UNPKG

@pulumi/google-compliance-policies

Version:

This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.

303 lines (302 loc) 17.4 kB
"use strict"; // Copyright 2016-2024, Pulumi Corporation. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // // ------------------------------- WARNING ------------------------------------- // This file was programmatically generated. Do not edit unless you know what // you're doing. // ------------------------------- WARNING ------------------------------------- Object.defineProperty(exports, "__esModule", { value: true }); exports.ReusableConfigIamPolicy = exports.ReusableConfigIamMember = exports.ReusableConfigIamBinding = exports.CertificateAuthorityIamPolicy = exports.CertificateAuthorityIamMember = exports.CertificateAuthorityIamBinding = exports.CertificateAuthorityCertificateRevocationListIamPolicy = exports.CertificateAuthorityCertificateRevocationListIamMember = exports.CertificateAuthorityCertificateRevocationListIamBinding = void 0; const policy_1 = require("@pulumi/policy"); const compliance_policy_manager_1 = require("@pulumi/compliance-policy-manager"); const v1beta1_1 = require("@pulumi/google-native/privateca/v1beta1"); const v1beta1_2 = require("@pulumi/google-native/privateca/v1beta1"); const v1beta1_3 = require("@pulumi/google-native/privateca/v1beta1"); const v1beta1_4 = require("@pulumi/google-native/privateca/v1beta1"); const v1beta1_5 = require("@pulumi/google-native/privateca/v1beta1"); const v1beta1_6 = require("@pulumi/google-native/privateca/v1beta1"); const v1beta1_7 = require("@pulumi/google-native/privateca/v1beta1"); const v1beta1_8 = require("@pulumi/google-native/privateca/v1beta1"); const v1beta1_9 = require("@pulumi/google-native/privateca/v1beta1"); var CertificateAuthorityCertificateRevocationListIamBinding; (function (CertificateAuthorityCertificateRevocationListIamBinding) { /** * Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamBinding). * * @severity medium * @frameworks none * @topics api, beta, unstable * @link https://cloud.google.com/apis/design/versioning */ CertificateAuthorityCertificateRevocationListIamBinding.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({ resourceValidationPolicy: { name: "googlenative-privateca-v1beta1-certificateauthoritycertificaterevocationlistiambinding-disallow-beta-resource", description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamBinding).", configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema, enforcementLevel: "advisory", validateResource: (0, policy_1.validateResourceOfType)(v1beta1_1.CertificateAuthorityCertificateRevocationListIamBinding, (_, args, reportViolation) => { if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) { return; } reportViolation("Privateca CertificateAuthorityCertificateRevocationListIamBinding shouldn't use an unstable API (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamBinding)."); }), }, vendors: ["google"], services: ["privateca"], severity: "medium", topics: ["api", "unstable", "beta"], }); })(CertificateAuthorityCertificateRevocationListIamBinding || (CertificateAuthorityCertificateRevocationListIamBinding = {})); exports.CertificateAuthorityCertificateRevocationListIamBinding = CertificateAuthorityCertificateRevocationListIamBinding; var CertificateAuthorityCertificateRevocationListIamMember; (function (CertificateAuthorityCertificateRevocationListIamMember) { /** * Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamMember). * * @severity medium * @frameworks none * @topics api, beta, unstable * @link https://cloud.google.com/apis/design/versioning */ CertificateAuthorityCertificateRevocationListIamMember.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({ resourceValidationPolicy: { name: "googlenative-privateca-v1beta1-certificateauthoritycertificaterevocationlistiammember-disallow-beta-resource", description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamMember).", configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema, enforcementLevel: "advisory", validateResource: (0, policy_1.validateResourceOfType)(v1beta1_2.CertificateAuthorityCertificateRevocationListIamMember, (_, args, reportViolation) => { if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) { return; } reportViolation("Privateca CertificateAuthorityCertificateRevocationListIamMember shouldn't use an unstable API (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamMember)."); }), }, vendors: ["google"], services: ["privateca"], severity: "medium", topics: ["api", "unstable", "beta"], }); })(CertificateAuthorityCertificateRevocationListIamMember || (CertificateAuthorityCertificateRevocationListIamMember = {})); exports.CertificateAuthorityCertificateRevocationListIamMember = CertificateAuthorityCertificateRevocationListIamMember; var CertificateAuthorityCertificateRevocationListIamPolicy; (function (CertificateAuthorityCertificateRevocationListIamPolicy) { /** * Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamPolicy). * * @severity medium * @frameworks none * @topics api, beta, unstable * @link https://cloud.google.com/apis/design/versioning */ CertificateAuthorityCertificateRevocationListIamPolicy.