orgpolicy

package
v6.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 14, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Policy

type Policy struct {
	pulumi.CustomResourceState

	// Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
	Name pulumi.StringOutput `pulumi:"name"`
	// The parent of the resource.
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Basic information about the Organization Policy.
	Spec PolicySpecPtrOutput `pulumi:"spec"`
}

An organization policy gives you programmatic control over your organization's cloud resources. Using Organization Policies, you will be able to configure constraints across your entire resource hierarchy.

For more information, see: * [Understanding Org Policy concepts](https://cloud.google.com/resource-manager/docs/organization-policy/overview) * [The resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy) * [All valid constraints](https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints) ## Example Usage ### Enforce_policy A test of an enforce orgpolicy policy for a project ```go package main

import (

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
			OrgId:     pulumi.String("123456789"),
			ProjectId: pulumi.String("id"),
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Parent: basic.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("%v%v", "projects/", name), nil
			}).(pulumi.StringOutput),
			Spec: &orgpolicy.PolicySpecArgs{
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						Enforce: pulumi.String("FALSE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Folder_policy A test of an orgpolicy policy for a folder ```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basic, err := organizations.NewFolder(ctx, "basic", &organizations.FolderArgs{
			Parent:      pulumi.String("organizations/123456789"),
			DisplayName: pulumi.String("folder"),
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Parent: basic.Name,
			Spec: &orgpolicy.PolicySpecArgs{
				InheritFromParent: pulumi.Bool(true),
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						DenyAll: pulumi.String("TRUE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Organization_policy A test of an orgpolicy policy for an organization ```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Parent: pulumi.String("organizations/123456789"),
			Spec: &orgpolicy.PolicySpecArgs{
				Reset: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Project_policy A test of an orgpolicy policy for a project ```go package main

import (

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
			OrgId:     pulumi.String("123456789"),
			ProjectId: pulumi.String("id"),
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Parent: basic.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("%v%v", "projects/", name), nil
			}).(pulumi.StringOutput),
			Spec: &orgpolicy.PolicySpecArgs{
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						Condition: &orgpolicy.PolicySpecRuleConditionArgs{
							Description: pulumi.String("A sample condition for the policy"),
							Expression:  pulumi.String("resource.matchLabels('labelKeys/123', 'labelValues/345')"),
							Location:    pulumi.String("sample-location.log"),
							Title:       pulumi.String("sample-condition"),
						},
						Values: &orgpolicy.PolicySpecRuleValuesArgs{
							AllowedValues: pulumi.StringArray{
								pulumi.String("projects/allowed-project"),
							},
							DeniedValues: pulumi.StringArray{
								pulumi.String("projects/denied-project"),
							},
						},
					},
					&orgpolicy.PolicySpecRuleArgs{
						AllowAll: pulumi.String("TRUE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Policy can be imported using any of these accepted formats

```sh

$ pulumi import gcp:orgpolicy/policy:Policy default {{parent}}/policies/{{name}}

```

```sh

$ pulumi import gcp:orgpolicy/policy:Policy default {{parent}}/{{name}}

```

func GetPolicy

func GetPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyState, opts ...pulumi.ResourceOption) (*Policy, error)

GetPolicy gets an existing Policy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicy

func NewPolicy(ctx *pulumi.Context,
	name string, args *PolicyArgs, opts ...pulumi.ResourceOption) (*Policy, error)

NewPolicy registers a new resource with the given unique name, arguments, and options.

func (*Policy) ElementType

func (*Policy) ElementType() reflect.Type

func (*Policy) ToPolicyOutput

func (i *Policy) ToPolicyOutput() PolicyOutput

func (*Policy) ToPolicyOutputWithContext

func (i *Policy) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

func (*Policy) ToPolicyPtrOutput

func (i *Policy) ToPolicyPtrOutput() PolicyPtrOutput

func (*Policy) ToPolicyPtrOutputWithContext

func (i *Policy) ToPolicyPtrOutputWithContext(ctx context.Context) PolicyPtrOutput

type PolicyArgs

type PolicyArgs struct {
	// Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
	Name pulumi.StringPtrInput
	// The parent of the resource.
	Parent pulumi.StringInput
	// Basic information about the Organization Policy.
	Spec PolicySpecPtrInput
}

The set of arguments for constructing a Policy resource.

