UNPKG

@cdktf/provider-google

Version:

Prebuilt google Provider for Terraform CDK (cdktf)

github.com/cdktf/cdktf-provider-google

cdktf/cdktf-provider-google

350 lines (349 loc) 20.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
/** * Copyright (c) HashiCorp, Inc. * SPDX-License-Identifier: MPL-2.0 */ import { Construct } from 'constructs'; import * as cdktf from 'cdktf'; export interface BinaryAuthorizationPolicyConfig extends cdktf.TerraformMetaArguments { /** * A descriptive comment. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#description BinaryAuthorizationPolicy#description} */ readonly description?: string; /** * Controls the evaluation of a Google-maintained global admission policy * for common system-level images. Images not covered by the global * policy will be subject to the project admission policy. Possible values: ["ENABLE", "DISABLE"] * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#global_policy_evaluation_mode BinaryAuthorizationPolicy#global_policy_evaluation_mode} */ readonly globalPolicyEvaluationMode?: string; /** * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#id BinaryAuthorizationPolicy#id} * * Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. * If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable. */ readonly id?: string; /** * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#project BinaryAuthorizationPolicy#project} */ readonly project?: string; /** * admission_whitelist_patterns block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#admission_whitelist_patterns BinaryAuthorizationPolicy#admission_whitelist_patterns} */ readonly admissionWhitelistPatterns?: BinaryAuthorizationPolicyAdmissionWhitelistPatterns[] | cdktf.IResolvable; /** * cluster_admission_rules block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#cluster_admission_rules BinaryAuthorizationPolicy#cluster_admission_rules} */ readonly clusterAdmissionRules?: BinaryAuthorizationPolicyClusterAdmissionRules[] | cdktf.IResolvable; /** * default_admission_rule block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#default_admission_rule BinaryAuthorizationPolicy#default_admission_rule} */ readonly defaultAdmissionRule: BinaryAuthorizationPolicyDefaultAdmissionRule; /** * timeouts block * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#timeouts BinaryAuthorizationPolicy#timeouts} */ readonly timeouts?: BinaryAuthorizationPolicyTimeouts; } export interface BinaryAuthorizationPolicyAdmissionWhitelistPatterns { /** * An image name pattern to whitelist, in the form * 'registry/path/to/image'. This supports a trailing * as a * wildcard, but this is allowed only in text after the registry/ * part. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#name_pattern BinaryAuthorizationPolicy#name_pattern} */ readonly namePattern: string; } export declare function binaryAuthorizationPolicyAdmissionWhitelistPatternsToTerraform(struct?: BinaryAuthorizationPolicyAdmissionWhitelistPatterns | cdktf.IResolvable): any; export declare function binaryAuthorizationPolicyAdmissionWhitelistPatternsToHclTerraform(struct?: BinaryAuthorizationPolicyAdmissionWhitelistPatterns | cdktf.IResolvable): any; export declare class BinaryAuthorizationPolicyAdmissionWhitelistPatternsOutputReference extends cdktf.ComplexObject { private isEmptyObject; private resolvableValue?; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param complexObjectIndex the index of this item in the list * @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean); get internalValue(): BinaryAuthorizationPolicyAdmissionWhitelistPatterns | cdktf.IResolvable | undefined; set internalValue(value: BinaryAuthorizationPolicyAdmissionWhitelistPatterns | cdktf.IResolvable | undefined); private _namePattern?; get namePattern(): string; set namePattern(value: string); get namePatternInput(): string | undefined; } export declare class BinaryAuthorizationPolicyAdmissionWhitelistPatternsList extends cdktf.ComplexList { protected terraformResource: cdktf.IInterpolatingParent; protected terraformAttribute: string; protected wrapsSet: boolean; internalValue?: BinaryAuthorizationPolicyAdmissionWhitelistPatterns[] | cdktf.IResolvable; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean); /** * @param index the index of the item to return */ get(index: number): BinaryAuthorizationPolicyAdmissionWhitelistPatternsOutputReference; } export interface BinaryAuthorizationPolicyClusterAdmissionRules { /** * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#cluster BinaryAuthorizationPolicy#cluster} */ readonly cluster: string; /** * The action when a pod creation is denied by the admission rule. Possible values: ["ENFORCED_BLOCK_AND_AUDIT_LOG", "DRYRUN_AUDIT_LOG_ONLY"] * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#enforcement_mode BinaryAuthorizationPolicy#enforcement_mode} */ readonly enforcementMode: string; /** * How this admission rule will be evaluated. Possible values: ["ALWAYS_ALLOW", "REQUIRE_ATTESTATION", "ALWAYS_DENY"] * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#evaluation_mode BinaryAuthorizationPolicy#evaluation_mode} */ readonly evaluationMode: string; /** * The resource names of the attestors that must attest to a * container image. If the attestor is in a different project from the * policy, it should be specified in the format 'projects/* /attestors/*'. * Each attestor must exist before a policy can reference it. To add an * attestor to a policy the principal issuing the policy change * request must be able to read the attestor resource. * * Note: this field must be non-empty when the evaluation_mode field * specifies REQUIRE_ATTESTATION, otherwise it must be empty. