orgpolicy

package
v6.67.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 4, 2023 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CustomConstraint added in v6.41.0 

type CustomConstraint struct {
	pulumi.CustomResourceState

	// The action to take if the condition is met.
	// Possible values are: `ALLOW`, `DENY`.
	ActionType pulumi.StringOutput `pulumi:"actionType"`
	// A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
	Condition pulumi.StringOutput `pulumi:"condition"`
	// A human-friendly description of the constraint to display as an error message when the policy is violated.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// A human-friendly name for the constraint.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
	MethodTypes pulumi.StringArrayOutput `pulumi:"methodTypes"`
	// Immutable. The name of the custom constraint. This is unique within the organization.
	Name pulumi.StringOutput `pulumi:"name"`
	// The parent of the resource, an organization. Format should be `organizations/{organization_id}`.
	//
	// ***
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
	ResourceTypes pulumi.StringArrayOutput `pulumi:"resourceTypes"`
	// Output only. The timestamp representing when the constraint was last updated.
	UpdateTime pulumi.StringOutput `pulumi:"updateTime"`
}

## Example Usage ### Org Policy Custom Constraint Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
			Parent:     pulumi.String("organizations/123456789"),
			ActionType: pulumi.String("ALLOW"),
			Condition:  pulumi.String("resource.management.autoUpgrade == false"),
			MethodTypes: pulumi.StringArray{
				pulumi.String("CREATE"),
				pulumi.String("UPDATE"),
			},
			ResourceTypes: pulumi.StringArray{
				pulumi.String("container.googleapis.com/NodePool"),
			},
		}, pulumi.Provider(google_beta))
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Org Policy Custom Constraint Full

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
			Parent:      pulumi.String("organizations/123456789"),
			DisplayName: pulumi.String("Disable GKE auto upgrade"),
			Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
			ActionType:  pulumi.String("ALLOW"),
			Condition:   pulumi.String("resource.management.autoUpgrade == false"),
			MethodTypes: pulumi.StringArray{
				pulumi.String("CREATE"),
				pulumi.String("UPDATE"),
			},
			ResourceTypes: pulumi.StringArray{
				pulumi.String("container.googleapis.com/NodePool"),
			},
		}, pulumi.Provider(google_beta))
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "bool", &orgpolicy.PolicyArgs{
			Parent: pulumi.String("organizations/123456789"),
			Spec: &orgpolicy.PolicySpecArgs{
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						Enforce: pulumi.String("TRUE"),
					},
				},
			},
		}, pulumi.Provider(google_beta))
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

CustomConstraint can be imported using any of these accepted formats:

```sh 

$ pulumi import gcp:orgpolicy/customConstraint:CustomConstraint default {{parent}}/customConstraints/{{name}}

```

func GetCustomConstraint added in v6.41.0 

func GetCustomConstraint(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CustomConstraintState, opts ...pulumi.ResourceOption) (*CustomConstraint, error)

GetCustomConstraint gets an existing CustomConstraint resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCustomConstraint added in v6.41.0 

func NewCustomConstraint(ctx *pulumi.Context,
	name string, args *CustomConstraintArgs, opts ...pulumi.ResourceOption) (*CustomConstraint, error)

NewCustomConstraint registers a new resource with the given unique name, arguments, and options.

func (*CustomConstraint) ElementType added in v6.41.0 

func (*CustomConstraint) ElementType() reflect.Type

func (*CustomConstraint) ToCustomConstraintOutput added in v6.41.0 

func (i *CustomConstraint) ToCustomConstraintOutput() CustomConstraintOutput

func (*CustomConstraint) ToCustomConstraintOutputWithContext added in v6.41.0 

func (i *CustomConstraint) ToCustomConstraintOutputWithContext(ctx context.Context) CustomConstraintOutput

func (*CustomConstraint) ToOutput added in v6.65.1 

func (i *CustomConstraint) ToOutput(ctx context.Context) pulumix.Output[*CustomConstraint]

type CustomConstraintArgs added in v6.41.0 

type CustomConstraintArgs struct {
	// The action to take if the condition is met.
	// Possible values are: `ALLOW`, `DENY`.
	ActionType pulumi.StringInput
	// A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
	Condition pulumi.StringInput
	// A human-friendly description of the constraint to display as an error message when the policy is violated.
	Description pulumi.StringPtrInput
	// A human-friendly name for the constraint.
	DisplayName pulumi.StringPtrInput
	// A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
	MethodTypes pulumi.StringArrayInput
	// Immutable. The name of the custom constraint. This is unique within the organization.
	Name pulumi.StringPtrInput
	// The parent of the resource, an organization. Format should be `organizations/{organization_id}`.
	//
	// ***
	Parent pulumi.StringInput
	// Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
	ResourceTypes pulumi.StringArrayInput
}

The set of arguments for constructing a CustomConstraint resource.

func (CustomConstraintArgs) ElementType added in v6.41.0 

func (CustomConstraintArgs) ElementType() reflect.Type

type CustomConstraintArray added in v6.41.0 

type CustomConstraintArray []CustomConstraintInput

func (CustomConstraintArray) ElementType added in v6.41.0 

func (CustomConstraintArray) ElementType() reflect.Type

func (CustomConstraintArray) ToCustomConstraintArrayOutput added in v6.41.0 

func (i CustomConstraintArray) ToCustomConstraintArrayOutput() CustomConstraintArrayOutput

func (CustomConstraintArray) ToCustomConstraintArrayOutputWithContext added in v6.41.0 

func (i CustomConstraintArray) ToCustomConstraintArrayOutputWithContext(ctx context.Context) CustomConstraintArrayOutput

func (CustomConstraintArray) ToOutput added in v6.65.1 

func (i CustomConstraintArray) ToOutput(ctx context.Context) pulumix.Output[[]*CustomConstraint]

type CustomConstraintArrayInput added in v6.41.0 

type CustomConstraintArrayInput interface {
	pulumi.Input

	ToCustomConstraintArrayOutput() CustomConstraintArrayOutput
	ToCustomConstraintArrayOutputWithContext(context.Context) CustomConstraintArrayOutput
}

