orgpolicy

package
v8.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 7, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CustomConstraint 

type CustomConstraint struct {
	pulumi.CustomResourceState

	// The action to take if the condition is met.
	// Possible values are: `ALLOW`, `DENY`.
	ActionType pulumi.StringOutput `pulumi:"actionType"`
	// A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
	Condition pulumi.StringOutput `pulumi:"condition"`
	// A human-friendly description of the constraint to display as an error message when the policy is violated.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// A human-friendly name for the constraint.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
	MethodTypes pulumi.StringArrayOutput `pulumi:"methodTypes"`
	// Immutable. The name of the custom constraint. This is unique within the organization.
	Name pulumi.StringOutput `pulumi:"name"`
	// The parent of the resource, an organization. Format should be `organizations/{organization_id}`.
	//
	// ***
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
	ResourceTypes pulumi.StringArrayOutput `pulumi:"resourceTypes"`
	// Output only. The timestamp representing when the constraint was last updated.
	UpdateTime pulumi.StringOutput `pulumi:"updateTime"`
}

Custom constraints are created by administrators to provide more granular and customizable control over the specific fields that are restricted by your organization policies.

To get more information about CustomConstraint, see:

* [API documentation](https://cloud.google.com/resource-manager/docs/reference/orgpolicy/rest/v2/organizations.constraints) * How-to Guides

## Example Usage

### Org Policy Custom Constraint Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
			Name:       pulumi.String("custom.disableGkeAutoUpgrade"),
			Parent:     pulumi.String("organizations/123456789"),
			ActionType: pulumi.String("ALLOW"),
			Condition:  pulumi.String("resource.management.autoUpgrade == false"),
			MethodTypes: pulumi.StringArray{
				pulumi.String("CREATE"),
				pulumi.String("UPDATE"),
			},
			ResourceTypes: pulumi.StringArray{
				pulumi.String("container.googleapis.com/NodePool"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Org Policy Custom Constraint Full

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		constraint, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
			Name:        pulumi.String("custom.disableGkeAutoUpgrade"),
			Parent:      pulumi.String("organizations/123456789"),
			DisplayName: pulumi.String("Disable GKE auto upgrade"),
			Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
			ActionType:  pulumi.String("ALLOW"),
			Condition:   pulumi.String("resource.management.autoUpgrade == false"),
			MethodTypes: pulumi.StringArray{
				pulumi.String("CREATE"),
				pulumi.String("UPDATE"),
			},
			ResourceTypes: pulumi.StringArray{
				pulumi.String("container.googleapis.com/NodePool"),
			},
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "bool", &orgpolicy.PolicyArgs{
			Name: constraint.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("organizations/123456789/policies/%v", name), nil
			}).(pulumi.StringOutput),
			Parent: pulumi.String("organizations/123456789"),
			Spec: &orgpolicy.PolicySpecArgs{
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						Enforce: pulumi.String("TRUE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

CustomConstraint can be imported using any of these accepted formats:

* `{{parent}}/customConstraints/{{name}}`

When using the `pulumi import` command, CustomConstraint can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:orgpolicy/customConstraint:CustomConstraint default {{parent}}/customConstraints/{{name}} ```

func GetCustomConstraint 

func GetCustomConstraint(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CustomConstraintState, opts ...pulumi.ResourceOption) (*CustomConstraint, error)

GetCustomConstraint gets an existing CustomConstraint resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCustomConstraint 

func NewCustomConstraint(ctx *pulumi.Context,
	name string, args *CustomConstraintArgs, opts ...pulumi.ResourceOption) (*CustomConstraint, error)

NewCustomConstraint registers a new resource with the given unique name, arguments, and options.

func (*CustomConstraint) ElementType 

func (*CustomConstraint) ElementType() reflect.Type

func (*CustomConstraint) ToCustomConstraintOutput 

func (i *CustomConstraint) ToCustomConstraintOutput() CustomConstraintOutput

func (*CustomConstraint) ToCustomConstraintOutputWithContext 

func (i *CustomConstraint) ToCustomConstraintOutputWithContext(ctx context.Context) CustomConstraintOutput

type CustomConstraintArgs 

type CustomConstraintArgs struct {
	// The action to take if the condition is met.
	// Possible values are: `ALLOW`, `DENY`.
	ActionType pulumi.StringInput
	// A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
	Condition pulumi.StringInput
	// A human-friendly description of the constraint to display as an error message when the policy is violated.
	Description pulumi.StringPtrInput
	// A human-friendly name for the constraint.
	DisplayName pulumi.StringPtrInput
	// A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
	MethodTypes pulumi.StringArrayInput
	// Immutable. The name of the custom constraint. This is unique within the organization.
	Name pulumi.StringPtrInput
	// The parent of the resource, an organization. Format should be `organizations/{organization_id}`.
	//
	// ***
	Parent pulumi.StringInput
	// Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
	ResourceTypes pulumi.StringArrayInput
}

The set of arguments for constructing a CustomConstraint resource.

func (CustomConstraintArgs) ElementType 

func (CustomConstraintArgs) ElementType() reflect.Type

type CustomConstraintArray 

type CustomConstraintArray []CustomConstraintInput

func (CustomConstraintArray) ElementType 

func (CustomConstraintArray) ElementType() reflect.Type

func (CustomConstraintArray) ToCustomConstraintArrayOutput 

func (i CustomConstraintArray) ToCustomConstraintArrayOutput() CustomConstraintArrayOutput

func (CustomConstraintArray) ToCustomConstraintArrayOutputWithContext 

func (i CustomConstraintArray) ToCustomConstraintArrayOutputWithContext(ctx context.Context) CustomConstraintArrayOutput

type CustomConstraintArrayInput 

type CustomConstraintArrayInput interface {
	pulumi.Input

	ToCustomConstraintArrayOutput() CustomConstraintArrayOutput
	ToCustomConstraintArrayOutputWithContext(context.Context) CustomConstraintArrayOutput
}

CustomConstraintArrayInput is an input type that accepts CustomConstraintArray and CustomConstraintArrayOutput values. You can construct a concrete instance of `CustomConstraintArrayInput` via: 

CustomConstraintArray{ CustomConstraintArgs{...} }

type CustomConstraintArrayOutput 

type CustomConstraintArrayOutput struct{ *pulumi.OutputState }

func (CustomConstraintArrayOutput) ElementType 

func (CustomConstraintArrayOutput) ElementType() reflect.Type

func (CustomConstraintArrayOutput) Index 

func (o CustomConstraintArrayOutput) Index(i pulumi.IntInput) CustomConstraintOutput

func (CustomConstraintArrayOutput) ToCustomConstraintArrayOutput 

func (o CustomConstraintArrayOutput) ToCustomConstraintArrayOutput() CustomConstraintArrayOutput

func (CustomConstraintArrayOutput) ToCustomConstraintArrayOutputWithContext 

func (o CustomConstraintArrayOutput) ToCustomConstraintArrayOutputWithContext(ctx context.Context) CustomConstraintArrayOutput

type CustomConstraintInput 

type CustomConstraintInput interface {
	pulumi.Input

	ToCustomConstraintOutput() CustomConstraintOutput
	ToCustomConstraintOutputWithContext(ctx context.Context) CustomConstraintOutput
}

type CustomConstraintMap 

type CustomConstraintMap map[string]CustomConstraintInput

func (CustomConstraintMap) ElementType 

func (CustomConstraintMap) ElementType() reflect.Type

func (CustomConstraintMap) ToCustomConstraintMapOutput 

func (i CustomConstraintMap) ToCustomConstraintMapOutput() CustomConstraintMapOutput

func (CustomConstraintMap) ToCustomConstraintMapOutputWithContext 

func (i CustomConstraintMap) ToCustomConstraintMapOutputWithContext(ctx context.Context) CustomConstraintMapOutput

type CustomConstraintMapInput 

type CustomConstraintMapInput interface {
	pulumi.Input

	ToCustomConstraintMapOutput() CustomConstraintMapOutput
	ToCustomConstraintMapOutputWithContext(context.Context) CustomConstraintMapOutput
}

CustomConstraintMapInput is an input type that accepts CustomConstraintMap and CustomConstraintMapOutput values. You can construct a concrete instance of `CustomConstraintMapInput` via: 

