@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
475 lines • 18.6 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Cloud controls are the building blocks that make up frameworks. Each cloud control is a unit encapsulating various platform-specific logic for prevention, detection, and audit.
*
* To get more information about CloudControl, see:
*
* * [API documentation](https://docs.cloud.google.com/security-command-center/docs/reference/cloudsecuritycompliance/rest/v1/organizations.locations.cloudControls)
*
* ## Example Usage
*
* ### Cloudsecuritycompliance Cloudcontrol Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const example = new gcp.cloudsecuritycompliance.CloudControl("example", {
* organization: "123456789",
* location: "global",
* cloudControlId: "example-cloudcontrol",
* displayName: "TF test CloudControl Name",
* description: "A test cloud control for security compliance",
* categories: ["CC_CATEGORY_INFRASTRUCTURE"],
* severity: "HIGH",
* findingCategory: "SECURITY_POLICY",
* remediationSteps: "Review and update the security configuration according to best practices.",
* supportedCloudProviders: ["GCP"],
* rules: [{
* description: "Ensure compute instances have secure boot enabled",
* ruleActionTypes: ["RULE_ACTION_TYPE_DETECTIVE"],
* celExpression: {
* expression: "resource.data.shieldedInstanceConfig.enableSecureBoot == true",
* resourceTypesValues: {
* values: ["compute.googleapis.com/Instance"],
* },
* },
* }],
* parameterSpecs: [
* {
* name: "location",
* displayName: "Resource Location",
* description: "The location where the resource should be deployed",
* valueType: "STRING",
* isRequired: true,
* defaultValue: {
* stringValue: "us-central1",
* },
* validation: {
* regexpPattern: {
* pattern: "^[a-z]+-[a-z]+[0-9]$",
* },
* },
* },
* {
* name: "enable_secure_boot",
* displayName: "Enable Secure Boot",
* description: "Whether to enable secure boot for instances",
* valueType: "BOOLEAN",
* isRequired: true,
* defaultValue: {
* boolValue: true,
* },
* substitutionRules: [{
* attributeSubstitutionRule: {
* attribute: "rules[0].cel_expression.expression",
* },
* }],
* validation: {
* allowedValues: {
* values: [{
* boolValue: true,
* }],
* },
* },
* },
* {
* name: "max_instances",
* displayName: "Maximum Instances",
* description: "Maximum number of instances allowed",
* valueType: "NUMBER",
* isRequired: false,
* defaultValue: {
* numberValue: 10,
* },
* substitutionRules: [{
* placeholderSubstitutionRule: {
* attribute: "rules[0].description",
* },
* }],
* validation: {
* intRange: {
* min: "1",
* max: "100",
* },
* },
* },
* {
* name: "allowed_regions",
* displayName: "Allowed Regions",
* description: "List of regions where resources can be deployed",
* valueType: "STRINGLIST",
* isRequired: true,
* defaultValue: {
* stringListValue: {
* values: [
* "us-central1",
* "us-east1",
* "us-west1",
* ],
* },
* },
* validation: {
* allowedValues: {
* values: [
* {
* stringListValue: {
* values: [
* "us-central1",
* "us-east1",
* ],
* },
* },
* {
* stringListValue: {
* values: [
* "us-west1",
* "us-west2",
* ],
* },
* },
* ],
* },
* },
* },
* {
* name: "environment_type",
* displayName: "Environment Type",
* description: "The type of environment",
* valueType: "STRING",
* isRequired: true,
* defaultValue: {
* stringValue: "production",
* },
* validation: {
* allowedValues: {
* values: [
* {
* stringValue: "production",
* },
* {
* stringValue: "staging",
* },
* {
* numberValue: 1,
* },
* ],
* },
* },
* },
* ],
* });
* ```
*
* ## Import
*
* CloudControl can be imported using any of these accepted formats:
*
* * `organizations/{{organization}}/locations/{{location}}/cloudControls/{{cloud_control_id}}`
* * `{{organization}}/{{location}}/{{cloud_control_id}}`
*
* When using the `pulumi import` command, CloudControl can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:cloudsecuritycompliance/cloudControl:CloudControl default organizations/{{organization}}/locations/{{location}}/cloudControls/{{cloud_control_id}}
* $ pulumi import gcp:cloudsecuritycompliance/cloudControl:CloudControl default {{organization}}/{{location}}/{{cloud_control_id}}
* ```
*/
export declare class CloudControl extends pulumi.CustomResource {
/**
* Get an existing CloudControl resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CloudControlState, opts?: pulumi.CustomResourceOptions): CloudControl;
/**
* Returns true if the given object is an instance of CloudControl. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is CloudControl;
/**
* The categories of the cloud control.
*/
readonly categories: pulumi.Output<string[] | undefined>;
/**
* ID of the CloudControl.
* This is the last segment of the CloudControl resource name.
* Format: `^a-zA-Z{0,61}[a-zA-Z0-9]$`.
*/
readonly cloudControlId: pulumi.Output<string>;
/**
* The last updated time of the cloud control.
* The createTime is used because a new CC is created whenever we update an
* existing CC.
*/
readonly createTime: pulumi.Output<string>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
readonly deletionPolicy: pulumi.Output<string>;
/**
* A description of the cloud control. The maximum length is 2000 characters.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* The display name of the cloud control. The maximum length is 200
* characters.
*/
readonly displayName: pulumi.Output<string | undefined>;
/**
* The findingCategory of the cloud control. The maximum length is 255
* characters.
*/
readonly findingCategory: pulumi.Output<string | undefined>;
/**
* Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location.
*/
readonly location: pulumi.Output<string>;
/**
* Major revision of the cloud control incremented in ascending order.
*/
readonly majorRevisionId: pulumi.Output<string>;
/**
* Identifier. The resource name of the cloud control.
* Format:
* organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id}
*/
readonly name: pulumi.Output<string>;
/**
* Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.
*/
readonly organization: pulumi.Output<string>;
/**
* The parameter spec of the cloud control.
* Structure is documented below.
*/
readonly parameterSpecs: pulumi.Output<outputs.cloudsecuritycompliance.CloudControlParameterSpec[] | undefined>;
/**
* The Frameworks that include this CloudControl
*/
readonly relatedFrameworks: pulumi.Output<string[]>;
/**
* The remediation steps for the findings generated by the cloud control. The
* maximum length is 400 characters.
*/
readonly remediationSteps: pulumi.Output<string | undefined>;
/**
* The Policy to be enforced to prevent/detect resource non-compliance.
* Structure is documented below.
*/
readonly rules: pulumi.Output<outputs.cloudsecuritycompliance.CloudControlRule[] | undefined>;
/**
* Possible values:
* CRITICAL
* HIGH
* MEDIUM
* LOW
*/
readonly severity: pulumi.Output<string | undefined>;
/**
* cloud providers supported
*/
readonly supportedCloudProviders: pulumi.Output<string[] | undefined>;
/**
* The supported enforcement mode of the cloud control. Default is DETECTIVE.
*/
readonly supportedEnforcementModes: pulumi.Output<string[]>;
/**
* target resource types supported by the CloudControl.
*/
readonly supportedTargetResourceTypes: pulumi.Output<string[]>;
/**
* Create a CloudControl resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: CloudControlArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering CloudControl resources.
*/
export interface CloudControlState {
/**
* The categories of the cloud control.
*/
categories?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* ID of the CloudControl.
* This is the last segment of the CloudControl resource name.
* Format: `^a-zA-Z{0,61}[a-zA-Z0-9]$`.
*/
cloudControlId?: pulumi.Input<string | undefined>;
/**
* The last updated time of the cloud control.
* The createTime is used because a new CC is created whenever we update an
* existing CC.
*/
createTime?: pulumi.Input<string | undefined>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
deletionPolicy?: pulumi.Input<string | undefined>;
/**
* A description of the cloud control. The maximum length is 2000 characters.
