@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
222 lines • 10.6 kB
JavaScript
;
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.Posture = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* A Posture represents a collection of policy set including its name, state, description
* and policy sets. A policy set includes set of policies along with their definition.
* A posture can be created at the organization level.
* Every update to a deployed posture creates a new posture revision with an updated revision_id.
*
* To get more information about Posture, see:
*
* * [API documentation](https://cloud.google.com/security-command-center/docs/reference/securityposture/rest/v1/Posture)
* * How-to Guides
* * [Create and deploy a posture](https://cloud.google.com/security-command-center/docs/how-to-use-security-posture)
*
* ## Example Usage
*
* ### Securityposture Posture Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const posture1 = new gcp.securityposture.Posture("posture1", {
* postureId: "posture_example",
* parent: "organizations/123456789",
* location: "global",
* state: "ACTIVE",
* description: "a new posture",
* policySets: [
* {
* policySetId: "org_policy_set",
* description: "set of org policies",
* policies: [
* {
* policyId: "canned_org_policy",
* constraint: {
* orgPolicyConstraint: {
* cannedConstraintId: "storage.uniformBucketLevelAccess",
* policyRules: [{
* enforce: true,
* condition: {
* description: "condition description",
* expression: "resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
* title: "a CEL condition",
* },
* }],
* },
* },
* },
* {
* policyId: "custom_org_policy",
* constraint: {
* orgPolicyConstraintCustom: {
* customConstraint: {
* name: "organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
* displayName: "Disable GKE auto upgrade",
* description: "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
* actionType: "ALLOW",
* condition: "resource.management.autoUpgrade == false",
* methodTypes: [
* "CREATE",
* "UPDATE",
* ],
* resourceTypes: ["container.googleapis.com/NodePool"],
* },
* policyRules: [{
* enforce: true,
* condition: {
* description: "condition description",
* expression: "resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
* title: "a CEL condition",
* },
* }],
* },
* },
* },
* ],
* },
* {
* policySetId: "sha_policy_set",
* description: "set of sha policies",
* policies: [
* {
* policyId: "sha_builtin_module",
* constraint: {
* securityHealthAnalyticsModule: {
* moduleName: "BIGQUERY_TABLE_CMEK_DISABLED",
* moduleEnablementState: "ENABLED",
* },
* },
* description: "enable BIGQUERY_TABLE_CMEK_DISABLED",
* },
* {
* policyId: "sha_custom_module",
* constraint: {
* securityHealthAnalyticsCustomModule: {
* displayName: "custom_SHA_policy",
* config: {
* predicate: {
* expression: "resource.rotationPeriod > duration('2592000s')",
* },
* customOutput: {
* properties: [{
* name: "duration",
* valueExpression: {
* expression: "resource.rotationPeriod",
* },
* }],
* },
* resourceSelector: {
* resourceTypes: ["cloudkms.googleapis.com/CryptoKey"],
* },
* severity: "LOW",
* description: "Custom Module",
* recommendation: "Testing custom modules",
* },
* moduleEnablementState: "ENABLED",
* },
* },
* },
* ],
* },
* ],
* });
* ```
*
* ## Import
*
* Posture can be imported using any of these accepted formats:
*
* * `{{parent}}/locations/{{location}}/postures/{{posture_id}}`
*
* When using the `pulumi import` command, Posture can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:securityposture/posture:Posture default {{parent}}/locations/{{location}}/postures/{{posture_id}}
* ```
*/
class Posture extends pulumi.CustomResource {
/**
* Get an existing Posture resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new Posture(name, state, Object.assign(Object.assign({}, opts), { id: id }));
}
/**
* Returns true if the given object is an instance of Posture. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === Posture.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["createTime"] = state ? state.createTime : undefined;
resourceInputs["description"] = state ? state.description : undefined;
resourceInputs["etag"] = state ? state.etag : undefined;
resourceInputs["location"] = state ? state.location : undefined;
resourceInputs["name"] = state ? state.name : undefined;
resourceInputs["parent"] = state ? state.parent : undefined;
resourceInputs["policySets"] = state ? state.policySets : undefined;
resourceInputs["postureId"] = state ? state.postureId : undefined;
resourceInputs["reconciling"] = state ? state.reconciling : undefined;
resourceInputs["revisionId"] = state ? state.revisionId : undefined;
resourceInputs["state"] = state ? state.state : undefined;
resourceInputs["updateTime"] = state ? state.updateTime : undefined;
}
else {
const args = argsOrState;
if ((!args || args.location === undefined) && !opts.urn) {
throw new Error("Missing required property 'location'");
}
if ((!args || args.parent === undefined) && !opts.urn) {
throw new Error("Missing required property 'parent'");
}
if ((!args || args.policySets === undefined) && !opts.urn) {
throw new Error("Missing required property 'policySets'");
}
if ((!args || args.postureId === undefined) && !opts.urn) {
throw new Error("Missing required property 'postureId'");
}
if ((!args || args.state === undefined) && !opts.urn) {
throw new Error("Missing required property 'state'");
}
resourceInputs["description"] = args ? args.description : undefined;
resourceInputs["location"] = args ? args.location : undefined;
resourceInputs["parent"] = args ? args.parent : undefined;
resourceInputs["policySets"] = args ? args.policySets : undefined;
resourceInputs["postureId"] = args ? args.postureId : undefined;
resourceInputs["state"] = args ? args.state : undefined;
resourceInputs["createTime"] = undefined /*out*/;
resourceInputs["etag"] = undefined /*out*/;
resourceInputs["name"] = undefined /*out*/;
resourceInputs["reconciling"] = undefined /*out*/;
resourceInputs["revisionId"] = undefined /*out*/;
resourceInputs["updateTime"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(Posture.__pulumiType, name, resourceInputs, opts);
}
}
exports.Posture = Posture;
/** @internal */
Posture.__pulumiType = 'gcp:securityposture/posture:Posture';
//# sourceMappingURL=posture.js.map