@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
235 lines • 9.3 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.DataAccessScope = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* A DataAccessScope is a boolean expression of data access labels used to restrict access to data for users.
*
* To get more information about DataAccessScope, see:
*
* * [API documentation](https://cloud.google.com/chronicle/docs/reference/rest/v1/projects.locations.instances.dataAccessScopes)
* * How-to Guides
* * [Introduction to data RBAC](https://cloud.google.com/chronicle/docs/onboard/onboard-datarbac)
*
* ## Example Usage
*
* ### Chronicle Dataaccessscope With Logtype
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const example = new gcp.chronicle.DataAccessScope("example", {
* location: "us",
* instance: "00000000-0000-0000-0000-000000000000",
* dataAccessScopeId: "scope-id",
* description: "scope-description",
* allowedDataAccessLabels: [
* {
* logType: "GCP_CLOUDAUDIT",
* },
* {
* logType: "GITHUB",
* },
* ],
* });
* ```
* ### Chronicle Dataaccessscope With Dataaccesslabel
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const customDataAccessLabel = new gcp.chronicle.DataAccessLabel("custom_data_access_label", {
* location: "us",
* instance: "00000000-0000-0000-0000-000000000000",
* dataAccessLabelId: "label-id",
* udmQuery: "principal.hostname=\"google.com\"",
* });
* const example = new gcp.chronicle.DataAccessScope("example", {
* location: "us",
* instance: "00000000-0000-0000-0000-000000000000",
* dataAccessScopeId: "scope-id",
* description: "scope-description",
* allowedDataAccessLabels: [{
* dataAccessLabel: googleChronicleDataAccessLabel.customDataAccessLabel.dataAccessLabelId,
* }],
* });
* ```
* ### Chronicle Dataaccessscope With Asset Namespace
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const example = new gcp.chronicle.DataAccessScope("example", {
* location: "us",
* instance: "00000000-0000-0000-0000-000000000000",
* dataAccessScopeId: "scope-id",
* description: "scope-description",
* allowedDataAccessLabels: [{
* assetNamespace: "my-namespace",
* }],
* });
* ```
* ### Chronicle Dataaccessscope With Ingestion Label
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const example = new gcp.chronicle.DataAccessScope("example", {
* location: "us",
* instance: "00000000-0000-0000-0000-000000000000",
* dataAccessScopeId: "scope-id",
* description: "scope-description",
* allowedDataAccessLabels: [{
* ingestionLabel: {
* ingestionLabelKey: "ingestion_key",
* ingestionLabelValue: "ingestion_value",
* },
* }],
* });
* ```
* ### Chronicle Dataaccessscope With Denied Labels
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const customDataAccessLabel = new gcp.chronicle.DataAccessLabel("custom_data_access_label", {
* location: "us",
* instance: "00000000-0000-0000-0000-000000000000",
* dataAccessLabelId: "label-id",
* udmQuery: "principal.hostname=\"google.com\"",
* });
* const example = new gcp.chronicle.DataAccessScope("example", {
* location: "us",
* instance: "00000000-0000-0000-0000-000000000000",
* dataAccessScopeId: "scope-id",
* description: "scope-description",
* allowAll: true,
* deniedDataAccessLabels: [
* {
* logType: "GCP_CLOUDAUDIT",
* },
* {
* dataAccessLabel: googleChronicleDataAccessLabel.customDataAccessLabel.dataAccessLabelId,
* },
* {
* ingestionLabel: {
* ingestionLabelKey: "ingestion_key",
* ingestionLabelValue: "ingestion_value",
* },
* },
* {
* assetNamespace: "my-namespace",
* },
* ],
* });
* ```
*
* ## Import
*
* DataAccessScope can be imported using any of these accepted formats:
*
* * `projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataAccessScopes/{{data_access_scope_id}}`
*
* * `{{project}}/{{location}}/{{instance}}/{{data_access_scope_id}}`
*
* * `{{location}}/{{instance}}/{{data_access_scope_id}}`
*
* When using the `pulumi import` command, DataAccessScope can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:chronicle/dataAccessScope:DataAccessScope default projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataAccessScopes/{{data_access_scope_id}}
* ```
*
* ```sh
* $ pulumi import gcp:chronicle/dataAccessScope:DataAccessScope default {{project}}/{{location}}/{{instance}}/{{data_access_scope_id}}
* ```
*
* ```sh
* $ pulumi import gcp:chronicle/dataAccessScope:DataAccessScope default {{location}}/{{instance}}/{{data_access_scope_id}}
* ```
*/
class DataAccessScope extends pulumi.CustomResource {
/**
* Get an existing DataAccessScope resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new DataAccessScope(name, state, { ...opts, id: id });
}
/**
* Returns true if the given object is an instance of DataAccessScope. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === DataAccessScope.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["allowAll"] = state?.allowAll;
resourceInputs["allowedDataAccessLabels"] = state?.allowedDataAccessLabels;
resourceInputs["author"] = state?.author;
resourceInputs["createTime"] = state?.createTime;
resourceInputs["dataAccessScopeId"] = state?.dataAccessScopeId;
resourceInputs["deniedDataAccessLabels"] = state?.deniedDataAccessLabels;
resourceInputs["description"] = state?.description;
resourceInputs["displayName"] = state?.displayName;
resourceInputs["instance"] = state?.instance;
resourceInputs["lastEditor"] = state?.lastEditor;
resourceInputs["location"] = state?.location;
resourceInputs["name"] = state?.name;
resourceInputs["project"] = state?.project;
resourceInputs["updateTime"] = state?.updateTime;
}
else {
const args = argsOrState;
if (args?.dataAccessScopeId === undefined && !opts.urn) {
throw new Error("Missing required property 'dataAccessScopeId'");
}
if (args?.instance === undefined && !opts.urn) {
throw new Error("Missing required property 'instance'");
}
if (args?.location === undefined && !opts.urn) {
throw new Error("Missing required property 'location'");
}
resourceInputs["allowAll"] = args?.allowAll;
resourceInputs["allowedDataAccessLabels"] = args?.allowedDataAccessLabels;
resourceInputs["dataAccessScopeId"] = args?.dataAccessScopeId;
resourceInputs["deniedDataAccessLabels"] = args?.deniedDataAccessLabels;
resourceInputs["description"] = args?.description;
resourceInputs["instance"] = args?.instance;
resourceInputs["location"] = args?.location;
resourceInputs["project"] = args?.project;
resourceInputs["author"] = undefined /*out*/;
resourceInputs["createTime"] = undefined /*out*/;
resourceInputs["displayName"] = undefined /*out*/;
resourceInputs["lastEditor"] = undefined /*out*/;
resourceInputs["name"] = undefined /*out*/;
resourceInputs["updateTime"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(DataAccessScope.__pulumiType, name, resourceInputs, opts);
}
}
exports.DataAccessScope = DataAccessScope;
/** @internal */
DataAccessScope.__pulumiType = 'gcp:chronicle/dataAccessScope:DataAccessScope';
//# sourceMappingURL=dataAccessScope.js.map