UNPKG

@pulumi/pulumiservice

Version:

[![Slack](http://www.pulumi.com/images/docs/badges/slack.svg)](https://slack.pulumi.com) [![NPM version](https://badge.fury.io/js/%40pulumi%2Fpulumiservice.svg)](https://www.npmjs.com/package/@pulumi/pulumiservice) [![Python version](https://badge.fury.io

pulumi.com

pulumi/pulumi-pulumiservice

109 lines 5.21 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.Policy = void 0; const pulumi = __importStar(require("@pulumi/pulumi")); const utilities = __importStar(require("../../utilities")); /** * Updates an authentication policy for an organization. Authentication policies define rules for how OIDC tokens are validated and what access they grant, including claim mappings, trust conditions, and role assignments. The policy definition cannot be empty. * * The request body contains a `policies` array where each policy object includes: * - `decision`: `allow` or `deny` * - `tokenType`: `organization`, `team`, `personal`, or `runner` * - `teamName`: required when tokenType is `team` * - `userLogin`: required when tokenType is `personal` * - `runnerID`: required when tokenType is `runner` * - `authorizedPermissions`: array of permissions (only `admin` is supported for organization tokens) * - `rules`: object defining claim-matching rules for the token * * For more information about authorization rules, refer to the [OIDC authorization policies documentation](https://www.pulumi.com/docs/pulumi-cloud/access-management/oidc/client/#configure-the-authorization-policies). */ class Policy extends pulumi.CustomResource { /** * Get an existing Policy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, opts) { return new Policy(name, undefined, { ...opts, id: id }); } /** @internal */ static __pulumiType = 'pulumiservice:api/auth:Policy'; /** * Returns true if the given object is an instance of Policy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === Policy.__pulumiType; } /** * Create a Policy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name, args, opts) { let resourceInputs = {}; opts = opts || {}; if (!opts.id) { if (args?.orgName === undefined && !opts.urn) { throw new Error("Missing required property 'orgName'"); } if (args?.policies === undefined && !opts.urn) { throw new Error("Missing required property 'policies'"); } if (args?.policyId === undefined && !opts.urn) { throw new Error("Missing required property 'policyId'"); } resourceInputs["issuerId"] = args?.issuerId; resourceInputs["orgName"] = args?.orgName; resourceInputs["policies"] = args?.policies; resourceInputs["policyId"] = args?.policyId; resourceInputs["created"] = undefined /*out*/; resourceInputs["modified"] = undefined /*out*/; resourceInputs["version"] = undefined /*out*/; } else { resourceInputs["created"] = undefined /*out*/; resourceInputs["issuerId"] = undefined /*out*/; resourceInputs["modified"] = undefined /*out*/; resourceInputs["policies"] = undefined /*out*/; resourceInputs["version"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(Policy.__pulumiType, name, resourceInputs, opts); } } exports.Policy = Policy; //# sourceMappingURL=policy.js.map