CustomConstraintMap{ "key": CustomConstraintArgs{...} }

type CustomConstraintMapOutput 

type CustomConstraintMapOutput struct{ *pulumi.OutputState }

func (CustomConstraintMapOutput) ElementType 

func (CustomConstraintMapOutput) ElementType() reflect.Type

func (CustomConstraintMapOutput) MapIndex 

func (o CustomConstraintMapOutput) MapIndex(k pulumi.StringInput) CustomConstraintOutput

func (CustomConstraintMapOutput) ToCustomConstraintMapOutput 

func (o CustomConstraintMapOutput) ToCustomConstraintMapOutput() CustomConstraintMapOutput

func (CustomConstraintMapOutput) ToCustomConstraintMapOutputWithContext 

func (o CustomConstraintMapOutput) ToCustomConstraintMapOutputWithContext(ctx context.Context) CustomConstraintMapOutput

type CustomConstraintOutput 

type CustomConstraintOutput struct{ *pulumi.OutputState }

func (CustomConstraintOutput) ActionType 

func (o CustomConstraintOutput) ActionType() pulumi.StringOutput

The action to take if the condition is met. Possible values are: `ALLOW`, `DENY`.

func (CustomConstraintOutput) Condition 

func (o CustomConstraintOutput) Condition() pulumi.StringOutput

A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).

func (CustomConstraintOutput) Description 

func (o CustomConstraintOutput) Description() pulumi.StringPtrOutput

A human-friendly description of the constraint to display as an error message when the policy is violated.

func (CustomConstraintOutput) DisplayName 

func (o CustomConstraintOutput) DisplayName() pulumi.StringPtrOutput

A human-friendly name for the constraint.

func (CustomConstraintOutput) ElementType 

func (CustomConstraintOutput) ElementType() reflect.Type

func (CustomConstraintOutput) MethodTypes 

func (o CustomConstraintOutput) MethodTypes() pulumi.StringArrayOutput

A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).

func (CustomConstraintOutput) Name 

func (o CustomConstraintOutput) Name() pulumi.StringOutput

Immutable. The name of the custom constraint. This is unique within the organization.

func (CustomConstraintOutput) Parent 

func (o CustomConstraintOutput) Parent() pulumi.StringOutput

The parent of the resource, an organization. Format should be `organizations/{organization_id}`.

***

func (CustomConstraintOutput) ResourceTypes 

func (o CustomConstraintOutput) ResourceTypes() pulumi.StringArrayOutput

Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.

func (CustomConstraintOutput) ToCustomConstraintOutput 

func (o CustomConstraintOutput) ToCustomConstraintOutput() CustomConstraintOutput

func (CustomConstraintOutput) ToCustomConstraintOutputWithContext 

func (o CustomConstraintOutput) ToCustomConstraintOutputWithContext(ctx context.Context) CustomConstraintOutput

func (CustomConstraintOutput) UpdateTime 

func (o CustomConstraintOutput) UpdateTime() pulumi.StringOutput

Output only. The timestamp representing when the constraint was last updated.

type CustomConstraintState 

type CustomConstraintState struct {
	// The action to take if the condition is met.
	// Possible values are: `ALLOW`, `DENY`.
	ActionType pulumi.StringPtrInput
	// A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
	Condition pulumi.StringPtrInput
	// A human-friendly description of the constraint to display as an error message when the policy is violated.
	Description pulumi.StringPtrInput
	// A human-friendly name for the constraint.
	DisplayName pulumi.StringPtrInput
	// A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
	MethodTypes pulumi.StringArrayInput
	// Immutable. The name of the custom constraint. This is unique within the organization.
	Name pulumi.StringPtrInput
	// The parent of the resource, an organization. Format should be `organizations/{organization_id}`.
	//
	// ***
	Parent pulumi.StringPtrInput
	// Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
	ResourceTypes pulumi.StringArrayInput
	// Output only. The timestamp representing when the constraint was last updated.
	UpdateTime pulumi.StringPtrInput
}

func (CustomConstraintState) ElementType 

func (CustomConstraintState) ElementType() reflect.Type

type Policy 

type Policy struct {
	pulumi.CustomResourceState

	// Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
	// Structure is documented below.
	DryRunSpec PolicyDryRunSpecPtrOutput `pulumi:"dryRunSpec"`
	// Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
	Name pulumi.StringOutput `pulumi:"name"`
	// The parent of the resource.
	//
	// ***
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Basic information about the Organization Policy.
	// Structure is documented below.
	Spec PolicySpecPtrOutput `pulumi:"spec"`
}

Defines an organization policy which is used to specify constraints for configurations of Google Cloud resources.

To get more information about Policy, see:

* [API documentation](https://cloud.google.com/resource-manager/docs/reference/orgpolicy/rest/v2/organizations.policies) * How-to Guides

## Example Usage

### Org Policy Policy Enforce

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
			ProjectId:      pulumi.String("id"),
			Name:           pulumi.String("id"),
			OrgId:          pulumi.String("123456789"),
			DeletionPolicy: pulumi.String("DELETE"),
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Name: basic.ProjectId.ApplyT(func(projectId string) (string, error) {
				return fmt.Sprintf("projects/%v/policies/iam.disableServiceAccountKeyUpload", projectId), nil
			}).(pulumi.StringOutput),
			Parent: basic.ProjectId.ApplyT(func(projectId string) (string, error) {
				return fmt.Sprintf("projects/%v", projectId), nil
			}).(pulumi.StringOutput),
			Spec: &orgpolicy.PolicySpecArgs{
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						Enforce: pulumi.String("FALSE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Org Policy Policy Folder

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basic, err := organizations.NewFolder(ctx, "basic", &organizations.FolderArgs{
			Parent:             pulumi.String("organizations/123456789"),
			DisplayName:        pulumi.String("folder"),
			DeletionProtection: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Name: basic.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("%v/policies/gcp.resourceLocations", name), nil
			}).(pulumi.StringOutput),
			Parent: basic.Name,
			Spec: &orgpolicy.PolicySpecArgs{
				InheritFromParent: pulumi.Bool(true),
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						DenyAll: pulumi.String("TRUE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Org Policy Policy Organization

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Name:   pulumi.String("organizations/123456789/policies/gcp.detailedAuditLoggingMode"),
			Parent: pulumi.String("organizations/123456789"),
			Spec: &orgpolicy.PolicySpecArgs{
				Reset: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Org Policy Policy Project

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
			ProjectId:      pulumi.String("id"),
			Name:           pulumi.String("id"),
			OrgId:          pulumi.String("123456789"),
			DeletionPolicy: pulumi.String("DELETE"),
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Name: basic.ProjectId.ApplyT(func(projectId string) (string, error) {
				return fmt.Sprintf("projects/%v/policies/gcp.resourceLocations", projectId), nil
			}).(pulumi.StringOutput),
			Parent: basic.ProjectId.ApplyT(func(projectId string) (string, error) {
				return fmt.Sprintf("projects/%v", projectId), nil
			}).(pulumi.StringOutput),
			Spec: &orgpolicy.PolicySpecArgs{
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						Condition: &orgpolicy.PolicySpecRuleConditionArgs{
							Description: pulumi.String("A sample condition for the policy"),
							Expression:  pulumi.String("resource.matchTagId('tagKeys/123', 'tagValues/345')"),
							Location:    pulumi.String("sample-location.log"),
							Title:       pulumi.String("sample-condition"),
						},
						Values: &orgpolicy.PolicySpecRuleValuesArgs{
							AllowedValues: pulumi.StringArray{
								pulumi.String("projects/allowed-project"),
							},
							DeniedValues: pulumi.StringArray{
								pulumi.String("projects/denied-project"),
							},
						},
					},
					&orgpolicy.PolicySpecRuleArgs{
						AllowAll: pulumi.String("TRUE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Org Policy Policy Dry Run Spec

