projectId("id")
* .name("id")
* .orgId("123456789")
* .build());
* var primary = new Policy("primary", PolicyArgs.builder()
* .name(basic.name().applyValue(name -> String.format("projects/%s/policies/gcp.resourceLocations", name)))
* .parent(basic.name().applyValue(name -> String.format("projects/%s", name)))
* .spec(PolicySpecArgs.builder()
* .rules(
* PolicySpecRuleArgs.builder()
* .condition(PolicySpecRuleConditionArgs.builder()
* .description("A sample condition for the policy")
* .expression("resource.matchTagId('tagKeys/123', 'tagValues/345')")
* .location("sample-location.log")
* .title("sample-condition")
* .build())
* .values(PolicySpecRuleValuesArgs.builder()
* .allowedValues("projects/allowed-project")
* .deniedValues("projects/denied-project")
* .build())
* .build(),
* PolicySpecRuleArgs.builder()
* .allowAll("TRUE")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* primary:
* type: gcp:orgpolicy:Policy
* properties:
* name: projects/${basic.name}/policies/gcp.resourceLocations
* parent: projects/${basic.name}
* spec:
* rules:
* - condition:
* description: A sample condition for the policy
* expression: resource.matchTagId('tagKeys/123', 'tagValues/345')
* location: sample-location.log
* title: sample-condition
* values:
* allowedValues:
* - projects/allowed-project
* deniedValues:
* - projects/denied-project
* - allowAll: TRUE
* basic:
* type: gcp:organizations:Project
* properties:
* projectId: id
* name: id
* orgId: '123456789'
* ```
*
* ### Org Policy Policy Dry Run Spec
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const constraint = new gcp.orgpolicy.CustomConstraint("constraint", {
* name: "custom.disableGkeAutoUpgrade_37559",
* parent: "organizations/123456789",
* displayName: "Disable GKE auto upgrade",
* description: "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
* actionType: "ALLOW",
* condition: "resource.management.autoUpgrade == false",
* methodTypes: ["CREATE"],
* resourceTypes: ["container.googleapis.com/NodePool"],
* });
* const primary = new gcp.orgpolicy.Policy("primary", {
* name: pulumi.interpolate`organizations/123456789/policies/${constraint.name}`,
* parent: "organizations/123456789",
* spec: {
* rules: [{
* enforce: "FALSE",
* }],
* },
* dryRunSpec: {
* inheritFromParent: false,
* reset: false,
* rules: [{
* enforce: "FALSE",
* }],
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* constraint = gcp.orgpolicy.CustomConstraint("constraint",
* name="custom.disableGkeAutoUpgrade_37559",
* parent="organizations/123456789",
* display_name="Disable GKE auto upgrade",
* description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
* action_type="ALLOW",
* condition="resource.management.autoUpgrade == false",
* method_types=["CREATE"],
* resource_types=["container.googleapis.com/NodePool"])
* primary = gcp.orgpolicy.Policy("primary",
* name=constraint.name.apply(lambda name: f"organizations/123456789/policies/{name}"),
* parent="organizations/123456789",
* spec={
* "rules": [{
* "enforce": "FALSE",
* }],
* },
* dry_run_spec={
* "inherit_from_parent": False,
* "reset": False,
* "rules": [{
* "enforce": "FALSE",
* }],
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var constraint = new Gcp.OrgPolicy.CustomConstraint("constraint", new()
* {
* Name = "custom.disableGkeAutoUpgrade_37559",
* Parent = "organizations/123456789",
* DisplayName = "Disable GKE auto upgrade",
* Description = "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
* ActionType = "ALLOW",
* Condition = "resource.management.autoUpgrade == false",
* MethodTypes = new[]
* {
* "CREATE",
* },
* ResourceTypes = new[]
* {
* "container.googleapis.com/NodePool",
* },
* });
* var primary = new Gcp.OrgPolicy.Policy("primary", new()
* {
* Name = constraint.Name.Apply(name => $"organizations/123456789/policies/{name}"),
* Parent = "organizations/123456789",
* Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs
* {
* Rules = new[]
* {
* new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs
* {
* Enforce = "FALSE",
* },
* },
* },
* DryRunSpec = new Gcp.OrgPolicy.Inputs.PolicyDryRunSpecArgs
* {
* InheritFromParent = false,
* Reset = false,
* Rules = new[]
* {
* new Gcp.OrgPolicy.Inputs.PolicyDryRunSpecRuleArgs
* {
* Enforce = "FALSE",
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* constraint, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
* Name: pulumi.String("custom.disableGkeAutoUpgrade_37559"),
* Parent: pulumi.String("organizations/123456789"),
* DisplayName: pulumi.String("Disable GKE auto upgrade"),
* Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
* ActionType: pulumi.String("ALLOW"),
* Condition: pulumi.String("resource.management.autoUpgrade == false"),
* MethodTypes: pulumi.StringArray{
* pulumi.String("CREATE"),
* },
* ResourceTypes: pulumi.StringArray{
