@cdktf/provider-google
Version:
Prebuilt google Provider for Terraform CDK (cdktf)
332 lines (331 loc) • 16.8 kB
TypeScript
/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: MPL-2.0
*/
import { Construct } from 'constructs';
import * as cdktf from 'cdktf';
export interface IamDenyPolicyConfig extends cdktf.TerraformMetaArguments {
/**
* The display name of the rule.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#display_name IamDenyPolicy#display_name}
*/
readonly displayName?: string;
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#id IamDenyPolicy#id}
*
* Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2.
* If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.
*/
readonly id?: string;
/**
* The name of the policy.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#name IamDenyPolicy#name}
*/
readonly name: string;
/**
* The attachment point is identified by its URL-encoded full resource name.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#parent IamDenyPolicy#parent}
*/
readonly parent: string;
/**
* rules block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#rules IamDenyPolicy#rules}
*/
readonly rules: IamDenyPolicyRules[] | cdktf.IResolvable;
/**
* timeouts block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#timeouts IamDenyPolicy#timeouts}
*/
readonly timeouts?: IamDenyPolicyTimeouts;
}
export interface IamDenyPolicyRulesDenyRuleDenialCondition {
/**
* Description of the expression. This is a longer text which describes the expression,
* e.g. when hovered over it in a UI.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#description IamDenyPolicy#description}
*/
readonly description?: string;
/**
* Textual representation of an expression in Common Expression Language syntax.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#expression IamDenyPolicy#expression}
*/
readonly expression: string;
/**
* String indicating the location of the expression for error reporting,
* e.g. a file name and a position in the file.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#location IamDenyPolicy#location}
*/
readonly location?: string;
/**
* Title for the expression, i.e. a short string describing its purpose.
* This can be used e.g. in UIs which allow to enter the expression.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#title IamDenyPolicy#title}
*/
readonly title?: string;
}
export declare function iamDenyPolicyRulesDenyRuleDenialConditionToTerraform(struct?: IamDenyPolicyRulesDenyRuleDenialConditionOutputReference | IamDenyPolicyRulesDenyRuleDenialCondition): any;
export declare function iamDenyPolicyRulesDenyRuleDenialConditionToHclTerraform(struct?: IamDenyPolicyRulesDenyRuleDenialConditionOutputReference | IamDenyPolicyRulesDenyRuleDenialCondition): any;
export declare class IamDenyPolicyRulesDenyRuleDenialConditionOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): IamDenyPolicyRulesDenyRuleDenialCondition | undefined;
set internalValue(value: IamDenyPolicyRulesDenyRuleDenialCondition | undefined);
private _description?;
get description(): string;
set description(value: string);
resetDescription(): void;
get descriptionInput(): string | undefined;
private _expression?;
get expression(): string;
set expression(value: string);
get expressionInput(): string | undefined;
private _location?;
get location(): string;
set location(value: string);
resetLocation(): void;
get locationInput(): string | undefined;
private _title?;
get title(): string;
set title(value: string);
resetTitle(): void;
get titleInput(): string | undefined;
}
export interface IamDenyPolicyRulesDenyRule {
/**
* The permissions that are explicitly denied by this rule. Each permission uses the format '{service-fqdn}/{resource}.{verb}',
* where '{service-fqdn}' is the fully qualified domain name for the service. For example, 'iam.googleapis.com/roles.list'.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#denied_permissions IamDenyPolicy#denied_permissions}
*/
readonly deniedPermissions?: string[];
/**
* The identities that are prevented from using one or more permissions on Google Cloud resources.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#denied_principals IamDenyPolicy#denied_principals}
*/
readonly deniedPrincipals?: string[];
/**
* Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions.
* If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied.
* The excluded permissions can be specified using the same syntax as deniedPermissions.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#exception_permissions IamDenyPolicy#exception_permissions}
*/
readonly exceptionPermissions?: string[];
/**
* The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals.
* For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#exception_principals IamDenyPolicy#exception_principals}
*/
readonly exceptionPrincipals?: string[];
/**
* denial_condition block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#denial_condition IamDenyPolicy#denial_condition}
*/
readonly denialCondition?: IamDenyPolicyRulesDenyRuleDenialCondition;
}
export declare function iamDenyPolicyRulesDenyRuleToTerraform(struct?: IamDenyPolicyRulesDenyRuleOutputReference | IamDenyPolicyRulesDenyRule): any;
export declare function iamDenyPolicyRulesDenyRuleToHclTerraform(struct?: IamDenyPolicyRulesDenyRuleOutputReference | IamDenyPolicyRulesDenyRule): any;
export declare class IamDenyPolicyRulesDenyRuleOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): IamDenyPolicyRulesDenyRule | undefined;
set internalValue(value: IamDenyPolicyRulesDenyRule | undefined);
private _deniedPermissions?;
get deniedPermissions(): string[];
set deniedPermissions(value: string[]);
resetDeniedPermissions(): void;
get deniedPermissionsInput(): string[] | undefined;
private _deniedPrincipals?;
get deniedPrincipals(): string[];
set deniedPrincipals(value: string[]);
resetDeniedPrincipals(): void;
get deniedPrincipalsInput(): string[] | undefined;
private _exceptionPermissions?;
get exceptionPermissions(): string[];
set exceptionPermissions(value: string[]);
resetExceptionPermissions(): void;