CustomConstraintArrayInput is an input type that accepts CustomConstraintArray and CustomConstraintArrayOutput values. You can construct a concrete instance of `CustomConstraintArrayInput` via: 

CustomConstraintArray{ CustomConstraintArgs{...} }

type CustomConstraintArrayOutput added in v6.41.0 

type CustomConstraintArrayOutput struct{ *pulumi.OutputState }

func (CustomConstraintArrayOutput) ElementType added in v6.41.0 

func (CustomConstraintArrayOutput) ElementType() reflect.Type

func (CustomConstraintArrayOutput) Index added in v6.41.0 

func (o CustomConstraintArrayOutput) Index(i pulumi.IntInput) CustomConstraintOutput

func (CustomConstraintArrayOutput) ToCustomConstraintArrayOutput added in v6.41.0 

func (o CustomConstraintArrayOutput) ToCustomConstraintArrayOutput() CustomConstraintArrayOutput

func (CustomConstraintArrayOutput) ToCustomConstraintArrayOutputWithContext added in v6.41.0 

func (o CustomConstraintArrayOutput) ToCustomConstraintArrayOutputWithContext(ctx context.Context) CustomConstraintArrayOutput

func (CustomConstraintArrayOutput) ToOutput added in v6.65.1 

func (o CustomConstraintArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*CustomConstraint]

type CustomConstraintInput added in v6.41.0 

type CustomConstraintInput interface {
	pulumi.Input

	ToCustomConstraintOutput() CustomConstraintOutput
	ToCustomConstraintOutputWithContext(ctx context.Context) CustomConstraintOutput
}

type CustomConstraintMap added in v6.41.0 

type CustomConstraintMap map[string]CustomConstraintInput

func (CustomConstraintMap) ElementType added in v6.41.0 

func (CustomConstraintMap) ElementType() reflect.Type

func (CustomConstraintMap) ToCustomConstraintMapOutput added in v6.41.0 

func (i CustomConstraintMap) ToCustomConstraintMapOutput() CustomConstraintMapOutput

func (CustomConstraintMap) ToCustomConstraintMapOutputWithContext added in v6.41.0 

func (i CustomConstraintMap) ToCustomConstraintMapOutputWithContext(ctx context.Context) CustomConstraintMapOutput

func (CustomConstraintMap) ToOutput added in v6.65.1 

func (i CustomConstraintMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*CustomConstraint]

type CustomConstraintMapInput added in v6.41.0 

type CustomConstraintMapInput interface {
	pulumi.Input

	ToCustomConstraintMapOutput() CustomConstraintMapOutput
	ToCustomConstraintMapOutputWithContext(context.Context) CustomConstraintMapOutput
}

CustomConstraintMapInput is an input type that accepts CustomConstraintMap and CustomConstraintMapOutput values. You can construct a concrete instance of `CustomConstraintMapInput` via: 

CustomConstraintMap{ "key": CustomConstraintArgs{...} }

type CustomConstraintMapOutput added in v6.41.0 

type CustomConstraintMapOutput struct{ *pulumi.OutputState }

func (CustomConstraintMapOutput) ElementType added in v6.41.0 

func (CustomConstraintMapOutput) ElementType() reflect.Type

func (CustomConstraintMapOutput) MapIndex added in v6.41.0 

func (o CustomConstraintMapOutput) MapIndex(k pulumi.StringInput) CustomConstraintOutput

func (CustomConstraintMapOutput) ToCustomConstraintMapOutput added in v6.41.0 

func (o CustomConstraintMapOutput) ToCustomConstraintMapOutput() CustomConstraintMapOutput

func (CustomConstraintMapOutput) ToCustomConstraintMapOutputWithContext added in v6.41.0 

func (o CustomConstraintMapOutput) ToCustomConstraintMapOutputWithContext(ctx context.Context) CustomConstraintMapOutput

func (CustomConstraintMapOutput) ToOutput added in v6.65.1 

func (o CustomConstraintMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*CustomConstraint]

type CustomConstraintOutput added in v6.41.0 

type CustomConstraintOutput struct{ *pulumi.OutputState }

func (CustomConstraintOutput) ActionType added in v6.41.0 

func (o CustomConstraintOutput) ActionType() pulumi.StringOutput

The action to take if the condition is met. Possible values are: `ALLOW`, `DENY`.

func (CustomConstraintOutput) Condition added in v6.41.0 

func (o CustomConstraintOutput) Condition() pulumi.StringOutput

A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).

func (CustomConstraintOutput) Description added in v6.41.0 

func (o CustomConstraintOutput) Description() pulumi.StringPtrOutput

A human-friendly description of the constraint to display as an error message when the policy is violated.

func (CustomConstraintOutput) DisplayName added in v6.41.0 

func (o CustomConstraintOutput) DisplayName() pulumi.StringPtrOutput

A human-friendly name for the constraint.

func (CustomConstraintOutput) ElementType added in v6.41.0 

func (CustomConstraintOutput) ElementType() reflect.Type

func (CustomConstraintOutput) MethodTypes added in v6.41.0 

func (o CustomConstraintOutput) MethodTypes() pulumi.StringArrayOutput

A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).

func (CustomConstraintOutput) Name added in v6.41.0 

func (o CustomConstraintOutput) Name() pulumi.StringOutput

Immutable. The name of the custom constraint. This is unique within the organization.

func (CustomConstraintOutput) Parent added in v6.41.0 

func (o CustomConstraintOutput) Parent() pulumi.StringOutput

The parent of the resource, an organization. Format should be `organizations/{organization_id}`.