func (PolicyArgs) ElementType

func (PolicyArgs) ElementType() reflect.Type

type PolicyArray

type PolicyArray []PolicyInput

func (PolicyArray) ElementType

func (PolicyArray) ElementType() reflect.Type

func (PolicyArray) ToPolicyArrayOutput

func (i PolicyArray) ToPolicyArrayOutput() PolicyArrayOutput

func (PolicyArray) ToPolicyArrayOutputWithContext

func (i PolicyArray) ToPolicyArrayOutputWithContext(ctx context.Context) PolicyArrayOutput

type PolicyArrayInput

type PolicyArrayInput interface {
	pulumi.Input

	ToPolicyArrayOutput() PolicyArrayOutput
	ToPolicyArrayOutputWithContext(context.Context) PolicyArrayOutput
}

PolicyArrayInput is an input type that accepts PolicyArray and PolicyArrayOutput values. You can construct a concrete instance of `PolicyArrayInput` via:

PolicyArray{ PolicyArgs{...} }

type PolicyArrayOutput

type PolicyArrayOutput struct{ *pulumi.OutputState }

func (PolicyArrayOutput) ElementType

func (PolicyArrayOutput) ElementType() reflect.Type

func (PolicyArrayOutput) Index

func (PolicyArrayOutput) ToPolicyArrayOutput

func (o PolicyArrayOutput) ToPolicyArrayOutput() PolicyArrayOutput

func (PolicyArrayOutput) ToPolicyArrayOutputWithContext

func (o PolicyArrayOutput) ToPolicyArrayOutputWithContext(ctx context.Context) PolicyArrayOutput

type PolicyInput

type PolicyInput interface {
	pulumi.Input

	ToPolicyOutput() PolicyOutput
	ToPolicyOutputWithContext(ctx context.Context) PolicyOutput
}

type PolicyMap

type PolicyMap map[string]PolicyInput

func (PolicyMap) ElementType

func (PolicyMap) ElementType() reflect.Type

func (PolicyMap) ToPolicyMapOutput

func (i PolicyMap) ToPolicyMapOutput() PolicyMapOutput

func (PolicyMap) ToPolicyMapOutputWithContext

func (i PolicyMap) ToPolicyMapOutputWithContext(ctx context.Context) PolicyMapOutput

type PolicyMapInput

type PolicyMapInput interface {
	pulumi.Input

	ToPolicyMapOutput() PolicyMapOutput
	ToPolicyMapOutputWithContext(context.Context) PolicyMapOutput
}

PolicyMapInput is an input type that accepts PolicyMap and PolicyMapOutput values. You can construct a concrete instance of `PolicyMapInput` via:

PolicyMap{ "key": PolicyArgs{...} }

type PolicyMapOutput

type PolicyMapOutput struct{ *pulumi.OutputState }

func (PolicyMapOutput) ElementType

func (PolicyMapOutput) ElementType() reflect.Type

func (PolicyMapOutput) MapIndex

func (PolicyMapOutput) ToPolicyMapOutput

func (o PolicyMapOutput) ToPolicyMapOutput() PolicyMapOutput

func (PolicyMapOutput) ToPolicyMapOutputWithContext

func (o PolicyMapOutput) ToPolicyMapOutputWithContext(ctx context.Context) PolicyMapOutput

type PolicyOutput

type PolicyOutput struct{ *pulumi.OutputState }

func (PolicyOutput) ElementType

func (PolicyOutput) ElementType() reflect.Type

func (PolicyOutput) ToPolicyOutput

func (o PolicyOutput) ToPolicyOutput() PolicyOutput

func (PolicyOutput) ToPolicyOutputWithContext

func (o PolicyOutput) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

func (PolicyOutput) ToPolicyPtrOutput

func (o PolicyOutput) ToPolicyPtrOutput() PolicyPtrOutput

func (PolicyOutput) ToPolicyPtrOutputWithContext

func (o PolicyOutput) ToPolicyPtrOutputWithContext(ctx context.Context) PolicyPtrOutput

type PolicyPtrInput

type PolicyPtrInput interface {
	pulumi.Input

	ToPolicyPtrOutput() PolicyPtrOutput
	ToPolicyPtrOutputWithContext(ctx context.Context) PolicyPtrOutput
}