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#require_attestations_by BinaryAuthorizationPolicy#require_attestations_by} * * Note: The above comment contained a comment block ending sequence (* followed by /). We have introduced a space between to prevent syntax errors. Please ignore the space. */ readonly requireAttestationsBy?: string[]; } export declare function binaryAuthorizationPolicyClusterAdmissionRulesToTerraform(struct?: BinaryAuthorizationPolicyClusterAdmissionRules | cdktf.IResolvable): any; export declare function binaryAuthorizationPolicyClusterAdmissionRulesToHclTerraform(struct?: BinaryAuthorizationPolicyClusterAdmissionRules | cdktf.IResolvable): any; export declare class BinaryAuthorizationPolicyClusterAdmissionRulesOutputReference extends cdktf.ComplexObject { private isEmptyObject; private resolvableValue?; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param complexObjectIndex the index of this item in the list * @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean); get internalValue(): BinaryAuthorizationPolicyClusterAdmissionRules | cdktf.IResolvable | undefined; set internalValue(value: BinaryAuthorizationPolicyClusterAdmissionRules | cdktf.IResolvable | undefined); private _cluster?; get cluster(): string; set cluster(value: string); get clusterInput(): string | undefined; private _enforcementMode?; get enforcementMode(): string; set enforcementMode(value: string); get enforcementModeInput(): string | undefined; private _evaluationMode?; get evaluationMode(): string; set evaluationMode(value: string); get evaluationModeInput(): string | undefined; private _requireAttestationsBy?; get requireAttestationsBy(): string[]; set requireAttestationsBy(value: string[]); resetRequireAttestationsBy(): void; get requireAttestationsByInput(): string[] | undefined; } export declare class BinaryAuthorizationPolicyClusterAdmissionRulesList extends cdktf.ComplexList { protected terraformResource: cdktf.IInterpolatingParent; protected terraformAttribute: string; protected wrapsSet: boolean; internalValue?: BinaryAuthorizationPolicyClusterAdmissionRules[] | cdktf.IResolvable; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing * @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index) */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean); /** * @param index the index of the item to return */ get(index: number): BinaryAuthorizationPolicyClusterAdmissionRulesOutputReference; } export interface BinaryAuthorizationPolicyDefaultAdmissionRule { /** * The action when a pod creation is denied by the admission rule. Possible values: ["ENFORCED_BLOCK_AND_AUDIT_LOG", "DRYRUN_AUDIT_LOG_ONLY"] * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#enforcement_mode BinaryAuthorizationPolicy#enforcement_mode} */ readonly enforcementMode: string; /** * How this admission rule will be evaluated. Possible values: ["ALWAYS_ALLOW", "REQUIRE_ATTESTATION", "ALWAYS_DENY"] * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#evaluation_mode BinaryAuthorizationPolicy#evaluation_mode} */ readonly evaluationMode: string; /** * The resource names of the attestors that must attest to a * container image. If the attestor is in a different project from the * policy, it should be specified in the format 'projects/* /attestors/*'. * Each attestor must exist before a policy can reference it. To add an * attestor to a policy the principal issuing the policy change * request must be able to read the attestor resource. * * Note: this field must be non-empty when the evaluation_mode field * specifies REQUIRE_ATTESTATION, otherwise it must be empty. * * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#require_attestations_by BinaryAuthorizationPolicy#require_attestations_by} * * Note: The above comment contained a comment block ending sequence (* followed by /). We have introduced a space between to prevent syntax errors. Please ignore the space. */ readonly requireAttestationsBy?: string[]; } export declare function binaryAuthorizationPolicyDefaultAdmissionRuleToTerraform(struct?: BinaryAuthorizationPolicyDefaultAdmissionRuleOutputReference | BinaryAuthorizationPolicyDefaultAdmissionRule): any; export declare function binaryAuthorizationPolicyDefaultAdmissionRuleToHclTerraform(struct?: BinaryAuthorizationPolicyDefaultAdmissionRuleOutputReference | BinaryAuthorizationPolicyDefaultAdmissionRule): any; export declare class BinaryAuthorizationPolicyDefaultAdmissionRuleOutputReference extends cdktf.ComplexObject { private isEmptyObject; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string); get internalValue(): BinaryAuthorizationPolicyDefaultAdmissionRule | undefined; set internalValue(value: BinaryAuthorizationPolicyDefaultAdmissionRule | undefined); private _enforcementMode?; get enforcementMode(): string; set enforcementMode(value: string); get enforcementModeInput(): string | undefined; private _evaluationMode?; get evaluationMode(): string; set evaluationMode(value: string); get evaluationModeInput(): string | undefined; private _requireAttestationsBy?; get