***

func (CustomConstraintOutput) ResourceTypes added in v6.41.0 

func (o CustomConstraintOutput) ResourceTypes() pulumi.StringArrayOutput

Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.

func (CustomConstraintOutput) ToCustomConstraintOutput added in v6.41.0 

func (o CustomConstraintOutput) ToCustomConstraintOutput() CustomConstraintOutput

func (CustomConstraintOutput) ToCustomConstraintOutputWithContext added in v6.41.0 

func (o CustomConstraintOutput) ToCustomConstraintOutputWithContext(ctx context.Context) CustomConstraintOutput

func (CustomConstraintOutput) ToOutput added in v6.65.1 

func (o CustomConstraintOutput) ToOutput(ctx context.Context) pulumix.Output[*CustomConstraint]

func (CustomConstraintOutput) UpdateTime added in v6.41.0 

func (o CustomConstraintOutput) UpdateTime() pulumi.StringOutput

Output only. The timestamp representing when the constraint was last updated.

type CustomConstraintState added in v6.41.0 

type CustomConstraintState struct {
	// The action to take if the condition is met.
	// Possible values are: `ALLOW`, `DENY`.
	ActionType pulumi.StringPtrInput
	// A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
	Condition pulumi.StringPtrInput
	// A human-friendly description of the constraint to display as an error message when the policy is violated.
	Description pulumi.StringPtrInput
	// A human-friendly name for the constraint.
	DisplayName pulumi.StringPtrInput
	// A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
	MethodTypes pulumi.StringArrayInput
	// Immutable. The name of the custom constraint. This is unique within the organization.
	Name pulumi.StringPtrInput
	// The parent of the resource, an organization. Format should be `organizations/{organization_id}`.
	//
	// ***
	Parent pulumi.StringPtrInput
	// Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
	ResourceTypes pulumi.StringArrayInput
	// Output only. The timestamp representing when the constraint was last updated.
	UpdateTime pulumi.StringPtrInput
}

func (CustomConstraintState) ElementType added in v6.41.0 

func (CustomConstraintState) ElementType() reflect.Type

type Policy 

type Policy struct {
	pulumi.CustomResourceState

	// Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
	Name pulumi.StringOutput `pulumi:"name"`
	// The parent of the resource.
	//
	// ***
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Basic information about the Organization Policy.
	Spec PolicySpecPtrOutput `pulumi:"spec"`
}

An organization policy gives you programmatic control over your organization's cloud resources. Using Organization Policies, you will be able to configure constraints across your entire resource hierarchy.

For more information, see: * [Understanding Org Policy concepts](https://cloud.google.com/resource-manager/docs/organization-policy/overview) * [The resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy) * [All valid constraints](https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints) ## Example Usage ### Enforce_policy A test of an enforce orgpolicy policy for a project ```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
			OrgId:     pulumi.String("123456789"),
			ProjectId: pulumi.String("id"),
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Parent: basic.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("projects/%v", name), nil
			}).(pulumi.StringOutput),
			Spec: &orgpolicy.PolicySpecArgs{
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						Enforce: pulumi.String("FALSE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Folder_policy A test of an orgpolicy policy for a folder ```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basic, err := organizations.NewFolder(ctx, "basic", &organizations.FolderArgs{
			Parent:      pulumi.String("organizations/123456789"),
			DisplayName: pulumi.String("folder"),
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Parent: basic.Name,
			Spec: &orgpolicy.PolicySpecArgs{
				InheritFromParent: pulumi.Bool(true),
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						DenyAll: pulumi.String("TRUE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Organization_policy A test of an orgpolicy policy for an organization ```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Parent: pulumi.String("organizations/123456789"),
			Spec: &orgpolicy.PolicySpecArgs{
				Reset: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Project_policy A test of an orgpolicy policy for a project ```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
			OrgId:     pulumi.String("123456789"),
			ProjectId: pulumi.String("id"),
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Parent: basic.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("projects/%v", name), nil
			}).(pulumi.StringOutput),
			Spec: &orgpolicy.PolicySpecArgs{
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						Condition: &orgpolicy.PolicySpecRuleConditionArgs{
							Description: pulumi.String("A sample condition for the policy"),
							Expression:  pulumi.String("resource.matchLabels('labelKeys/123', 'labelValues/345')"),
							Location:    pulumi.String("sample-location.log"),
							Title:       pulumi.String("sample-condition"),
						},
						Values: &orgpolicy.PolicySpecRuleValuesArgs{
							AllowedValues: pulumi.StringArray{
								pulumi.String("projects/allowed-project"),
							},
							DeniedValues: pulumi.StringArray{
								pulumi.String("projects/denied-project"),
							},
						},
					},
					&orgpolicy.PolicySpecRuleArgs{
						AllowAll: pulumi.String("TRUE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Policy can be imported using any of these accepted formats:

```sh 

$ pulumi import gcp:orgpolicy/policy:Policy default {{parent}}/policies/{{name}}

```

func GetPolicy 

func GetPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyState, opts ...pulumi.ResourceOption) (*Policy, error)