type PolicyPtrOutput

type PolicyPtrOutput struct{ *pulumi.OutputState }

func (PolicyPtrOutput) Elem

func (o PolicyPtrOutput) Elem() PolicyOutput

func (PolicyPtrOutput) ElementType

func (PolicyPtrOutput) ElementType() reflect.Type

func (PolicyPtrOutput) ToPolicyPtrOutput

func (o PolicyPtrOutput) ToPolicyPtrOutput() PolicyPtrOutput

func (PolicyPtrOutput) ToPolicyPtrOutputWithContext

func (o PolicyPtrOutput) ToPolicyPtrOutputWithContext(ctx context.Context) PolicyPtrOutput

type PolicySpec

type PolicySpec struct {
	// -
	// An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.
	Etag *string `pulumi:"etag"`
	// Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.
	InheritFromParent *bool `pulumi:"inheritFromParent"`
	// Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.
	Reset *bool `pulumi:"reset"`
	// Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.
	Rules []PolicySpecRule `pulumi:"rules"`
	// -
	// Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.
	UpdateTime *string `pulumi:"updateTime"`
}

type PolicySpecArgs

type PolicySpecArgs struct {
	// -
	// An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.
	Etag pulumi.StringPtrInput `pulumi:"etag"`
	// Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.
	InheritFromParent pulumi.BoolPtrInput `pulumi:"inheritFromParent"`
	// Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.
	Reset pulumi.BoolPtrInput `pulumi:"reset"`
	// Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.
	Rules PolicySpecRuleArrayInput `pulumi:"rules"`
	// -
	// Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.
	UpdateTime pulumi.StringPtrInput `pulumi:"updateTime"`
}

func (PolicySpecArgs) ElementType

func (PolicySpecArgs) ElementType() reflect.Type

func (PolicySpecArgs) ToPolicySpecOutput

func (i PolicySpecArgs) ToPolicySpecOutput() PolicySpecOutput

func (PolicySpecArgs) ToPolicySpecOutputWithContext

func (i PolicySpecArgs) ToPolicySpecOutputWithContext(ctx context.Context) PolicySpecOutput

func (PolicySpecArgs) ToPolicySpecPtrOutput

func (i PolicySpecArgs) ToPolicySpecPtrOutput() PolicySpecPtrOutput

func (PolicySpecArgs) ToPolicySpecPtrOutputWithContext

func (i PolicySpecArgs) ToPolicySpecPtrOutputWithContext(ctx context.Context) PolicySpecPtrOutput

type PolicySpecInput

type PolicySpecInput interface {
	pulumi.Input

	ToPolicySpecOutput() PolicySpecOutput
	ToPolicySpecOutputWithContext(context.Context) PolicySpecOutput
}

PolicySpecInput is an input type that accepts PolicySpecArgs and PolicySpecOutput values. You can construct a concrete instance of `PolicySpecInput` via:

PolicySpecArgs{...}

type PolicySpecOutput

type PolicySpecOutput struct{ *pulumi.OutputState }

func (PolicySpecOutput) ElementType

func (PolicySpecOutput) ElementType() reflect.Type

func (PolicySpecOutput) Etag

- An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.

func (PolicySpecOutput) InheritFromParent

func (o PolicySpecOutput) InheritFromParent() pulumi.BoolPtrOutput

Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.

func (PolicySpecOutput) Reset

Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.

func (PolicySpecOutput) Rules

Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.

func (PolicySpecOutput) ToPolicySpecOutput

func (o PolicySpecOutput) ToPolicySpecOutput() PolicySpecOutput

func (PolicySpecOutput) ToPolicySpecOutputWithContext

func (o PolicySpecOutput) ToPolicySpecOutputWithContext(ctx context.Context) PolicySpecOutput

func (PolicySpecOutput) ToPolicySpecPtrOutput

func (o PolicySpecOutput) ToPolicySpecPtrOutput() PolicySpecPtrOutput

func (PolicySpecOutput) ToPolicySpecPtrOutputWithContext

func (o PolicySpecOutput) ToPolicySpecPtrOutputWithContext(ctx context.Context) PolicySpecPtrOutput

func (PolicySpecOutput) UpdateTime

func (o PolicySpecOutput) UpdateTime() pulumi.StringPtrOutput

- Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.

