@pulumi/gcp

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Allows management of Organization Policies for a Google Cloud Project. * * > **Warning:** This resource has been superseded by `gcp.orgpolicy.Policy`. `gcp.orgpolicy.Policy` uses Organization Policy API V2 instead of Cloud Resource Manager API V1 and it supports additional features such as tags and conditions. * * To get more information about Organization Policies, see: * * * [API documentation](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setOrgPolicy) * * How-to Guides * * [Introduction to the Organization Policy Service](https://cloud.google.com/resource-manager/docs/organization-policy/overview) * * ## Example Usage * * To set policy with a [boolean constraint](https://cloud.google.com/resource-manager/docs/organization-policy/quickstart-boolean-constraints): * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const serialPortPolicy = new gcp.projects.OrganizationPolicy("serial_port_policy", { * project: "your-project-id", * constraint: "compute.disableSerialPortAccess", * booleanPolicy: { * enforced: true, * }, * }); * ``` * * To set a policy with a [list constraint](https://cloud.google.com/resource-manager/docs/organization-policy/quickstart-list-constraints): * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const servicesPolicy = new gcp.projects.OrganizationPolicy("services_policy", { * project: "your-project-id", * constraint: "serviceuser.services", * listPolicy: { * allow: { * all: true, * }, * }, * }); * ``` * * Or to deny some services, use the following instead: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const servicesPolicy = new gcp.projects.OrganizationPolicy("services_policy", { * project: "your-project-id", * constraint: "serviceuser.services", * listPolicy: { * suggestedValue: "compute.googleapis.com", * deny: { * values: ["cloudresourcemanager.googleapis.com"], * }, * }, * }); * ``` * * To restore the default project organization policy, use the following instead: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const servicesPolicy = new gcp.projects.OrganizationPolicy("services_policy", { * project: "your-project-id", * constraint: "serviceuser.services", * restorePolicy: { * "default": true, * }, * }); * ``` * * ## Import * * Project organization policies can be imported using any of the follow formats: * * * `projects/{{project_id}}:constraints/{{constraint}}` * * * `{{project_id}}:constraints/{{constraint}}` * * * `{{project_id}}:{{constraint}}` * * When using the `pulumi import` command, project organization policies can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy default projects/{{project_id}}:constraints/{{constraint}} * ``` * * ```sh * $ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy default {{project_id}}:constraints/{{constraint}} * ``` * * ```sh * $ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy default {{project_id}}:{{constraint}} * ``` */ export declare class OrganizationPolicy extends pulumi.CustomResource { /** * Get an existing OrganizationPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OrganizationPolicyState, opts?: pulumi.CustomResourceOptions): OrganizationPolicy; /** * Returns true if the given object is an instance of OrganizationPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is OrganizationPolicy; /** * A boolean policy is a constraint that is either enforced or not. Structure is documented below. */ readonly booleanPolicy: pulumi.Output<outputs.projects.OrganizationPolicyBooleanPolicy | undefined>; /** * The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints). * * - - - */ readonly constraint: pulumi.Output<string>; /** * (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. */ readonly etag: pulumi.Output<string>; /** * A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below. */ readonly listPolicy: pulumi.Output<outputs.projects.OrganizationPolicyListPolicy | undefined>; /** * The project id of the project to set the policy for. */ readonly project: pulumi.Output<string>; /** * A restore policy is a constraint to restore the default policy. Structure is documented below. * * > **Note:** If none of [`booleanPolicy`, `listPolicy`, `restorePolicy`] are defined the policy for a given constraint will * effectively be unset. This is represented in the UI as the constraint being 'Inherited'. * * - - - */ readonly restorePolicy: pulumi.Output<outputs.projects.OrganizationPolicyRestorePolicy | undefined>; /** * (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z". */ readonly updateTime: pulumi.Output<string>; /** * Version of the Policy. Default version is 0. */ readonly version: pulumi.Output<number>; /** * Create a OrganizationPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: OrganizationPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering OrganizationPolicy resources. */ export interface OrganizationPolicyState { /** * A boolean policy is a constraint that is either enforced or not. Structure is documented below. */ booleanPolicy?: pulumi.Input<inputs.projects.OrganizationPolicyBooleanPolicy>; /** * The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints). * * - - - */ constraint?: pulumi.Input<string>; /** * (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. */ etag?: pulumi.Input<string>; /** * A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below. */ listPolicy?: pulumi.Input<inputs.projects.OrganizationPolicyListPolicy>; /** * The project id of the project to set the policy for. */ project?: pulumi.Input<string>; /** * A restore policy is a constraint to restore the default policy. Structure is documented below. * * > **Note:** If none of [`booleanPolicy`, `listPolicy`, `restorePolicy`] are defined the policy for a given constraint will * effectively be unset. This is represented in the UI as the constraint being 'Inherited'. * * - - - */ restorePolicy?: pulumi.Input<inputs.projects.OrganizationPolicyRestorePolicy>; /** * (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z". */ updateTime?: pulumi.Input<string>; /** * Version of the Policy. Default version is 0. */ version?: pulumi.Input<number>; } /** * The set of arguments for constructing a OrganizationPolicy resource. */ export interface OrganizationPolicyArgs { /** * A boolean policy is a constraint that is either enforced or not. Structure is documented below. */ booleanPolicy?: pulumi.Input<inputs.projects.OrganizationPolicyBooleanPolicy>; /** * The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints). * * - - - */ constraint: pulumi.Input<string>; /** * A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below. */ listPolicy?: pulumi.Input<inputs.projects.OrganizationPolicyListPolicy>; /** * The project id of the project to set the policy for. */ project: pulumi.Input<string>; /** * A restore policy is a constraint to restore the default policy. Structure is documented below. * * > **Note:** If none of [`booleanPolicy`, `listPolicy`, `restorePolicy`] are defined the policy for a given constraint will * effectively be unset. This is represented in the UI as the constraint being 'Inherited'. * * - - - */ restorePolicy?: pulumi.Input<inputs.projects.OrganizationPolicyRestorePolicy>; /** * Version of the Policy. Default version is 0. */ version?: pulumi.Input<number>; }