GetPolicy gets an existing Policy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicy 

func NewPolicy(ctx *pulumi.Context,
	name string, args *PolicyArgs, opts ...pulumi.ResourceOption) (*Policy, error)

NewPolicy registers a new resource with the given unique name, arguments, and options.

func (*Policy) ElementType 

func (*Policy) ElementType() reflect.Type

func (*Policy) ToOutput added in v6.65.1 

func (i *Policy) ToOutput(ctx context.Context) pulumix.Output[*Policy]

func (*Policy) ToPolicyOutput 

func (i *Policy) ToPolicyOutput() PolicyOutput

func (*Policy) ToPolicyOutputWithContext 

func (i *Policy) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

type PolicyArgs 

type PolicyArgs struct {
	// Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
	Name pulumi.StringPtrInput
	// The parent of the resource.
	//
	// ***
	Parent pulumi.StringInput
	// Basic information about the Organization Policy.
	Spec PolicySpecPtrInput
}

The set of arguments for constructing a Policy resource.

func (PolicyArgs) ElementType 

func (PolicyArgs) ElementType() reflect.Type

type PolicyArray 

type PolicyArray []PolicyInput

func (PolicyArray) ElementType 

func (PolicyArray) ElementType() reflect.Type

func (PolicyArray) ToOutput added in v6.65.1 

func (i PolicyArray) ToOutput(ctx context.Context) pulumix.Output[[]*Policy]

func (PolicyArray) ToPolicyArrayOutput 

func (i PolicyArray) ToPolicyArrayOutput() PolicyArrayOutput

func (PolicyArray) ToPolicyArrayOutputWithContext 

func (i PolicyArray) ToPolicyArrayOutputWithContext(ctx context.Context) PolicyArrayOutput

type PolicyArrayInput 

type PolicyArrayInput interface {
	pulumi.Input

	ToPolicyArrayOutput() PolicyArrayOutput
	ToPolicyArrayOutputWithContext(context.Context) PolicyArrayOutput
}

PolicyArrayInput is an input type that accepts PolicyArray and PolicyArrayOutput values. You can construct a concrete instance of `PolicyArrayInput` via: 

PolicyArray{ PolicyArgs{...} }

type PolicyArrayOutput 

type PolicyArrayOutput struct{ *pulumi.OutputState }

func (PolicyArrayOutput) ElementType 

func (PolicyArrayOutput) ElementType() reflect.Type

func (PolicyArrayOutput) Index 

func (o PolicyArrayOutput) Index(i pulumi.IntInput) PolicyOutput

func (PolicyArrayOutput) ToOutput added in v6.65.1 

func (o PolicyArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*Policy]

func (PolicyArrayOutput) ToPolicyArrayOutput 

func (o PolicyArrayOutput) ToPolicyArrayOutput() PolicyArrayOutput

func (PolicyArrayOutput) ToPolicyArrayOutputWithContext 

func (o PolicyArrayOutput) ToPolicyArrayOutputWithContext(ctx context.Context) PolicyArrayOutput

type PolicyInput 

type PolicyInput interface {
	pulumi.Input

	ToPolicyOutput() PolicyOutput
	ToPolicyOutputWithContext(ctx context.Context) PolicyOutput
}

type PolicyMap 

type PolicyMap map[string]PolicyInput

func (PolicyMap) ElementType 

func (PolicyMap) ElementType() reflect.Type

func (PolicyMap) ToOutput added in v6.65.1 

func (i PolicyMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*Policy]

func (PolicyMap) ToPolicyMapOutput 

func (i PolicyMap) ToPolicyMapOutput() PolicyMapOutput

func (PolicyMap) ToPolicyMapOutputWithContext 

func (i PolicyMap) ToPolicyMapOutputWithContext(ctx context.Context) PolicyMapOutput

type PolicyMapInput 

type PolicyMapInput interface {
	pulumi.Input

	ToPolicyMapOutput() PolicyMapOutput
	ToPolicyMapOutputWithContext(context.Context) PolicyMapOutput
}

PolicyMapInput is an input type that accepts PolicyMap and PolicyMapOutput values. You can construct a concrete instance of `PolicyMapInput` via: 

PolicyMap{ "key": PolicyArgs{...} }

type PolicyMapOutput 

type PolicyMapOutput struct{ *pulumi.OutputState }

func (PolicyMapOutput) ElementType 

func (PolicyMapOutput) ElementType() reflect.Type

func (PolicyMapOutput) MapIndex 

func (o PolicyMapOutput) MapIndex(k pulumi.StringInput) PolicyOutput

func (PolicyMapOutput) ToOutput added in v6.65.1 

func (o PolicyMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*Policy]

func (PolicyMapOutput) ToPolicyMapOutput 

func (o PolicyMapOutput) ToPolicyMapOutput() PolicyMapOutput

func (PolicyMapOutput) ToPolicyMapOutputWithContext 

func (o PolicyMapOutput) ToPolicyMapOutputWithContext(ctx context.Context) PolicyMapOutput

type PolicyOutput 

type PolicyOutput struct{ *pulumi.OutputState }

func (PolicyOutput) ElementType 

func (PolicyOutput) ElementType() reflect.Type

func (PolicyOutput) Name added in v6.23.0 

func (o PolicyOutput) Name() pulumi.StringOutput

Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.

func (PolicyOutput) Parent added in v6.23.0 

func (o PolicyOutput) Parent() pulumi.StringOutput

The parent of the resource.