type PolicySpecPtrInput

type PolicySpecPtrInput interface {
	pulumi.Input

	ToPolicySpecPtrOutput() PolicySpecPtrOutput
	ToPolicySpecPtrOutputWithContext(context.Context) PolicySpecPtrOutput
}

PolicySpecPtrInput is an input type that accepts PolicySpecArgs, PolicySpecPtr and PolicySpecPtrOutput values. You can construct a concrete instance of `PolicySpecPtrInput` via:

        PolicySpecArgs{...}

or:

        nil

func PolicySpecPtr

func PolicySpecPtr(v *PolicySpecArgs) PolicySpecPtrInput

type PolicySpecPtrOutput

type PolicySpecPtrOutput struct{ *pulumi.OutputState }

func (PolicySpecPtrOutput) Elem

func (PolicySpecPtrOutput) ElementType

func (PolicySpecPtrOutput) ElementType() reflect.Type

func (PolicySpecPtrOutput) Etag

- An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.

func (PolicySpecPtrOutput) InheritFromParent

func (o PolicySpecPtrOutput) InheritFromParent() pulumi.BoolPtrOutput

Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.

func (PolicySpecPtrOutput) Reset

Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.

func (PolicySpecPtrOutput) Rules

Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.

func (PolicySpecPtrOutput) ToPolicySpecPtrOutput

func (o PolicySpecPtrOutput) ToPolicySpecPtrOutput() PolicySpecPtrOutput

func (PolicySpecPtrOutput) ToPolicySpecPtrOutputWithContext

func (o PolicySpecPtrOutput) ToPolicySpecPtrOutputWithContext(ctx context.Context) PolicySpecPtrOutput

func (PolicySpecPtrOutput) UpdateTime

- Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.

type PolicySpecRule

type PolicySpecRule struct {
	// Setting this to true means that all values are allowed. This field can be set only in Policies for list constraints.
	AllowAll *string `pulumi:"allowAll"`
	// A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".
	Condition *PolicySpecRuleCondition `pulumi:"condition"`
	// Setting this to true means that all values are denied. This field can be set only in Policies for list constraints.
	DenyAll *string `pulumi:"denyAll"`
	// If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.
	Enforce *string `pulumi:"enforce"`
	// List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.
	Values *PolicySpecRuleValues `pulumi:"values"`
}

type PolicySpecRuleArgs

type PolicySpecRuleArgs struct {
	// Setting this to true means that all values are allowed. This field can be set only in Policies for list constraints.
	AllowAll pulumi.StringPtrInput `pulumi:"allowAll"`
	// A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".
	Condition PolicySpecRuleConditionPtrInput `pulumi:"condition"`
	// Setting this to true means that all values are denied. This field can be set only in Policies for list constraints.
	DenyAll pulumi.StringPtrInput `pulumi:"denyAll"`
	// If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.
	Enforce pulumi.StringPtrInput `pulumi:"enforce"`
	// List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.
	Values PolicySpecRuleValuesPtrInput `pulumi:"values"`
}

func (PolicySpecRuleArgs) ElementType

func (PolicySpecRuleArgs) ElementType() reflect.Type

func (PolicySpecRuleArgs) ToPolicySpecRuleOutput

func (i PolicySpecRuleArgs) ToPolicySpecRuleOutput() PolicySpecRuleOutput

func (PolicySpecRuleArgs) ToPolicySpecRuleOutputWithContext

func (i PolicySpecRuleArgs) ToPolicySpecRuleOutputWithContext(ctx context.Context) PolicySpecRuleOutput

type PolicySpecRuleArray

type PolicySpecRuleArray []PolicySpecRuleInput

func (PolicySpecRuleArray) ElementType

func (PolicySpecRuleArray) ElementType() reflect.Type

func (PolicySpecRuleArray) ToPolicySpecRuleArrayOutput

func (i PolicySpecRuleArray) ToPolicySpecRuleArrayOutput() PolicySpecRuleArrayOutput

func (PolicySpecRuleArray) ToPolicySpecRuleArrayOutputWithContext

func (i PolicySpecRuleArray) ToPolicySpecRuleArrayOutputWithContext(ctx context.Context) PolicySpecRuleArrayOutput

type PolicySpecRuleArrayInput

type PolicySpecRuleArrayInput interface {
	pulumi.Input

	ToPolicySpecRuleArrayOutput() PolicySpecRuleArrayOutput
	ToPolicySpecRuleArrayOutputWithContext(context.Context) PolicySpecRuleArrayOutput
}