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		constraint, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
			Name:        pulumi.String("custom.disableGkeAutoUpgrade_76044"),
			Parent:      pulumi.String("organizations/123456789"),
			DisplayName: pulumi.String("Disable GKE auto upgrade"),
			Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
			ActionType:  pulumi.String("ALLOW"),
			Condition:   pulumi.String("resource.management.autoUpgrade == false"),
			MethodTypes: pulumi.StringArray{
				pulumi.String("CREATE"),
			},
			ResourceTypes: pulumi.StringArray{
				pulumi.String("container.googleapis.com/NodePool"),
			},
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Name: constraint.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("organizations/123456789/policies/%v", name), nil
			}).(pulumi.StringOutput),
			Parent: pulumi.String("organizations/123456789"),
			Spec: &orgpolicy.PolicySpecArgs{
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						Enforce: pulumi.String("FALSE"),
					},
				},
			},
			DryRunSpec: &orgpolicy.PolicyDryRunSpecArgs{
				InheritFromParent: pulumi.Bool(false),
				Reset:             pulumi.Bool(false),
				Rules: orgpolicy.PolicyDryRunSpecRuleArray{
					&orgpolicy.PolicyDryRunSpecRuleArgs{
						Enforce: pulumi.String("FALSE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Org Policy Policy Parameters Enforce

```go package main

import ( 

"encoding/json"
"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
			ProjectId:      pulumi.String("id"),
			Name:           pulumi.String("id"),
			OrgId:          pulumi.String("123456789"),
			DeletionPolicy: pulumi.String("DELETE"),
		})
		if err != nil {
			return err
		}
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"isSizeLimitCheck": true,
			"allowedDiskTypes": []string{
				"pd-ssd",
				"pd-standard",
			},
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Name: basic.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("projects/%v/policies/compute.managed.restrictDiskCreation", name), nil
			}).(pulumi.StringOutput),
			Parent: basic.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("projects/%v", name), nil
			}).(pulumi.StringOutput),
			Spec: &orgpolicy.PolicySpecArgs{
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						Enforce:    pulumi.String("TRUE"),
						Parameters: pulumi.String(json0),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Policy can be imported using any of these accepted formats:

* `{{parent}}/policies/{{name}}`

When using the `pulumi import` command, Policy can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:orgpolicy/policy:Policy default {{parent}}/policies/{{name}} ```

func GetPolicy 

func GetPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyState, opts ...pulumi.ResourceOption) (*Policy, error)

GetPolicy gets an existing Policy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicy 

func NewPolicy(ctx *pulumi.Context,
	name string, args *PolicyArgs, opts ...pulumi.ResourceOption) (*Policy, error)

NewPolicy registers a new resource with the given unique name, arguments, and options.

func (*Policy) ElementType 

func (*Policy) ElementType() reflect.Type

func (*Policy) ToPolicyOutput 

func (i *Policy) ToPolicyOutput() PolicyOutput

func (*Policy) ToPolicyOutputWithContext 

func (i *Policy) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

type PolicyArgs 

type PolicyArgs struct {
	// Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
	// Structure is documented below.
	DryRunSpec PolicyDryRunSpecPtrInput
	// Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
	Name pulumi.StringPtrInput
	// The parent of the resource.
	//
	// ***
	Parent pulumi.StringInput
	// Basic information about the Organization Policy.
	// Structure is documented below.
	Spec PolicySpecPtrInput
}

The set of arguments for constructing a Policy resource.

func (PolicyArgs) ElementType 

func (PolicyArgs) ElementType() reflect.Type

type PolicyArray 

type PolicyArray []PolicyInput

func (PolicyArray) ElementType 

func (PolicyArray) ElementType() reflect.Type

func (PolicyArray) ToPolicyArrayOutput 

func (i PolicyArray) ToPolicyArrayOutput() PolicyArrayOutput

func (PolicyArray) ToPolicyArrayOutputWithContext 

func (i PolicyArray) ToPolicyArrayOutputWithContext(ctx context.Context) PolicyArrayOutput

type PolicyArrayInput 

type PolicyArrayInput interface {
	pulumi.Input

	ToPolicyArrayOutput() PolicyArrayOutput
	ToPolicyArrayOutputWithContext(context.Context) PolicyArrayOutput
}

PolicyArrayInput is an input type that accepts PolicyArray and PolicyArrayOutput values. You can construct a concrete instance of `PolicyArrayInput` via: 

PolicyArray{ PolicyArgs{...} }

type PolicyArrayOutput 

type PolicyArrayOutput struct{ *pulumi.OutputState }

func (PolicyArrayOutput) ElementType 

func (PolicyArrayOutput) ElementType() reflect.Type

func (PolicyArrayOutput) Index 

func (o PolicyArrayOutput) Index(i pulumi.IntInput) PolicyOutput

func (PolicyArrayOutput) ToPolicyArrayOutput 

func (o PolicyArrayOutput) ToPolicyArrayOutput() PolicyArrayOutput

func (PolicyArrayOutput) ToPolicyArrayOutputWithContext 

func (o PolicyArrayOutput) ToPolicyArrayOutputWithContext(ctx context.Context) PolicyArrayOutput

type PolicyDryRunSpec 

type PolicyDryRunSpec struct {
	// (Output)
	// An opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy`is returned from either a`GetPolicy`or a`ListPolicies`request, this`etag`indicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from a`GetEffectivePolicy`request, the`etag` will be unset.
	Etag *string `pulumi:"etag"`
	// Determines the inheritance behavior for this policy. If `inheritFromParent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.
	InheritFromParent *bool `pulumi:"inheritFromParent"`
	// Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.
	Reset *bool `pulumi:"reset"`
	// In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.
	// Structure is documented below.
	Rules []PolicyDryRunSpecRule `pulumi:"rules"`
	// (Output)
	// Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.
	UpdateTime *string `pulumi:"updateTime"`
}

type PolicyDryRunSpecArgs 

type PolicyDryRunSpecArgs struct {
	// (Output)
	// An opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy`is returned from either a`GetPolicy`or a`ListPolicies`request, this`etag`indicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from a`GetEffectivePolicy`request, the`etag` will be unset.
	Etag pulumi.StringPtrInput `pulumi:"etag"`
	// Determines the inheritance behavior for this policy. If `inheritFromParent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.
	InheritFromParent pulumi.BoolPtrInput `pulumi:"inheritFromParent"`
	// Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.
	Reset pulumi.BoolPtrInput `pulumi:"reset"`
	// In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.
	// Structure is documented below.
	Rules PolicyDryRunSpecRuleArrayInput `pulumi:"rules"`
	// (Output)
	// Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.
	UpdateTime pulumi.StringPtrInput `pulumi:"updateTime"`
}

func (PolicyDryRunSpecArgs) ElementType 

func (PolicyDryRunSpecArgs) ElementType() reflect.Type

func (PolicyDryRunSpecArgs) ToPolicyDryRunSpecOutput 

func (i PolicyDryRunSpecArgs) ToPolicyDryRunSpecOutput() PolicyDryRunSpecOutput

func (PolicyDryRunSpecArgs) ToPolicyDryRunSpecOutputWithContext 

func (i PolicyDryRunSpecArgs) ToPolicyDryRunSpecOutputWithContext(ctx context.Context) PolicyDryRunSpecOutput

func (PolicyDryRunSpecArgs) ToPolicyDryRunSpecPtrOutput 

func (i PolicyDryRunSpecArgs) ToPolicyDryRunSpecPtrOutput() PolicyDryRunSpecPtrOutput

func (PolicyDryRunSpecArgs) ToPolicyDryRunSpecPtrOutputWithContext 

func (i PolicyDryRunSpecArgs) ToPolicyDryRunSpecPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecPtrOutput

type PolicyDryRunSpecInput 

type PolicyDryRunSpecInput interface {
	pulumi.Input

	ToPolicyDryRunSpecOutput() PolicyDryRunSpecOutput
	ToPolicyDryRunSpecOutputWithContext(context.Context) PolicyDryRunSpecOutput
}

PolicyDryRunSpecInput is an input type that accepts PolicyDryRunSpecArgs and PolicyDryRunSpecOutput values. You can construct a concrete instance of `PolicyDryRunSpecInput` via: 

PolicyDryRunSpecArgs{...}

type PolicyDryRunSpecOutput 

type PolicyDryRunSpecOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecOutput) ElementType 

func (PolicyDryRunSpecOutput) ElementType() reflect.Type

func (PolicyDryRunSpecOutput) Etag 

func (o PolicyDryRunSpecOutput) Etag() pulumi.StringPtrOutput

(Output) An opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy`is returned from either a`GetPolicy`or a`ListPolicies`request, this`etag`indicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from a`GetEffectivePolicy`request, the`etag` will be unset.

