@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
170 lines • 6.76 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.AccessApprovalSettings = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content.
*
* To get more information about FolderSettings, see:
*
* * [API documentation](https://cloud.google.com/access-approval/docs/reference/rest/v1/folders)
*
* ## Example Usage
*
* ### Folder Access Approval Full
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const myFolder = new gcp.organizations.Folder("my_folder", {
* displayName: "my-folder",
* parent: "organizations/123456789",
* deletionProtection: false,
* });
* const folderAccessApproval = new gcp.folder.AccessApprovalSettings("folder_access_approval", {
* folderId: myFolder.folderId,
* notificationEmails: [
* "testuser@example.com",
* "example.user@example.com",
* ],
* enrolledServices: [{
* cloudProduct: "all",
* }],
* });
* ```
* ### Folder Access Approval Active Key Version
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const myFolder = new gcp.organizations.Folder("my_folder", {
* displayName: "my-folder",
* parent: "organizations/123456789",
* deletionProtection: false,
* });
* const myProject = new gcp.organizations.Project("my_project", {
* name: "My Project",
* projectId: "your-project-id",
* folderId: myFolder.name,
* deletionPolicy: "DELETE",
* });
* const keyRing = new gcp.kms.KeyRing("key_ring", {
* name: "key-ring",
* location: "global",
* project: myProject.projectId,
* });
* const cryptoKey = new gcp.kms.CryptoKey("crypto_key", {
* name: "crypto-key",
* keyRing: keyRing.id,
* purpose: "ASYMMETRIC_SIGN",
* versionTemplate: {
* algorithm: "EC_SIGN_P384_SHA384",
* },
* });
* const serviceAccount = gcp.accessapproval.getFolderServiceAccountOutput({
* folderId: myFolder.folderId,
* });
* const iam = new gcp.kms.CryptoKeyIAMMember("iam", {
* cryptoKeyId: cryptoKey.id,
* role: "roles/cloudkms.signerVerifier",
* member: serviceAccount.apply(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`),
* });
* const cryptoKeyVersion = gcp.kms.getKMSCryptoKeyVersionOutput({
* cryptoKey: cryptoKey.id,
* });
* const folderAccessApproval = new gcp.folder.AccessApprovalSettings("folder_access_approval", {
* folderId: myFolder.folderId,
* activeKeyVersion: cryptoKeyVersion.apply(cryptoKeyVersion => cryptoKeyVersion.name),
* enrolledServices: [{
* cloudProduct: "all",
* }],
* }, {
* dependsOn: [iam],
* });
* ```
*
* ## Import
*
* FolderSettings can be imported using any of these accepted formats:
*
* * `folders/{{folder_id}}/accessApprovalSettings`
*
* * `{{folder_id}}`
*
* When using the `pulumi import` command, FolderSettings can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:folder/accessApprovalSettings:AccessApprovalSettings default folders/{{folder_id}}/accessApprovalSettings
* ```
*
* ```sh
* $ pulumi import gcp:folder/accessApprovalSettings:AccessApprovalSettings default {{folder_id}}
* ```
*/
class AccessApprovalSettings extends pulumi.CustomResource {
/**
* Get an existing AccessApprovalSettings resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new AccessApprovalSettings(name, state, { ...opts, id: id });
}
/**
* Returns true if the given object is an instance of AccessApprovalSettings. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === AccessApprovalSettings.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["activeKeyVersion"] = state?.activeKeyVersion;
resourceInputs["ancestorHasActiveKeyVersion"] = state?.ancestorHasActiveKeyVersion;
resourceInputs["enrolledAncestor"] = state?.enrolledAncestor;
resourceInputs["enrolledServices"] = state?.enrolledServices;
resourceInputs["folderId"] = state?.folderId;
resourceInputs["invalidKeyVersion"] = state?.invalidKeyVersion;
resourceInputs["name"] = state?.name;
resourceInputs["notificationEmails"] = state?.notificationEmails;
}
else {
const args = argsOrState;
if (args?.enrolledServices === undefined && !opts.urn) {
throw new Error("Missing required property 'enrolledServices'");
}
if (args?.folderId === undefined && !opts.urn) {
throw new Error("Missing required property 'folderId'");
}
resourceInputs["activeKeyVersion"] = args?.activeKeyVersion;
resourceInputs["enrolledServices"] = args?.enrolledServices;
resourceInputs["folderId"] = args?.folderId;
resourceInputs["notificationEmails"] = args?.notificationEmails;
resourceInputs["ancestorHasActiveKeyVersion"] = undefined /*out*/;
resourceInputs["enrolledAncestor"] = undefined /*out*/;
resourceInputs["invalidKeyVersion"] = undefined /*out*/;
resourceInputs["name"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(AccessApprovalSettings.__pulumiType, name, resourceInputs, opts);
}
}
exports.AccessApprovalSettings = AccessApprovalSettings;
/** @internal */
AccessApprovalSettings.__pulumiType = 'gcp:folder/accessApprovalSettings:AccessApprovalSettings';
//# sourceMappingURL=accessApprovalSettings.js.map