***

func (PolicyOutput) Spec added in v6.23.0 

func (o PolicyOutput) Spec() PolicySpecPtrOutput

Basic information about the Organization Policy.

func (PolicyOutput) ToOutput added in v6.65.1 

func (o PolicyOutput) ToOutput(ctx context.Context) pulumix.Output[*Policy]

func (PolicyOutput) ToPolicyOutput 

func (o PolicyOutput) ToPolicyOutput() PolicyOutput

func (PolicyOutput) ToPolicyOutputWithContext 

func (o PolicyOutput) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

type PolicySpec 

type PolicySpec struct {
	// An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.
	Etag *string `pulumi:"etag"`
	// Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.
	InheritFromParent *bool `pulumi:"inheritFromParent"`
	// Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.
	Reset *bool `pulumi:"reset"`
	// Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.
	Rules []PolicySpecRule `pulumi:"rules"`
	// Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.
	UpdateTime *string `pulumi:"updateTime"`
}

type PolicySpecArgs 

type PolicySpecArgs struct {
	// An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.
	Etag pulumi.StringPtrInput `pulumi:"etag"`
	// Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.
	InheritFromParent pulumi.BoolPtrInput `pulumi:"inheritFromParent"`
	// Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.
	Reset pulumi.BoolPtrInput `pulumi:"reset"`
	// Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.
	Rules PolicySpecRuleArrayInput `pulumi:"rules"`
	// Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.
	UpdateTime pulumi.StringPtrInput `pulumi:"updateTime"`
}

func (PolicySpecArgs) ElementType 

func (PolicySpecArgs) ElementType() reflect.Type

func (PolicySpecArgs) ToOutput added in v6.65.1 

func (i PolicySpecArgs) ToOutput(ctx context.Context) pulumix.Output[PolicySpec]

func (PolicySpecArgs) ToPolicySpecOutput 

func (i PolicySpecArgs) ToPolicySpecOutput() PolicySpecOutput

func (PolicySpecArgs) ToPolicySpecOutputWithContext 

func (i PolicySpecArgs) ToPolicySpecOutputWithContext(ctx context.Context) PolicySpecOutput

func (PolicySpecArgs) ToPolicySpecPtrOutput 

func (i PolicySpecArgs) ToPolicySpecPtrOutput() PolicySpecPtrOutput

func (PolicySpecArgs) ToPolicySpecPtrOutputWithContext 

func (i PolicySpecArgs) ToPolicySpecPtrOutputWithContext(ctx context.Context) PolicySpecPtrOutput

type PolicySpecInput 

type PolicySpecInput interface {
	pulumi.Input

	ToPolicySpecOutput() PolicySpecOutput
	ToPolicySpecOutputWithContext(context.Context) PolicySpecOutput
}

PolicySpecInput is an input type that accepts PolicySpecArgs and PolicySpecOutput values. You can construct a concrete instance of `PolicySpecInput` via: 

PolicySpecArgs{...}

type PolicySpecOutput 

type PolicySpecOutput struct{ *pulumi.OutputState }

func (PolicySpecOutput) ElementType 

func (PolicySpecOutput) ElementType() reflect.Type

func (PolicySpecOutput) Etag 

func (o PolicySpecOutput) Etag() pulumi.StringPtrOutput

An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.

func (PolicySpecOutput) InheritFromParent 

func (o PolicySpecOutput) InheritFromParent() pulumi.BoolPtrOutput

Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.

func (PolicySpecOutput) Reset 

func (o PolicySpecOutput) Reset() pulumi.BoolPtrOutput

Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.

func (PolicySpecOutput) Rules 

func (o PolicySpecOutput) Rules() PolicySpecRuleArrayOutput

Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.

func (PolicySpecOutput) ToOutput added in v6.65.1 

func (o PolicySpecOutput) ToOutput(ctx context.Context) pulumix.Output[PolicySpec]

func (PolicySpecOutput) ToPolicySpecOutput 

func (o PolicySpecOutput) ToPolicySpecOutput() PolicySpecOutput

func (PolicySpecOutput) ToPolicySpecOutputWithContext 

func (o PolicySpecOutput) ToPolicySpecOutputWithContext(ctx context.Context) PolicySpecOutput

func (PolicySpecOutput) ToPolicySpecPtrOutput 

func (o PolicySpecOutput) ToPolicySpecPtrOutput() PolicySpecPtrOutput

func (PolicySpecOutput) ToPolicySpecPtrOutputWithContext 

func (o PolicySpecOutput) ToPolicySpecPtrOutputWithContext(ctx context.Context) PolicySpecPtrOutput

func (PolicySpecOutput) UpdateTime 

func (o PolicySpecOutput) UpdateTime() pulumi.StringPtrOutput

Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.

type PolicySpecPtrInput 

type PolicySpecPtrInput interface {
	pulumi.Input

	ToPolicySpecPtrOutput() PolicySpecPtrOutput
	ToPolicySpecPtrOutputWithContext(context.Context) PolicySpecPtrOutput
}

PolicySpecPtrInput is an input type that accepts PolicySpecArgs, PolicySpecPtr and PolicySpecPtrOutput values. You can construct a concrete instance of `PolicySpecPtrInput` via: 

        PolicySpecArgs{...}

or:

        nil

func PolicySpecPtr 

func PolicySpecPtr(v *PolicySpecArgs) PolicySpecPtrInput

type PolicySpecPtrOutput 

type PolicySpecPtrOutput struct{ *pulumi.OutputState }

func (PolicySpecPtrOutput) Elem 

func (o PolicySpecPtrOutput) Elem() PolicySpecOutput

func (PolicySpecPtrOutput) ElementType 

func (PolicySpecPtrOutput) ElementType() reflect.Type

func (PolicySpecPtrOutput) Etag 

func (o PolicySpecPtrOutput) Etag() pulumi.StringPtrOutput

An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.