PolicySpecRuleArrayInput is an input type that accepts PolicySpecRuleArray and PolicySpecRuleArrayOutput values. You can construct a concrete instance of `PolicySpecRuleArrayInput` via:

PolicySpecRuleArray{ PolicySpecRuleArgs{...} }

type PolicySpecRuleArrayOutput

type PolicySpecRuleArrayOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleArrayOutput) ElementType

func (PolicySpecRuleArrayOutput) ElementType() reflect.Type

func (PolicySpecRuleArrayOutput) Index

func (PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutput

func (o PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutput() PolicySpecRuleArrayOutput

func (PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutputWithContext

func (o PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutputWithContext(ctx context.Context) PolicySpecRuleArrayOutput

type PolicySpecRuleCondition

type PolicySpecRuleCondition struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression *string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location *string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

type PolicySpecRuleConditionArgs

type PolicySpecRuleConditionArgs struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

func (PolicySpecRuleConditionArgs) ElementType

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutput

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutput() PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutputWithContext

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutputWithContext(ctx context.Context) PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutput

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutputWithContext

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicySpecRuleConditionPtrOutput

type PolicySpecRuleConditionInput

type PolicySpecRuleConditionInput interface {
	pulumi.Input

	ToPolicySpecRuleConditionOutput() PolicySpecRuleConditionOutput
	ToPolicySpecRuleConditionOutputWithContext(context.Context) PolicySpecRuleConditionOutput
}

PolicySpecRuleConditionInput is an input type that accepts PolicySpecRuleConditionArgs and PolicySpecRuleConditionOutput values. You can construct a concrete instance of `PolicySpecRuleConditionInput` via:

PolicySpecRuleConditionArgs{...}

type PolicySpecRuleConditionOutput

type PolicySpecRuleConditionOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleConditionOutput) Description

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (PolicySpecRuleConditionOutput) ElementType

func (PolicySpecRuleConditionOutput) Expression

Textual representation of an expression in Common Expression Language syntax.

func (PolicySpecRuleConditionOutput) Location

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (PolicySpecRuleConditionOutput) Title

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutput

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutput() PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutputWithContext

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutputWithContext(ctx context.Context) PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutput

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutputWithContext

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicySpecRuleConditionPtrOutput

type PolicySpecRuleConditionPtrInput

type PolicySpecRuleConditionPtrInput interface {
	pulumi.Input

	ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput
	ToPolicySpecRuleConditionPtrOutputWithContext(context.Context) PolicySpecRuleConditionPtrOutput
}

PolicySpecRuleConditionPtrInput is an input type that accepts PolicySpecRuleConditionArgs, PolicySpecRuleConditionPtr and PolicySpecRuleConditionPtrOutput values. You can construct a concrete instance of `PolicySpecRuleConditionPtrInput` via:

        PolicySpecRuleConditionArgs{...}

or:

        nil

type PolicySpecRuleConditionPtrOutput

type PolicySpecRuleConditionPtrOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleConditionPtrOutput) Description

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (PolicySpecRuleConditionPtrOutput) Elem

func (PolicySpecRuleConditionPtrOutput) ElementType

func (PolicySpecRuleConditionPtrOutput) Expression

Textual representation of an expression in Common Expression Language syntax.

func (PolicySpecRuleConditionPtrOutput) Location

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (PolicySpecRuleConditionPtrOutput) Title

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutput

func (o PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput

func (PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutputWithContext

func (o PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicySpecRuleConditionPtrOutput

type PolicySpecRuleInput

type PolicySpecRuleInput interface {
	pulumi.Input

	ToPolicySpecRuleOutput() PolicySpecRuleOutput
	ToPolicySpecRuleOutputWithContext(context.Context) PolicySpecRuleOutput
}

PolicySpecRuleInput is an input type that accepts PolicySpecRuleArgs and PolicySpecRuleOutput values. You can construct a concrete instance of `PolicySpecRuleInput` via:

PolicySpecRuleArgs{...}

type PolicySpecRuleOutput

type PolicySpecRuleOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleOutput) AllowAll

Setting this to true means that all values are allowed. This field can be set only in Policies for list constraints.