get exceptionPermissionsInput(): string[] | undefined;
private _exceptionPrincipals?;
get exceptionPrincipals(): string[];
set exceptionPrincipals(value: string[]);
resetExceptionPrincipals(): void;
get exceptionPrincipalsInput(): string[] | undefined;
private _denialCondition;
get denialCondition(): IamDenyPolicyRulesDenyRuleDenialConditionOutputReference;
putDenialCondition(value: IamDenyPolicyRulesDenyRuleDenialCondition): void;
resetDenialCondition(): void;
get denialConditionInput(): IamDenyPolicyRulesDenyRuleDenialCondition | undefined;
}
export interface IamDenyPolicyRules {
/**
* The description of the rule.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#description IamDenyPolicy#description}
*/
readonly description?: string;
/**
* deny_rule block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#deny_rule IamDenyPolicy#deny_rule}
*/
readonly denyRule?: IamDenyPolicyRulesDenyRule;
}
export declare function iamDenyPolicyRulesToTerraform(struct?: IamDenyPolicyRules | cdktf.IResolvable): any;
export declare function iamDenyPolicyRulesToHclTerraform(struct?: IamDenyPolicyRules | cdktf.IResolvable): any;
export declare class IamDenyPolicyRulesOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
private resolvableValue?;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param complexObjectIndex the index of this item in the list
* @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean);
get internalValue(): IamDenyPolicyRules | cdktf.IResolvable | undefined;
set internalValue(value: IamDenyPolicyRules | cdktf.IResolvable | undefined);
private _description?;
get description(): string;
set description(value: string);
resetDescription(): void;
get descriptionInput(): string | undefined;
private _denyRule;
get denyRule(): IamDenyPolicyRulesDenyRuleOutputReference;
putDenyRule(value: IamDenyPolicyRulesDenyRule): void;
resetDenyRule(): void;
get denyRuleInput(): IamDenyPolicyRulesDenyRule | undefined;
}
export declare class IamDenyPolicyRulesList extends cdktf.ComplexList {
protected terraformResource: cdktf.IInterpolatingParent;
protected terraformAttribute: string;
protected wrapsSet: boolean;
internalValue?: IamDenyPolicyRules[] | cdktf.IResolvable;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean);
/**
* @param index the index of the item to return
*/
get(index: number): IamDenyPolicyRulesOutputReference;
}
export interface IamDenyPolicyTimeouts {
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#create IamDenyPolicy#create}
*/
readonly create?: string;
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#delete IamDenyPolicy#delete}
*/
readonly delete?: string;
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#update IamDenyPolicy#update}
*/
readonly update?: string;
}
export declare function iamDenyPolicyTimeoutsToTerraform(struct?: IamDenyPolicyTimeouts | cdktf.IResolvable): any;
export declare function iamDenyPolicyTimeoutsToHclTerraform(struct?: IamDenyPolicyTimeouts | cdktf.IResolvable): any;
export declare class IamDenyPolicyTimeoutsOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
private resolvableValue?;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): IamDenyPolicyTimeouts | cdktf.IResolvable | undefined;
set internalValue(value: IamDenyPolicyTimeouts | cdktf.IResolvable | undefined);
private _create?;
get create(): string;
set create(value: string);
resetCreate(): void;
get createInput(): string | undefined;
private _delete?;
get delete(): string;
set delete(value: string);
resetDelete(): void;
get deleteInput(): string | undefined;
private _update?;
get update(): string;
set update(value: string);
resetUpdate(): void;
get updateInput(): string | undefined;
}
/**
* Represents a {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy google_iam_deny_policy}
*/
export declare class IamDenyPolicy extends cdktf.TerraformResource {
static readonly tfResourceType = "google_iam_deny_policy";
/**
* Generates CDKTF code for importing a IamDenyPolicy resource upon running "cdktf plan <stack-name>"
* @param scope The scope in which to define this construct
* @param importToId The construct id used in the generated config for the IamDenyPolicy to import
* @param importFromId The id of the existing IamDenyPolicy that should be imported. Refer to the {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy#import import section} in the documentation of this resource for the id to use
* @param provider? Optional instance of the provider where the IamDenyPolicy to import is found
*/
static generateConfigForImport(scope: Construct, importToId: string, importFromId: string, provider?: cdktf.TerraformProvider): cdktf.ImportableResource;
/**
* Create a new {@link https://registry.terraform.io/providers/hashicorp/google/6.13.0/docs/resources/iam_deny_policy google_iam_deny_policy} Resource
*
* @param scope The scope in which to define this construct
* @param id The scoped construct ID. Must be unique amongst siblings in the same scope
* @param options IamDenyPolicyConfig
*/
constructor(scope: Construct, id: string, config: IamDenyPolicyConfig);
private _displayName?;
get displayName(): string;
set displayName(value: string);
resetDisplayName(): void;
get displayNameInput(): string | undefined;
get etag(): string;
private _id?;
get id(): string;
set id(value: string);
resetId(): void;
get idInput(): string | undefined;
private _name?;
get name(): string;
set name(value: string);
get nameInput(): string | undefined;
private _parent?;
get parent(): string;
set parent(value: string);
get parentInput(): string | undefined;
private _rules;
get rules(): IamDenyPolicyRulesList;
putRules(value: IamDenyPolicyRules[] | cdktf.IResolvable): void;
get rulesInput(): cdktf.IResolvable | IamDenyPolicyRules[] | undefined;
private _timeouts;
get timeouts(): IamDenyPolicyTimeoutsOutputReference;
putTimeouts(value: IamDenyPolicyTimeouts): void;
resetTimeouts(): void;
get timeoutsInput(): cdktf.IResolvable | IamDenyPolicyTimeouts | undefined;
protected synthesizeAttributes(): {
[name: string]: any;
};
protected synthesizeHclAttributes(): {
[name: string]: any;
};
}