func (PolicySpecPtrOutput) InheritFromParent 

func (o PolicySpecPtrOutput) InheritFromParent() pulumi.BoolPtrOutput

Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.

func (PolicySpecPtrOutput) Reset 

func (o PolicySpecPtrOutput) Reset() pulumi.BoolPtrOutput

Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.

func (PolicySpecPtrOutput) Rules 

func (o PolicySpecPtrOutput) Rules() PolicySpecRuleArrayOutput

Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.

func (PolicySpecPtrOutput) ToOutput added in v6.65.1 

func (o PolicySpecPtrOutput) ToOutput(ctx context.Context) pulumix.Output[*PolicySpec]

func (PolicySpecPtrOutput) ToPolicySpecPtrOutput 

func (o PolicySpecPtrOutput) ToPolicySpecPtrOutput() PolicySpecPtrOutput

func (PolicySpecPtrOutput) ToPolicySpecPtrOutputWithContext 

func (o PolicySpecPtrOutput) ToPolicySpecPtrOutputWithContext(ctx context.Context) PolicySpecPtrOutput

func (PolicySpecPtrOutput) UpdateTime 

func (o PolicySpecPtrOutput) UpdateTime() pulumi.StringPtrOutput

Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.

type PolicySpecRule 

type PolicySpecRule struct {
	// Setting this to true means that all values are allowed. This field can be set only in Policies for list constraints.
	AllowAll *string `pulumi:"allowAll"`
	// A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".
	Condition *PolicySpecRuleCondition `pulumi:"condition"`
	// Setting this to true means that all values are denied. This field can be set only in Policies for list constraints.
	DenyAll *string `pulumi:"denyAll"`
	// If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.
	Enforce *string `pulumi:"enforce"`
	// List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.
	Values *PolicySpecRuleValues `pulumi:"values"`
}

type PolicySpecRuleArgs 

type PolicySpecRuleArgs struct {
	// Setting this to true means that all values are allowed. This field can be set only in Policies for list constraints.
	AllowAll pulumi.StringPtrInput `pulumi:"allowAll"`
	// A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".
	Condition PolicySpecRuleConditionPtrInput `pulumi:"condition"`
	// Setting this to true means that all values are denied. This field can be set only in Policies for list constraints.
	DenyAll pulumi.StringPtrInput `pulumi:"denyAll"`
	// If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.
	Enforce pulumi.StringPtrInput `pulumi:"enforce"`
	// List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.
	Values PolicySpecRuleValuesPtrInput `pulumi:"values"`
}

func (PolicySpecRuleArgs) ElementType 

func (PolicySpecRuleArgs) ElementType() reflect.Type

func (PolicySpecRuleArgs) ToOutput added in v6.65.1 

func (i PolicySpecRuleArgs) ToOutput(ctx context.Context) pulumix.Output[PolicySpecRule]

func (PolicySpecRuleArgs) ToPolicySpecRuleOutput 

func (i PolicySpecRuleArgs) ToPolicySpecRuleOutput() PolicySpecRuleOutput

func (PolicySpecRuleArgs) ToPolicySpecRuleOutputWithContext 

func (i PolicySpecRuleArgs) ToPolicySpecRuleOutputWithContext(ctx context.Context) PolicySpecRuleOutput

type PolicySpecRuleArray 

type PolicySpecRuleArray []PolicySpecRuleInput

func (PolicySpecRuleArray) ElementType 

func (PolicySpecRuleArray) ElementType() reflect.Type

func (PolicySpecRuleArray) ToOutput added in v6.65.1 

func (i PolicySpecRuleArray) ToOutput(ctx context.Context) pulumix.Output[[]PolicySpecRule]

func (PolicySpecRuleArray) ToPolicySpecRuleArrayOutput 

func (i PolicySpecRuleArray) ToPolicySpecRuleArrayOutput() PolicySpecRuleArrayOutput

func (PolicySpecRuleArray) ToPolicySpecRuleArrayOutputWithContext 

func (i PolicySpecRuleArray) ToPolicySpecRuleArrayOutputWithContext(ctx context.Context) PolicySpecRuleArrayOutput

type PolicySpecRuleArrayInput 

type PolicySpecRuleArrayInput interface {
	pulumi.Input

	ToPolicySpecRuleArrayOutput() PolicySpecRuleArrayOutput
	ToPolicySpecRuleArrayOutputWithContext(context.Context) PolicySpecRuleArrayOutput
}

PolicySpecRuleArrayInput is an input type that accepts PolicySpecRuleArray and PolicySpecRuleArrayOutput values. You can construct a concrete instance of `PolicySpecRuleArrayInput` via: 

PolicySpecRuleArray{ PolicySpecRuleArgs{...} }

type PolicySpecRuleArrayOutput 

type PolicySpecRuleArrayOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleArrayOutput) ElementType 

func (PolicySpecRuleArrayOutput) ElementType() reflect.Type

func (PolicySpecRuleArrayOutput) Index 

func (o PolicySpecRuleArrayOutput) Index(i pulumi.IntInput) PolicySpecRuleOutput

func (PolicySpecRuleArrayOutput) ToOutput added in v6.65.1 

func (o PolicySpecRuleArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]PolicySpecRule]

func (PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutput 

func (o PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutput() PolicySpecRuleArrayOutput

func (PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutputWithContext 

func (o PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutputWithContext(ctx context.Context) PolicySpecRuleArrayOutput

type PolicySpecRuleCondition 

type PolicySpecRuleCondition struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression *string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location *string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

type PolicySpecRuleConditionArgs 

type PolicySpecRuleConditionArgs struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

func (PolicySpecRuleConditionArgs) ElementType 

func (PolicySpecRuleConditionArgs) ElementType() reflect.Type

func (PolicySpecRuleConditionArgs) ToOutput added in v6.65.1 

func (i PolicySpecRuleConditionArgs) ToOutput(ctx context.Context) pulumix.Output[PolicySpecRuleCondition]