func (PolicyDryRunSpecOutput) InheritFromParent 

func (o PolicyDryRunSpecOutput) InheritFromParent() pulumi.BoolPtrOutput

Determines the inheritance behavior for this policy. If `inheritFromParent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.

func (PolicyDryRunSpecOutput) Reset 

func (o PolicyDryRunSpecOutput) Reset() pulumi.BoolPtrOutput

Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.

func (PolicyDryRunSpecOutput) Rules 

func (o PolicyDryRunSpecOutput) Rules() PolicyDryRunSpecRuleArrayOutput

In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence. Structure is documented below.

func (PolicyDryRunSpecOutput) ToPolicyDryRunSpecOutput 

func (o PolicyDryRunSpecOutput) ToPolicyDryRunSpecOutput() PolicyDryRunSpecOutput

func (PolicyDryRunSpecOutput) ToPolicyDryRunSpecOutputWithContext 

func (o PolicyDryRunSpecOutput) ToPolicyDryRunSpecOutputWithContext(ctx context.Context) PolicyDryRunSpecOutput

func (PolicyDryRunSpecOutput) ToPolicyDryRunSpecPtrOutput 

func (o PolicyDryRunSpecOutput) ToPolicyDryRunSpecPtrOutput() PolicyDryRunSpecPtrOutput

func (PolicyDryRunSpecOutput) ToPolicyDryRunSpecPtrOutputWithContext 

func (o PolicyDryRunSpecOutput) ToPolicyDryRunSpecPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecPtrOutput

func (PolicyDryRunSpecOutput) UpdateTime 

func (o PolicyDryRunSpecOutput) UpdateTime() pulumi.StringPtrOutput

(Output) Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.

type PolicyDryRunSpecPtrInput 

type PolicyDryRunSpecPtrInput interface {
	pulumi.Input

	ToPolicyDryRunSpecPtrOutput() PolicyDryRunSpecPtrOutput
	ToPolicyDryRunSpecPtrOutputWithContext(context.Context) PolicyDryRunSpecPtrOutput
}

PolicyDryRunSpecPtrInput is an input type that accepts PolicyDryRunSpecArgs, PolicyDryRunSpecPtr and PolicyDryRunSpecPtrOutput values. You can construct a concrete instance of `PolicyDryRunSpecPtrInput` via: 

        PolicyDryRunSpecArgs{...}

or:

        nil

func PolicyDryRunSpecPtr 

func PolicyDryRunSpecPtr(v *PolicyDryRunSpecArgs) PolicyDryRunSpecPtrInput

type PolicyDryRunSpecPtrOutput 

type PolicyDryRunSpecPtrOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecPtrOutput) Elem 

func (o PolicyDryRunSpecPtrOutput) Elem() PolicyDryRunSpecOutput

func (PolicyDryRunSpecPtrOutput) ElementType 

func (PolicyDryRunSpecPtrOutput) ElementType() reflect.Type

func (PolicyDryRunSpecPtrOutput) Etag 

func (o PolicyDryRunSpecPtrOutput) Etag() pulumi.StringPtrOutput

(Output) An opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy`is returned from either a`GetPolicy`or a`ListPolicies`request, this`etag`indicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from a`GetEffectivePolicy`request, the`etag` will be unset.

func (PolicyDryRunSpecPtrOutput) InheritFromParent 

func (o PolicyDryRunSpecPtrOutput) InheritFromParent() pulumi.BoolPtrOutput

Determines the inheritance behavior for this policy. If `inheritFromParent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.

func (PolicyDryRunSpecPtrOutput) Reset 

func (o PolicyDryRunSpecPtrOutput) Reset() pulumi.BoolPtrOutput

Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.

func (PolicyDryRunSpecPtrOutput) Rules 

func (o PolicyDryRunSpecPtrOutput) Rules() PolicyDryRunSpecRuleArrayOutput

In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence. Structure is documented below.

func (PolicyDryRunSpecPtrOutput) ToPolicyDryRunSpecPtrOutput 

func (o PolicyDryRunSpecPtrOutput) ToPolicyDryRunSpecPtrOutput() PolicyDryRunSpecPtrOutput

func (PolicyDryRunSpecPtrOutput) ToPolicyDryRunSpecPtrOutputWithContext 

func (o PolicyDryRunSpecPtrOutput) ToPolicyDryRunSpecPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecPtrOutput

func (PolicyDryRunSpecPtrOutput) UpdateTime 

func (o PolicyDryRunSpecPtrOutput) UpdateTime() pulumi.StringPtrOutput

(Output) Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.

type PolicyDryRunSpecRule 

type PolicyDryRunSpecRule struct {
	// Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints.
	AllowAll *string `pulumi:"allowAll"`
	// A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".
	// Structure is documented below.
	Condition *PolicyDryRunSpecRuleCondition `pulumi:"condition"`
	// Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints.
	DenyAll *string `pulumi:"denyAll"`
	// If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.
	Enforce *string `pulumi:"enforce"`
	// Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true }
	Parameters *string `pulumi:"parameters"`
	// List of values to be used for this policy rule. This field can be set only in policies for list constraints.
	// Structure is documented below.
	Values *PolicyDryRunSpecRuleValues `pulumi:"values"`
}

type PolicyDryRunSpecRuleArgs 

type PolicyDryRunSpecRuleArgs struct {
	// Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints.
	AllowAll pulumi.StringPtrInput `pulumi:"allowAll"`
	// A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".
	// Structure is documented below.
	Condition PolicyDryRunSpecRuleConditionPtrInput `pulumi:"condition"`
	// Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints.
	DenyAll pulumi.StringPtrInput `pulumi:"denyAll"`
	// If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.
	Enforce pulumi.StringPtrInput `pulumi:"enforce"`
	// Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true }
	Parameters pulumi.StringPtrInput `pulumi:"parameters"`
	// List of values to be used for this policy rule. This field can be set only in policies for list constraints.
	// Structure is documented below.
	Values PolicyDryRunSpecRuleValuesPtrInput `pulumi:"values"`
}

func (PolicyDryRunSpecRuleArgs) ElementType 

func (PolicyDryRunSpecRuleArgs) ElementType() reflect.Type

func (PolicyDryRunSpecRuleArgs) ToPolicyDryRunSpecRuleOutput 

func (i PolicyDryRunSpecRuleArgs) ToPolicyDryRunSpecRuleOutput() PolicyDryRunSpecRuleOutput

func (PolicyDryRunSpecRuleArgs) ToPolicyDryRunSpecRuleOutputWithContext 

func (i PolicyDryRunSpecRuleArgs) ToPolicyDryRunSpecRuleOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleOutput

type PolicyDryRunSpecRuleArray 

type PolicyDryRunSpecRuleArray []PolicyDryRunSpecRuleInput

func (PolicyDryRunSpecRuleArray) ElementType 

func (PolicyDryRunSpecRuleArray) ElementType() reflect.Type

func (PolicyDryRunSpecRuleArray) ToPolicyDryRunSpecRuleArrayOutput 

func (i PolicyDryRunSpecRuleArray) ToPolicyDryRunSpecRuleArrayOutput() PolicyDryRunSpecRuleArrayOutput

func (PolicyDryRunSpecRuleArray) ToPolicyDryRunSpecRuleArrayOutputWithContext 

func (i PolicyDryRunSpecRuleArray) ToPolicyDryRunSpecRuleArrayOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleArrayOutput

type PolicyDryRunSpecRuleArrayInput 

type PolicyDryRunSpecRuleArrayInput interface {
	pulumi.Input

	ToPolicyDryRunSpecRuleArrayOutput() PolicyDryRunSpecRuleArrayOutput
	ToPolicyDryRunSpecRuleArrayOutputWithContext(context.Context) PolicyDryRunSpecRuleArrayOutput
}

PolicyDryRunSpecRuleArrayInput is an input type that accepts PolicyDryRunSpecRuleArray and PolicyDryRunSpecRuleArrayOutput values. You can construct a concrete instance of `PolicyDryRunSpecRuleArrayInput` via: 

PolicyDryRunSpecRuleArray{ PolicyDryRunSpecRuleArgs{...} }

type PolicyDryRunSpecRuleArrayOutput 

type PolicyDryRunSpecRuleArrayOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecRuleArrayOutput) ElementType 

func (PolicyDryRunSpecRuleArrayOutput) ElementType() reflect.Type

func (PolicyDryRunSpecRuleArrayOutput) Index 

func (o PolicyDryRunSpecRuleArrayOutput) Index(i pulumi.IntInput) PolicyDryRunSpecRuleOutput

func (PolicyDryRunSpecRuleArrayOutput) ToPolicyDryRunSpecRuleArrayOutput 

func (o PolicyDryRunSpecRuleArrayOutput) ToPolicyDryRunSpecRuleArrayOutput() PolicyDryRunSpecRuleArrayOutput

func (PolicyDryRunSpecRuleArrayOutput) ToPolicyDryRunSpecRuleArrayOutputWithContext 

func (o PolicyDryRunSpecRuleArrayOutput) ToPolicyDryRunSpecRuleArrayOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleArrayOutput

type PolicyDryRunSpecRuleCondition 

type PolicyDryRunSpecRuleCondition struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression *string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location *string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

type PolicyDryRunSpecRuleConditionArgs 

type PolicyDryRunSpecRuleConditionArgs struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

func (PolicyDryRunSpecRuleConditionArgs) ElementType 

func (PolicyDryRunSpecRuleConditionArgs) ElementType() reflect.Type

func (PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionOutput 

func (i PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionOutput() PolicyDryRunSpecRuleConditionOutput

func (PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionOutputWithContext 