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({ resourceValidationPolicy: { name: "googlenative-privateca-v1beta1-certificateauthoritycertificaterevocationlistiampolicy-disallow-beta-resource", description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamPolicy).", configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema, enforcementLevel: "advisory", validateResource: (0, policy_1.validateResourceOfType)(v1beta1_3.CertificateAuthorityCertificateRevocationListIamPolicy, (_, args, reportViolation) => { if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) { return; } reportViolation("Privateca CertificateAuthorityCertificateRevocationListIamPolicy shouldn't use an unstable API (privateca.v1beta1.CertificateAuthorityCertificateRevocationListIamPolicy)."); }), }, vendors: ["google"], services: ["privateca"], severity: "medium", topics: ["api", "unstable", "beta"], }); })(CertificateAuthorityCertificateRevocationListIamPolicy || (CertificateAuthorityCertificateRevocationListIamPolicy = {})); exports.CertificateAuthorityCertificateRevocationListIamPolicy = CertificateAuthorityCertificateRevocationListIamPolicy; var CertificateAuthorityIamBinding; (function (CertificateAuthorityIamBinding) { /** * Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityIamBinding). * * @severity medium * @frameworks none * @topics api, beta, unstable * @link https://cloud.google.com/apis/design/versioning */ CertificateAuthorityIamBinding.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({ resourceValidationPolicy: { name: "googlenative-privateca-v1beta1-certificateauthorityiambinding-disallow-beta-resource", description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityIamBinding).", configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema, enforcementLevel: "advisory", validateResource: (0, policy_1.validateResourceOfType)(v1beta1_4.CertificateAuthorityIamBinding, (_, args, reportViolation) => { if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) { return; } reportViolation("Privateca CertificateAuthorityIamBinding shouldn't use an unstable API (privateca.v1beta1.CertificateAuthorityIamBinding)."); }), }, vendors: ["google"], services: ["privateca"], severity: "medium", topics: ["api", "unstable", "beta"], }); })(CertificateAuthorityIamBinding || (CertificateAuthorityIamBinding = {})); exports.CertificateAuthorityIamBinding = CertificateAuthorityIamBinding; var CertificateAuthorityIamMember; (function (CertificateAuthorityIamMember) { /** * Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityIamMember). * * @severity medium * @frameworks none * @topics api, beta, unstable * @link https://cloud.google.com/apis/design/versioning */ CertificateAuthorityIamMember.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({ resourceValidationPolicy: { name: "googlenative-privateca-v1beta1-certificateauthorityiammember-disallow-beta-resource", description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityIamMember).", configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema, enforcementLevel: "advisory", validateResource: (0, policy_1.validateResourceOfType)(v1beta1_5.CertificateAuthorityIamMember, (_, args, reportViolation) => { if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) { return; } reportViolation("Privateca CertificateAuthorityIamMember shouldn't use an unstable API (privateca.v1beta1.CertificateAuthorityIamMember)."); }), }, vendors: ["google"], services: ["privateca"], severity: "medium", topics: ["api", "unstable", "beta"], }); })(CertificateAuthorityIamMember || (CertificateAuthorityIamMember = {})); exports.CertificateAuthorityIamMember = CertificateAuthorityIamMember; var CertificateAuthorityIamPolicy; (function (CertificateAuthorityIamPolicy) { /** * Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityIamPolicy). * * @severity medium * @frameworks none * @topics api, beta, unstable * @link https://cloud.google.com/apis/design/versioning */ CertificateAuthorityIamPolicy.