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutput 

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutput() PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutputWithContext 

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutputWithContext(ctx context.Context) PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutput 

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutputWithContext 

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicySpecRuleConditionPtrOutput

type PolicySpecRuleConditionInput 

type PolicySpecRuleConditionInput interface {
	pulumi.Input

	ToPolicySpecRuleConditionOutput() PolicySpecRuleConditionOutput
	ToPolicySpecRuleConditionOutputWithContext(context.Context) PolicySpecRuleConditionOutput
}

PolicySpecRuleConditionInput is an input type that accepts PolicySpecRuleConditionArgs and PolicySpecRuleConditionOutput values. You can construct a concrete instance of `PolicySpecRuleConditionInput` via: 

PolicySpecRuleConditionArgs{...}

type PolicySpecRuleConditionOutput 

type PolicySpecRuleConditionOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleConditionOutput) Description 

func (o PolicySpecRuleConditionOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (PolicySpecRuleConditionOutput) ElementType 

func (PolicySpecRuleConditionOutput) ElementType() reflect.Type

func (PolicySpecRuleConditionOutput) Expression 

func (o PolicySpecRuleConditionOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (PolicySpecRuleConditionOutput) Location 

func (o PolicySpecRuleConditionOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (PolicySpecRuleConditionOutput) Title 

func (o PolicySpecRuleConditionOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (PolicySpecRuleConditionOutput) ToOutput added in v6.65.1 

func (o PolicySpecRuleConditionOutput) ToOutput(ctx context.Context) pulumix.Output[PolicySpecRuleCondition]

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutput 

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutput() PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutputWithContext 

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutputWithContext(ctx context.Context) PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutput 

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutputWithContext 

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicySpecRuleConditionPtrOutput

type PolicySpecRuleConditionPtrInput 

type PolicySpecRuleConditionPtrInput interface {
	pulumi.Input

	ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput
	ToPolicySpecRuleConditionPtrOutputWithContext(context.Context) PolicySpecRuleConditionPtrOutput
}

PolicySpecRuleConditionPtrInput is an input type that accepts PolicySpecRuleConditionArgs, PolicySpecRuleConditionPtr and PolicySpecRuleConditionPtrOutput values. You can construct a concrete instance of `PolicySpecRuleConditionPtrInput` via: 

        PolicySpecRuleConditionArgs{...}

or:

        nil

func PolicySpecRuleConditionPtr 

func PolicySpecRuleConditionPtr(v *PolicySpecRuleConditionArgs) PolicySpecRuleConditionPtrInput

type PolicySpecRuleConditionPtrOutput 

type PolicySpecRuleConditionPtrOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleConditionPtrOutput) Description 

func (o PolicySpecRuleConditionPtrOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (PolicySpecRuleConditionPtrOutput) Elem 

func (o PolicySpecRuleConditionPtrOutput) Elem() PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionPtrOutput) ElementType 

func (PolicySpecRuleConditionPtrOutput) ElementType() reflect.Type

func (PolicySpecRuleConditionPtrOutput) Expression 

func (o PolicySpecRuleConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (PolicySpecRuleConditionPtrOutput) Location 

func (o PolicySpecRuleConditionPtrOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (PolicySpecRuleConditionPtrOutput) Title 

func (o PolicySpecRuleConditionPtrOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (PolicySpecRuleConditionPtrOutput) ToOutput added in v6.65.1 

func (o PolicySpecRuleConditionPtrOutput) ToOutput(ctx context.Context) pulumix.Output[*PolicySpecRuleCondition]

func (PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutput 

func (o PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput

func (PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutputWithContext 

func (o PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicySpecRuleConditionPtrOutput

type PolicySpecRuleInput 

type PolicySpecRuleInput interface {
	pulumi.Input

	ToPolicySpecRuleOutput() PolicySpecRuleOutput
	ToPolicySpecRuleOutputWithContext(context.Context) PolicySpecRuleOutput
}

PolicySpecRuleInput is an input type that accepts PolicySpecRuleArgs and PolicySpecRuleOutput values. You can construct a concrete instance of `PolicySpecRuleInput` via: 

PolicySpecRuleArgs{...}

type PolicySpecRuleOutput 

type PolicySpecRuleOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleOutput) AllowAll 

func (o PolicySpecRuleOutput) AllowAll() pulumi.StringPtrOutput

Setting this to true means that all values are allowed. This field can be set only in Policies for list constraints.

func (PolicySpecRuleOutput) Condition 

func (o PolicySpecRuleOutput) Condition() PolicySpecRuleConditionPtrOutput

A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".

func (PolicySpecRuleOutput) DenyAll 

func (o PolicySpecRuleOutput) DenyAll() pulumi.StringPtrOutput

Setting this to true means that all values are denied. This field can be set only in Policies for list constraints.

func (PolicySpecRuleOutput) ElementType 

func (PolicySpecRuleOutput) ElementType() reflect.Type

func (PolicySpecRuleOutput) Enforce 

func (o PolicySpecRuleOutput) Enforce() pulumi.StringPtrOutput

If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.

func (PolicySpecRuleOutput) ToOutput added in v6.65.1 

func (o PolicySpecRuleOutput) ToOutput(ctx context.Context) pulumix.Output[PolicySpecRule]

func (PolicySpecRuleOutput) ToPolicySpecRuleOutput 

func (o PolicySpecRuleOutput) ToPolicySpecRuleOutput() PolicySpecRuleOutput

func (PolicySpecRuleOutput) ToPolicySpecRuleOutputWithContext 

func (o PolicySpecRuleOutput) ToPolicySpecRuleOutputWithContext(ctx context.Context) PolicySpecRuleOutput

func (PolicySpecRuleOutput) Values 

func (o PolicySpecRuleOutput) Values() PolicySpecRuleValuesPtrOutput

List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.

type PolicySpecRuleValues 

type PolicySpecRuleValues struct {
	// List of values allowed at this resource.
	AllowedValues []string `pulumi:"allowedValues"`
	// List of values denied at this resource.
	DeniedValues []string `pulumi:"deniedValues"`
}

type PolicySpecRuleValuesArgs 

type PolicySpecRuleValuesArgs struct {
	// List of values allowed at this resource.
	AllowedValues pulumi.StringArrayInput `pulumi:"allowedValues"`
	// List of values denied at this resource.
	DeniedValues pulumi.StringArrayInput `pulumi:"deniedValues"`
}

func (PolicySpecRuleValuesArgs) ElementType 

func (PolicySpecRuleValuesArgs) ElementType() reflect.Type

func (PolicySpecRuleValuesArgs) ToOutput added in v6.65.1 

func (i PolicySpecRuleValuesArgs) ToOutput(ctx context.Context) pulumix.Output[PolicySpecRuleValues]

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutput 

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutput() PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutputWithContext 

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutputWithContext(ctx context.Context) PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutput 

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutputWithContext 

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicySpecRuleValuesPtrOutput

type PolicySpecRuleValuesInput 

type PolicySpecRuleValuesInput interface {
	pulumi.Input

	ToPolicySpecRuleValuesOutput() PolicySpecRuleValuesOutput
	ToPolicySpecRuleValuesOutputWithContext(context.Context) PolicySpecRuleValuesOutput
}

PolicySpecRuleValuesInput is an input type that accepts PolicySpecRuleValuesArgs and PolicySpecRuleValuesOutput values. You can construct a concrete instance of `PolicySpecRuleValuesInput` via: 

PolicySpecRuleValuesArgs{...}

type PolicySpecRuleValuesOutput 

type PolicySpecRuleValuesOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleValuesOutput) AllowedValues 

func (o PolicySpecRuleValuesOutput) AllowedValues() pulumi.StringArrayOutput

List of values allowed at this resource.

func (PolicySpecRuleValuesOutput) DeniedValues 

func (o PolicySpecRuleValuesOutput) DeniedValues() pulumi.StringArrayOutput

List of values denied at this resource.

func (PolicySpecRuleValuesOutput) ElementType 

func (PolicySpecRuleValuesOutput) ElementType() reflect.Type

func (PolicySpecRuleValuesOutput) ToOutput added in v6.65.1 

func (o PolicySpecRuleValuesOutput) ToOutput(ctx context.Context) pulumix.Output[PolicySpecRuleValues]

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutput 

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutput() PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutputWithContext 

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutputWithContext(ctx context.Context) PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutput 

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutputWithContext 

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicySpecRuleValuesPtrOutput

type PolicySpecRuleValuesPtrInput 

type PolicySpecRuleValuesPtrInput interface {
	pulumi.Input

	ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput
	ToPolicySpecRuleValuesPtrOutputWithContext(context.Context) PolicySpecRuleValuesPtrOutput
}

PolicySpecRuleValuesPtrInput is an input type that accepts PolicySpecRuleValuesArgs, PolicySpecRuleValuesPtr and PolicySpecRuleValuesPtrOutput values. You can construct a concrete instance of `PolicySpecRuleValuesPtrInput` via: 

        PolicySpecRuleValuesArgs{...}

or:

        nil

func PolicySpecRuleValuesPtr 

func PolicySpecRuleValuesPtr(v *PolicySpecRuleValuesArgs) PolicySpecRuleValuesPtrInput

type PolicySpecRuleValuesPtrOutput 

type PolicySpecRuleValuesPtrOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleValuesPtrOutput) AllowedValues 

func (o PolicySpecRuleValuesPtrOutput) AllowedValues() pulumi.StringArrayOutput

List of values allowed at this resource.

func (PolicySpecRuleValuesPtrOutput) DeniedValues 

func (o PolicySpecRuleValuesPtrOutput) DeniedValues() pulumi.StringArrayOutput

List of values denied at this resource.

func (PolicySpecRuleValuesPtrOutput) Elem 

func (o PolicySpecRuleValuesPtrOutput) Elem() PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesPtrOutput) ElementType 

func (PolicySpecRuleValuesPtrOutput) ElementType() reflect.Type

func (PolicySpecRuleValuesPtrOutput) ToOutput added in v6.65.1 

func (o PolicySpecRuleValuesPtrOutput) ToOutput(ctx context.Context) pulumix.Output[*PolicySpecRuleValues]

func (PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutput 

func (o PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput

func (PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutputWithContext 

func (o PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicySpecRuleValuesPtrOutput

type PolicyState 

type PolicyState struct {
	// Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
	Name pulumi.StringPtrInput
	// The parent of the resource.
	//
	// ***
	Parent pulumi.StringPtrInput
	// Basic information about the Organization Policy.
	Spec PolicySpecPtrInput
}

func (PolicyState) ElementType 

func (PolicyState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.