@pulumi/gcp

import * as pulumi from "@pulumi/pulumi"; /** * AccessPolicy is a container for AccessLevels (which define the necessary * attributes to use GCP services) and ServicePerimeters (which define * regions of services able to freely pass data within a perimeter). An * access policy is globally visible within an organization, and the * restrictions it specifies apply to all projects within an organization. * * To get more information about AccessPolicy, see: * * * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies) * * How-to Guides * * [Access Policy Quickstart](https://cloud.google.com/access-context-manager/docs/quickstart) * * > **Warning:** If you are using User ADCs (Application Default Credentials) with this resource, * you must specify a `billingProject` and set `userProjectOverride` to true * in the provider configuration. Otherwise the ACM API will return a 403 error. * Your account must have the `serviceusage.services.use` permission on the * `billingProject` you defined. * * ## Example Usage * * ### Access Context Manager Access Policy Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", { * parent: "organizations/123456789", * title: "Org Access Policy", * }); * ``` * ### Access Context Manager Access Policy Scoped * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = new gcp.organizations.Project("project", { * projectId: "my-project-name", * name: "my-project-name", * orgId: "123456789", * deletionPolicy: "DELETE", * }); * const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", { * parent: "organizations/123456789", * title: "Scoped Access Policy", * scopes: pulumi.interpolate`projects/${project.number}`, * }); * ``` * * ## Import * * AccessPolicy can be imported using any of these accepted formats: * * * `{{name}}` * * When using the `pulumi import` command, AccessPolicy can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:accesscontextmanager/accessPolicy:AccessPolicy default {{name}} * ``` */ export declare class AccessPolicy extends pulumi.CustomResource { /** * Get an existing AccessPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessPolicyState, opts?: pulumi.CustomResourceOptions): AccessPolicy; /** * Returns true if the given object is an instance of AccessPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AccessPolicy; /** * Time the AccessPolicy was created in UTC. */ readonly createTime: pulumi.Output<string>; /** * Resource name of the AccessPolicy. Format: '{{policy_id}}' */ readonly name: pulumi.Output<string>; /** * The parent of this AccessPolicy in the Cloud Resource Hierarchy. * Format: 'organizations/{{organization_id}}' */ readonly parent: pulumi.Output<string>; /** * Folder or project on which this policy is applicable. * Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}' */ readonly scopes: pulumi.Output<string | undefined>; /** * Human readable title. Does not affect behavior. * * * - - - */ readonly title: pulumi.Output<string>; /** * Time the AccessPolicy was updated in UTC. */ readonly updateTime: pulumi.Output<string>; /** * Create a AccessPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: AccessPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering AccessPolicy resources. */ export interface AccessPolicyState { /** * Time the AccessPolicy was created in UTC. */ createTime?: pulumi.Input<string>; /** * Resource name of the AccessPolicy. Format: '{{policy_id}}' */ name?: pulumi.Input<string>; /** * The parent of this AccessPolicy in the Cloud Resource Hierarchy. * Format: 'organizations/{{organization_id}}' */ parent?: pulumi.Input<string>; /** * Folder or project on which this policy is applicable. * Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}' */ scopes?: pulumi.Input<string>; /** * Human readable title. Does not affect behavior. * * * - - - */ title?: pulumi.Input<string>; /** * Time the AccessPolicy was updated in UTC. */ updateTime?: pulumi.Input<string>; } /** * The set of arguments for constructing a AccessPolicy resource. */ export interface AccessPolicyArgs { /** * The parent of this AccessPolicy in the Cloud Resource Hierarchy. * Format: 'organizations/{{organization_id}}' */ parent: pulumi.Input<string>; /** * Folder or project on which this policy is applicable. * Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}' */ scopes?: pulumi.Input<string>; /** * Human readable title. Does not affect behavior. * * * - - - */ title: pulumi.Input<string>; }