requireAttestationsBy(): string[]; set requireAttestationsBy(value: string[]); resetRequireAttestationsBy(): void; get requireAttestationsByInput(): string[] | undefined; } export interface BinaryAuthorizationPolicyTimeouts { /** * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#create BinaryAuthorizationPolicy#create} */ readonly create?: string; /** * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#delete BinaryAuthorizationPolicy#delete} */ readonly delete?: string; /** * Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#update BinaryAuthorizationPolicy#update} */ readonly update?: string; } export declare function binaryAuthorizationPolicyTimeoutsToTerraform(struct?: BinaryAuthorizationPolicyTimeouts | cdktf.IResolvable): any; export declare function binaryAuthorizationPolicyTimeoutsToHclTerraform(struct?: BinaryAuthorizationPolicyTimeouts | cdktf.IResolvable): any; export declare class BinaryAuthorizationPolicyTimeoutsOutputReference extends cdktf.ComplexObject { private isEmptyObject; private resolvableValue?; /** * @param terraformResource The parent resource * @param terraformAttribute The attribute on the parent resource this class is referencing */ constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string); get internalValue(): BinaryAuthorizationPolicyTimeouts | cdktf.IResolvable | undefined; set internalValue(value: BinaryAuthorizationPolicyTimeouts | cdktf.IResolvable | undefined); private _create?; get create(): string; set create(value: string); resetCreate(): void; get createInput(): string | undefined; private _delete?; get delete(): string; set delete(value: string); resetDelete(): void; get deleteInput(): string | undefined; private _update?; get update(): string; set update(value: string); resetUpdate(): void; get updateInput(): string | undefined; } /** * Represents a {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy google_binary_authorization_policy} */ export declare class BinaryAuthorizationPolicy extends cdktf.TerraformResource { static readonly tfResourceType = "google_binary_authorization_policy"; /** * Generates CDKTF code for importing a BinaryAuthorizationPolicy resource upon running "cdktf plan <stack-name>" * @param scope The scope in which to define this construct * @param importToId The construct id used in the generated config for the BinaryAuthorizationPolicy to import * @param importFromId The id of the existing BinaryAuthorizationPolicy that should be imported. Refer to the {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy#import import section} in the documentation of this resource for the id to use * @param provider? Optional instance of the provider where the BinaryAuthorizationPolicy to import is found */ static generateConfigForImport(scope: Construct, importToId: string, importFromId: string, provider?: cdktf.TerraformProvider): cdktf.ImportableResource; /** * Create a new {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/binary_authorization_policy google_binary_authorization_policy} Resource * * @param scope The scope in which to define this construct * @param id The scoped construct ID. Must be unique amongst siblings in the same scope * @param options BinaryAuthorizationPolicyConfig */ constructor(scope: Construct, id: string, config: BinaryAuthorizationPolicyConfig); private _description?; get description(): string; set description(value: string); resetDescription(): void; get descriptionInput(): string | undefined; private _globalPolicyEvaluationMode?; get globalPolicyEvaluationMode(): string; set globalPolicyEvaluationMode(value: string); resetGlobalPolicyEvaluationMode(): void; get globalPolicyEvaluationModeInput(): string | undefined; private _id?; get id(): string; set id(value: string); resetId(): void; get idInput(): string | undefined; private _project?; get project(): string; set project(value: string); resetProject(): void; get projectInput(): string | undefined; private _admissionWhitelistPatterns; get admissionWhitelistPatterns(): BinaryAuthorizationPolicyAdmissionWhitelistPatternsList; putAdmissionWhitelistPatterns(value: BinaryAuthorizationPolicyAdmissionWhitelistPatterns[] | cdktf.IResolvable): void; resetAdmissionWhitelistPatterns(): void; get admissionWhitelistPatternsInput(): cdktf.IResolvable | BinaryAuthorizationPolicyAdmissionWhitelistPatterns[] | undefined; private _clusterAdmissionRules; get clusterAdmissionRules(): BinaryAuthorizationPolicyClusterAdmissionRulesList; putClusterAdmissionRules(value: BinaryAuthorizationPolicyClusterAdmissionRules[] | cdktf.IResolvable): void; resetClusterAdmissionRules(): void; get clusterAdmissionRulesInput(): cdktf.IResolvable | BinaryAuthorizationPolicyClusterAdmissionRules[] | undefined; private _defaultAdmissionRule; get defaultAdmissionRule(): BinaryAuthorizationPolicyDefaultAdmissionRuleOutputReference; putDefaultAdmissionRule(value: BinaryAuthorizationPolicyDefaultAdmissionRule): void; get defaultAdmissionRuleInput(): BinaryAuthorizationPolicyDefaultAdmissionRule | undefined; private _timeouts; get timeouts(): BinaryAuthorizationPolicyTimeoutsOutputReference; putTimeouts(value: BinaryAuthorizationPolicyTimeouts): void; resetTimeouts(): void; get timeoutsInput(): cdktf.IResolvable | BinaryAuthorizationPolicyTimeouts | undefined; protected synthesizeAttributes(): { [name: string]: any; }; protected synthesizeHclAttributes(): { [name: string]: any; }; }