func (PolicySpecRuleOutput) Condition

A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".

func (PolicySpecRuleOutput) DenyAll

Setting this to true means that all values are denied. This field can be set only in Policies for list constraints.

func (PolicySpecRuleOutput) ElementType

func (PolicySpecRuleOutput) ElementType() reflect.Type

func (PolicySpecRuleOutput) Enforce

If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.

func (PolicySpecRuleOutput) ToPolicySpecRuleOutput

func (o PolicySpecRuleOutput) ToPolicySpecRuleOutput() PolicySpecRuleOutput

func (PolicySpecRuleOutput) ToPolicySpecRuleOutputWithContext

func (o PolicySpecRuleOutput) ToPolicySpecRuleOutputWithContext(ctx context.Context) PolicySpecRuleOutput

func (PolicySpecRuleOutput) Values

List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.

type PolicySpecRuleValues

type PolicySpecRuleValues struct {
	// List of values allowed at this resource.
	AllowedValues []string `pulumi:"allowedValues"`
	// List of values denied at this resource.
	DeniedValues []string `pulumi:"deniedValues"`
}

type PolicySpecRuleValuesArgs

type PolicySpecRuleValuesArgs struct {
	// List of values allowed at this resource.
	AllowedValues pulumi.StringArrayInput `pulumi:"allowedValues"`
	// List of values denied at this resource.
	DeniedValues pulumi.StringArrayInput `pulumi:"deniedValues"`
}

func (PolicySpecRuleValuesArgs) ElementType

func (PolicySpecRuleValuesArgs) ElementType() reflect.Type

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutput

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutput() PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutputWithContext

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutputWithContext(ctx context.Context) PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutput

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutputWithContext

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicySpecRuleValuesPtrOutput

type PolicySpecRuleValuesInput

type PolicySpecRuleValuesInput interface {
	pulumi.Input

	ToPolicySpecRuleValuesOutput() PolicySpecRuleValuesOutput
	ToPolicySpecRuleValuesOutputWithContext(context.Context) PolicySpecRuleValuesOutput
}

PolicySpecRuleValuesInput is an input type that accepts PolicySpecRuleValuesArgs and PolicySpecRuleValuesOutput values. You can construct a concrete instance of `PolicySpecRuleValuesInput` via:

PolicySpecRuleValuesArgs{...}

type PolicySpecRuleValuesOutput

type PolicySpecRuleValuesOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleValuesOutput) AllowedValues

List of values allowed at this resource.

func (PolicySpecRuleValuesOutput) DeniedValues

List of values denied at this resource.

func (PolicySpecRuleValuesOutput) ElementType

func (PolicySpecRuleValuesOutput) ElementType() reflect.Type

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutput

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutput() PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutputWithContext

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutputWithContext(ctx context.Context) PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutput

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutputWithContext

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicySpecRuleValuesPtrOutput

type PolicySpecRuleValuesPtrInput

type PolicySpecRuleValuesPtrInput interface {
	pulumi.Input

	ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput
	ToPolicySpecRuleValuesPtrOutputWithContext(context.Context) PolicySpecRuleValuesPtrOutput
}

PolicySpecRuleValuesPtrInput is an input type that accepts PolicySpecRuleValuesArgs, PolicySpecRuleValuesPtr and PolicySpecRuleValuesPtrOutput values. You can construct a concrete instance of `PolicySpecRuleValuesPtrInput` via:

        PolicySpecRuleValuesArgs{...}

or:

        nil

type PolicySpecRuleValuesPtrOutput

type PolicySpecRuleValuesPtrOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleValuesPtrOutput) AllowedValues

List of values allowed at this resource.

func (PolicySpecRuleValuesPtrOutput) DeniedValues

List of values denied at this resource.

func (PolicySpecRuleValuesPtrOutput) Elem

func (PolicySpecRuleValuesPtrOutput) ElementType

func (PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutput

func (o PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput

func (PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutputWithContext

func (o PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicySpecRuleValuesPtrOutput

type PolicyState

type PolicyState struct {
	// Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
	Name pulumi.StringPtrInput
	// The parent of the resource.
	Parent pulumi.StringPtrInput
	// Basic information about the Organization Policy.
	Spec PolicySpecPtrInput
}

func (PolicyState) ElementType

func (PolicyState) ElementType() reflect.Type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL