@pulumi/google-compliance-policies
Version:
This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.
303 lines (302 loc) • 17.4 kB
JavaScript
"use strict";
// Copyright 2016-2024, Pulumi Corporation.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// ------------------------------- WARNING -------------------------------------
// This file was programmatically generated. Do not edit unless you know what
// you're doing.
// ------------------------------- WARNING -------------------------------------
Object.defineProperty(exports, "__esModule", { value: true });
exports.ReusableConfigIamPolicy = exports.ReusableConfigIamMember = exports.ReusableConfigIamBinding = exports.CertificateAuthorityIamPolicy = exports.CertificateAuthorityIamMember = exports.CertificateAuthorityIamBinding = exports.CertificateAuthorityCertificateRevocationListIamPolicy = exports.CertificateAuthorityCertificateRevocationListIamMember = exports.CertificateAuthorityCertificateRevocationListIamBinding = void 0;
const policy_1 = require("@pulumi/policy");
const compliance_policy_manager_1 = require("@pulumi/compliance-policy-manager");
const v1beta1_1 = require("@pulumi/google-native/privateca/v1beta1");
const v1beta1_2 = require("@pulumi/google-native/privateca/v1beta1");
const v1beta1_3 = require("@pulumi/google-native/privateca/v1beta1");
const v1beta1_4 = require("@pulumi/google-native/privateca/v1beta1");
const v1beta1_5 = require("@pulumi/google-native/privateca/v1beta1");
const v1beta1_6 = require("@pulumi/google-native/privateca/v1beta1");
const v1beta1_7 = require("@pulumi/google-native/privateca/v1beta1");
const v1beta1_8 = require("@pulumi/google-native/privateca/v1beta1");
const v1beta1_9 = require("@pulumi/google-native/privateca/v1beta1");
var CertificateAuthorityCertificateRevocationListIamBinding;
(function (CertificateAuthorityCertificateRevocationListIamBinding) {
/**
* Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamBinding).
*
* @severity medium
* @frameworks none
* @topics api, beta, unstable
* @link https://cloud.google.com/apis/design/versioning
*/
CertificateAuthorityCertificateRevocationListIamBinding.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({
resourceValidationPolicy: {
name: "googlenative-privateca-v1beta1-certificateauthoritycertificaterevocationlistiambinding-disallow-beta-resource",
description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamBinding).",
configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema,
enforcementLevel: "advisory",
validateResource: (0, policy_1.validateResourceOfType)(v1beta1_1.CertificateAuthorityCertificateRevocationListIamBinding, (_, args, reportViolation) => {
if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) {
return;
}
reportViolation("Privateca CertificateAuthorityCertificateRevocationListIamBinding shouldn't use an unstable API (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamBinding).");
}),
},
vendors: ["google"],
services: ["privateca"],
severity: "medium",
topics: ["api", "unstable", "beta"],
});
})(CertificateAuthorityCertificateRevocationListIamBinding || (CertificateAuthorityCertificateRevocationListIamBinding = {}));
exports.CertificateAuthorityCertificateRevocationListIamBinding = CertificateAuthorityCertificateRevocationListIamBinding;
var CertificateAuthorityCertificateRevocationListIamMember;
(function (CertificateAuthorityCertificateRevocationListIamMember) {
/**
* Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamMember).
*
* @severity medium
* @frameworks none
* @topics api, beta, unstable
* @link https://cloud.google.com/apis/design/versioning
*/
CertificateAuthorityCertificateRevocationListIamMember.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({
resourceValidationPolicy: {
name: "googlenative-privateca-v1beta1-certificateauthoritycertificaterevocationlistiammember-disallow-beta-resource",
description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamMember).",
configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema,
enforcementLevel: "advisory",
validateResource: (0, policy_1.validateResourceOfType)(v1beta1_2.CertificateAuthorityCertificateRevocationListIamMember, (_, args, reportViolation) => {
if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) {
return;
}
reportViolation("Privateca CertificateAuthorityCertificateRevocationListIamMember shouldn't use an unstable API (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamMember).");
}),
},
vendors: ["google"],
services: ["privateca"],
severity: "medium",
topics: ["api", "unstable", "beta"],
});
})(CertificateAuthorityCertificateRevocationListIamMember || (CertificateAuthorityCertificateRevocationListIamMember = {}));
exports.CertificateAuthorityCertificateRevocationListIamMember = CertificateAuthorityCertificateRevocationListIamMember;
var CertificateAuthorityCertificateRevocationListIamPolicy;
(function (CertificateAuthorityCertificateRevocationListIamPolicy) {
/**
* Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamPolicy).