func (i PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleConditionOutput

func (PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionPtrOutput 

func (i PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionPtrOutput() PolicyDryRunSpecRuleConditionPtrOutput

func (PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionPtrOutputWithContext 

func (i PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleConditionPtrOutput

type PolicyDryRunSpecRuleConditionInput 

type PolicyDryRunSpecRuleConditionInput interface {
	pulumi.Input

	ToPolicyDryRunSpecRuleConditionOutput() PolicyDryRunSpecRuleConditionOutput
	ToPolicyDryRunSpecRuleConditionOutputWithContext(context.Context) PolicyDryRunSpecRuleConditionOutput
}

PolicyDryRunSpecRuleConditionInput is an input type that accepts PolicyDryRunSpecRuleConditionArgs and PolicyDryRunSpecRuleConditionOutput values. You can construct a concrete instance of `PolicyDryRunSpecRuleConditionInput` via: 

PolicyDryRunSpecRuleConditionArgs{...}

type PolicyDryRunSpecRuleConditionOutput 

type PolicyDryRunSpecRuleConditionOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecRuleConditionOutput) Description 

func (o PolicyDryRunSpecRuleConditionOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (PolicyDryRunSpecRuleConditionOutput) ElementType 

func (PolicyDryRunSpecRuleConditionOutput) ElementType() reflect.Type

func (PolicyDryRunSpecRuleConditionOutput) Expression 

func (o PolicyDryRunSpecRuleConditionOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (PolicyDryRunSpecRuleConditionOutput) Location 

func (o PolicyDryRunSpecRuleConditionOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (PolicyDryRunSpecRuleConditionOutput) Title 

func (o PolicyDryRunSpecRuleConditionOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionOutput 

func (o PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionOutput() PolicyDryRunSpecRuleConditionOutput

func (PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionOutputWithContext 

func (o PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleConditionOutput

func (PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionPtrOutput 

func (o PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionPtrOutput() PolicyDryRunSpecRuleConditionPtrOutput

func (PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionPtrOutputWithContext 

func (o PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleConditionPtrOutput

type PolicyDryRunSpecRuleConditionPtrInput 

type PolicyDryRunSpecRuleConditionPtrInput interface {
	pulumi.Input

	ToPolicyDryRunSpecRuleConditionPtrOutput() PolicyDryRunSpecRuleConditionPtrOutput
	ToPolicyDryRunSpecRuleConditionPtrOutputWithContext(context.Context) PolicyDryRunSpecRuleConditionPtrOutput
}

PolicyDryRunSpecRuleConditionPtrInput is an input type that accepts PolicyDryRunSpecRuleConditionArgs, PolicyDryRunSpecRuleConditionPtr and PolicyDryRunSpecRuleConditionPtrOutput values. You can construct a concrete instance of `PolicyDryRunSpecRuleConditionPtrInput` via: 

        PolicyDryRunSpecRuleConditionArgs{...}

or:

        nil

func PolicyDryRunSpecRuleConditionPtr 

func PolicyDryRunSpecRuleConditionPtr(v *PolicyDryRunSpecRuleConditionArgs) PolicyDryRunSpecRuleConditionPtrInput

type PolicyDryRunSpecRuleConditionPtrOutput 

type PolicyDryRunSpecRuleConditionPtrOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecRuleConditionPtrOutput) Description 

func (o PolicyDryRunSpecRuleConditionPtrOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (PolicyDryRunSpecRuleConditionPtrOutput) Elem 

func (o PolicyDryRunSpecRuleConditionPtrOutput) Elem() PolicyDryRunSpecRuleConditionOutput

func (PolicyDryRunSpecRuleConditionPtrOutput) ElementType 

func (PolicyDryRunSpecRuleConditionPtrOutput) ElementType() reflect.Type

func (PolicyDryRunSpecRuleConditionPtrOutput) Expression 

func (o PolicyDryRunSpecRuleConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (PolicyDryRunSpecRuleConditionPtrOutput) Location 

func (o PolicyDryRunSpecRuleConditionPtrOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (PolicyDryRunSpecRuleConditionPtrOutput) Title 

func (o PolicyDryRunSpecRuleConditionPtrOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (PolicyDryRunSpecRuleConditionPtrOutput) ToPolicyDryRunSpecRuleConditionPtrOutput 

func (o PolicyDryRunSpecRuleConditionPtrOutput) ToPolicyDryRunSpecRuleConditionPtrOutput() PolicyDryRunSpecRuleConditionPtrOutput

func (PolicyDryRunSpecRuleConditionPtrOutput) ToPolicyDryRunSpecRuleConditionPtrOutputWithContext 

func (o PolicyDryRunSpecRuleConditionPtrOutput) ToPolicyDryRunSpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleConditionPtrOutput

type PolicyDryRunSpecRuleInput 

type PolicyDryRunSpecRuleInput interface {
	pulumi.Input

	ToPolicyDryRunSpecRuleOutput() PolicyDryRunSpecRuleOutput
	ToPolicyDryRunSpecRuleOutputWithContext(context.Context) PolicyDryRunSpecRuleOutput
}

PolicyDryRunSpecRuleInput is an input type that accepts PolicyDryRunSpecRuleArgs and PolicyDryRunSpecRuleOutput values. You can construct a concrete instance of `PolicyDryRunSpecRuleInput` via: 

PolicyDryRunSpecRuleArgs{...}

type PolicyDryRunSpecRuleOutput 

type PolicyDryRunSpecRuleOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecRuleOutput) AllowAll 

func (o PolicyDryRunSpecRuleOutput) AllowAll() pulumi.StringPtrOutput

Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints.

func (PolicyDryRunSpecRuleOutput) Condition 

func (o PolicyDryRunSpecRuleOutput) Condition() PolicyDryRunSpecRuleConditionPtrOutput

A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')". Structure is documented below.

func (PolicyDryRunSpecRuleOutput) DenyAll 

func (o PolicyDryRunSpecRuleOutput) DenyAll() pulumi.StringPtrOutput

Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints.

func (PolicyDryRunSpecRuleOutput) ElementType 

func (PolicyDryRunSpecRuleOutput) ElementType() reflect.Type

func (PolicyDryRunSpecRuleOutput) Enforce 

func (o PolicyDryRunSpecRuleOutput) Enforce() pulumi.StringPtrOutput

If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.

func (PolicyDryRunSpecRuleOutput) Parameters added in v8.12.0 

func (o PolicyDryRunSpecRuleOutput) Parameters() pulumi.StringPtrOutput

Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true }

func (PolicyDryRunSpecRuleOutput) ToPolicyDryRunSpecRuleOutput 

func (o PolicyDryRunSpecRuleOutput) ToPolicyDryRunSpecRuleOutput() PolicyDryRunSpecRuleOutput

func (PolicyDryRunSpecRuleOutput) ToPolicyDryRunSpecRuleOutputWithContext 

func (o PolicyDryRunSpecRuleOutput) ToPolicyDryRunSpecRuleOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleOutput

func (PolicyDryRunSpecRuleOutput) Values 

func (o PolicyDryRunSpecRuleOutput) Values() PolicyDryRunSpecRuleValuesPtrOutput

List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.

type PolicyDryRunSpecRuleValues 

type PolicyDryRunSpecRuleValues struct {
	// List of values allowed at this resource.
	AllowedValues []string `pulumi:"allowedValues"`
	// List of values denied at this resource.
	DeniedValues []string `pulumi:"deniedValues"`
}

type PolicyDryRunSpecRuleValuesArgs 

type PolicyDryRunSpecRuleValuesArgs struct {
	// List of values allowed at this resource.
	AllowedValues pulumi.StringArrayInput `pulumi:"allowedValues"`
	// List of values denied at this resource.
	DeniedValues pulumi.StringArrayInput `pulumi:"deniedValues"`
}

func (PolicyDryRunSpecRuleValuesArgs) ElementType 

func (PolicyDryRunSpecRuleValuesArgs) ElementType() reflect.Type

func (PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesOutput 

func (i PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesOutput() PolicyDryRunSpecRuleValuesOutput

func (PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesOutputWithContext 

func (i PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleValuesOutput

func (PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesPtrOutput 

func (i PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesPtrOutput() PolicyDryRunSpecRuleValuesPtrOutput

func (PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesPtrOutputWithContext 

func (i PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleValuesPtrOutput

type PolicyDryRunSpecRuleValuesInput 

type PolicyDryRunSpecRuleValuesInput interface {
	pulumi.Input

	ToPolicyDryRunSpecRuleValuesOutput() PolicyDryRunSpecRuleValuesOutput
	ToPolicyDryRunSpecRuleValuesOutputWithContext(context.Context) PolicyDryRunSpecRuleValuesOutput
}

PolicyDryRunSpecRuleValuesInput is an input type that accepts PolicyDryRunSpecRuleValuesArgs and PolicyDryRunSpecRuleValuesOutput values. You can construct a concrete instance of `PolicyDryRunSpecRuleValuesInput` via: 

PolicyDryRunSpecRuleValuesArgs{...}

type PolicyDryRunSpecRuleValuesOutput 

type PolicyDryRunSpecRuleValuesOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecRuleValuesOutput) AllowedValues 

func (o PolicyDryRunSpecRuleValuesOutput) AllowedValues() pulumi.StringArrayOutput

List of values allowed at this resource.

func (PolicyDryRunSpecRuleValuesOutput) DeniedValues 

func (o PolicyDryRunSpecRuleValuesOutput) DeniedValues() pulumi.StringArrayOutput

List of values denied at this resource.

func (PolicyDryRunSpecRuleValuesOutput) ElementType 

func (PolicyDryRunSpecRuleValuesOutput) ElementType() reflect.Type

func (PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesOutput 

func (o PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesOutput() PolicyDryRunSpecRuleValuesOutput

func (PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesOutputWithContext 

func (o PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleValuesOutput

func (PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesPtrOutput 

func (o PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesPtrOutput() PolicyDryRunSpecRuleValuesPtrOutput

func (PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesPtrOutputWithContext 

func (o PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleValuesPtrOutput

type PolicyDryRunSpecRuleValuesPtrInput 

type PolicyDryRunSpecRuleValuesPtrInput interface {
	pulumi.Input

	ToPolicyDryRunSpecRuleValuesPtrOutput() PolicyDryRunSpecRuleValuesPtrOutput
	ToPolicyDryRunSpecRuleValuesPtrOutputWithContext(context.Context) PolicyDryRunSpecRuleValuesPtrOutput
}

PolicyDryRunSpecRuleValuesPtrInput is an input type that accepts PolicyDryRunSpecRuleValuesArgs, PolicyDryRunSpecRuleValuesPtr and PolicyDryRunSpecRuleValuesPtrOutput values. You can construct a concrete instance of `PolicyDryRunSpecRuleValuesPtrInput` via: 

        PolicyDryRunSpecRuleValuesArgs{...}

or:

        nil

func PolicyDryRunSpecRuleValuesPtr 

func PolicyDryRunSpecRuleValuesPtr(v *PolicyDryRunSpecRuleValuesArgs) PolicyDryRunSpecRuleValuesPtrInput

type PolicyDryRunSpecRuleValuesPtrOutput 

type PolicyDryRunSpecRuleValuesPtrOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecRuleValuesPtrOutput) AllowedValues 

func (o PolicyDryRunSpecRuleValuesPtrOutput) AllowedValues() pulumi.StringArrayOutput

List of values allowed at this resource.

func (PolicyDryRunSpecRuleValuesPtrOutput) DeniedValues 

func (o PolicyDryRunSpecRuleValuesPtrOutput) DeniedValues() pulumi.StringArrayOutput

List of values denied at this resource.

func (PolicyDryRunSpecRuleValuesPtrOutput) Elem 

func (o PolicyDryRunSpecRuleValuesPtrOutput) Elem() PolicyDryRunSpecRuleValuesOutput

func (PolicyDryRunSpecRuleValuesPtrOutput) ElementType 

func (PolicyDryRunSpecRuleValuesPtrOutput) ElementType() reflect.Type

func (PolicyDryRunSpecRuleValuesPtrOutput) ToPolicyDryRunSpecRuleValuesPtrOutput 

func (o PolicyDryRunSpecRuleValuesPtrOutput) ToPolicyDryRunSpecRuleValuesPtrOutput() PolicyDryRunSpecRuleValuesPtrOutput

func (PolicyDryRunSpecRuleValuesPtrOutput) ToPolicyDryRunSpecRuleValuesPtrOutputWithContext 

func (o PolicyDryRunSpecRuleValuesPtrOutput) ToPolicyDryRunSpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleValuesPtrOutput

type PolicyInput 

type PolicyInput interface {
	pulumi.Input

	ToPolicyOutput() PolicyOutput
	ToPolicyOutputWithContext(ctx context.Context) PolicyOutput
}

type PolicyMap 

type PolicyMap map[string]PolicyInput

func (PolicyMap) ElementType 

func (PolicyMap) ElementType() reflect.Type

func (PolicyMap) ToPolicyMapOutput 

func (i PolicyMap) ToPolicyMapOutput() PolicyMapOutput

func (PolicyMap) ToPolicyMapOutputWithContext 

func (i PolicyMap) ToPolicyMapOutputWithContext(ctx context.Context) PolicyMapOutput

type PolicyMapInput 

type PolicyMapInput interface {
	pulumi.Input

	ToPolicyMapOutput() PolicyMapOutput
	ToPolicyMapOutputWithContext(context.Context) PolicyMapOutput
}

PolicyMapInput is an input type that accepts PolicyMap and PolicyMapOutput values. You can construct a concrete instance of `PolicyMapInput` via: 

PolicyMap{ "key": PolicyArgs{...} }

type PolicyMapOutput 

type PolicyMapOutput struct{ *pulumi.OutputState }

func (PolicyMapOutput) ElementType 

func (PolicyMapOutput) ElementType() reflect.Type

func (PolicyMapOutput) MapIndex 

func (o PolicyMapOutput) MapIndex(k pulumi.StringInput) PolicyOutput

func (PolicyMapOutput) ToPolicyMapOutput 

func (o PolicyMapOutput) ToPolicyMapOutput() PolicyMapOutput

func (PolicyMapOutput) ToPolicyMapOutputWithContext 

func (o PolicyMapOutput) ToPolicyMapOutputWithContext(ctx context.Context) PolicyMapOutput

type PolicyOutput 

type PolicyOutput struct{ *pulumi.OutputState }

func (PolicyOutput) DryRunSpec 

func (o PolicyOutput) DryRunSpec() PolicyDryRunSpecPtrOutput

Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced. Structure is documented below.

func (PolicyOutput) ElementType 

func (PolicyOutput) ElementType() reflect.Type

func (PolicyOutput) Etag 

func (o PolicyOutput) Etag() pulumi.StringOutput

Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.

func (PolicyOutput) Name 

func (o PolicyOutput) Name() pulumi.StringOutput

Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.

func (PolicyOutput) Parent 

func (o PolicyOutput) Parent() pulumi.StringOutput

The parent of the resource.

***

func (PolicyOutput) Spec 

func (o PolicyOutput) Spec() PolicySpecPtrOutput

Basic information about the Organization Policy. Structure is documented below.

func (PolicyOutput) ToPolicyOutput 

func (o PolicyOutput) ToPolicyOutput() PolicyOutput

func (PolicyOutput) ToPolicyOutputWithContext 

func (o PolicyOutput) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

type PolicySpec 

type PolicySpec struct {
	// (Output)
	// An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.
	Etag *string `pulumi:"etag"`
	// Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.
	InheritFromParent *bool `pulumi:"inheritFromParent"`
	// Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.
	Reset *bool `pulumi:"reset"`
	// In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.
	// Structure is documented below.
	Rules []PolicySpecRule `pulumi:"rules"`
	// (Output)
	// Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.
	UpdateTime *string `pulumi:"updateTime"`
}

type PolicySpecArgs 

type PolicySpecArgs struct {
	// (Output)
	// An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.
	Etag pulumi.StringPtrInput `pulumi:"etag"`
	// Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.
	InheritFromParent pulumi.BoolPtrInput `pulumi:"inheritFromParent"`
	// Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.
	Reset pulumi.BoolPtrInput `pulumi:"reset"`
	// In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.
	// Structure is documented below.
	Rules PolicySpecRuleArrayInput `pulumi:"rules"`
	// (Output)
	// Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.
	UpdateTime pulumi.StringPtrInput `pulumi:"updateTime"`
}

func (PolicySpecArgs) ElementType 

func (PolicySpecArgs) ElementType() reflect.Type

func (PolicySpecArgs) ToPolicySpecOutput 

func (i PolicySpecArgs) ToPolicySpecOutput() PolicySpecOutput

func (PolicySpecArgs) ToPolicySpecOutputWithContext 

func (i PolicySpecArgs) ToPolicySpecOutputWithContext(ctx context.Context) PolicySpecOutput

func (PolicySpecArgs) ToPolicySpecPtrOutput 

func (i PolicySpecArgs) ToPolicySpecPtrOutput() PolicySpecPtrOutput

func (PolicySpecArgs) ToPolicySpecPtrOutputWithContext 

func (i PolicySpecArgs) ToPolicySpecPtrOutputWithContext(ctx context.Context) PolicySpecPtrOutput

type PolicySpecInput 

type PolicySpecInput interface {
	pulumi.Input

	ToPolicySpecOutput() PolicySpecOutput
	ToPolicySpecOutputWithContext(context.Context) PolicySpecOutput
}

PolicySpecInput is an input type that accepts PolicySpecArgs and PolicySpecOutput values. You can construct a concrete instance of `PolicySpecInput` via: 

PolicySpecArgs{...}

type PolicySpecOutput 

type PolicySpecOutput struct{ *pulumi.OutputState }

func (PolicySpecOutput) ElementType 

func (PolicySpecOutput) ElementType() reflect.Type

func (PolicySpecOutput) Etag 

func (o PolicySpecOutput) Etag() pulumi.StringPtrOutput

(Output) An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.

func (PolicySpecOutput) InheritFromParent 

func (o PolicySpecOutput) InheritFromParent() pulumi.BoolPtrOutput

Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.

func (PolicySpecOutput) Reset 

func (o PolicySpecOutput) Reset() pulumi.BoolPtrOutput

Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.

func (PolicySpecOutput) Rules 

func (o PolicySpecOutput) Rules() PolicySpecRuleArrayOutput

In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. Structure is documented below.

func (PolicySpecOutput) ToPolicySpecOutput 

func (o PolicySpecOutput) ToPolicySpecOutput() PolicySpecOutput

func (PolicySpecOutput) ToPolicySpecOutputWithContext 

func (o PolicySpecOutput) ToPolicySpecOutputWithContext(ctx context.Context) PolicySpecOutput

func (PolicySpecOutput) ToPolicySpecPtrOutput 

func (o PolicySpecOutput) ToPolicySpecPtrOutput() PolicySpecPtrOutput

func (PolicySpecOutput) ToPolicySpecPtrOutputWithContext 

func (o PolicySpecOutput) ToPolicySpecPtrOutputWithContext(ctx context.Context) PolicySpecPtrOutput

func (PolicySpecOutput) UpdateTime 

func (o PolicySpecOutput) UpdateTime() pulumi.StringPtrOutput

(Output) Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.

type PolicySpecPtrInput 

type PolicySpecPtrInput interface {
	pulumi.Input

	ToPolicySpecPtrOutput() PolicySpecPtrOutput
	ToPolicySpecPtrOutputWithContext(context.Context) PolicySpecPtrOutput
}

PolicySpecPtrInput is an input type that accepts PolicySpecArgs, PolicySpecPtr and PolicySpecPtrOutput values. You can construct a concrete instance of `PolicySpecPtrInput` via: 

        PolicySpecArgs{...}

or:

        nil

func PolicySpecPtr 

func PolicySpecPtr(v *PolicySpecArgs) PolicySpecPtrInput

type PolicySpecPtrOutput 

type PolicySpecPtrOutput struct{ *pulumi.OutputState }

func (PolicySpecPtrOutput) Elem 

func (o PolicySpecPtrOutput) Elem() PolicySpecOutput

func (PolicySpecPtrOutput) ElementType 

func (PolicySpecPtrOutput) ElementType() reflect.Type

func (PolicySpecPtrOutput) Etag 

func (o PolicySpecPtrOutput) Etag() pulumi.StringPtrOutput

(Output) An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.

func (PolicySpecPtrOutput) InheritFromParent 

func (o PolicySpecPtrOutput) InheritFromParent() pulumi.BoolPtrOutput

Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.

func (PolicySpecPtrOutput) Reset 

func (o PolicySpecPtrOutput) Reset() pulumi.BoolPtrOutput

Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.

func (PolicySpecPtrOutput) Rules 

func (o PolicySpecPtrOutput) Rules() PolicySpecRuleArrayOutput

In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. Structure is documented below.

func (PolicySpecPtrOutput) ToPolicySpecPtrOutput 

func (o PolicySpecPtrOutput) ToPolicySpecPtrOutput() PolicySpecPtrOutput

func (PolicySpecPtrOutput) ToPolicySpecPtrOutputWithContext 

func (o PolicySpecPtrOutput) ToPolicySpecPtrOutputWithContext(ctx context.Context) PolicySpecPtrOutput

func (PolicySpecPtrOutput) UpdateTime 

func (o PolicySpecPtrOutput) UpdateTime() pulumi.StringPtrOutput

(Output) Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.

type PolicySpecRule 

type PolicySpecRule struct {
	// Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints.
	AllowAll *string `pulumi:"allowAll"`
	// A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".
	// Structure is documented below.
	Condition *PolicySpecRuleCondition `pulumi:"condition"`
	// Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints.
	DenyAll *string `pulumi:"denyAll"`
	// If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.
	Enforce *string `pulumi:"enforce"`
	// Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true }
	Parameters *string `pulumi:"parameters"`
	// List of values to be used for this policy rule. This field can be set only in policies for list constraints.
	// Structure is documented below.
	Values *PolicySpecRuleValues `pulumi:"values"`
}

type PolicySpecRuleArgs 

type PolicySpecRuleArgs struct {
	// Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints.
	AllowAll pulumi.StringPtrInput `pulumi:"allowAll"`
	// A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".
	// Structure is documented below.
	Condition PolicySpecRuleConditionPtrInput `pulumi:"condition"`
	// Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints.
	DenyAll pulumi.StringPtrInput `pulumi:"denyAll"`
	// If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.
	Enforce pulumi.StringPtrInput `pulumi:"enforce"`
	// Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true }
	Parameters pulumi.StringPtrInput `pulumi:"parameters"`
	// List of values to be used for this policy rule. This field can be set only in policies for list constraints.
	// Structure is documented below.
	Values PolicySpecRuleValuesPtrInput `pulumi:"values"`
}

func (PolicySpecRuleArgs) ElementType 

func (PolicySpecRuleArgs) ElementType() reflect.Type

func (PolicySpecRuleArgs) ToPolicySpecRuleOutput 

func (i PolicySpecRuleArgs) ToPolicySpecRuleOutput() PolicySpecRuleOutput

func (PolicySpecRuleArgs) ToPolicySpecRuleOutputWithContext 

func (i PolicySpecRuleArgs) ToPolicySpecRuleOutputWithContext(ctx context.Context) PolicySpecRuleOutput

type PolicySpecRuleArray 

type PolicySpecRuleArray []PolicySpecRuleInput

func (PolicySpecRuleArray) ElementType 

func (PolicySpecRuleArray) ElementType() reflect.Type

func (PolicySpecRuleArray) ToPolicySpecRuleArrayOutput 

func (i PolicySpecRuleArray) ToPolicySpecRuleArrayOutput() PolicySpecRuleArrayOutput

func (PolicySpecRuleArray) ToPolicySpecRuleArrayOutputWithContext 

func (i PolicySpecRuleArray) ToPolicySpecRuleArrayOutputWithContext(ctx context.Context) PolicySpecRuleArrayOutput

type PolicySpecRuleArrayInput 

type PolicySpecRuleArrayInput interface {
	pulumi.Input

	ToPolicySpecRuleArrayOutput() PolicySpecRuleArrayOutput
	ToPolicySpecRuleArrayOutputWithContext(context.Context) PolicySpecRuleArrayOutput
}

PolicySpecRuleArrayInput is an input type that accepts PolicySpecRuleArray and PolicySpecRuleArrayOutput values. You can construct a concrete instance of `PolicySpecRuleArrayInput` via: 

PolicySpecRuleArray{ PolicySpecRuleArgs{...} }

type PolicySpecRuleArrayOutput 

type PolicySpecRuleArrayOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleArrayOutput) ElementType 

func (PolicySpecRuleArrayOutput) ElementType() reflect.Type

func (PolicySpecRuleArrayOutput) Index 

func (o PolicySpecRuleArrayOutput) Index(i pulumi.IntInput) PolicySpecRuleOutput

func (PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutput 

func (o PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutput() PolicySpecRuleArrayOutput

func (PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutputWithContext 

func (o PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutputWithContext(ctx context.Context) PolicySpecRuleArrayOutput

type PolicySpecRuleCondition 

type PolicySpecRuleCondition struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression *string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location *string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

type PolicySpecRuleConditionArgs 

type PolicySpecRuleConditionArgs struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

func (PolicySpecRuleConditionArgs) ElementType 

func (PolicySpecRuleConditionArgs) ElementType() reflect.Type

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutput 

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutput() PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutputWithContext 

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutputWithContext(ctx context.Context) PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutput 

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutputWithContext 

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicySpecRuleConditionPtrOutput

type PolicySpecRuleConditionInput 

type PolicySpecRuleConditionInput interface {
	pulumi.Input

	ToPolicySpecRuleConditionOutput() PolicySpecRuleConditionOutput
	ToPolicySpecRuleConditionOutputWithContext(context.Context) PolicySpecRuleConditionOutput
}

PolicySpecRuleConditionInput is an input type that accepts PolicySpecRuleConditionArgs and PolicySpecRuleConditionOutput values. You can construct a concrete instance of `PolicySpecRuleConditionInput` via: 

PolicySpecRuleConditionArgs{...}

type PolicySpecRuleConditionOutput 

type PolicySpecRuleConditionOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleConditionOutput) Description 

func (o PolicySpecRuleConditionOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (PolicySpecRuleConditionOutput) ElementType 

func (PolicySpecRuleConditionOutput) ElementType() reflect.Type

func (PolicySpecRuleConditionOutput) Expression 

func (o PolicySpecRuleConditionOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (PolicySpecRuleConditionOutput) Location 

func (o PolicySpecRuleConditionOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (PolicySpecRuleConditionOutput) Title 

func (o PolicySpecRuleConditionOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutput 

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutput() PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutputWithContext 

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutputWithContext(ctx context.Context) PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutput 

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutputWithContext 

