UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi/pulumi-gcp

157 lines • 6.38 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.AccessApprovalSettings = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content. * * To get more information about ProjectSettings, see: * * * [API documentation](https://cloud.google.com/access-approval/docs/reference/rest/v1/projects) * * ## Example Usage * * ### Project Access Approval Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const projectAccessApproval = new gcp.projects.AccessApprovalSettings("project_access_approval", { * projectId: "my-project-name", * notificationEmails: [ * "testuser@example.com", * "example.user@example.com", * ], * enrolledServices: [{ * cloudProduct: "all", * enrollmentLevel: "BLOCK_ALL", * }], * }); * ``` * ### Project Access Approval Active Key Version * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const keyRing = new gcp.kms.KeyRing("key_ring", { * name: "key-ring", * location: "global", * project: "my-project-name", * }); * const cryptoKey = new gcp.kms.CryptoKey("crypto_key", { * name: "crypto-key", * keyRing: keyRing.id, * purpose: "ASYMMETRIC_SIGN", * versionTemplate: { * algorithm: "EC_SIGN_P384_SHA384", * }, * }); * const serviceAccount = gcp.accessapproval.getProjectServiceAccount({ * projectId: "my-project-name", * }); * const iam = new gcp.kms.CryptoKeyIAMMember("iam", { * cryptoKeyId: cryptoKey.id, * role: "roles/cloudkms.signerVerifier", * member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`), * }); * const cryptoKeyVersion = gcp.kms.getKMSCryptoKeyVersionOutput({ * cryptoKey: cryptoKey.id, * }); * const projectAccessApproval = new gcp.projects.AccessApprovalSettings("project_access_approval", { * projectId: "my-project-name", * activeKeyVersion: cryptoKeyVersion.apply(cryptoKeyVersion => cryptoKeyVersion.name), * enrolledServices: [{ * cloudProduct: "all", * }], * }, { * dependsOn: [iam], * }); * ``` * * ## Import * * ProjectSettings can be imported using any of these accepted formats: * * * `projects/{{project_id}}/accessApprovalSettings` * * * `{{project_id}}` * * When using the `pulumi import` command, ProjectSettings can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:projects/accessApprovalSettings:AccessApprovalSettings default projects/{{project_id}}/accessApprovalSettings * ``` * * ```sh * $ pulumi import gcp:projects/accessApprovalSettings:AccessApprovalSettings default {{project_id}} * ``` */ class AccessApprovalSettings extends pulumi.CustomResource { /** * Get an existing AccessApprovalSettings resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new AccessApprovalSettings(name, state, { ...opts, id: id }); } /** * Returns true if the given object is an instance of AccessApprovalSettings. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === AccessApprovalSettings.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["activeKeyVersion"] = state?.activeKeyVersion; resourceInputs["ancestorHasActiveKeyVersion"] = state?.ancestorHasActiveKeyVersion; resourceInputs["enrolledAncestor"] = state?.enrolledAncestor; resourceInputs["enrolledServices"] = state?.enrolledServices; resourceInputs["invalidKeyVersion"] = state?.invalidKeyVersion; resourceInputs["name"] = state?.name; resourceInputs["notificationEmails"] = state?.notificationEmails; resourceInputs["project"] = state?.project; resourceInputs["projectId"] = state?.projectId; } else { const args = argsOrState; if (args?.enrolledServices === undefined && !opts.urn) { throw new Error("Missing required property 'enrolledServices'"); } if (args?.projectId === undefined && !opts.urn) { throw new Error("Missing required property 'projectId'"); } resourceInputs["activeKeyVersion"] = args?.activeKeyVersion; resourceInputs["enrolledServices"] = args?.enrolledServices; resourceInputs["notificationEmails"] = args?.notificationEmails; resourceInputs["project"] = args?.project; resourceInputs["projectId"] = args?.projectId; resourceInputs["ancestorHasActiveKeyVersion"] = undefined /*out*/; resourceInputs["enrolledAncestor"] = undefined /*out*/; resourceInputs["invalidKeyVersion"] = undefined /*out*/; resourceInputs["name"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(AccessApprovalSettings.__pulumiType, name, resourceInputs, opts); } } exports.AccessApprovalSettings = AccessApprovalSettings; /** @internal */ AccessApprovalSettings.__pulumiType = 'gcp:projects/accessApprovalSettings:AccessApprovalSettings'; //# sourceMappingURL=accessApprovalSettings.js.map