*
* @severity medium
* @frameworks none
* @topics api, beta, unstable
* @link https://cloud.google.com/apis/design/versioning
*/
CertificateAuthorityCertificateRevocationListIamPolicy.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({
resourceValidationPolicy: {
name: "googlenative-privateca-v1beta1-certificateauthoritycertificaterevocationlistiampolicy-disallow-beta-resource",
description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamPolicy).",
configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema,
enforcementLevel: "advisory",
validateResource: (0, policy_1.validateResourceOfType)(v1beta1_3.CertificateAuthorityCertificateRevocationListIamPolicy, (_, args, reportViolation) => {
if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) {
return;
}
reportViolation("Privateca CertificateAuthorityCertificateRevocationListIamPolicy shouldn't use an unstable API (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamPolicy).");
}),
},
vendors: ["google"],
services: ["privateca"],
severity: "medium",
topics: ["api", "unstable", "beta"],
});
})(CertificateAuthorityCertificateRevocationListIamPolicy || (CertificateAuthorityCertificateRevocationListIamPolicy = {}));
exports.CertificateAuthorityCertificateRevocationListIamPolicy = CertificateAuthorityCertificateRevocationListIamPolicy;
var CertificateAuthorityIamBinding;
(function (CertificateAuthorityIamBinding) {
/**
* Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityIamBinding).
*
* @severity medium
* @frameworks none
* @topics api, beta, unstable
* @link https://cloud.google.com/apis/design/versioning
*/
CertificateAuthorityIamBinding.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({
resourceValidationPolicy: {
name: "googlenative-privateca-v1beta1-certificateauthorityiambinding-disallow-beta-resource",
description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityIamBinding).",
configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema,
enforcementLevel: "advisory",
validateResource: (0, policy_1.validateResourceOfType)(v1beta1_4.CertificateAuthorityIamBinding, (_, args, reportViolation) => {
if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) {
return;
}
reportViolation("Privateca CertificateAuthorityIamBinding shouldn't use an unstable API (privateca.v1beta1.CertificateAuthorityIamBinding).");
}),
},
vendors: ["google"],
services: ["privateca"],
severity: "medium",
topics: ["api", "unstable", "beta"],
});
})(CertificateAuthorityIamBinding || (CertificateAuthorityIamBinding = {}));
exports.CertificateAuthorityIamBinding = CertificateAuthorityIamBinding;
var CertificateAuthorityIamMember;
(function (CertificateAuthorityIamMember) {
/**
* Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityIamMember).
*
* @severity medium
* @frameworks none
* @topics api, beta, unstable
* @link https://cloud.google.com/apis/design/versioning
*/
CertificateAuthorityIamMember.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({
resourceValidationPolicy: {
name: "googlenative-privateca-v1beta1-certificateauthorityiammember-disallow-beta-resource",
description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityIamMember).",
configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema,
enforcementLevel: "advisory",
validateResource: (0, policy_1.validateResourceOfType)(v1beta1_5.CertificateAuthorityIamMember, (_, args, reportViolation) => {
if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) {
return;
}
reportViolation("Privateca CertificateAuthorityIamMember shouldn't use an unstable API (privateca.v1beta1.CertificateAuthorityIamMember).");
}),
},
vendors: ["google"],
services: ["privateca"],
severity: "medium",
topics: ["api", "unstable", "beta"],
});
})(CertificateAuthorityIamMember || (CertificateAuthorityIamMember = {}));
exports.CertificateAuthorityIamMember = CertificateAuthorityIamMember;
var CertificateAuthorityIamPolicy;
(function (CertificateAuthorityIamPolicy) {
/**
* Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityIamPolicy).