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({ resourceValidationPolicy: { name: "googlenative-privateca-v1beta1-certificateauthorityiampolicy-disallow-beta-resource", description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.CertificateAuthorityIamPolicy).", configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema, enforcementLevel: "advisory", validateResource: (0, policy_1.validateResourceOfType)(v1beta1_6.CertificateAuthorityIamPolicy, (_, args, reportViolation) => { if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) { return; } reportViolation("Privateca CertificateAuthorityIamPolicy shouldn't use an unstable API (privateca.v1beta1.CertificateAuthorityIamPolicy)."); }), }, vendors: ["google"], services: ["privateca"], severity: "medium", topics: ["api", "unstable", "beta"], }); })(CertificateAuthorityIamPolicy || (CertificateAuthorityIamPolicy = {})); exports.CertificateAuthorityIamPolicy = CertificateAuthorityIamPolicy; var ReusableConfigIamBinding; (function (ReusableConfigIamBinding) { /** * Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.ReusableConfigIamBinding). * * @severity medium * @frameworks none * @topics api, beta, unstable * @link https://cloud.google.com/apis/design/versioning */ ReusableConfigIamBinding.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({ resourceValidationPolicy: { name: "googlenative-privateca-v1beta1-reusableconfigiambinding-disallow-beta-resource", description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.ReusableConfigIamBinding).", configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema, enforcementLevel: "advisory", validateResource: (0, policy_1.validateResourceOfType)(v1beta1_7.ReusableConfigIamBinding, (_, args, reportViolation) => { if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) { return; } reportViolation("Privateca ReusableConfigIamBinding shouldn't use an unstable API (privateca.v1beta1.ReusableConfigIamBinding)."); }), }, vendors: ["google"], services: ["privateca"], severity: "medium", topics: ["api", "unstable", "beta"], }); })(ReusableConfigIamBinding || (ReusableConfigIamBinding = {})); exports.ReusableConfigIamBinding = ReusableConfigIamBinding; var ReusableConfigIamMember; (function (ReusableConfigIamMember) { /** * Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.ReusableConfigIamMember). * * @severity medium * @frameworks none * @topics api, beta, unstable * @link https://cloud.google.com/apis/design/versioning */ ReusableConfigIamMember.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({ resourceValidationPolicy: { name: "googlenative-privateca-v1beta1-reusableconfigiammember-disallow-beta-resource", description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.ReusableConfigIamMember).", configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema, enforcementLevel: "advisory", validateResource: (0, policy_1.validateResourceOfType)(v1beta1_8.ReusableConfigIamMember, (_, args, reportViolation) => { if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) { return; } reportViolation("Privateca ReusableConfigIamMember shouldn't use an unstable API (privateca.v1beta1.ReusableConfigIamMember)."); }), }, vendors: ["google"], services: ["privateca"], severity: "medium", topics: ["api", "unstable", "beta"], }); })(ReusableConfigIamMember || (ReusableConfigIamMember = {})); exports.ReusableConfigIamMember = ReusableConfigIamMember; var ReusableConfigIamPolicy; (function (ReusableConfigIamPolicy) { /** * Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.ReusableConfigIamPolicy). * * @severity medium * @frameworks none * @topics api, beta, unstable * @link https://cloud.google.com/apis/design/versioning */ ReusableConfigIamPolicy.disallowBetaResource = compliance_policy_manager_1.policyManager.registerPolicy({ resourceValidationPolicy: { name: "googlenative-privateca-v1beta1-reusableconfigiampolicy-disallow-beta-resource", description: "Disallow the use of non-stable (Beta) resouces (privateca.v1beta1.ReusableConfigIamPolicy).", configSchema: compliance_policy_manager_1.policyManager.policyConfigSchema, enforcementLevel: "advisory", validateResource: (0, policy_1.validateResourceOfType)(v1beta1_9.ReusableConfigIamPolicy, (_, args, reportViolation) => { if (!compliance_policy_manager_1.policyManager.shouldEvalPolicy(args)) { return; } reportViolation("Privateca ReusableConfigIamPolicy shouldn't use an unstable API (privateca.v1beta1.ReusableConfigIamPolicy)."); }), }, vendors: ["google"], services: ["privateca"], severity: "medium", topics: ["api", "unstable", "beta"], }); })(ReusableConfigIamPolicy || (ReusableConfigIamPolicy = {})); exports.ReusableConfigIamPolicy = ReusableConfigIamPolicy;