*/
description?: pulumi.Input<string | undefined>;
/**
* The display name of the cloud control. The maximum length is 200
* characters.
*/
displayName?: pulumi.Input<string | undefined>;
/**
* The findingCategory of the cloud control. The maximum length is 255
* characters.
*/
findingCategory?: pulumi.Input<string | undefined>;
/**
* Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location.
*/
location?: pulumi.Input<string | undefined>;
/**
* Major revision of the cloud control incremented in ascending order.
*/
majorRevisionId?: pulumi.Input<string | undefined>;
/**
* Identifier. The resource name of the cloud control.
* Format:
* organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id}
*/
name?: pulumi.Input<string | undefined>;
/**
* Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.
*/
organization?: pulumi.Input<string | undefined>;
/**
* The parameter spec of the cloud control.
* Structure is documented below.
*/
parameterSpecs?: pulumi.Input<pulumi.Input<inputs.cloudsecuritycompliance.CloudControlParameterSpec>[] | undefined>;
/**
* The Frameworks that include this CloudControl
*/
relatedFrameworks?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* The remediation steps for the findings generated by the cloud control. The
* maximum length is 400 characters.
*/
remediationSteps?: pulumi.Input<string | undefined>;
/**
* The Policy to be enforced to prevent/detect resource non-compliance.
* Structure is documented below.
*/
rules?: pulumi.Input<pulumi.Input<inputs.cloudsecuritycompliance.CloudControlRule>[] | undefined>;
/**
* Possible values:
* CRITICAL
* HIGH
* MEDIUM
* LOW
*/
severity?: pulumi.Input<string | undefined>;
/**
* cloud providers supported
*/
supportedCloudProviders?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* The supported enforcement mode of the cloud control. Default is DETECTIVE.
*/
supportedEnforcementModes?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* target resource types supported by the CloudControl.
*/
supportedTargetResourceTypes?: pulumi.Input<pulumi.Input<string>[] | undefined>;
}
/**
* The set of arguments for constructing a CloudControl resource.
*/
export interface CloudControlArgs {
/**
* The categories of the cloud control.
*/
categories?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* ID of the CloudControl.
* This is the last segment of the CloudControl resource name.
* Format: `^a-zA-Z{0,61}[a-zA-Z0-9]$`.
*/
cloudControlId: pulumi.Input<string>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
deletionPolicy?: pulumi.Input<string | undefined>;
/**
* A description of the cloud control. The maximum length is 2000 characters.
*/
description?: pulumi.Input<string | undefined>;
/**
* The display name of the cloud control. The maximum length is 200
* characters.
*/
displayName?: pulumi.Input<string | undefined>;
/**
* The findingCategory of the cloud control. The maximum length is 255
* characters.
*/
findingCategory?: pulumi.Input<string | undefined>;
/**
* Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location.
*/
location: pulumi.Input<string>;
/**
* Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.
*/
organization: pulumi.Input<string>;
/**
* The parameter spec of the cloud control.
* Structure is documented below.
*/
parameterSpecs?: pulumi.Input<pulumi.Input<inputs.cloudsecuritycompliance.CloudControlParameterSpec>[] | undefined>;
/**
* The remediation steps for the findings generated by the cloud control. The
* maximum length is 400 characters.
*/
remediationSteps?: pulumi.Input<string | undefined>;
/**
* The Policy to be enforced to prevent/detect resource non-compliance.
* Structure is documented below.
*/
rules?: pulumi.Input<pulumi.Input<inputs.cloudsecuritycompliance.CloudControlRule>[] | undefined>;
/**
* Possible values:
* CRITICAL
* HIGH
* MEDIUM
* LOW
*/
severity?: pulumi.Input<string | undefined>;
/**
* cloud providers supported
*/
supportedCloudProviders?: pulumi.Input<pulumi.Input<string>[] | undefined>;
}
//# sourceMappingURL=cloudControl.d.ts.map