*
* @severity medium
* @frameworks none
* @topics api, beta, unstable
* @link https://cloud.google.com/apis/design/versioning
*/
CertificateAuthorityIamPolicy.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({
resourceValidationPolicy: {
name: "googlenative-privateca-v1beta1-certificateauthorityiampolicy-disallow-beta-resource",
description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityIamPolicy).",
configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema,
enforcementLevel: "advisory",
validateResource: (0, policy_1.validateResourceOfType)(v1beta1_6.CertificateAuthorityIamPolicy, (_, args, reportViolation) => {
if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) {
return;
}
reportViolation("Privateca CertificateAuthorityIamPolicy shouldn't use an unstable API (privateca.v1beta1.CertificateAuthorityIamPolicy).");
}),
},
vendors: ["google"],
services: ["privateca"],
severity: "medium",
topics: ["api", "unstable", "beta"],
});
})(CertificateAuthorityIamPolicy || (CertificateAuthorityIamPolicy = {}));
exports.CertificateAuthorityIamPolicy = CertificateAuthorityIamPolicy;
var ReusableConfigIamBinding;
(function (ReusableConfigIamBinding) {
/**
* Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.ReusableConfigIamBinding).
*
* @severity medium
* @frameworks none
* @topics api, beta, unstable
* @link https://cloud.google.com/apis/design/versioning
*/
ReusableConfigIamBinding.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({
resourceValidationPolicy: {
name: "googlenative-privateca-v1beta1-reusableconfigiambinding-disallow-beta-resource",
description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.ReusableConfigIamBinding).",
configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema,
enforcementLevel: "advisory",
validateResource: (0, policy_1.validateResourceOfType)(v1beta1_7.ReusableConfigIamBinding, (_, args, reportViolation) => {
if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) {
return;
}
reportViolation("Privateca ReusableConfigIamBinding shouldn't use an unstable API (privateca.v1beta1.ReusableConfigIamBinding).");
}),
},
vendors: ["google"],
services: ["privateca"],
severity: "medium",
topics: ["api", "unstable", "beta"],
});
})(ReusableConfigIamBinding || (ReusableConfigIamBinding = {}));
exports.ReusableConfigIamBinding = ReusableConfigIamBinding;
var ReusableConfigIamMember;
(function (ReusableConfigIamMember) {
/**
* Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.ReusableConfigIamMember).
*
* @severity medium
* @frameworks none
* @topics api, beta, unstable
* @link https://cloud.google.com/apis/design/versioning
*/
ReusableConfigIamMember.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({
resourceValidationPolicy: {
name: "googlenative-privateca-v1beta1-reusableconfigiammember-disallow-beta-resource",
description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.ReusableConfigIamMember).",
configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema,
enforcementLevel: "advisory",
validateResource: (0, policy_1.validateResourceOfType)(v1beta1_8.ReusableConfigIamMember, (_, args, reportViolation) => {
if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) {
return;
}
reportViolation("Privateca ReusableConfigIamMember shouldn't use an unstable API (privateca.v1beta1.ReusableConfigIamMember).");
}),
},
vendors: ["google"],
services: ["privateca"],
severity: "medium",
topics: ["api", "unstable", "beta"],
});
})(ReusableConfigIamMember || (ReusableConfigIamMember = {}));
exports.ReusableConfigIamMember = ReusableConfigIamMember;
var ReusableConfigIamPolicy;
(function (ReusableConfigIamPolicy) {
/**
* Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.ReusableConfigIamPolicy).
*
* @severity medium
* @frameworks none
* @topics api, beta, unstable
* @link https://cloud.google.com/apis/design/versioning
*/
ReusableConfigIamPolicy.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({
resourceValidationPolicy: {
name: "googlenative-privateca-v1beta1-reusableconfigiampolicy-disallow-beta-resource",
description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.ReusableConfigIamPolicy).",
configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema,
enforcementLevel: "advisory",
validateResource: (0, policy_1.validateResourceOfType)(v1beta1_9.ReusableConfigIamPolicy, (_, args, reportViolation) => {
if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) {
return;
}
reportViolation("Privateca ReusableConfigIamPolicy shouldn't use an unstable API (privateca.v1beta1.ReusableConfigIamPolicy).");
}),
},
vendors: ["google"],
services: ["privateca"],
severity: "medium",
topics: ["api", "unstable", "beta"],
});
})(ReusableConfigIamPolicy || (ReusableConfigIamPolicy = {}));
exports.ReusableConfigIamPolicy = ReusableConfigIamPolicy;