* pulumi.String("container.googleapis.com/NodePool"),
* },
* })
* if err != nil {
* return err
* }
* _, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
* Name: constraint.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("organizations/123456789/policies/%v", name), nil
* }).(pulumi.StringOutput),
* Parent: pulumi.String("organizations/123456789"),
* Spec: &orgpolicy.PolicySpecArgs{
* Rules: orgpolicy.PolicySpecRuleArray{
* &orgpolicy.PolicySpecRuleArgs{
* Enforce: pulumi.String("FALSE"),
* },
* },
* },
* DryRunSpec: &orgpolicy.PolicyDryRunSpecArgs{
* InheritFromParent: pulumi.Bool(false),
* Reset: pulumi.Bool(false),
* Rules: orgpolicy.PolicyDryRunSpecRuleArray{
* &orgpolicy.PolicyDryRunSpecRuleArgs{
* Enforce: pulumi.String("FALSE"),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.orgpolicy.CustomConstraint;
* import com.pulumi.gcp.orgpolicy.CustomConstraintArgs;
* import com.pulumi.gcp.orgpolicy.Policy;
* import com.pulumi.gcp.orgpolicy.PolicyArgs;
* import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
* import com.pulumi.gcp.orgpolicy.inputs.PolicyDryRunSpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var constraint = new CustomConstraint("constraint", CustomConstraintArgs.builder()
* .name("custom.disableGkeAutoUpgrade_37559")
* .parent("organizations/123456789")
* .displayName("Disable GKE auto upgrade")
* .description("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.")
* .actionType("ALLOW")
* .condition("resource.management.autoUpgrade == false")
* .methodTypes("CREATE")
* .resourceTypes("container.googleapis.com/NodePool")
* .build());
* var primary = new Policy("primary", PolicyArgs.builder()
* .name(constraint.name().applyValue(name -> String.format("organizations/123456789/policies/%s", name)))
* .parent("organizations/123456789")
* .spec(PolicySpecArgs.builder()
* .rules(PolicySpecRuleArgs.builder()
* .enforce("FALSE")
* .build())
* .build())
* .dryRunSpec(PolicyDryRunSpecArgs.builder()
* .inheritFromParent(false)
* .reset(false)
* .rules(PolicyDryRunSpecRuleArgs.builder()
* .enforce("FALSE")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* constraint:
* type: gcp:orgpolicy:CustomConstraint
* properties:
* name: custom.disableGkeAutoUpgrade_37559
* parent: organizations/123456789
* displayName: Disable GKE auto upgrade
* description: Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.
* actionType: ALLOW
* condition: resource.management.autoUpgrade == false
* methodTypes:
* - CREATE
* resourceTypes:
* - container.googleapis.com/NodePool
* primary:
* type: gcp:orgpolicy:Policy
* properties:
* name: organizations/123456789/policies/${constraint.name}
* parent: organizations/123456789
* spec:
* rules:
* - enforce: FALSE
* dryRunSpec:
* inheritFromParent: false
* reset: false
* rules:
* - enforce: FALSE
* ```
*
* ## Import
* Policy can be imported using any of these accepted formats:
* * `{{parent}}/policies/{{name}}`
* When using the `pulumi import` command, Policy can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:orgpolicy/policy:Policy default {{parent}}/policies/{{name}}
* ```
*/
public class Policy internal constructor(
override val javaResource: com.pulumi.gcp.orgpolicy.Policy,
) : KotlinCustomResource(javaResource, PolicyMapper) {
/**
* Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
* Structure is documented below.
*/
public val dryRunSpec: Output?
get() = javaResource.dryRunSpec().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
policyDryRunSpecToKotlin(args0)
})
}).orElse(null)
})
/**
* Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
*/
public val etag: Output
get() = javaResource.etag().applyValue({ args0 -> args0 })
/**
* Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* The parent of the resource.
* - - -
*/
public val parent: Output
get() = javaResource.parent().applyValue({ args0 -> args0 })
/**
* Basic information about the Organization Policy.
* Structure is documented below.
*/
public val spec: Output?
get() = javaResource.spec().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
policySpecToKotlin(args0)
})
}).orElse(null)
})
}
public object PolicyMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.gcp.orgpolicy.Policy::class == javaResource::class
override fun map(javaResource: Resource): Policy = Policy(
javaResource as
com.pulumi.gcp.orgpolicy.Policy,
)
}
/**
* @see [Policy].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [Policy].
*/
public suspend fun policy(name: String, block: suspend PolicyResourceBuilder.() -> Unit): Policy {
val builder = PolicyResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [Policy].
* @param name The _unique_ name of the resulting resource.
*/
public fun policy(name: String): Policy {
val builder = PolicyResourceBuilder()
builder.name(name)
return builder.build()
}