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicySpecRuleConditionPtrOutput

type PolicySpecRuleConditionPtrInput 

type PolicySpecRuleConditionPtrInput interface {
	pulumi.Input

	ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput
	ToPolicySpecRuleConditionPtrOutputWithContext(context.Context) PolicySpecRuleConditionPtrOutput
}

PolicySpecRuleConditionPtrInput is an input type that accepts PolicySpecRuleConditionArgs, PolicySpecRuleConditionPtr and PolicySpecRuleConditionPtrOutput values. You can construct a concrete instance of `PolicySpecRuleConditionPtrInput` via: 

        PolicySpecRuleConditionArgs{...}

or:

        nil

func PolicySpecRuleConditionPtr 

func PolicySpecRuleConditionPtr(v *PolicySpecRuleConditionArgs) PolicySpecRuleConditionPtrInput

type PolicySpecRuleConditionPtrOutput 

type PolicySpecRuleConditionPtrOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleConditionPtrOutput) Description 

func (o PolicySpecRuleConditionPtrOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (PolicySpecRuleConditionPtrOutput) Elem 

func (o PolicySpecRuleConditionPtrOutput) Elem() PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionPtrOutput) ElementType 

func (PolicySpecRuleConditionPtrOutput) ElementType() reflect.Type

func (PolicySpecRuleConditionPtrOutput) Expression 

func (o PolicySpecRuleConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (PolicySpecRuleConditionPtrOutput) Location 

func (o PolicySpecRuleConditionPtrOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (PolicySpecRuleConditionPtrOutput) Title 

func (o PolicySpecRuleConditionPtrOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutput 

func (o PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput

func (PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutputWithContext 

func (o PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicySpecRuleConditionPtrOutput

type PolicySpecRuleInput 

type PolicySpecRuleInput interface {
	pulumi.Input

	ToPolicySpecRuleOutput() PolicySpecRuleOutput
	ToPolicySpecRuleOutputWithContext(context.Context) PolicySpecRuleOutput
}

PolicySpecRuleInput is an input type that accepts PolicySpecRuleArgs and PolicySpecRuleOutput values. You can construct a concrete instance of `PolicySpecRuleInput` via: 

PolicySpecRuleArgs{...}

type PolicySpecRuleOutput 

type PolicySpecRuleOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleOutput) AllowAll 

func (o PolicySpecRuleOutput) AllowAll() pulumi.StringPtrOutput

Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints.

func (PolicySpecRuleOutput) Condition 

func (o PolicySpecRuleOutput) Condition() PolicySpecRuleConditionPtrOutput

A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')". Structure is documented below.

func (PolicySpecRuleOutput) DenyAll 

func (o PolicySpecRuleOutput) DenyAll() pulumi.StringPtrOutput

Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints.

func (PolicySpecRuleOutput) ElementType 

func (PolicySpecRuleOutput) ElementType() reflect.Type

func (PolicySpecRuleOutput) Enforce 

func (o PolicySpecRuleOutput) Enforce() pulumi.StringPtrOutput

If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.

func (PolicySpecRuleOutput) Parameters added in v8.12.0 

func (o PolicySpecRuleOutput) Parameters() pulumi.StringPtrOutput

Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true }

func (PolicySpecRuleOutput) ToPolicySpecRuleOutput 

func (o PolicySpecRuleOutput) ToPolicySpecRuleOutput() PolicySpecRuleOutput

func (PolicySpecRuleOutput) ToPolicySpecRuleOutputWithContext 

func (o PolicySpecRuleOutput) ToPolicySpecRuleOutputWithContext(ctx context.Context) PolicySpecRuleOutput

func (PolicySpecRuleOutput) Values 

func (o PolicySpecRuleOutput) Values() PolicySpecRuleValuesPtrOutput

List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.

type PolicySpecRuleValues 

type PolicySpecRuleValues struct {
	// List of values allowed at this resource.
	AllowedValues []string `pulumi:"allowedValues"`
	// List of values denied at this resource.
	DeniedValues []string `pulumi:"deniedValues"`
}

type PolicySpecRuleValuesArgs 

type PolicySpecRuleValuesArgs struct {
	// List of values allowed at this resource.
	AllowedValues pulumi.StringArrayInput `pulumi:"allowedValues"`
	// List of values denied at this resource.
	DeniedValues pulumi.StringArrayInput `pulumi:"deniedValues"`
}

func (PolicySpecRuleValuesArgs) ElementType 

func (PolicySpecRuleValuesArgs) ElementType() reflect.Type

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutput 

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutput() PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutputWithContext 

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutputWithContext(ctx context.Context) PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutput 

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutputWithContext 

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicySpecRuleValuesPtrOutput

type PolicySpecRuleValuesInput 

type PolicySpecRuleValuesInput interface {
	pulumi.Input

	ToPolicySpecRuleValuesOutput() PolicySpecRuleValuesOutput
	ToPolicySpecRuleValuesOutputWithContext(context.Context) PolicySpecRuleValuesOutput
}

PolicySpecRuleValuesInput is an input type that accepts PolicySpecRuleValuesArgs and PolicySpecRuleValuesOutput values. You can construct a concrete instance of `PolicySpecRuleValuesInput` via: 

PolicySpecRuleValuesArgs{...}

type PolicySpecRuleValuesOutput 

type PolicySpecRuleValuesOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleValuesOutput) AllowedValues 

func (o PolicySpecRuleValuesOutput) AllowedValues() pulumi.StringArrayOutput

List of values allowed at this resource.

func (PolicySpecRuleValuesOutput) DeniedValues 

func (o PolicySpecRuleValuesOutput) DeniedValues() pulumi.StringArrayOutput

List of values denied at this resource.

func (PolicySpecRuleValuesOutput) ElementType 

func (PolicySpecRuleValuesOutput) ElementType() reflect.Type

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutput 

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutput() PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutputWithContext 

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutputWithContext(ctx context.Context) PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutput 

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutputWithContext 

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicySpecRuleValuesPtrOutput

type PolicySpecRuleValuesPtrInput 

type PolicySpecRuleValuesPtrInput interface {
	pulumi.Input

	ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput
	ToPolicySpecRuleValuesPtrOutputWithContext(context.Context) PolicySpecRuleValuesPtrOutput
}

PolicySpecRuleValuesPtrInput is an input type that accepts PolicySpecRuleValuesArgs, PolicySpecRuleValuesPtr and PolicySpecRuleValuesPtrOutput values. You can construct a concrete instance of `PolicySpecRuleValuesPtrInput` via: 

        PolicySpecRuleValuesArgs{...}

or:

        nil

func PolicySpecRuleValuesPtr 

func PolicySpecRuleValuesPtr(v *PolicySpecRuleValuesArgs) PolicySpecRuleValuesPtrInput

type PolicySpecRuleValuesPtrOutput 

type PolicySpecRuleValuesPtrOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleValuesPtrOutput) AllowedValues 

func (o PolicySpecRuleValuesPtrOutput) AllowedValues() pulumi.StringArrayOutput

List of values allowed at this resource.

func (PolicySpecRuleValuesPtrOutput) DeniedValues 

func (o PolicySpecRuleValuesPtrOutput) DeniedValues() pulumi.StringArrayOutput

List of values denied at this resource.

func (PolicySpecRuleValuesPtrOutput) Elem 

func (o PolicySpecRuleValuesPtrOutput) Elem() PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesPtrOutput) ElementType 

func (PolicySpecRuleValuesPtrOutput) ElementType() reflect.Type

func (PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutput 

func (o PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput

func (PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutputWithContext 

func (o PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicySpecRuleValuesPtrOutput

type PolicyState 

type PolicyState struct {
	// Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
	// Structure is documented below.
	DryRunSpec PolicyDryRunSpecPtrInput
	// Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
	Etag pulumi.StringPtrInput
	// Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
	Name pulumi.StringPtrInput
	// The parent of the resource.
	//
	// ***
	Parent pulumi.StringPtrInput
	// Basic information about the Organization Policy.
	// Structure is documented below.
	Spec PolicySpecPtrInput
}

func (PolicyState) ElementType 

func (PolicyState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.